Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/hAORLTjYIaAZCA1MDAzbn20KJBk.roa
File:                     hAORLTjYIaAZCA1MDAzbn20KJBk.roa (raw, json)
Hash identifier:          mRX5JIBHs9mxOpDd2kq5jmm77hTIjBUrsJwOl/Hak4Y=
Subject key identifier:   84:03:91:2D:38:D8:21:A0:19:08:0D:4C:0C:0C:DB:9F:6D:0A:24:19
Certificate issuer:       /CN=fb987244611b5230536744b6a89f044f32f462ea
Certificate serial:       018CC79423F3FB72B68A22EE029591437CA3
Authority key identifier: FB:98:72:44:61:1B:52:30:53:67:44:B6:A8:9F:04:4F:32:F4:62:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/hAORLTjYIaAZCA1MDAzbn20KJBk.roa
Signing time:             Tue 02 Jan 2024 00:30:23 +0000
ROA not before:           Tue 02 Jan 2024 00:30:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49602
IP address blocks:        81.7.108.0/22 maxlen: 22
                          81.7.112.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:23:f3:fb:72:b6:8a:22:ee:02:95:91:43:7c:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fb987244611b5230536744b6a89f044f32f462ea
        Validity
            Not Before: Jan  2 00:30:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8403912d38d821a019080d4c0c0cdb9f6d0a2419
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:33:21:de:56:87:5c:14:1a:f4:60:c9:20:1d:
                    5d:a8:5e:c6:d4:78:10:ca:fb:68:28:88:8f:58:db:
                    4b:4e:f1:bd:47:f2:df:cf:ec:de:80:a3:17:d7:5c:
                    81:04:dc:64:70:d1:f8:65:5a:cb:46:13:26:d4:f2:
                    c1:4f:61:80:03:73:f1:e1:97:dd:e9:18:3c:1a:b9:
                    08:32:14:1b:5a:f4:c6:73:f0:bc:d4:34:1a:25:8c:
                    65:62:68:4a:e5:c7:a1:f9:26:ab:a5:26:8e:e8:f6:
                    75:6e:19:2c:25:37:ad:e5:79:98:dd:ab:0b:00:4c:
                    67:7f:69:47:ec:a6:04:16:42:9a:51:2d:a8:b4:93:
                    de:95:0e:7a:90:4c:6c:94:9b:28:f5:83:f0:4e:4b:
                    46:41:7a:bd:33:02:bb:2a:49:60:a2:ed:b0:39:b4:
                    7c:ac:45:72:da:cf:28:c4:65:41:b8:fe:0f:7b:53:
                    e4:f6:37:cb:7b:6c:2c:e7:83:df:ef:fd:20:9e:96:
                    c4:cf:6e:3a:65:8b:6f:b0:f5:5d:9d:3a:da:8c:24:
                    45:d3:0e:3e:78:df:85:78:9b:f9:4e:f2:b4:54:df:
                    8a:fe:82:45:77:5a:d7:ea:8c:cd:ff:8f:30:4b:63:
                    a6:7b:f0:ba:93:cd:55:ad:bf:de:08:67:32:0d:b2:
                    a2:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:03:91:2D:38:D8:21:A0:19:08:0D:4C:0C:0C:DB:9F:6D:0A:24:19
            X509v3 Authority Key Identifier:
                keyid:FB:98:72:44:61:1B:52:30:53:67:44:B6:A8:9F:04:4F:32:F4:62:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/hAORLTjYIaAZCA1MDAzbn20KJBk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.7.108.0-81.7.113.255

    Signature Algorithm: sha256WithRSAEncryption
         5e:61:e8:d8:2a:2a:ba:68:97:61:b0:24:aa:b4:81:6c:ce:92:
         10:0e:55:4d:0f:e0:a2:30:1e:0c:63:a6:18:3d:9a:52:e6:ca:
         93:bc:86:fe:1a:d8:14:90:63:86:a6:ef:cb:3c:25:6f:64:c9:
         ec:01:d1:04:e5:ed:25:4e:2d:68:c3:c4:73:a8:f9:70:c3:35:
         57:08:0d:9f:82:21:36:81:66:3a:d0:56:9d:12:99:a5:da:b5:
         38:fa:96:22:24:76:3c:d5:4e:93:dd:a2:84:38:8d:b1:8d:07:
         57:85:e1:1e:1f:8b:49:f6:4d:b7:88:09:38:be:93:64:f3:33:
         b6:aa:c8:47:4c:4c:cc:6d:2b:cc:4d:be:fc:73:a0:26:c7:a6:
         88:b2:24:4a:86:47:a4:53:74:41:93:53:fd:1d:72:b3:31:6b:
         76:21:3c:a5:f6:a1:58:dc:43:8b:de:79:71:bc:f9:09:46:81:
         43:4c:e6:d0:5b:5f:3d:5c:a5:a7:f5:66:2b:56:23:b2:c1:24:
         3a:f6:43:f7:c7:2e:01:9d:cd:5b:f4:ca:28:68:bb:a3:77:0c:
         a3:5c:f1:73:5c:a0:b2:54:18:0f:52:bc:98:0a:44:f2:d5:ab:
         cf:ab:9a:f7:de:ed:8c:0f:0f:2d:27:68:41:0b:05:11:c9:ba:
         6b:25:25:ed
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAYzHlCPz+3K2iiLuApWRQ3yjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiOTg3MjQ0NjExYjUyMzA1MzY3NDRiNmE4OWYwNDRmMzJm
NDYyZWEwHhcNMjQwMTAyMDAzMDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDAzOTEyZDM4ZDgyMWEwMTkwODBkNGMwYzBjZGI5ZjZkMGEyNDE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwDMh3laHXBQa9GDJIB1dqF7G1HgQ
yvtoKIiPWNtLTvG9R/Lfz+zegKMX11yBBNxkcNH4ZVrLRhMm1PLBT2GAA3Px4Zfd
6Rg8GrkIMhQbWvTGc/C81DQaJYxlYmhK5ceh+SarpSaO6PZ1bhksJTet5XmY3asL
AExnf2lH7KYEFkKaUS2otJPelQ56kExslJso9YPwTktGQXq9MwK7Kklgou2wObR8
rEVy2s8oxGVBuP4Pe1Pk9jfLe2ws54Pf7/0gnpbEz246ZYtvsPVdnTrajCRF0w4+
eN+FeJv5TvK0VN+K/oJFd1rX6ozN/48wS2Ome/C6k81Vrb/eCGcyDbKiQQIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFIQDkS042CGgGQgNTAwM259tCiQZMB8GA1UdIwQY
MBaAFPuYckRhG1IwU2dEtqifBE8y9GLqMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS01aHlSR0ViVWpCVFowUzJxSjhFVHpMMFl1by5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDQvMzE5ZDdjLTdlNzYtNDMwOC1iYzAw
LWJlNTgzMmQ1ZjdhYS8xL2hBT1JMVGpZSWFBWkNBMU1EQXpibjIwS0pCay5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNDQvMzE5ZDdjLTdlNzYtNDMwOC1iYzAwLWJlNTgzMmQ1Zjdh
YS8xLzEtNWh5UkdFYlVqQlRaMFMycUo4RVR6TDBZdW8uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJwYIKwYBBQUHAQcBAf8EGDAWMBQEAgABMA4wDAMEAlEH
bAMEAVEHcDANBgkqhkiG9w0BAQsFAAOCAQEAXmHo2CoqumiXYbAkqrSBbM6SEA5V
TQ/gojAeDGOmGD2aUubKk7yG/hrYFJBjhqbvyzwlb2TJ7AHRBOXtJU4taMPEc6j5
cMM1VwgNn4IhNoFmOtBWnRKZpdq1OPqWIiR2PNVOk92ihDiNsY0HV4XhHh+LSfZN
t4gJOL6TZPMztqrIR0xMzG0rzE2+/HOgJsemiLIkSoZHpFN0QZNT/R1yszFrdiE8
pfahWNxDi955cbz5CUaBQ0zm0FtfPVylp/VmK1YjssEkOvZD98cuAZ3NW/TKKGi7
o3cMo1zxc1ygslQYD1K8mApE8tWrz6ua997tjA8PLSdoQQsFEcm6ayUl7Q==
-----END CERTIFICATE-----