Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/798745-e247-4a87-ba1d-b66d8664b09b/1/xGMiPELHN0xps6jTX2uaCpUA-Uk.roa
File:                     xGMiPELHN0xps6jTX2uaCpUA-Uk.roa (raw, json)
Hash identifier:          nFXiZ/NZNvOmrGYayRVbxhA1gDDAZRPYjlCQaExjR0w=
Subject key identifier:   C4:63:22:3C:42:C7:37:4C:69:B3:A8:D3:5F:6B:9A:0A:95:00:F9:49
Certificate issuer:       /CN=ff24b72f5f9040d4d22688f5ea511f615f15004c
Certificate serial:       018CC7275657F525AB92B140FE14D0A1B979
Authority key identifier: FF:24:B7:2F:5F:90:40:D4:D2:26:88:F5:EA:51:1F:61:5F:15:00:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_yS3L1-QQNTSJoj16lEfYV8VAEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/798745-e247-4a87-ba1d-b66d8664b09b/1/xGMiPELHN0xps6jTX2uaCpUA-Uk.roa
Signing time:             Mon 01 Jan 2024 22:31:33 +0000
ROA not before:           Mon 01 Jan 2024 22:31:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44694
IP address blocks:        81.24.12.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/23/798745-e247-4a87-ba1d-b66d8664b09b/1/_yS3L1-QQNTSJoj16lEfYV8VAEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/23/798745-e247-4a87-ba1d-b66d8664b09b/1/_yS3L1-QQNTSJoj16lEfYV8VAEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_yS3L1-QQNTSJoj16lEfYV8VAEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:56:57:f5:25:ab:92:b1:40:fe:14:d0:a1:b9:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff24b72f5f9040d4d22688f5ea511f615f15004c
        Validity
            Not Before: Jan  1 22:31:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c463223c42c7374c69b3a8d35f6b9a0a9500f949
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:d4:a0:23:1b:53:00:9b:6b:33:a1:12:35:bc:
                    2a:d9:52:b5:11:d2:12:bf:f0:3b:fd:5c:e3:dc:97:
                    63:0a:b0:4c:4a:3f:22:ce:80:f7:6b:30:34:3f:bb:
                    bd:66:ee:1b:3f:15:8c:fe:d3:b4:97:0c:29:8a:73:
                    f6:82:76:35:e2:32:03:71:1f:b0:77:42:bd:80:f5:
                    32:84:60:3c:94:1d:17:ef:98:37:eb:5a:02:88:f4:
                    c5:20:c3:e4:31:6c:5f:ef:f2:e6:9c:09:73:93:9a:
                    91:15:bf:5b:57:04:f1:14:01:2f:24:7e:db:4f:ea:
                    eb:17:b9:9b:b1:17:63:ec:bb:02:75:a6:b9:0b:3d:
                    39:10:88:79:c0:a2:c9:31:1d:a2:e0:91:9f:57:c7:
                    c8:03:60:27:c9:3d:03:25:a1:2f:58:01:f3:e9:ff:
                    6f:be:5d:05:ff:5c:34:77:a2:16:1f:fd:e4:0b:96:
                    62:28:de:df:64:c9:cf:87:67:73:ca:b7:ca:b9:09:
                    21:a5:67:9f:53:42:a5:f9:b4:b6:df:1e:ba:d4:3e:
                    7a:df:94:e3:b0:aa:ad:59:4a:de:65:db:4d:50:52:
                    7b:3b:10:a2:28:e6:1f:50:54:d5:e7:d7:2a:27:54:
                    3c:c0:5a:cd:52:8c:b0:a5:2e:79:d8:8b:38:96:71:
                    5b:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:63:22:3C:42:C7:37:4C:69:B3:A8:D3:5F:6B:9A:0A:95:00:F9:49
            X509v3 Authority Key Identifier:
                keyid:FF:24:B7:2F:5F:90:40:D4:D2:26:88:F5:EA:51:1F:61:5F:15:00:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_yS3L1-QQNTSJoj16lEfYV8VAEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/798745-e247-4a87-ba1d-b66d8664b09b/1/xGMiPELHN0xps6jTX2uaCpUA-Uk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/798745-e247-4a87-ba1d-b66d8664b09b/1/_yS3L1-QQNTSJoj16lEfYV8VAEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.24.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1e:45:ac:4b:ec:1c:f7:22:94:76:09:c2:c8:ad:58:83:20:86:
         4c:72:90:5d:aa:34:38:27:4c:24:cc:de:6d:f1:92:91:c6:be:
         86:36:60:fe:0c:96:db:f5:bc:e3:f8:3e:3c:d9:26:7b:f3:b7:
         fc:29:79:0f:c0:f4:3d:ce:65:af:cd:62:84:83:17:e9:b5:23:
         5d:8e:0e:9b:78:9b:cb:ab:00:e5:21:a4:9d:db:d8:3e:49:e8:
         23:78:0d:57:b6:02:bf:6d:32:ef:95:f1:c7:0f:9e:3e:64:36:
         9d:ed:a0:ba:f6:ae:38:21:2f:db:17:3f:5e:a0:35:0b:dd:0a:
         4b:41:bb:3b:aa:a6:0b:07:f4:68:8f:b9:19:df:c7:df:e0:3d:
         3e:a1:d4:a6:57:38:64:18:c1:a5:b8:3b:b4:28:c8:9a:7d:b7:
         22:fd:58:aa:61:21:87:c3:06:18:bb:c1:24:cf:c3:4d:1a:7a:
         96:65:ce:b0:8e:7c:ce:8b:67:02:f1:e4:06:0a:54:27:ca:3d:
         c7:16:30:fc:7e:86:41:f7:8a:b2:1b:70:8d:1a:79:e7:60:0d:
         6d:26:f3:ca:4a:f8:24:07:fe:9a:d9:aa:b6:25:35:37:30:3f:
         a7:15:68:65:f8:3d:49:f9:8b:0b:24:01:eb:bb:7b:c6:6a:57:
         8e:61:6e:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ1ZX9SWrkrFA/hTQobl5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmMjRiNzJmNWY5MDQwZDRkMjI2ODhmNWVhNTExZjYxNWYx
NTAwNGMwHhcNMjQwMTAxMjIzMTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDYzMjIzYzQyYzczNzRjNjliM2E4ZDM1ZjZiOWEwYTk1MDBmOTQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqdSgIxtTAJtrM6ESNbwq2VK1EdIS
v/A7/Vzj3JdjCrBMSj8izoD3azA0P7u9Zu4bPxWM/tO0lwwpinP2gnY14jIDcR+w
d0K9gPUyhGA8lB0X75g361oCiPTFIMPkMWxf7/LmnAlzk5qRFb9bVwTxFAEvJH7b
T+rrF7mbsRdj7LsCdaa5Cz05EIh5wKLJMR2i4JGfV8fIA2AnyT0DJaEvWAHz6f9v
vl0F/1w0d6IWH/3kC5ZiKN7fZMnPh2dzyrfKuQkhpWefU0Kl+bS23x661D5635Tj
sKqtWUreZdtNUFJ7OxCiKOYfUFTV59cqJ1Q8wFrNUoywpS552Is4lnFbhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMRjIjxCxzdMabOo019rmgqVAPlJMB8GA1UdIwQY
MBaAFP8kty9fkEDU0iaI9epRH2FfFQBMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3lTM0wxLVFRTlRTSm9qMTZsRWZZVjhWQUV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy83OTg3NDUtZTI0Ny00YTg3LWJhMWQt
YjY2ZDg2NjRiMDliLzEveEdNaVBFTEhOMHhwczZqVFgydWFDcFVBLVVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy83OTg3NDUtZTI0Ny00YTg3LWJhMWQtYjY2ZDg2NjRiMDli
LzEvX3lTM0wxLVFRTlRTSm9qMTZsRWZZVjhWQUV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCURgMMA0G
CSqGSIb3DQEBCwUAA4IBAQAeRaxL7Bz3IpR2CcLIrViDIIZMcpBdqjQ4J0wkzN5t
8ZKRxr6GNmD+DJbb9bzj+D482SZ787f8KXkPwPQ9zmWvzWKEgxfptSNdjg6beJvL
qwDlIaSd29g+SegjeA1XtgK/bTLvlfHHD54+ZDad7aC69q44IS/bFz9eoDUL3QpL
Qbs7qqYLB/Roj7kZ38ff4D0+odSmVzhkGMGluDu0KMiafbci/ViqYSGHwwYYu8Ek
z8NNGnqWZc6wjnzOi2cC8eQGClQnyj3HFjD8foZB94qyG3CNGnnnYA1tJvPKSvgk
B/6a2aq2JTU3MD+nFWhl+D1J+YsLJAHru3vGaleOYW5s
-----END CERTIFICATE-----