Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/7yOhaWvFF32W3vcomgagglxLPhs.roa
File:                     7yOhaWvFF32W3vcomgagglxLPhs.roa (raw, json)
Hash identifier:          x7Vj5Ftn3a7Pj4ewehU1p1hq9NAFQJaHmOnOCktkV48=
Subject key identifier:   EF:23:A1:69:6B:C5:17:7D:96:DE:F7:28:9A:06:A0:82:5C:4B:3E:1B
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       018D161F1D04B5EEA0B891E14E7263D79BB4
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/7yOhaWvFF32W3vcomgagglxLPhs.roa
Signing time:             Wed 17 Jan 2024 06:32:34 +0000
ROA not before:           Wed 17 Jan 2024 06:32:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203728
IP address blocks:        81.21.4.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:16:1f:1d:04:b5:ee:a0:b8:91:e1:4e:72:63:d7:9b:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Jan 17 06:32:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ef23a1696bc5177d96def7289a06a0825c4b3e1b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:f2:23:11:e5:5f:43:6f:01:3b:18:ea:8e:9a:
                    fe:30:8e:ba:2d:dc:ac:0b:a6:07:42:35:a4:43:58:
                    96:68:8e:ea:da:86:56:e5:cd:26:d2:11:c0:ed:84:
                    e8:4d:f7:e1:c1:56:df:07:90:d1:3e:4f:a9:36:47:
                    dc:11:6c:b4:c7:a6:e3:a2:2b:b8:4b:d0:d2:73:6f:
                    5c:bf:09:97:7f:a4:2d:a8:52:d1:78:81:78:5c:9e:
                    a5:55:91:cc:78:0a:a7:05:fa:da:53:25:e4:f1:06:
                    48:8c:8f:40:2f:17:bd:b6:57:03:b7:cd:73:c3:81:
                    cd:ef:39:33:05:af:52:c8:9e:c5:ee:64:c0:d4:85:
                    66:02:8d:9e:33:17:24:f7:2c:e6:b3:15:f3:16:d7:
                    99:f9:2e:cd:b3:e0:55:6d:b8:e1:9c:1a:e2:a6:fe:
                    51:85:19:fa:9c:a7:f3:eb:7e:47:1b:e9:1f:c8:91:
                    dd:89:57:64:d1:0c:a3:e5:17:4c:e0:09:3c:d0:9f:
                    64:1a:30:e3:a3:87:b7:63:5b:e8:48:74:db:7b:d2:
                    62:2d:fb:b3:bf:5d:eb:6b:59:bb:03:95:00:81:5c:
                    9f:4c:da:cc:f9:14:7c:31:b9:03:33:09:18:d9:4b:
                    1e:a4:46:e6:3b:38:bc:59:1d:b7:36:2f:de:ee:8e:
                    e0:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:23:A1:69:6B:C5:17:7D:96:DE:F7:28:9A:06:A0:82:5C:4B:3E:1B
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/7yOhaWvFF32W3vcomgagglxLPhs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.21.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:38:22:55:57:e3:0a:bf:ab:38:9a:7c:b3:d4:7c:b6:af:6a:
         04:b9:29:a1:06:59:e0:b2:67:cf:36:34:d0:a5:b0:a7:be:2c:
         b5:57:40:bb:93:cd:f0:2c:6d:db:3e:42:72:42:18:db:17:48:
         23:50:fa:66:46:88:db:ac:56:db:e4:7a:4b:22:4c:20:1f:16:
         96:51:b9:b0:23:d8:8b:f2:d3:ac:ec:d4:d0:3d:e2:70:6a:13:
         be:e5:dd:e9:2f:98:92:87:3f:1c:38:6f:5a:2e:ab:c0:9b:53:
         1b:0f:7e:63:3d:bf:5c:0a:72:01:84:09:e8:2c:61:d0:b1:1f:
         bf:44:f8:bf:ae:58:6b:41:f6:6b:4f:57:fc:80:4a:c4:c8:42:
         8e:2a:c7:e3:5d:31:35:cb:03:47:43:43:73:a4:62:65:78:8f:
         31:0c:44:82:1e:ff:b4:d1:29:7e:14:35:fd:97:bb:2d:01:39:
         bd:5a:4a:a4:be:38:33:c7:0c:8e:36:94:bb:dd:6a:6a:c1:88:
         cf:70:45:17:fb:6b:71:5a:0b:be:e7:39:be:28:09:b2:00:4c:
         cd:69:0c:40:e2:78:bd:25:0c:6c:53:5b:2f:22:e7:2a:d6:b0:
         bd:ca:82:3d:4c:01:8c:66:46:7a:b1:64:37:92:b6:a2:05:81:
         51:87:a8:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0WHx0Ete6guJHhTnJj15u0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjQwMTE3MDYzMjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjIzYTE2OTZiYzUxNzdkOTZkZWY3Mjg5YTA2YTA4MjVjNGIzZTFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxfIjEeVfQ28BOxjqjpr+MI66Ldys
C6YHQjWkQ1iWaI7q2oZW5c0m0hHA7YToTffhwVbfB5DRPk+pNkfcEWy0x6bjoiu4
S9DSc29cvwmXf6QtqFLReIF4XJ6lVZHMeAqnBfraUyXk8QZIjI9ALxe9tlcDt81z
w4HN7zkzBa9SyJ7F7mTA1IVmAo2eMxck9yzmsxXzFteZ+S7Ns+BVbbjhnBripv5R
hRn6nKfz635HG+kfyJHdiVdk0Qyj5RdM4Ak80J9kGjDjo4e3Y1voSHTbe9JiLfuz
v13ra1m7A5UAgVyfTNrM+RR8MbkDMwkY2UsepEbmOzi8WR23Ni/e7o7gjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO8joWlrxRd9lt73KJoGoIJcSz4bMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvN3lPaGFXdkZGMzJXM3Zjb21nYWdnbHhMUGhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAURUEMA0G
CSqGSIb3DQEBCwUAA4IBAQBMOCJVV+MKv6s4mnyz1Hy2r2oEuSmhBlngsmfPNjTQ
pbCnviy1V0C7k83wLG3bPkJyQhjbF0gjUPpmRojbrFbb5HpLIkwgHxaWUbmwI9iL
8tOs7NTQPeJwahO+5d3pL5iShz8cOG9aLqvAm1MbD35jPb9cCnIBhAnoLGHQsR+/
RPi/rlhrQfZrT1f8gErEyEKOKsfjXTE1ywNHQ0NzpGJleI8xDESCHv+00Sl+FDX9
l7stATm9WkqkvjgzxwyONpS73WpqwYjPcEUX+2txWgu+5zm+KAmyAEzNaQxA4ni9
JQxsU1svIucq1rC9yoI9TAGMZkZ6sWQ3kraiBYFRh6hr
-----END CERTIFICATE-----