Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/MlLQWve-C-e_PA7DbBw64B5-21I.roa
File:                     MlLQWve-C-e_PA7DbBw64B5-21I.roa (raw, json)
Hash identifier:          gt4c7yrICeVmf/YTzpzI62cHuTzzBP6S+3Blnpua4XM=
Subject key identifier:   32:52:D0:5A:F7:BE:0B:E7:BF:3C:0E:C3:6C:1C:3A:E0:1E:7E:DB:52
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       0190411419B795EB6B060C100A9B78543C91
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/MlLQWve-C-e_PA7DbBw64B5-21I.roa
Signing time:             Sat 22 Jun 2024 17:52:34 +0000
ROA not before:           Sat 22 Jun 2024 17:52:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211440
IP address blocks:        81.21.3.0/24 maxlen: 24
                          176.57.63.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:41:14:19:b7:95:eb:6b:06:0c:10:0a:9b:78:54:3c:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Jun 22 17:52:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3252d05af7be0be7bf3c0ec36c1c3ae01e7edb52
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:13:9a:d0:3a:2a:08:aa:e5:27:2b:72:22:76:
                    a6:11:8a:1b:fe:ee:f9:0f:a1:d6:71:e3:4e:6a:2d:
                    be:a2:3a:d3:d0:2d:5c:fa:3c:4d:77:f0:1c:ef:e9:
                    04:4a:ac:92:a9:6c:0c:48:a4:ff:9c:1a:32:fd:94:
                    24:7c:08:d8:7a:ac:ee:a6:40:47:76:8f:05:09:f3:
                    39:4c:1a:7a:af:b1:d6:13:cc:c8:9e:84:5a:0d:47:
                    80:17:37:9e:61:4e:06:90:00:60:df:78:cc:96:3b:
                    7a:a0:b7:f9:19:ba:42:69:10:47:e0:76:57:48:7c:
                    db:64:b1:eb:e3:72:31:d7:10:48:8c:43:62:c8:70:
                    0b:44:29:98:71:43:c3:5f:4e:e8:af:55:0d:66:71:
                    96:ec:e2:8d:d1:0e:a8:31:36:04:d6:5b:d4:1d:37:
                    e1:d8:f1:c1:d3:90:9d:8c:22:78:17:c8:4a:1f:df:
                    40:17:8a:fe:63:33:6b:f4:34:38:5c:8b:db:d8:a7:
                    53:ef:ec:72:4b:2e:a6:bf:fa:8c:91:21:e0:e5:64:
                    88:c7:a8:6b:73:87:0d:f4:d8:78:78:e1:33:2d:5c:
                    75:4f:31:3d:3b:d0:9d:6e:4c:7c:0c:64:61:15:01:
                    55:26:ab:dc:b4:1e:94:30:7c:05:7b:e5:54:6f:2e:
                    95:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:52:D0:5A:F7:BE:0B:E7:BF:3C:0E:C3:6C:1C:3A:E0:1E:7E:DB:52
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/MlLQWve-C-e_PA7DbBw64B5-21I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.21.3.0/24
                  176.57.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:8d:43:97:dd:28:37:0e:55:ae:4d:e6:63:22:87:7f:dc:1f:
         67:12:70:a2:01:21:af:6c:93:17:33:f8:b1:f8:be:73:c1:21:
         d8:90:87:0c:df:f2:1b:20:ea:79:9a:9a:5d:fe:34:a0:9e:b2:
         8f:0f:b5:6b:3a:f5:1b:b6:41:c3:39:94:83:50:74:06:de:79:
         4c:00:ab:09:b2:d8:b1:a8:15:81:26:f5:31:7c:ee:0f:16:1c:
         a2:5d:41:94:4e:6c:1f:ec:d5:67:89:d0:f8:b4:60:ba:18:53:
         5e:bf:3c:b7:e9:69:56:11:54:90:03:9b:22:47:f0:7a:0d:77:
         b2:44:6c:07:de:fd:8e:4b:53:ea:65:db:ee:4e:3b:6b:18:99:
         c0:84:14:e6:af:e3:ce:1a:cb:2f:5c:37:05:ea:b8:f1:8a:53:
         1b:76:0d:8d:27:50:39:b2:1a:0b:4f:d2:b6:79:cd:a1:9e:81:
         99:13:aa:bd:fa:1a:5a:52:9f:aa:5f:cf:2c:cb:2c:2b:79:8b:
         af:67:02:1b:d6:9e:24:5e:8d:3f:75:4b:c2:dd:96:7f:99:fa:
         9d:b9:27:6b:ea:61:1c:1b:5b:93:f5:ec:e6:d9:c3:f5:73:7b:
         47:32:a0:47:83:03:87:d4:2e:92:94:45:1d:b1:09:ca:6f:f7:
         a1:c7:42:a4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZBBFBm3letrBgwQCpt4VDyRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjQwNjIyMTc1MjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjUyZDA1YWY3YmUwYmU3YmYzYzBlYzM2YzFjM2FlMDFlN2VkYjUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtROa0DoqCKrlJytyInamEYob/u75
D6HWceNOai2+ojrT0C1c+jxNd/Ac7+kESqySqWwMSKT/nBoy/ZQkfAjYeqzupkBH
do8FCfM5TBp6r7HWE8zInoRaDUeAFzeeYU4GkABg33jMljt6oLf5GbpCaRBH4HZX
SHzbZLHr43Ix1xBIjENiyHALRCmYcUPDX07or1UNZnGW7OKN0Q6oMTYE1lvUHTfh
2PHB05CdjCJ4F8hKH99AF4r+YzNr9DQ4XIvb2KdT7+xySy6mv/qMkSHg5WSIx6hr
c4cN9Nh4eOEzLVx1TzE9O9Cdbkx8DGRhFQFVJqvctB6UMHwFe+VUby6VBwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDJS0Fr3vgvnvzwOw2wcOuAefttSMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvTWxMUVd2ZS1DLWVfUEE3RGJCdzY0QjUtMjFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAURUDAwQA
sDk/MA0GCSqGSIb3DQEBCwUAA4IBAQCOjUOX3Sg3DlWuTeZjIod/3B9nEnCiASGv
bJMXM/ix+L5zwSHYkIcM3/IbIOp5mppd/jSgnrKPD7VrOvUbtkHDOZSDUHQG3nlM
AKsJstixqBWBJvUxfO4PFhyiXUGUTmwf7NVnidD4tGC6GFNevzy36WlWEVSQA5si
R/B6DXeyRGwH3v2OS1PqZdvuTjtrGJnAhBTmr+POGssvXDcF6rjxilMbdg2NJ1A5
shoLT9K2ec2hnoGZE6q9+hpaUp+qX88syywreYuvZwIb1p4kXo0/dUvC3ZZ/mfqd
uSdr6mEcG1uT9ezm2cP1c3tHMqBHgwOH1C6SlEUdsQnKb/ehx0Kk
-----END CERTIFICATE-----