Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/9wKoRGhrw4r6gRw1LKJhx2iqnfk.roa
File:                     9wKoRGhrw4r6gRw1LKJhx2iqnfk.roa (raw, json)
Hash identifier:          cNj3iLLPG68j8OOInCEj/DZKxl1jkvhm6J8y/yBvpF4=
Subject key identifier:   F7:02:A8:44:68:6B:C3:8A:FA:81:1C:35:2C:A2:61:C7:68:AA:9D:F9
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       018E9DAD9F61847951671EA5F3A4E9AD13FF
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/9wKoRGhrw4r6gRw1LKJhx2iqnfk.roa
Signing time:             Tue 02 Apr 2024 07:19:45 +0000
ROA not before:           Tue 02 Apr 2024 07:19:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14445
IP address blocks:        81.21.7.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:9d:ad:9f:61:84:79:51:67:1e:a5:f3:a4:e9:ad:13:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Apr  2 07:19:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f702a844686bc38afa811c352ca261c768aa9df9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:32:a5:0c:ab:d7:24:b2:58:5a:48:3d:0f:01:
                    d7:ec:81:c8:b5:b6:01:f7:3e:e3:72:91:e1:7b:f7:
                    8e:66:4b:29:af:0b:17:64:4e:66:6e:e0:40:57:98:
                    e7:24:e4:d1:be:d0:a0:3a:70:bf:fc:23:01:8e:03:
                    10:17:00:5c:f0:d6:30:2b:94:ed:a0:42:51:2d:4c:
                    d6:14:a6:e5:dc:36:81:88:67:54:5b:dd:8b:dc:3a:
                    24:5f:b3:e7:d0:26:74:a1:bb:5e:a1:8c:10:34:52:
                    90:66:52:ce:16:be:d6:63:c0:fb:f4:34:a9:46:d7:
                    44:5c:05:80:e8:f8:22:b9:46:23:c5:81:4f:07:2c:
                    00:1e:83:a1:b2:6e:f4:76:a2:09:ea:58:e9:3a:18:
                    d2:39:4e:ad:80:a8:93:30:b0:c1:86:67:29:83:46:
                    cb:77:94:4b:55:bd:de:d3:75:14:e4:e7:80:98:9e:
                    a3:71:aa:36:18:13:fb:cd:f8:46:bc:74:61:80:aa:
                    ae:f4:d4:21:98:5a:53:cf:9d:aa:25:cc:51:ef:cb:
                    df:9e:6d:c2:59:cc:1c:9d:fd:bb:75:23:6d:e2:49:
                    9e:4a:3c:c8:03:df:f9:a7:84:00:8a:5b:73:cc:09:
                    83:7b:47:d1:57:59:1d:d7:a4:c2:48:2d:4d:9e:aa:
                    7f:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:02:A8:44:68:6B:C3:8A:FA:81:1C:35:2C:A2:61:C7:68:AA:9D:F9
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/9wKoRGhrw4r6gRw1LKJhx2iqnfk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.21.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:f7:64:07:cf:b5:6e:1f:85:78:90:be:6d:84:9e:29:e4:b1:
         69:4d:d4:70:ae:f4:dc:67:da:16:65:43:db:95:d5:5a:57:d4:
         2d:b8:48:f0:1d:7a:ee:85:b9:73:dc:6f:ff:e6:7a:d0:c1:b9:
         bc:1c:f9:a5:bf:56:8f:0e:fa:8c:a0:b3:3e:16:18:7a:b0:c8:
         34:fd:d3:ca:38:19:a6:10:41:f2:fd:96:b9:ea:0e:f3:4a:fc:
         21:97:7f:c9:f0:36:f8:f7:28:a7:10:9e:aa:e8:ef:48:ac:ea:
         5a:7f:3c:d0:60:14:4d:5c:47:02:30:b6:04:0a:7b:5c:0d:59:
         4a:42:7f:ba:54:73:39:da:fc:d5:45:07:f5:9d:18:e4:f9:f3:
         04:21:93:3c:cf:41:36:df:d3:10:68:de:73:9d:ec:d0:42:c0:
         78:a4:44:ba:1f:de:cd:2d:b8:84:ad:0c:1a:3f:90:29:9d:bb:
         6a:ee:c9:c3:bf:17:03:9b:40:66:9e:8a:ae:32:88:b5:a2:5d:
         dc:c5:0c:17:85:b0:74:f5:0e:60:2e:27:d5:8c:bc:a3:a2:04:
         d2:42:b8:ce:81:74:07:6d:12:1b:4c:2a:75:77:77:be:33:f4:
         08:63:ed:92:ec:bc:fb:dc:f9:8f:17:05:4d:14:1c:2e:ab:86:
         6b:9e:cd:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6drZ9hhHlRZx6l86TprRP/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjQwNDAyMDcxOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzAyYTg0NDY4NmJjMzhhZmE4MTFjMzUyY2EyNjFjNzY4YWE5ZGY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6TKlDKvXJLJYWkg9DwHX7IHItbYB
9z7jcpHhe/eOZksprwsXZE5mbuBAV5jnJOTRvtCgOnC//CMBjgMQFwBc8NYwK5Tt
oEJRLUzWFKbl3DaBiGdUW92L3DokX7Pn0CZ0obteoYwQNFKQZlLOFr7WY8D79DSp
RtdEXAWA6PgiuUYjxYFPBywAHoOhsm70dqIJ6ljpOhjSOU6tgKiTMLDBhmcpg0bL
d5RLVb3e03UU5OeAmJ6jcao2GBP7zfhGvHRhgKqu9NQhmFpTz52qJcxR78vfnm3C
Wcwcnf27dSNt4kmeSjzIA9/5p4QAiltzzAmDe0fRV1kd16TCSC1Nnqp/OwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPcCqERoa8OK+oEcNSyiYcdoqp35MB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvOXdLb1JHaHJ3NHI2Z1J3MUxLSmh4MmlxbmZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAURUHMA0G
CSqGSIb3DQEBCwUAA4IBAQAa92QHz7VuH4V4kL5thJ4p5LFpTdRwrvTcZ9oWZUPb
ldVaV9QtuEjwHXruhblz3G//5nrQwbm8HPmlv1aPDvqMoLM+Fhh6sMg0/dPKOBmm
EEHy/Za56g7zSvwhl3/J8Db49yinEJ6q6O9IrOpafzzQYBRNXEcCMLYECntcDVlK
Qn+6VHM52vzVRQf1nRjk+fMEIZM8z0E239MQaN5znezQQsB4pES6H97NLbiErQwa
P5Apnbtq7snDvxcDm0BmnoquMoi1ol3cxQwXhbB09Q5gLifVjLyjogTSQrjOgXQH
bRIbTCp1d3e+M/QIY+2S7Lz73PmPFwVNFBwuq4Zrns2H
-----END CERTIFICATE-----