Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/2wCQTKiaPStoOHOfKcyst_K81wI.roa
File:                     2wCQTKiaPStoOHOfKcyst_K81wI.roa (raw, json)
Hash identifier:          pHy6hudpy+7nYotMVbG1seZa075VvfF9tpzTZckvWlE=
Subject key identifier:   DB:00:90:4C:A8:9A:3D:2B:68:38:73:9F:29:CC:AC:B7:F2:BC:D7:02
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       0190E38779037D0346DA7929B28FFC82275C
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/2wCQTKiaPStoOHOfKcyst_K81wI.roa
Signing time:             Wed 24 Jul 2024 06:57:04 +0000
ROA not before:           Wed 24 Jul 2024 06:57:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211975
IP address blocks:        81.21.5.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 17 Sep 2024 11:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:e3:87:79:03:7d:03:46:da:79:29:b2:8f:fc:82:27:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Jul 24 06:57:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=db00904ca89a3d2b6838739f29ccacb7f2bcd702
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:57:02:da:dc:d1:2e:ea:16:7d:ef:9b:fc:55:
                    51:dd:fa:9f:8b:56:21:82:32:05:49:9f:01:8e:8b:
                    89:36:24:fc:3e:30:a9:73:0b:5f:f1:cd:ea:e0:62:
                    76:79:af:e8:31:5a:50:8b:a0:6e:ee:90:37:6d:b9:
                    17:f5:f1:b5:b9:4c:2c:51:4c:72:03:4b:0b:ca:46:
                    0e:d4:c8:49:d1:b1:9f:46:5c:49:06:aa:e8:80:c4:
                    b4:6b:e7:81:4c:c2:aa:a9:a2:72:2e:ce:f3:48:71:
                    3a:c5:8a:92:df:26:15:90:eb:d5:28:3d:59:e0:6f:
                    d9:ce:eb:e9:8a:76:5a:31:ab:86:ae:83:a5:27:97:
                    d8:4a:7d:25:ba:46:25:2f:46:5b:a0:df:bf:d6:6a:
                    45:a1:f5:f4:69:bd:39:f4:a0:ff:76:68:ea:52:22:
                    37:99:f5:ac:5f:ea:72:2e:50:6d:51:75:d3:0a:55:
                    9a:d1:cb:8d:d8:6f:1d:7b:5d:6a:66:6f:2f:91:bd:
                    4c:3e:3f:e6:cb:68:d2:0d:9a:21:7a:7c:e4:20:4d:
                    3a:e2:e9:35:7b:97:d9:5d:1a:c4:0b:af:d9:21:50:
                    63:e8:4c:7f:a1:15:c0:fe:ba:5f:80:77:ed:3e:f3:
                    e1:05:2e:9b:28:fb:30:37:34:fd:c6:b3:46:9e:7d:
                    fa:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:00:90:4C:A8:9A:3D:2B:68:38:73:9F:29:CC:AC:B7:F2:BC:D7:02
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/2wCQTKiaPStoOHOfKcyst_K81wI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.21.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b9:1d:8f:ae:49:a7:ca:cc:be:f1:9a:70:45:99:43:47:94:f8:
         ee:0a:14:3f:2f:38:40:8d:22:24:72:da:14:31:97:ec:91:2c:
         01:d0:86:82:49:27:c5:f4:94:c1:b5:93:3f:65:63:03:e0:bd:
         63:d8:34:ba:d6:b4:1b:f6:56:70:08:8e:71:5c:91:d8:1b:e3:
         75:0a:dc:3a:04:bc:82:8d:65:c4:5b:f6:37:8d:80:70:4d:21:
         36:94:75:8a:6d:e0:fc:1f:36:ed:74:4f:8a:64:84:46:c2:56:
         d2:63:11:81:70:9d:a1:aa:cb:ed:e8:35:06:5b:d6:e2:29:b9:
         3a:f2:17:2c:93:9c:73:91:1c:3b:3a:4a:2c:ed:c3:56:26:8e:
         41:2c:48:23:4a:ee:f7:ef:4f:86:9d:9b:96:16:83:85:03:42:
         ca:c4:4b:c5:a6:74:25:fc:73:c4:2d:39:21:04:8f:a9:0a:b3:
         bb:e4:e7:3b:47:17:fd:93:98:b5:11:b8:20:a1:22:47:9d:f6:
         c1:4a:23:9a:aa:fa:8d:73:82:63:03:46:e6:87:6b:15:36:ce:
         c8:8e:9b:f6:c8:57:a4:8b:1c:73:0b:70:56:76:14:b6:58:57:
         d9:17:f6:b0:ec:43:5d:37:06:5a:45:67:aa:4f:ca:ea:44:24:
         b4:c4:5f:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDjh3kDfQNG2nkpso/8gidcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjQwNzI0MDY1NzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjAwOTA0Y2E4OWEzZDJiNjgzODczOWYyOWNjYWNiN2YyYmNkNzAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkFcC2tzRLuoWfe+b/FVR3fqfi1Yh
gjIFSZ8BjouJNiT8PjCpcwtf8c3q4GJ2ea/oMVpQi6Bu7pA3bbkX9fG1uUwsUUxy
A0sLykYO1MhJ0bGfRlxJBqrogMS0a+eBTMKqqaJyLs7zSHE6xYqS3yYVkOvVKD1Z
4G/ZzuvpinZaMauGroOlJ5fYSn0lukYlL0ZboN+/1mpFofX0ab059KD/dmjqUiI3
mfWsX+pyLlBtUXXTClWa0cuN2G8de11qZm8vkb1MPj/my2jSDZohenzkIE064uk1
e5fZXRrEC6/ZIVBj6Ex/oRXA/rpfgHftPvPhBS6bKPswNzT9xrNGnn36YQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNsAkEyomj0raDhznynMrLfyvNcCMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvMndDUVRLaWFQU3RvT0hPZktjeXN0X0s4MXdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAURUFMA0G
CSqGSIb3DQEBCwUAA4IBAQC5HY+uSafKzL7xmnBFmUNHlPjuChQ/LzhAjSIkctoU
MZfskSwB0IaCSSfF9JTBtZM/ZWMD4L1j2DS61rQb9lZwCI5xXJHYG+N1Ctw6BLyC
jWXEW/Y3jYBwTSE2lHWKbeD8HzbtdE+KZIRGwlbSYxGBcJ2hqsvt6DUGW9biKbk6
8hcsk5xzkRw7Okos7cNWJo5BLEgjSu7370+GnZuWFoOFA0LKxEvFpnQl/HPELTkh
BI+pCrO75Oc7Rxf9k5i1EbggoSJHnfbBSiOaqvqNc4JjA0bmh2sVNs7Ijpv2yFek
ixxzC3BWdhS2WFfZF/aw7ENdNwZaRWeqT8rqRCS0xF+D
-----END CERTIFICATE-----