Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/173-Kv1jDbMWH-4jzzP9yAxk8zA.roa
File:                     173-Kv1jDbMWH-4jzzP9yAxk8zA.roa (raw, json)
Hash identifier:          RAtumuE7sBDLlYGFZheJtE3TDChYxfxrc7dviHDr/Y8=
Subject key identifier:   D7:BD:FE:2A:FD:63:0D:B3:16:1F:EE:23:CF:33:FD:C8:0C:64:F3:30
Certificate issuer:       /CN=d1de124e0f8adb4e7d9576ceae325f668dd224b1
Certificate serial:       01942369BC60C7683427066B11C23C702E88
Authority key identifier: D1:DE:12:4E:0F:8A:DB:4E:7D:95:76:CE:AE:32:5F:66:8D:D2:24:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0d4STg-K2059lXbOrjJfZo3SJLE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/173-Kv1jDbMWH-4jzzP9yAxk8zA.roa
Signing time:             Wed 01 Jan 2025 19:48:39 +0000
ROA not before:           Wed 01 Jan 2025 19:48:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20473
IP address blocks:        81.199.28.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/0d4STg-K2059lXbOrjJfZo3SJLE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/0d4STg-K2059lXbOrjJfZo3SJLE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0d4STg-K2059lXbOrjJfZo3SJLE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:bc:60:c7:68:34:27:06:6b:11:c2:3c:70:2e:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d1de124e0f8adb4e7d9576ceae325f668dd224b1
        Validity
            Not Before: Jan  1 19:48:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d7bdfe2afd630db3161fee23cf33fdc80c64f330
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:90:a7:14:75:d5:97:e9:b3:af:46:59:7c:99:
                    c7:82:4d:01:37:5b:fc:cd:12:ed:a9:e1:d5:36:57:
                    63:c5:06:bc:27:ef:32:8e:67:b4:b3:cd:76:ba:8d:
                    81:42:84:64:27:e4:ac:d7:39:95:4e:eb:6d:78:02:
                    a7:ef:71:ca:03:f6:2b:db:8a:65:b2:a4:c2:97:98:
                    47:f1:7d:fa:51:af:01:fd:7b:37:c3:8c:4e:5f:98:
                    fb:8e:6e:5e:5e:a7:c8:7d:d8:a3:fa:62:8b:0b:fe:
                    22:d7:5d:50:07:4e:4b:f7:77:1d:37:f3:b1:17:b1:
                    27:97:31:31:ef:1a:3a:ad:ce:6e:81:45:e9:a2:59:
                    94:0c:1c:57:4e:29:54:3a:f3:96:67:85:2f:75:14:
                    05:c8:ad:d4:8c:13:3e:04:dc:eb:ae:f3:db:b4:17:
                    e1:d6:af:de:b7:60:f6:76:5d:bd:7a:71:49:d5:5c:
                    9d:01:09:bd:a3:35:8a:d9:ac:e3:af:b5:45:85:03:
                    ca:77:75:3f:ad:32:94:3c:8e:85:56:0d:d7:60:ae:
                    a6:50:11:20:db:cf:58:ad:54:9f:16:8c:7b:c6:a8:
                    32:a0:17:99:83:1d:02:7b:cc:75:59:f9:a0:ed:b3:
                    07:14:66:92:b6:08:00:59:30:52:a7:c3:28:7c:2c:
                    dc:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:BD:FE:2A:FD:63:0D:B3:16:1F:EE:23:CF:33:FD:C8:0C:64:F3:30
            X509v3 Authority Key Identifier:
                keyid:D1:DE:12:4E:0F:8A:DB:4E:7D:95:76:CE:AE:32:5F:66:8D:D2:24:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d4STg-K2059lXbOrjJfZo3SJLE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/173-Kv1jDbMWH-4jzzP9yAxk8zA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/0d4STg-K2059lXbOrjJfZo3SJLE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.199.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:af:01:c6:91:09:d9:e2:71:88:16:bf:0e:6d:36:df:e6:58:
         19:13:0b:14:84:41:fd:da:79:65:b8:22:cb:0e:43:fa:43:ce:
         54:c0:24:fd:60:97:f5:e3:89:97:35:64:31:c2:99:7b:54:7c:
         f2:16:c8:3e:10:fb:08:ec:2f:a3:cd:87:7b:17:a9:1b:e4:51:
         49:3b:c6:60:81:17:38:15:05:92:28:d8:fa:c0:56:d0:88:6e:
         01:fc:1e:76:39:29:b8:d3:9e:84:20:90:5a:78:65:db:5f:36:
         97:6a:6c:94:33:6c:69:32:7b:fa:41:3b:6f:04:96:e6:87:e6:
         73:3f:f5:ac:cc:08:c8:7b:06:e5:a9:69:c0:98:52:f4:f5:37:
         fa:26:a5:d2:9e:3b:10:2c:52:91:68:15:c1:c2:18:8a:55:28:
         8c:95:91:d5:84:a5:be:87:86:26:82:40:8a:f2:15:37:aa:86:
         8a:49:75:2e:07:7a:27:d4:7c:6c:71:d2:fc:87:d4:f6:86:ab:
         de:b7:f4:7d:6c:91:d6:7b:7c:ba:d0:13:50:8f:d0:07:cd:83:
         9f:83:c2:fc:50:eb:a1:7a:6a:e4:ae:81:86:9a:fa:4e:8b:a5:
         a4:c1:4b:5f:b5:3c:d2:ee:23:5c:d0:ea:b2:07:bd:26:b9:5b:
         c2:ee:de:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjabxgx2g0JwZrEcI8cC6IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxZGUxMjRlMGY4YWRiNGU3ZDk1NzZjZWFlMzI1ZjY2OGRk
MjI0YjEwHhcNMjUwMTAxMTk0ODM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2JkZmUyYWZkNjMwZGIzMTYxZmVlMjNjZjMzZmRjODBjNjRmMzMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3JCnFHXVl+mzr0ZZfJnHgk0BN1v8
zRLtqeHVNldjxQa8J+8yjme0s812uo2BQoRkJ+Ss1zmVTutteAKn73HKA/Yr24pl
sqTCl5hH8X36Ua8B/Xs3w4xOX5j7jm5eXqfIfdij+mKLC/4i111QB05L93cdN/Ox
F7EnlzEx7xo6rc5ugUXpolmUDBxXTilUOvOWZ4UvdRQFyK3UjBM+BNzrrvPbtBfh
1q/et2D2dl29enFJ1VydAQm9ozWK2azjr7VFhQPKd3U/rTKUPI6FVg3XYK6mUBEg
289YrVSfFox7xqgyoBeZgx0Ce8x1Wfmg7bMHFGaStggAWTBSp8MofCzc5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNe9/ir9Yw2zFh/uI88z/cgMZPMwMB8GA1UdIwQY
MBaAFNHeEk4PittOfZV2zq4yX2aN0iSxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGQ0U1RnLUsyMDU5bFhiT3JqSmZabzNTSkxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS9hYmUxMzQtMDA5My00NjUyLTkwNTct
NGY0YzliMzQzZTkwLzEvMTczLUt2MWpEYk1XSC00anp6UDl5QXhrOHpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS9hYmUxMzQtMDA5My00NjUyLTkwNTctNGY0YzliMzQzZTkw
LzEvMGQ0U1RnLUsyMDU5bFhiT3JqSmZabzNTSkxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUcccMA0G
CSqGSIb3DQEBCwUAA4IBAQAbrwHGkQnZ4nGIFr8ObTbf5lgZEwsUhEH92nlluCLL
DkP6Q85UwCT9YJf144mXNWQxwpl7VHzyFsg+EPsI7C+jzYd7F6kb5FFJO8ZggRc4
FQWSKNj6wFbQiG4B/B52OSm4056EIJBaeGXbXzaXamyUM2xpMnv6QTtvBJbmh+Zz
P/WszAjIewblqWnAmFL09Tf6JqXSnjsQLFKRaBXBwhiKVSiMlZHVhKW+h4YmgkCK
8hU3qoaKSXUuB3on1HxscdL8h9T2hqvet/R9bJHWe3y60BNQj9AHzYOfg8L8UOuh
emrkroGGmvpOi6WkwUtftTzS7iNc0OqyB70muVvC7t6Z
-----END CERTIFICATE-----