Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/dhvrao9cqDtu4cNL7P7VwKji0UM.roa
File:                     dhvrao9cqDtu4cNL7P7VwKji0UM.roa (raw, json)
Hash identifier:          DXIuFC1u6zXUhH/posDaRLzzQjM/I3jLYYQrFJ8rMq0=
Subject key identifier:   76:1B:EB:6A:8F:5C:A8:3B:6E:E1:C3:4B:EC:FE:D5:C0:A8:E2:D1:43
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       019421B1ADCC079D5F28958587DC650E9C4D
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/dhvrao9cqDtu4cNL7P7VwKji0UM.roa
Signing time:             Wed 01 Jan 2025 11:48:00 +0000
ROA not before:           Wed 01 Jan 2025 11:48:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199414
IP address blocks:        81.21.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:ad:cc:07:9d:5f:28:95:85:87:dc:65:0e:9c:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Jan  1 11:48:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=761beb6a8f5ca83b6ee1c34becfed5c0a8e2d143
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:84:3a:3a:f5:b0:13:2f:1a:55:bf:89:bc:ff:
                    a9:a4:6c:7f:1c:d4:1d:6f:81:18:7e:e1:c0:5e:0e:
                    8e:94:7f:25:b4:6e:1e:92:d8:a8:9e:54:5c:73:fd:
                    95:8f:44:fb:2c:67:61:70:35:99:d0:2a:01:db:55:
                    5c:13:dc:ff:03:02:52:2d:c0:b5:4f:68:fb:45:5c:
                    7f:a9:4d:53:73:ce:f9:89:aa:0c:17:de:e9:2f:4e:
                    e4:22:b0:e1:58:9e:0b:e6:cc:da:da:03:67:61:67:
                    9c:ff:ff:bb:71:33:5a:e6:e1:c6:52:74:97:63:19:
                    18:5c:b4:2d:fe:f2:3d:17:7d:50:17:e2:48:f2:e7:
                    84:c1:f0:cb:e2:c2:48:d4:d2:1e:08:fd:73:17:99:
                    a4:9f:a2:7c:d7:e9:ec:cc:37:09:ae:bd:0c:70:ee:
                    e0:75:21:2f:6b:e0:fa:c9:88:cb:81:55:04:9c:19:
                    c1:3f:46:79:23:ff:d3:31:8c:82:07:3a:83:19:71:
                    07:71:ad:bd:5d:e2:45:5b:e4:fd:52:db:29:d6:c0:
                    1d:5d:68:51:ed:c5:dd:97:f5:2b:74:7b:c4:19:57:
                    86:da:81:5e:02:30:16:03:26:e3:e5:ba:2f:8d:63:
                    d4:68:6f:80:cf:8b:c1:ef:18:94:08:a2:de:98:b5:
                    c2:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:1B:EB:6A:8F:5C:A8:3B:6E:E1:C3:4B:EC:FE:D5:C0:A8:E2:D1:43
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/dhvrao9cqDtu4cNL7P7VwKji0UM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.21.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:9c:f0:0c:ba:76:1a:81:e3:35:ba:a5:40:39:90:19:f6:2b:
         cb:ca:9f:da:ec:cf:24:a8:49:53:f1:7d:d9:f2:ca:0f:e0:93:
         63:af:a6:99:02:fa:8d:e5:01:a8:e2:5f:3e:c1:f8:98:48:75:
         4e:31:73:ba:85:18:30:f8:c3:e8:0d:de:2e:70:a6:36:16:f1:
         b5:2b:13:5a:dc:f8:d7:f5:88:bc:a9:98:48:5a:dd:6e:bf:42:
         b5:7d:8c:19:83:81:f7:ee:60:ad:6a:7a:3b:55:1f:15:bb:6b:
         33:51:75:60:3d:0d:2e:f2:49:31:07:9f:79:04:2c:f3:21:40:
         3d:eb:7a:d7:da:cb:d4:4f:f5:97:e0:9e:7c:10:f4:a8:9e:94:
         e9:3f:87:9d:67:78:f6:0d:b0:08:7a:3e:7d:11:6d:1c:6f:35:
         40:ee:f4:3d:e6:cd:38:c5:94:21:4e:90:0a:78:cd:e1:c2:ac:
         b0:80:12:c5:0d:44:b8:15:d6:d8:25:94:53:a0:21:47:37:73:
         f9:35:7d:4e:d8:0d:00:78:b3:67:5d:aa:99:a2:d9:5e:29:8a:
         d5:09:0e:29:16:dc:52:53:1e:0c:fb:a7:b2:f7:83:65:62:6d:
         12:f8:a9:27:34:90:20:95:8c:2b:32:64:11:83:89:e9:a0:61:
         cf:e4:63:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsa3MB51fKJWFh9xlDpxNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjUwMTAxMTE0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjFiZWI2YThmNWNhODNiNmVlMWMzNGJlY2ZlZDVjMGE4ZTJkMTQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu4Q6OvWwEy8aVb+JvP+ppGx/HNQd
b4EYfuHAXg6OlH8ltG4ektionlRcc/2Vj0T7LGdhcDWZ0CoB21VcE9z/AwJSLcC1
T2j7RVx/qU1Tc875iaoMF97pL07kIrDhWJ4L5sza2gNnYWec//+7cTNa5uHGUnSX
YxkYXLQt/vI9F31QF+JI8ueEwfDL4sJI1NIeCP1zF5mkn6J81+nszDcJrr0McO7g
dSEva+D6yYjLgVUEnBnBP0Z5I//TMYyCBzqDGXEHca29XeJFW+T9Utsp1sAdXWhR
7cXdl/UrdHvEGVeG2oFeAjAWAybj5bovjWPUaG+Az4vB7xiUCKLemLXCLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHYb62qPXKg7buHDS+z+1cCo4tFDMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvZGh2cmFvOWNxRHR1NGNOTDdQN1Z3S2ppMFVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAURUBMA0G
CSqGSIb3DQEBCwUAA4IBAQBRnPAMunYageM1uqVAOZAZ9ivLyp/a7M8kqElT8X3Z
8soP4JNjr6aZAvqN5QGo4l8+wfiYSHVOMXO6hRgw+MPoDd4ucKY2FvG1KxNa3PjX
9Yi8qZhIWt1uv0K1fYwZg4H37mCtano7VR8Vu2szUXVgPQ0u8kkxB595BCzzIUA9
63rX2svUT/WX4J58EPSonpTpP4edZ3j2DbAIej59EW0cbzVA7vQ95s04xZQhTpAK
eM3hwqywgBLFDUS4FdbYJZRToCFHN3P5NX1O2A0AeLNnXaqZotleKYrVCQ4pFtxS
Ux4M+6ey94NlYm0S+KknNJAglYwrMmQRg4npoGHP5GOX
-----END CERTIFICATE-----