Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/PDWDucsuxHoc0792cPudt1g7Wyw.roa
File:                     PDWDucsuxHoc0792cPudt1g7Wyw.roa (raw, json)
Hash identifier:          wZFKHDBamj+qa76ozFjmRzqMlMJkaoGuQaYExS6j6tc=
Subject key identifier:   3C:35:83:B9:CB:2E:C4:7A:1C:D3:BF:76:70:FB:9D:B7:58:3B:5B:2C
Certificate issuer:       /CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
Certificate serial:       019421B23948411C648C48C48C5E8E36E65D
Authority key identifier: 54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/PDWDucsuxHoc0792cPudt1g7Wyw.roa
Signing time:             Wed 01 Jan 2025 11:48:35 +0000
ROA not before:           Wed 01 Jan 2025 11:48:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211388
IP address blocks:        81.15.155.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:39:48:41:1c:64:8c:48:c4:8c:5e:8e:36:e6:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
        Validity
            Not Before: Jan  1 11:48:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3c3583b9cb2ec47a1cd3bf7670fb9db7583b5b2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:d2:35:18:06:92:74:6a:66:36:dc:c8:cf:64:
                    9d:c3:30:3f:f7:fa:61:45:8e:0b:eb:e4:4a:f5:84:
                    fb:e4:fb:30:60:8c:d3:23:2e:4e:c6:7e:e9:d0:de:
                    27:04:89:27:30:a0:1e:aa:79:37:77:7c:19:97:7b:
                    db:6f:c9:6a:5b:a4:be:91:d9:8e:8c:3c:9a:8c:01:
                    8f:6c:8f:0e:3c:ed:c9:75:40:03:5f:35:1c:34:a2:
                    8c:8c:81:ff:a2:eb:7c:4d:e0:77:12:3e:2a:d8:7f:
                    0c:68:30:ed:24:12:52:24:3e:a6:b6:8a:a5:b2:f3:
                    04:83:fa:04:6a:4d:eb:5b:e7:ce:09:5b:88:c1:39:
                    6b:53:1c:37:3b:97:de:64:78:1e:c5:2d:32:14:2e:
                    e4:4c:74:cb:68:0a:02:50:d0:fa:6f:e6:73:c6:40:
                    ca:a3:1d:bf:a1:48:5f:03:83:d8:19:18:ff:ea:54:
                    10:ba:ac:91:a9:b3:b1:85:5a:b0:18:64:f4:a3:16:
                    25:3a:35:45:d7:9f:d9:4b:69:c8:28:fa:c1:67:6a:
                    bc:6f:70:0a:90:3f:65:e3:df:48:f3:f2:b7:24:72:
                    ba:7d:1b:2c:7f:0c:57:50:c8:60:22:9a:4e:98:b8:
                    60:55:70:21:4f:a9:db:52:57:0d:dc:d7:0d:65:e1:
                    69:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:35:83:B9:CB:2E:C4:7A:1C:D3:BF:76:70:FB:9D:B7:58:3B:5B:2C
            X509v3 Authority Key Identifier:
                keyid:54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/PDWDucsuxHoc0792cPudt1g7Wyw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.15.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c7:e8:bd:68:9d:0f:56:d4:4f:1a:1d:f4:09:b9:d4:1f:34:35:
         7d:74:8b:22:18:e0:c0:35:53:54:37:a7:f2:48:bb:76:b7:7b:
         ba:09:b2:32:62:c5:37:e7:0f:66:7f:eb:38:41:d9:bf:a8:47:
         9e:98:a2:f2:62:8f:cb:0d:89:b5:0f:75:fb:fc:aa:6d:60:b3:
         9d:0c:d9:e8:fe:e2:a8:14:cf:9f:92:bd:26:c7:83:33:6f:6d:
         92:ee:5b:c5:12:70:3b:cd:72:6d:82:b8:ae:94:1c:33:55:db:
         bb:19:74:b8:b8:71:e8:06:6d:fa:af:59:6c:c7:d0:5f:41:66:
         80:a8:83:c2:ef:c7:ff:a4:2e:53:e7:50:f9:75:4f:15:a4:1f:
         1e:fa:2d:70:b9:a8:70:16:5d:88:4e:02:3e:7f:e9:38:00:17:
         fe:ef:c6:8b:5e:4a:c2:db:a0:46:e7:7b:cd:52:45:f1:1a:a3:
         b5:13:34:e2:5e:1f:d0:6c:79:e0:cd:ac:2e:5d:61:74:25:b4:
         8d:ee:f6:11:e9:92:97:a1:57:b6:df:ba:37:d9:47:53:74:10:
         65:15:07:e9:31:7a:e7:73:fa:32:14:75:67:6f:50:f8:3a:91:
         38:ea:1c:ce:7b:93:fb:11:6a:81:e9:c5:89:63:e1:53:19:e9:
         ee:a1:f2:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsjlIQRxkjEjEjF6ONuZdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NjgzNGU2ODg5MGYzOTg2YTFiMDQ1N2NlMGY1NGFlMDNj
MmQ3NmIwHhcNMjUwMTAxMTE0ODM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzM1ODNiOWNiMmVjNDdhMWNkM2JmNzY3MGZiOWRiNzU4M2I1YjJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAttI1GAaSdGpmNtzIz2SdwzA/9/ph
RY4L6+RK9YT75PswYIzTIy5Oxn7p0N4nBIknMKAeqnk3d3wZl3vbb8lqW6S+kdmO
jDyajAGPbI8OPO3JdUADXzUcNKKMjIH/out8TeB3Ej4q2H8MaDDtJBJSJD6mtoql
svMEg/oEak3rW+fOCVuIwTlrUxw3O5feZHgexS0yFC7kTHTLaAoCUND6b+ZzxkDK
ox2/oUhfA4PYGRj/6lQQuqyRqbOxhVqwGGT0oxYlOjVF15/ZS2nIKPrBZ2q8b3AK
kD9l499I8/K3JHK6fRssfwxXUMhgIppOmLhgVXAhT6nbUlcN3NcNZeFpqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDw1g7nLLsR6HNO/dnD7nbdYO1ssMB8GA1UdIwQY
MBaAFFRoNOaIkPOYahsEV84PVK4DwtdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQt
NTI3NjZiMjRiYWE0LzEvUERXRHVjc3V4SG9jMDc5MmNQdWR0MWc3V3l3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQtNTI3NjZiMjRiYWE0
LzEvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUQ+bMA0G
CSqGSIb3DQEBCwUAA4IBAQDH6L1onQ9W1E8aHfQJudQfNDV9dIsiGODANVNUN6fy
SLt2t3u6CbIyYsU35w9mf+s4Qdm/qEeemKLyYo/LDYm1D3X7/KptYLOdDNno/uKo
FM+fkr0mx4Mzb22S7lvFEnA7zXJtgriulBwzVdu7GXS4uHHoBm36r1lsx9BfQWaA
qIPC78f/pC5T51D5dU8VpB8e+i1wuahwFl2ITgI+f+k4ABf+78aLXkrC26BG53vN
UkXxGqO1EzTiXh/QbHngzawuXWF0JbSN7vYR6ZKXoVe237o32UdTdBBlFQfpMXrn
c/oyFHVnb1D4OpE46hzOe5P7EWqB6cWJY+FTGenuofIX
-----END CERTIFICATE-----