Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/2CgFmOGP717oALUaAiVYARg6t9Q.roa
File:                     2CgFmOGP717oALUaAiVYARg6t9Q.roa (raw, json)
Hash identifier:          kP+qqT/fr+AmSGmJhlEX1wwhusi+sKSYE0FYaGsMvfo=
Subject key identifier:   D8:28:05:98:E1:8F:EF:5E:E8:00:B5:1A:02:25:58:01:18:3A:B7:D4
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       018CC6B7A619DD8B1E0119EC0FCB1347E986
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/2CgFmOGP717oALUaAiVYARg6t9Q.roa
Signing time:             Mon 01 Jan 2024 20:29:33 +0000
ROA not before:           Mon 01 Jan 2024 20:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199414
IP address blocks:        81.21.1.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:a6:19:dd:8b:1e:01:19:ec:0f:cb:13:47:e9:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Jan  1 20:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d8280598e18fef5ee800b51a02255801183ab7d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:e2:72:a0:b9:3c:f0:ad:e9:ad:c0:6e:43:15:
                    fb:54:dc:81:2b:ab:df:c6:4f:5d:70:9e:36:b2:dd:
                    ad:3e:3a:cd:de:93:1c:1a:39:76:3d:1d:aa:8d:27:
                    96:3a:9f:d5:2c:a0:7d:e9:6b:2f:4a:7e:d6:32:ca:
                    9b:8f:de:77:ec:04:39:56:6b:9d:46:7c:21:8e:47:
                    41:0f:00:a0:7a:0f:c2:b7:ef:fe:0a:e9:97:d2:28:
                    61:d9:73:03:d5:3f:a9:73:ca:a8:3e:49:59:6f:d5:
                    b9:35:bb:f2:78:d7:de:81:a6:6c:09:fb:46:1c:92:
                    04:93:c1:00:4b:28:35:fc:ce:f0:00:49:cb:bc:54:
                    1c:1b:78:40:e8:bc:3e:5c:36:5b:39:fd:c0:f3:38:
                    ba:ec:0b:fc:b2:50:fa:c8:11:0a:f3:ed:af:4f:35:
                    41:24:3c:aa:8d:18:4e:ed:30:c5:2a:c3:c6:44:54:
                    4c:a8:ed:81:10:bc:9b:5e:b2:f2:b1:f0:dc:93:db:
                    f7:b8:44:6a:78:f3:9f:ea:9f:3b:16:f8:ad:3f:72:
                    e0:08:fb:3a:18:66:6f:75:98:be:8e:07:74:95:f6:
                    e5:cf:ea:84:3a:34:d1:e2:20:9c:c2:92:2d:0a:d2:
                    6b:86:4c:77:b9:79:43:27:a1:2d:7a:ff:9e:ca:37:
                    0b:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:28:05:98:E1:8F:EF:5E:E8:00:B5:1A:02:25:58:01:18:3A:B7:D4
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/2CgFmOGP717oALUaAiVYARg6t9Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.21.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:a0:c9:9a:1f:1c:06:6c:fc:7d:61:75:8c:79:88:13:af:a8:
         33:b3:c1:ec:ce:91:41:47:d9:24:0c:ed:0e:e8:46:b1:84:c4:
         9c:22:89:80:a6:40:af:d8:18:b7:2b:6a:3e:a7:9b:6e:79:b3:
         32:0c:47:b5:59:bc:d5:94:7c:01:9d:6d:3a:9a:6b:91:89:21:
         31:62:13:f1:0e:e5:a7:4f:15:88:45:60:6d:a3:c9:3d:39:c2:
         80:0c:f0:bd:07:3c:52:ef:14:ff:99:a8:27:49:a9:d6:4a:59:
         68:7f:0d:b5:fb:1c:33:69:4c:e7:dc:cd:26:99:67:08:ae:b1:
         54:e0:9d:d6:53:1f:b8:e5:43:81:79:81:ea:06:d4:ec:45:64:
         72:16:e6:02:ec:e5:40:4e:0c:d9:cc:7d:fe:2e:38:30:e3:fe:
         f2:3b:83:ab:9a:26:33:9b:60:ba:1f:9d:35:81:c5:99:5f:9c:
         9e:c7:d7:64:a6:94:c7:59:cc:9a:2f:3b:3d:20:67:44:11:2c:
         c5:a9:a6:e7:f9:6e:02:77:ea:5d:df:e5:a2:5c:55:b8:f3:34:
         59:33:fa:a0:df:b2:24:27:55:a3:e5:c2:e9:98:87:fe:46:60:
         5d:d7:0f:0f:10:4f:d7:e3:a5:43:7b:97:cd:3d:e9:a6:42:8c:
         87:20:49:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt6YZ3YseARnsD8sTR+mGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjQwMTAxMjAyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODI4MDU5OGUxOGZlZjVlZTgwMGI1MWEwMjI1NTgwMTE4M2FiN2Q0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn+JyoLk88K3prcBuQxX7VNyBK6vf
xk9dcJ42st2tPjrN3pMcGjl2PR2qjSeWOp/VLKB96WsvSn7WMsqbj9537AQ5Vmud
RnwhjkdBDwCgeg/Ct+/+CumX0ihh2XMD1T+pc8qoPklZb9W5NbvyeNfegaZsCftG
HJIEk8EASyg1/M7wAEnLvFQcG3hA6Lw+XDZbOf3A8zi67Av8slD6yBEK8+2vTzVB
JDyqjRhO7TDFKsPGRFRMqO2BELybXrLysfDck9v3uERqePOf6p87FvitP3LgCPs6
GGZvdZi+jgd0lfblz+qEOjTR4iCcwpItCtJrhkx3uXlDJ6Etev+eyjcL0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNgoBZjhj+9e6AC1GgIlWAEYOrfUMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvMkNnRm1PR1A3MTdvQUxVYUFpVllBUmc2dDlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAURUBMA0G
CSqGSIb3DQEBCwUAA4IBAQABoMmaHxwGbPx9YXWMeYgTr6gzs8HszpFBR9kkDO0O
6EaxhMScIomApkCv2Bi3K2o+p5tuebMyDEe1WbzVlHwBnW06mmuRiSExYhPxDuWn
TxWIRWBto8k9OcKADPC9BzxS7xT/magnSanWSllofw21+xwzaUzn3M0mmWcIrrFU
4J3WUx+45UOBeYHqBtTsRWRyFuYC7OVATgzZzH3+Ljgw4/7yO4OrmiYzm2C6H501
gcWZX5yex9dkppTHWcyaLzs9IGdEESzFqabn+W4Cd+pd3+WiXFW48zRZM/qg37Ik
J1Wj5cLpmIf+RmBd1w8PEE/X46VDe5fNPemmQoyHIEnj
-----END CERTIFICATE-----