Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/RKrtDJsonf_eT-X_IWBtsRe3S-A.roa
File:                     RKrtDJsonf_eT-X_IWBtsRe3S-A.roa (raw, json)
Hash identifier:          TkaGTCWLvkcQK97BPrYga1BHRS8pGF27lYrNhY2SNQw=
Subject key identifier:   44:AA:ED:0C:9B:28:9D:FF:DE:4F:E5:FF:21:60:6D:B1:17:B7:4B:E0
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       018E224A7AEC5589507A903B6A1DEEA7B1DA
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/RKrtDJsonf_eT-X_IWBtsRe3S-A.roa
Signing time:             Sat 09 Mar 2024 08:18:10 +0000
ROA not before:           Sat 09 Mar 2024 08:18:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212384
IP address blocks:        81.21.3.0/24 maxlen: 24
                          176.57.49.0/24 maxlen: 24
                          176.57.58.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:22:4a:7a:ec:55:89:50:7a:90:3b:6a:1d:ee:a7:b1:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Mar  9 08:18:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=44aaed0c9b289dffde4fe5ff21606db117b74be0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:dc:8e:d3:8c:4a:4e:2e:78:39:92:6a:a0:5a:
                    91:54:d4:f2:71:98:8e:55:45:dd:5a:4d:31:10:29:
                    a8:4c:82:ac:1d:0b:37:26:d0:72:5a:0f:82:19:0d:
                    04:34:14:81:85:fa:d0:0c:88:a9:30:25:9d:f7:89:
                    34:59:d7:42:ad:02:4c:11:b9:52:1a:60:06:35:eb:
                    7c:b1:d0:5d:b8:fe:a7:e4:0c:0f:d9:a0:c3:82:73:
                    46:d1:7d:6d:c6:2e:c9:9f:f5:06:00:ff:f5:32:47:
                    65:33:a8:98:0e:5a:1e:ae:26:fa:ee:2e:f9:12:b5:
                    fb:d0:49:bc:8b:ac:ff:cb:7c:51:18:99:31:54:4c:
                    d2:16:65:9e:43:0f:6a:de:15:64:fb:f3:6d:3b:4a:
                    2f:3a:7e:e6:4a:a6:3e:24:1f:26:27:42:d2:a5:53:
                    33:d5:fb:04:50:da:f0:d8:28:2f:4b:39:e6:2f:e3:
                    59:3f:77:63:a5:f7:3f:8f:ad:8a:b6:35:76:a9:3f:
                    e5:27:d6:6a:51:cc:13:e7:6d:67:e6:d3:85:a4:c8:
                    d4:ab:93:c8:06:0a:19:15:67:12:81:64:5f:c8:b0:
                    65:34:24:b4:bc:3f:24:0e:30:b7:99:45:c8:97:8b:
                    f7:e7:3b:25:85:3b:8c:11:94:a4:8e:bc:b9:9d:82:
                    1f:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:AA:ED:0C:9B:28:9D:FF:DE:4F:E5:FF:21:60:6D:B1:17:B7:4B:E0
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/RKrtDJsonf_eT-X_IWBtsRe3S-A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.21.3.0/24
                  176.57.49.0/24
                  176.57.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:4f:2b:44:eb:e6:42:67:d3:36:d6:b9:c2:86:29:5f:45:79:
         04:ab:03:68:f7:11:34:5e:d7:8b:47:ab:cb:2c:88:e6:56:42:
         03:97:32:e1:4f:b8:78:a8:8f:9f:1d:0c:25:e8:df:c6:e3:86:
         f9:5f:8b:5c:94:a0:57:0f:8e:84:c9:86:55:6b:1c:bd:88:84:
         98:d9:76:d0:ff:a8:58:80:8a:cc:23:ac:07:28:0a:0f:f4:23:
         12:f8:7c:3a:44:0b:80:6a:a9:af:e8:16:2d:f1:b2:75:6f:f6:
         53:eb:4b:22:48:58:14:d5:fd:94:88:fa:05:be:ee:af:de:31:
         2e:2a:7b:51:ab:f0:60:27:40:88:e0:f6:44:7e:84:fc:b2:27:
         b9:09:76:d7:79:1a:33:1d:2c:1a:9a:bb:20:48:4e:74:b4:b8:
         72:06:8e:d7:ff:5e:35:66:62:39:d4:15:e6:80:5f:81:7b:04:
         be:30:f2:9f:b1:1d:89:d7:0a:26:eb:be:e1:3f:72:43:2e:98:
         88:34:85:0c:7e:cc:55:4b:fd:5f:01:48:06:c2:c6:fc:01:85:
         37:7d:c8:bd:ab:10:96:c2:3d:28:1c:3d:5f:c0:66:4b:c3:2c:
         26:8a:30:a4:51:85:70:41:3e:a5:14:6d:0b:4a:97:72:fa:3f:
         bc:31:cc:c5
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY4iSnrsVYlQepA7ah3up7HaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjQwMzA5MDgxODEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGFhZWQwYzliMjg5ZGZmZGU0ZmU1ZmYyMTYwNmRiMTE3Yjc0YmUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAntyO04xKTi54OZJqoFqRVNTycZiO
VUXdWk0xECmoTIKsHQs3JtByWg+CGQ0ENBSBhfrQDIipMCWd94k0WddCrQJMEblS
GmAGNet8sdBduP6n5AwP2aDDgnNG0X1txi7Jn/UGAP/1MkdlM6iYDloerib67i75
ErX70Em8i6z/y3xRGJkxVEzSFmWeQw9q3hVk+/NtO0ovOn7mSqY+JB8mJ0LSpVMz
1fsEUNrw2CgvSznmL+NZP3djpfc/j62KtjV2qT/lJ9ZqUcwT521n5tOFpMjUq5PI
BgoZFWcSgWRfyLBlNCS0vD8kDjC3mUXIl4v35zslhTuMEZSkjry5nYIfQQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFESq7QybKJ3/3k/l/yFgbbEXt0vgMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvUktydERKc29uZl9lVC1YX0lXQnRzUmUzUy1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAURUDAwQA
sDkxAwQAsDk6MA0GCSqGSIb3DQEBCwUAA4IBAQAwTytE6+ZCZ9M21rnChilfRXkE
qwNo9xE0XteLR6vLLIjmVkIDlzLhT7h4qI+fHQwl6N/G44b5X4tclKBXD46EyYZV
axy9iISY2XbQ/6hYgIrMI6wHKAoP9CMS+Hw6RAuAaqmv6BYt8bJ1b/ZT60siSFgU
1f2UiPoFvu6v3jEuKntRq/BgJ0CI4PZEfoT8sie5CXbXeRozHSwamrsgSE50tLhy
Bo7X/141ZmI51BXmgF+BewS+MPKfsR2J1wom677hP3JDLpiINIUMfsxVS/1fAUgG
wsb8AYU3fci9qxCWwj0oHD1fwGZLwywmijCkUYVwQT6lFG0LSpdy+j+8MczF
-----END CERTIFICATE-----