Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/hu-QRjfSxWR807GAihGff1yDuW4.roa
File:                     hu-QRjfSxWR807GAihGff1yDuW4.roa (raw, json)
Hash identifier:          eG9AyCq//tWtuu9W1Ipde+7De/fp7ASOTktRmmoIWY4=
Subject key identifier:   86:EF:90:46:37:D2:C5:64:7C:D3:B1:80:8A:11:9F:7F:5C:83:B9:6E
Certificate issuer:       /CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
Certificate serial:       019421B223FBCF8AF736A3DA7A7F3A634813
Authority key identifier: 54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/hu-QRjfSxWR807GAihGff1yDuW4.roa
Signing time:             Wed 01 Jan 2025 11:48:30 +0000
ROA not before:           Wed 01 Jan 2025 11:48:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61256
IP address blocks:        81.15.188.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:23:fb:cf:8a:f7:36:a3:da:7a:7f:3a:63:48:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
        Validity
            Not Before: Jan  1 11:48:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=86ef904637d2c5647cd3b1808a119f7f5c83b96e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:93:be:39:df:db:cc:d5:7d:c1:45:20:bc:89:
                    a4:64:bf:57:9e:1f:23:e3:ea:d0:66:ca:7c:17:29:
                    ba:0d:22:dd:65:6a:c5:8d:07:d9:a5:61:36:ed:15:
                    42:ae:6a:93:3d:5e:fd:6f:5f:7e:38:9c:40:a3:9a:
                    e8:68:73:f6:13:4a:0c:51:61:19:73:b1:cb:85:aa:
                    72:cc:ab:6d:7a:58:e2:10:a4:21:b4:23:42:d7:32:
                    e1:dc:1a:fd:2f:39:fe:5b:64:09:b9:15:57:66:6c:
                    e0:19:c3:a5:24:87:0c:3a:b2:8b:a4:6b:27:19:99:
                    10:43:29:f1:c8:f8:5b:6b:52:e1:84:70:00:3f:b5:
                    e7:e8:9a:4f:55:ec:bf:fa:04:73:c2:af:be:65:59:
                    37:cd:ad:b6:d8:8a:33:b4:f6:c9:6d:44:49:ab:e2:
                    74:61:41:fb:63:15:fc:62:de:ed:bd:6b:19:73:83:
                    1d:93:9e:89:75:53:54:21:38:89:a8:25:75:95:39:
                    80:1a:7f:59:12:88:30:d6:42:41:dc:6f:db:e1:96:
                    d6:3b:04:31:62:cd:1e:88:a5:16:61:11:7f:ac:cd:
                    70:44:9b:39:0a:72:d5:31:81:ca:47:86:5c:36:70:
                    2a:6f:0e:e4:39:ff:26:f9:10:10:d4:76:59:ef:dd:
                    34:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:EF:90:46:37:D2:C5:64:7C:D3:B1:80:8A:11:9F:7F:5C:83:B9:6E
            X509v3 Authority Key Identifier:
                keyid:54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/hu-QRjfSxWR807GAihGff1yDuW4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.15.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:06:45:3e:dc:fc:bc:9b:08:53:2c:55:77:ab:34:df:ba:70:
         b2:8f:e6:8f:34:ee:1b:be:d2:db:36:bb:38:5b:4e:88:53:bc:
         78:d4:73:93:bc:7d:e8:79:8a:02:cc:ad:a9:83:b9:e8:28:a3:
         e8:46:8f:9b:f4:15:18:bd:7f:1b:b7:7b:ec:66:34:84:7c:06:
         e8:9e:15:84:5b:b4:25:ad:bc:b8:df:fa:82:e8:31:f4:05:61:
         3a:d0:0a:7d:50:ca:8e:a3:93:ff:e7:3f:ac:65:c3:cc:85:d5:
         d9:de:1a:ac:de:bc:90:e3:59:8d:bd:f0:84:6c:c6:ac:cc:d9:
         cb:d4:b6:84:8f:35:09:bd:90:36:46:ee:9e:be:99:cd:75:6d:
         75:3a:d9:93:23:3c:9d:b4:94:74:e8:b4:9a:1e:5e:1d:05:a0:
         aa:2d:aa:1f:18:35:ea:c6:44:31:8f:30:fb:57:ba:7f:2e:2b:
         c5:48:a3:00:fb:03:74:67:ec:fe:08:41:79:0e:f7:74:38:79:
         c7:72:d2:52:fd:ea:ae:56:fd:8b:dc:53:65:1c:f9:43:f2:62:
         59:19:6e:17:cd:fa:df:15:9e:cd:c8:f3:fa:05:1f:39:de:03:
         82:8b:43:4c:69:51:cc:80:08:a5:d1:c6:92:65:3b:f6:99:d3:
         0f:de:2f:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsiP7z4r3NqPaen86Y0gTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NjgzNGU2ODg5MGYzOTg2YTFiMDQ1N2NlMGY1NGFlMDNj
MmQ3NmIwHhcNMjUwMTAxMTE0ODMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmVmOTA0NjM3ZDJjNTY0N2NkM2IxODA4YTExOWY3ZjVjODNiOTZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz5O+Od/bzNV9wUUgvImkZL9Xnh8j
4+rQZsp8Fym6DSLdZWrFjQfZpWE27RVCrmqTPV79b19+OJxAo5roaHP2E0oMUWEZ
c7HLhapyzKtteljiEKQhtCNC1zLh3Br9Lzn+W2QJuRVXZmzgGcOlJIcMOrKLpGsn
GZkQQynxyPhba1LhhHAAP7Xn6JpPVey/+gRzwq++ZVk3za222IoztPbJbURJq+J0
YUH7YxX8Yt7tvWsZc4Mdk56JdVNUITiJqCV1lTmAGn9ZEogw1kJB3G/b4ZbWOwQx
Ys0eiKUWYRF/rM1wRJs5CnLVMYHKR4ZcNnAqbw7kOf8m+RAQ1HZZ7900oQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIbvkEY30sVkfNOxgIoRn39cg7luMB8GA1UdIwQY
MBaAFFRoNOaIkPOYahsEV84PVK4DwtdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQt
NTI3NjZiMjRiYWE0LzEvaHUtUVJqZlN4V1I4MDdHQWloR2ZmMXlEdVc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQtNTI3NjZiMjRiYWE0
LzEvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUQ+8MA0G
CSqGSIb3DQEBCwUAA4IBAQBCBkU+3Py8mwhTLFV3qzTfunCyj+aPNO4bvtLbNrs4
W06IU7x41HOTvH3oeYoCzK2pg7noKKPoRo+b9BUYvX8bt3vsZjSEfAbonhWEW7Ql
rby43/qC6DH0BWE60Ap9UMqOo5P/5z+sZcPMhdXZ3hqs3ryQ41mNvfCEbMaszNnL
1LaEjzUJvZA2Ru6evpnNdW11OtmTIzydtJR06LSaHl4dBaCqLaofGDXqxkQxjzD7
V7p/LivFSKMA+wN0Z+z+CEF5Dvd0OHnHctJS/equVv2L3FNlHPlD8mJZGW4Xzfrf
FZ7NyPP6BR853gOCi0NMaVHMgAil0caSZTv2mdMP3i+L
-----END CERTIFICATE-----