Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/xHboYbqPD334tWlvIt01nszHfqM.roa
File:                     xHboYbqPD334tWlvIt01nszHfqM.roa (raw, json)
Hash identifier:          I5s0gBgwrShQBVHLDiW00kBmqA6OEmXhCJMR0duyGZg=
Subject key identifier:   C4:76:E8:61:BA:8F:0F:7D:F8:B5:69:6F:22:DD:35:9E:CC:C7:7E:A3
Certificate issuer:       /CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
Certificate serial:       018CC2DAD710C19BE9E9142C51FAE7B77D1B
Authority key identifier: 54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/xHboYbqPD334tWlvIt01nszHfqM.roa
Signing time:             Mon 01 Jan 2024 02:29:30 +0000
ROA not before:           Mon 01 Jan 2024 02:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61256
IP address blocks:        81.15.188.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 09:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:d7:10:c1:9b:e9:e9:14:2c:51:fa:e7:b7:7d:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
        Validity
            Not Before: Jan  1 02:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c476e861ba8f0f7df8b5696f22dd359eccc77ea3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:d8:cb:01:26:31:c1:86:dc:fb:51:e2:bd:af:
                    84:34:a2:0c:ab:66:55:d5:61:3d:60:87:03:96:cb:
                    2d:58:e4:06:ef:f5:ae:91:56:95:fa:5f:6d:47:f7:
                    89:26:a9:0b:6b:8e:e0:19:c6:b9:8e:e4:de:d5:38:
                    dd:3f:c4:11:72:38:7e:a1:5c:fe:30:9c:aa:0d:41:
                    4e:e7:93:26:ef:81:d5:f1:d4:ab:59:ff:fe:50:15:
                    8d:4f:f9:e2:72:99:f7:65:47:54:03:15:28:36:dc:
                    46:c1:fc:52:d3:23:97:b4:55:5f:3e:44:d4:c2:1c:
                    42:2f:10:d5:86:91:ef:94:e4:07:31:68:b2:7d:c2:
                    11:2a:bc:99:8f:ec:ef:ce:f1:34:e5:97:b6:3c:1f:
                    47:02:84:f8:a2:e1:6a:4a:70:0e:90:56:5a:fc:ba:
                    97:63:22:24:7b:8f:44:49:c4:ac:9b:e5:65:de:8c:
                    e9:8a:6d:c2:da:74:3b:29:d5:1b:1a:0e:09:b1:49:
                    ca:27:c0:35:92:a9:7c:ce:9c:62:90:72:aa:83:52:
                    bf:6f:11:98:16:77:b5:c2:27:44:f2:5d:0e:81:c3:
                    1d:a8:31:fa:4a:64:bb:ee:ff:ba:1b:7a:2d:81:3a:
                    bc:cf:72:fa:72:e9:28:04:e6:1c:75:e6:e7:a3:2e:
                    80:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:76:E8:61:BA:8F:0F:7D:F8:B5:69:6F:22:DD:35:9E:CC:C7:7E:A3
            X509v3 Authority Key Identifier:
                keyid:54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/xHboYbqPD334tWlvIt01nszHfqM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.15.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:d5:27:1d:51:0e:48:d2:8c:a2:e9:97:12:47:b6:ef:e0:fe:
         6b:1b:e8:3a:0b:16:83:43:81:45:a2:31:75:47:3b:9d:93:f0:
         5e:ea:20:b1:da:a3:54:bd:f9:47:da:78:eb:6f:fc:d0:32:14:
         d1:61:17:8d:4c:ff:ea:59:fc:de:4e:2f:be:f4:32:c0:eb:1b:
         75:b7:23:7a:b5:17:ce:c5:8f:fe:29:ac:f4:b9:80:ee:33:a5:
         63:51:27:a7:2a:14:e7:12:b1:2c:2a:8f:ee:c6:f0:59:cc:84:
         23:5f:60:83:01:4d:c2:65:44:1a:d8:18:fb:f2:bb:2f:9b:87:
         a9:71:6a:ec:c8:1e:97:1c:9e:9e:cb:ae:a2:7f:51:87:5e:6c:
         05:0c:43:6e:29:e4:0c:77:ae:16:10:15:78:80:81:25:ad:18:
         47:02:ee:52:52:05:fc:34:3e:eb:d5:1b:5f:10:75:79:f0:e1:
         44:93:45:46:79:59:7e:8b:34:f3:97:ed:3c:26:2f:69:63:15:
         72:07:46:e6:34:6b:16:0c:21:0e:f0:35:36:0b:f5:87:f8:dc:
         ed:32:18:e3:74:d9:db:d3:50:bd:45:10:70:f2:7e:5c:81:a8:
         31:54:bd:6e:59:af:18:2a:44:46:c5:9c:12:13:f3:7f:ac:c3:
         35:d2:1b:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2tcQwZvp6RQsUfrnt30bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NjgzNGU2ODg5MGYzOTg2YTFiMDQ1N2NlMGY1NGFlMDNj
MmQ3NmIwHhcNMjQwMTAxMDIyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDc2ZTg2MWJhOGYwZjdkZjhiNTY5NmYyMmRkMzU5ZWNjYzc3ZWEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh9jLASYxwYbc+1Hiva+ENKIMq2ZV
1WE9YIcDlsstWOQG7/WukVaV+l9tR/eJJqkLa47gGca5juTe1TjdP8QRcjh+oVz+
MJyqDUFO55Mm74HV8dSrWf/+UBWNT/nicpn3ZUdUAxUoNtxGwfxS0yOXtFVfPkTU
whxCLxDVhpHvlOQHMWiyfcIRKryZj+zvzvE05Ze2PB9HAoT4ouFqSnAOkFZa/LqX
YyIke49EScSsm+Vl3ozpim3C2nQ7KdUbGg4JsUnKJ8A1kql8zpxikHKqg1K/bxGY
Fne1widE8l0OgcMdqDH6SmS77v+6G3otgTq8z3L6cukoBOYcdebnoy6A9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMR26GG6jw99+LVpbyLdNZ7Mx36jMB8GA1UdIwQY
MBaAFFRoNOaIkPOYahsEV84PVK4DwtdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQt
NTI3NjZiMjRiYWE0LzEveEhib1licVBEMzM0dFdsdkl0MDFuc3pIZnFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQtNTI3NjZiMjRiYWE0
LzEvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUQ+8MA0G
CSqGSIb3DQEBCwUAA4IBAQCa1ScdUQ5I0oyi6ZcSR7bv4P5rG+g6CxaDQ4FFojF1
Rzudk/Be6iCx2qNUvflH2njrb/zQMhTRYReNTP/qWfzeTi++9DLA6xt1tyN6tRfO
xY/+Kaz0uYDuM6VjUSenKhTnErEsKo/uxvBZzIQjX2CDAU3CZUQa2Bj78rsvm4ep
cWrsyB6XHJ6ey66if1GHXmwFDENuKeQMd64WEBV4gIElrRhHAu5SUgX8ND7r1Rtf
EHV58OFEk0VGeVl+izTzl+08Ji9pYxVyB0bmNGsWDCEO8DU2C/WH+NztMhjjdNnb
01C9RRBw8n5cgagxVL1uWa8YKkRGxZwSE/N/rMM10htj
-----END CERTIFICATE-----