Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/dm3YzK1xAmi2Sk5h8a3Khi5LGPM.roa
File:                     dm3YzK1xAmi2Sk5h8a3Khi5LGPM.roa (raw, json)
Hash identifier:          p3jFvRhnZ5PWDigF+fLcdkZKduSSZASiccn7Ico+UoY=
Subject key identifier:   76:6D:D8:CC:AD:71:02:68:B6:4A:4E:61:F1:AD:CA:86:2E:4B:18:F3
Certificate issuer:       /CN=d1de124e0f8adb4e7d9576ceae325f668dd224b1
Certificate serial:       01942369BBF0EF442106365FCBEC82780820
Authority key identifier: D1:DE:12:4E:0F:8A:DB:4E:7D:95:76:CE:AE:32:5F:66:8D:D2:24:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0d4STg-K2059lXbOrjJfZo3SJLE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/dm3YzK1xAmi2Sk5h8a3Khi5LGPM.roa
Signing time:             Wed 01 Jan 2025 19:48:39 +0000
ROA not before:           Wed 01 Jan 2025 19:48:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        81.199.28.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/0d4STg-K2059lXbOrjJfZo3SJLE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/0d4STg-K2059lXbOrjJfZo3SJLE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0d4STg-K2059lXbOrjJfZo3SJLE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 06:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:bb:f0:ef:44:21:06:36:5f:cb:ec:82:78:08:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d1de124e0f8adb4e7d9576ceae325f668dd224b1
        Validity
            Not Before: Jan  1 19:48:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=766dd8ccad710268b64a4e61f1adca862e4b18f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:c1:1a:a7:ac:0b:9d:f2:5d:98:4b:1a:b6:dd:
                    cb:77:10:7d:49:ad:73:ed:10:e5:6f:c6:e8:08:ee:
                    48:d8:41:65:c0:23:9d:1c:71:ec:37:9c:be:b4:f3:
                    97:cb:67:37:40:e6:57:d0:26:42:33:ba:f6:d0:97:
                    21:91:a7:c8:3a:39:8f:c6:9a:53:dd:a5:86:21:5a:
                    52:c8:d0:be:be:b2:ec:e9:4c:9f:85:00:d8:2a:86:
                    14:e7:59:79:5e:49:88:47:3f:c8:e3:76:90:9e:e8:
                    7c:03:9f:0c:80:63:3a:79:2b:55:a3:5b:f8:da:f1:
                    31:ac:6c:d8:07:13:20:f1:16:03:32:6e:3e:e4:97:
                    65:1f:0d:1c:ef:7e:58:d7:76:cf:2a:06:e8:9b:2a:
                    ea:68:97:48:fe:87:32:93:32:50:a2:a6:d8:ce:ac:
                    fc:ac:a4:ef:41:90:90:bd:47:3b:86:6e:b4:5d:2d:
                    41:90:c4:2b:cf:af:f3:ab:ed:3d:1d:72:3e:a9:99:
                    f9:c9:92:6d:4f:ed:e1:fa:dc:9b:27:fe:ff:4d:20:
                    21:03:69:76:f8:43:23:28:89:4b:ce:51:3e:99:8b:
                    a5:41:ee:d7:e1:cc:3a:f2:7a:2b:24:86:ed:c4:f4:
                    45:d0:f7:33:d8:13:da:4a:f4:39:5c:ac:ba:51:07:
                    64:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:6D:D8:CC:AD:71:02:68:B6:4A:4E:61:F1:AD:CA:86:2E:4B:18:F3
            X509v3 Authority Key Identifier:
                keyid:D1:DE:12:4E:0F:8A:DB:4E:7D:95:76:CE:AE:32:5F:66:8D:D2:24:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d4STg-K2059lXbOrjJfZo3SJLE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/dm3YzK1xAmi2Sk5h8a3Khi5LGPM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/0d4STg-K2059lXbOrjJfZo3SJLE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.199.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:9c:09:b8:d0:5a:c2:e4:27:60:05:16:d6:8c:5e:38:18:9d:
         45:ff:53:15:c2:b8:43:78:d3:e5:0b:16:ca:d9:ee:3c:1f:77:
         2b:ec:74:aa:0d:f1:fb:ff:05:e9:08:e7:e9:25:db:0e:ff:2f:
         12:1e:69:6d:db:fd:28:8d:35:31:6f:05:ee:80:87:a6:a9:9e:
         b7:9a:05:7b:29:78:69:3a:5b:52:78:f7:39:95:03:f4:6b:90:
         55:bd:90:1b:65:b8:c4:85:10:2b:48:e6:00:be:10:f6:6e:d2:
         57:42:6b:9e:3b:93:85:69:92:09:a7:97:ea:d7:fc:e2:ae:d9:
         ce:15:ad:7d:f7:0e:f8:66:16:76:a8:71:77:2a:d1:26:89:cd:
         3e:09:51:29:85:35:32:dd:20:35:8a:39:64:31:0d:5f:9a:cf:
         cf:85:31:6d:17:9d:ca:16:ba:70:4f:a6:6b:0e:d6:27:e7:59:
         74:bd:4f:b9:b3:3e:a7:95:5a:0e:57:91:d8:cd:fd:03:8e:71:
         b7:80:7d:98:60:48:77:c5:0a:3a:83:3f:90:c2:d1:85:7a:7f:
         a3:b0:fa:1e:e6:e3:e3:50:05:d8:fc:60:75:23:60:55:6f:c1:
         9f:03:26:5f:32:22:d5:a1:ab:15:fd:c1:a8:27:a7:0f:2c:42:
         e5:9c:03:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjabvw70QhBjZfy+yCeAggMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxZGUxMjRlMGY4YWRiNGU3ZDk1NzZjZWFlMzI1ZjY2OGRk
MjI0YjEwHhcNMjUwMTAxMTk0ODM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjZkZDhjY2FkNzEwMjY4YjY0YTRlNjFmMWFkY2E4NjJlNGIxOGYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnsEap6wLnfJdmEsatt3LdxB9Sa1z
7RDlb8boCO5I2EFlwCOdHHHsN5y+tPOXy2c3QOZX0CZCM7r20JchkafIOjmPxppT
3aWGIVpSyNC+vrLs6UyfhQDYKoYU51l5XkmIRz/I43aQnuh8A58MgGM6eStVo1v4
2vExrGzYBxMg8RYDMm4+5JdlHw0c735Y13bPKgbomyrqaJdI/ocykzJQoqbYzqz8
rKTvQZCQvUc7hm60XS1BkMQrz6/zq+09HXI+qZn5yZJtT+3h+tybJ/7/TSAhA2l2
+EMjKIlLzlE+mYulQe7X4cw68norJIbtxPRF0Pcz2BPaSvQ5XKy6UQdkSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHZt2MytcQJotkpOYfGtyoYuSxjzMB8GA1UdIwQY
MBaAFNHeEk4PittOfZV2zq4yX2aN0iSxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGQ0U1RnLUsyMDU5bFhiT3JqSmZabzNTSkxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS9hYmUxMzQtMDA5My00NjUyLTkwNTct
NGY0YzliMzQzZTkwLzEvZG0zWXpLMXhBbWkyU2s1aDhhM0toaTVMR1BNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS9hYmUxMzQtMDA5My00NjUyLTkwNTctNGY0YzliMzQzZTkw
LzEvMGQ0U1RnLUsyMDU5bFhiT3JqSmZabzNTSkxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUcccMA0G
CSqGSIb3DQEBCwUAA4IBAQBjnAm40FrC5CdgBRbWjF44GJ1F/1MVwrhDeNPlCxbK
2e48H3cr7HSqDfH7/wXpCOfpJdsO/y8SHmlt2/0ojTUxbwXugIemqZ63mgV7KXhp
OltSePc5lQP0a5BVvZAbZbjEhRArSOYAvhD2btJXQmueO5OFaZIJp5fq1/zirtnO
Fa199w74ZhZ2qHF3KtEmic0+CVEphTUy3SA1ijlkMQ1fms/PhTFtF53KFrpwT6Zr
DtYn51l0vU+5sz6nlVoOV5HYzf0DjnG3gH2YYEh3xQo6gz+QwtGFen+jsPoe5uPj
UAXY/GB1I2BVb8GfAyZfMiLVoasV/cGoJ6cPLELlnAOb
-----END CERTIFICATE-----