Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/eo6ipgs-yIWbANKTV9w6CIKyrdk.roa
File:                     eo6ipgs-yIWbANKTV9w6CIKyrdk.roa (raw, json)
Hash identifier:          VFPm8EYQVvU+S4p82vIeRg3EPKRIgSem56UirYj2cOc=
Subject key identifier:   7A:8E:A2:A6:0B:3E:C8:85:9B:00:D2:93:57:DC:3A:08:82:B2:AD:D9
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       018CC64AF99E9EA9266164EC22C241481D09
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/eo6ipgs-yIWbANKTV9w6CIKyrdk.roa
Signing time:             Mon 01 Jan 2024 18:30:51 +0000
ROA not before:           Mon 01 Jan 2024 18:30:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211611
IP address blocks:        81.181.198.0/23 maxlen: 23
                          81.181.87.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 17:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:f9:9e:9e:a9:26:61:64:ec:22:c2:41:48:1d:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Jan  1 18:30:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7a8ea2a60b3ec8859b00d29357dc3a0882b2add9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:44:59:cd:f2:02:a4:b7:34:0f:cd:50:a2:65:
                    c8:8e:f0:78:2c:0e:15:97:46:9e:98:dd:0a:64:e6:
                    da:3e:d7:52:b2:bd:11:1c:0e:d4:e6:97:47:d4:07:
                    de:4a:f7:f2:63:45:3e:0e:c0:f7:2c:28:06:e0:b5:
                    d8:d5:60:3e:e2:0c:7e:e0:b6:48:50:f8:a5:e7:fd:
                    58:ec:2b:ae:87:d0:0d:1b:93:53:69:b8:d7:02:56:
                    b3:b9:e0:65:df:31:9c:17:9a:40:27:68:77:7e:be:
                    8f:ef:c4:d1:56:73:e5:41:5a:06:3f:4e:a2:c8:f7:
                    f4:8d:97:f8:54:ca:a9:a2:59:ec:e2:b2:89:e3:70:
                    bf:6f:5e:44:31:1a:9e:d1:6a:36:c5:c9:56:54:ac:
                    9b:38:72:64:d4:e7:51:da:1f:8a:18:2d:76:f0:bc:
                    d1:af:ea:3d:61:b4:9f:bd:db:e4:85:f1:38:33:4e:
                    68:80:b5:ed:ae:0f:a6:c9:3b:a9:d5:4c:88:5b:8a:
                    83:40:33:da:c4:ed:62:1f:f9:c4:e4:5d:03:95:40:
                    28:42:5b:69:69:86:cf:ac:ae:00:93:08:0f:76:79:
                    77:e5:db:06:fa:05:14:32:9d:13:a6:dc:f0:db:95:
                    08:b7:21:4c:75:0a:cf:78:4c:e3:67:32:87:2b:6b:
                    ae:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:8E:A2:A6:0B:3E:C8:85:9B:00:D2:93:57:DC:3A:08:82:B2:AD:D9
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/eo6ipgs-yIWbANKTV9w6CIKyrdk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.181.87.0/24
                  81.181.198.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9a:48:f3:20:02:89:cf:57:a4:b1:63:cf:37:32:09:e7:ad:8b:
         d1:f7:04:7b:b2:a9:47:93:f2:87:0f:02:99:43:a9:d7:f0:ee:
         a2:35:3e:39:02:f4:77:32:06:51:d5:c2:20:fa:01:db:af:c9:
         dc:b1:15:10:84:a2:d9:ad:d6:4d:94:85:23:62:5b:86:d8:1e:
         ef:cd:2f:0d:a2:7d:63:f5:b1:4d:e6:bb:9a:11:a6:f4:af:eb:
         fe:f3:66:76:28:85:f7:e2:4b:eb:5f:59:d0:fd:3a:e2:45:7a:
         2b:9a:77:7e:8e:00:c9:e5:ec:64:6c:50:df:c5:b4:49:55:db:
         36:c5:ce:2e:c3:4d:41:9b:e2:2e:d9:33:f9:5a:3e:48:90:a4:
         50:e8:40:d8:05:28:b7:3c:8c:2a:e8:6a:0a:43:58:89:45:9e:
         68:0c:a3:78:11:c2:04:fe:60:ca:f3:be:d5:c3:88:20:64:41:
         03:f5:5a:0e:af:28:81:6a:d8:3b:d8:8b:d3:3a:38:78:b5:d6:
         44:1e:f6:be:ba:c8:91:47:44:fe:e0:ca:0b:76:5e:a2:e4:87:
         7d:bc:ad:54:40:e9:9b:84:5b:3c:67:8f:01:d5:27:bc:82:05:
         58:ee:21:c2:d4:b9:2f:ee:36:4f:4b:27:09:ff:1b:b1:93:2c:
         92:58:a3:6a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGSvmenqkmYWTsIsJBSB0JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjQwMTAxMTgzMDUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YThlYTJhNjBiM2VjODg1OWIwMGQyOTM1N2RjM2EwODgyYjJhZGQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiERZzfICpLc0D81QomXIjvB4LA4V
l0aemN0KZObaPtdSsr0RHA7U5pdH1AfeSvfyY0U+DsD3LCgG4LXY1WA+4gx+4LZI
UPil5/1Y7Cuuh9ANG5NTabjXAlazueBl3zGcF5pAJ2h3fr6P78TRVnPlQVoGP06i
yPf0jZf4VMqpolns4rKJ43C/b15EMRqe0Wo2xclWVKybOHJk1OdR2h+KGC128LzR
r+o9YbSfvdvkhfE4M05ogLXtrg+myTup1UyIW4qDQDPaxO1iH/nE5F0DlUAoQltp
aYbPrK4AkwgPdnl35dsG+gUUMp0Tptzw25UItyFMdQrPeEzjZzKHK2uuGQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHqOoqYLPsiFmwDSk1fcOgiCsq3ZMB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvZW82aXBncy15SVdiQU5LVFY5dzZDSUt5cmRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUbVXAwQB
UbXGMA0GCSqGSIb3DQEBCwUAA4IBAQCaSPMgAonPV6SxY883MgnnrYvR9wR7sqlH
k/KHDwKZQ6nX8O6iNT45AvR3MgZR1cIg+gHbr8ncsRUQhKLZrdZNlIUjYluG2B7v
zS8Non1j9bFN5ruaEab0r+v+82Z2KIX34kvrX1nQ/TriRXormnd+jgDJ5exkbFDf
xbRJVds2xc4uw01Bm+Iu2TP5Wj5IkKRQ6EDYBSi3PIwq6GoKQ1iJRZ5oDKN4EcIE
/mDK877Vw4ggZEED9VoOryiBatg72IvTOjh4tdZEHva+usiRR0T+4MoLdl6i5Id9
vK1UQOmbhFs8Z48B1Se8ggVY7iHC1Lkv7jZPSycJ/xuxkyySWKNq
-----END CERTIFICATE-----