Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/xQd5W4e4PnDjglCYlz04ippgCtY.roa
File:                     xQd5W4e4PnDjglCYlz04ippgCtY.roa (raw, json)
Hash identifier:          Tau6wHDOULjCaWttAcL4vrdDPhetrZL68pVWIATRLJA=
Subject key identifier:   C5:07:79:5B:87:B8:3E:70:E3:82:50:98:97:3D:38:8A:9A:60:0A:D6
Certificate issuer:       /CN=8f3818554a51808eefb829ec7465a3222f270123
Certificate serial:       0194252079CFF29935A4735FA477476AAB9E
Authority key identifier: 8F:38:18:55:4A:51:80:8E:EF:B8:29:EC:74:65:A3:22:2F:27:01:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jzgYVUpRgI7vuCnsdGWjIi8nASM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/xQd5W4e4PnDjglCYlz04ippgCtY.roa
Signing time:             Thu 02 Jan 2025 03:47:52 +0000
ROA not before:           Thu 02 Jan 2025 03:47:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24832
IP address blocks:        81.28.0.0/24 maxlen: 24
                          81.28.1.0/24 maxlen: 24
                          81.28.2.0/24 maxlen: 24
                          81.28.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/jzgYVUpRgI7vuCnsdGWjIi8nASM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/jzgYVUpRgI7vuCnsdGWjIi8nASM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jzgYVUpRgI7vuCnsdGWjIi8nASM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:20:79:cf:f2:99:35:a4:73:5f:a4:77:47:6a:ab:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f3818554a51808eefb829ec7465a3222f270123
        Validity
            Not Before: Jan  2 03:47:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c507795b87b83e70e3825098973d388a9a600ad6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:3f:fe:59:f3:65:7e:df:0d:6c:d3:90:65:2b:
                    31:f6:c1:fb:7e:6f:76:64:18:48:6b:2c:90:05:8b:
                    92:e1:21:09:12:29:5c:4c:76:97:fd:dc:91:ad:a0:
                    56:c0:65:c9:d0:74:b8:f5:b5:44:73:67:c0:41:5c:
                    5e:5a:10:3e:99:75:de:40:2f:fa:8c:04:21:ee:36:
                    7e:ae:75:17:6e:f4:77:3a:d7:f5:68:9d:30:c8:cd:
                    36:ee:66:a9:65:6d:7e:5f:c6:40:82:22:cb:68:39:
                    a8:58:ce:0e:60:ad:45:23:05:d1:85:1e:da:03:ed:
                    6b:72:25:4b:6f:84:c7:d5:fa:fd:2f:56:5f:07:68:
                    a2:a1:f5:6f:14:27:0c:3d:b3:12:e3:41:85:52:00:
                    75:19:87:d2:04:2d:51:b9:d7:35:f5:32:0a:b2:9a:
                    1a:97:cc:e5:40:85:58:a3:b6:68:4d:b7:97:48:dd:
                    ee:11:aa:80:38:74:d1:94:bf:97:68:61:4f:b3:d3:
                    a6:9a:eb:9c:82:6c:65:d4:6a:e6:82:ba:de:d6:6c:
                    38:91:14:d7:19:45:a1:91:d3:3e:e7:e3:16:23:67:
                    d9:d4:11:6c:54:ca:1b:c2:9c:f5:33:c7:fd:27:41:
                    38:d3:43:c5:2f:64:fe:d9:70:3a:25:ae:5d:9e:dd:
                    37:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:07:79:5B:87:B8:3E:70:E3:82:50:98:97:3D:38:8A:9A:60:0A:D6
            X509v3 Authority Key Identifier:
                keyid:8F:38:18:55:4A:51:80:8E:EF:B8:29:EC:74:65:A3:22:2F:27:01:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jzgYVUpRgI7vuCnsdGWjIi8nASM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/xQd5W4e4PnDjglCYlz04ippgCtY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/jzgYVUpRgI7vuCnsdGWjIi8nASM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.28.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         92:07:1d:be:7a:2d:c9:19:f6:77:cb:c9:c6:0e:28:2a:07:62:
         ff:fb:a8:06:da:b5:be:12:ed:ca:e7:54:0c:09:b7:a5:c8:5d:
         96:0e:16:97:89:c1:87:34:1e:22:1b:8b:f2:c6:72:b8:66:4a:
         3a:97:72:93:70:67:08:ee:86:46:ec:01:70:62:5e:1d:95:90:
         fb:bf:73:6b:2f:57:de:c0:b7:9a:01:9f:37:80:98:9e:d3:9d:
         8e:88:60:eb:78:31:c9:c6:3b:62:bd:4b:28:32:9a:f2:1c:42:
         bd:a5:67:fa:ef:88:f7:c1:a8:9d:27:8b:bd:57:29:cb:f4:8e:
         35:e6:ee:62:3f:3f:6b:4b:d6:d9:5a:60:44:79:ec:01:8c:2e:
         f7:d1:69:f3:51:a2:a7:9c:16:2e:02:52:f4:fd:4f:1a:8c:89:
         59:f3:01:f8:02:2d:61:74:e8:fd:34:b4:0b:89:c6:58:e2:2a:
         9c:4b:9b:99:2a:94:1a:3a:b8:5c:e0:54:f5:23:ec:e1:ba:8d:
         af:72:85:ac:09:ab:4c:92:0a:52:fa:17:20:57:f3:20:5d:12:
         55:8c:56:ac:8e:96:8d:7b:68:41:1c:03:10:d3:0c:d1:6c:49:
         c1:85:1f:69:09:9d:be:4e:53:37:ae:37:76:a6:23:4b:1a:e2:
         f4:a3:66:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIHnP8pk1pHNfpHdHaqueMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmMzgxODU1NGE1MTgwOGVlZmI4MjllYzc0NjVhMzIyMmYy
NzAxMjMwHhcNMjUwMTAyMDM0NzUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTA3Nzk1Yjg3YjgzZTcwZTM4MjUwOTg5NzNkMzg4YTlhNjAwYWQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApD/+WfNlft8NbNOQZSsx9sH7fm92
ZBhIayyQBYuS4SEJEilcTHaX/dyRraBWwGXJ0HS49bVEc2fAQVxeWhA+mXXeQC/6
jAQh7jZ+rnUXbvR3Otf1aJ0wyM027mapZW1+X8ZAgiLLaDmoWM4OYK1FIwXRhR7a
A+1rciVLb4TH1fr9L1ZfB2iiofVvFCcMPbMS40GFUgB1GYfSBC1Rudc19TIKspoa
l8zlQIVYo7ZoTbeXSN3uEaqAOHTRlL+XaGFPs9Ommuucgmxl1Grmgrre1mw4kRTX
GUWhkdM+5+MWI2fZ1BFsVMobwpz1M8f9J0E400PFL2T+2XA6Ja5dnt03hwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMUHeVuHuD5w44JQmJc9OIqaYArWMB8GA1UdIwQY
MBaAFI84GFVKUYCO77gp7HRloyIvJwEjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanpnWVZVcFJnSTd2dUNuc2RHV2pJaThuQVNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni8wOWRiYTQtMWM5My00OWQ2LTg4ODgt
YmZiNGJhMzBlNDVhLzEveFFkNVc0ZTRQbkRqZ2xDWWx6MDRpcHBnQ3RZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni8wOWRiYTQtMWM5My00OWQ2LTg4ODgtYmZiNGJhMzBlNDVh
LzEvanpnWVZVcFJnSTd2dUNuc2RHV2pJaThuQVNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCURwAMA0G
CSqGSIb3DQEBCwUAA4IBAQCSBx2+ei3JGfZ3y8nGDigqB2L/+6gG2rW+Eu3K51QM
CbelyF2WDhaXicGHNB4iG4vyxnK4Zko6l3KTcGcI7oZG7AFwYl4dlZD7v3NrL1fe
wLeaAZ83gJie052OiGDreDHJxjtivUsoMpryHEK9pWf674j3waidJ4u9VynL9I41
5u5iPz9rS9bZWmBEeewBjC730WnzUaKnnBYuAlL0/U8ajIlZ8wH4Ai1hdOj9NLQL
icZY4iqcS5uZKpQaOrhc4FT1I+zhuo2vcoWsCatMkgpS+hcgV/MgXRJVjFasjpaN
e2hBHAMQ0wzRbEnBhR9pCZ2+TlM3rjd2piNLGuL0o2YR
-----END CERTIFICATE-----