Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/81df33-7538-40d8-b81e-d18610075efc/1/rvOEa3YvvjraROvzr80W8cxp-Mg.roa
File:                     rvOEa3YvvjraROvzr80W8cxp-Mg.roa (raw, json)
Hash identifier:          HZRsWBsa53tKg1i232WZqhbPWy2xZRxcnPjNGMXuv0Y=
Subject key identifier:   AE:F3:84:6B:76:2F:BE:3A:DA:44:EB:F3:AF:CD:16:F1:CC:69:F8:C8
Certificate issuer:       /CN=5336107179715609dca422bc07a098468c529452
Certificate serial:       018CC3B72B93E81ACED9EA65AAADA11F1294
Authority key identifier: 53:36:10:71:79:71:56:09:DC:A4:22:BC:07:A0:98:46:8C:52:94:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UzYQcXlxVgncpCK8B6CYRoxSlFI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/81df33-7538-40d8-b81e-d18610075efc/1/rvOEa3YvvjraROvzr80W8cxp-Mg.roa
Signing time:             Mon 01 Jan 2024 06:30:10 +0000
ROA not before:           Mon 01 Jan 2024 06:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60781
IP address blocks:        46.102.240.0/21 maxlen: 21
                          77.81.240.0/21 maxlen: 21
                          2a06:cd40:300::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/81df33-7538-40d8-b81e-d18610075efc/1/UzYQcXlxVgncpCK8B6CYRoxSlFI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/81df33-7538-40d8-b81e-d18610075efc/1/UzYQcXlxVgncpCK8B6CYRoxSlFI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UzYQcXlxVgncpCK8B6CYRoxSlFI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 03:01:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:2b:93:e8:1a:ce:d9:ea:65:aa:ad:a1:1f:12:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5336107179715609dca422bc07a098468c529452
        Validity
            Not Before: Jan  1 06:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aef3846b762fbe3ada44ebf3afcd16f1cc69f8c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:78:1f:4f:4a:17:3b:49:80:d5:33:fb:9d:5a:
                    f4:20:0b:51:ff:f3:5d:0c:39:49:22:e9:2d:8f:12:
                    4f:d3:ee:69:42:98:ed:ae:5a:c8:e6:55:55:8a:b4:
                    76:e8:f8:11:ff:e9:dc:97:6b:87:51:ce:a2:ba:b7:
                    3a:8a:01:33:8c:26:2f:e2:91:5f:4a:d9:b1:87:67:
                    c2:1c:e5:a7:27:2d:6b:b2:75:ad:9d:36:6e:48:c0:
                    b1:45:d6:dd:b5:3a:12:d3:76:2f:21:b5:70:a6:79:
                    07:96:c2:5d:62:a9:11:cf:8d:1b:45:e7:d0:0e:9d:
                    5d:78:16:31:d3:6a:59:90:34:b5:71:ea:6b:59:6e:
                    a8:08:df:58:36:f7:69:70:5c:07:9f:7e:5c:1c:e9:
                    de:77:14:f3:5e:0c:a3:08:05:80:6b:7c:82:d8:53:
                    81:c7:27:d1:0e:e5:fe:3b:eb:51:2d:f3:84:8d:9e:
                    67:fc:e6:84:cd:fd:63:a4:3d:06:6a:69:d0:2b:4a:
                    c4:70:10:10:81:a3:fe:48:f3:51:c8:41:b5:71:5c:
                    5a:88:1d:4f:9d:f3:0d:e6:4b:84:70:1d:38:3c:96:
                    fb:08:ea:3c:c0:20:83:9d:5e:72:35:9b:0f:38:d8:
                    b7:6d:2c:e8:52:bc:5b:27:a6:ab:d3:59:08:7f:3e:
                    ae:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:F3:84:6B:76:2F:BE:3A:DA:44:EB:F3:AF:CD:16:F1:CC:69:F8:C8
            X509v3 Authority Key Identifier:
                keyid:53:36:10:71:79:71:56:09:DC:A4:22:BC:07:A0:98:46:8C:52:94:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UzYQcXlxVgncpCK8B6CYRoxSlFI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/81df33-7538-40d8-b81e-d18610075efc/1/rvOEa3YvvjraROvzr80W8cxp-Mg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/81df33-7538-40d8-b81e-d18610075efc/1/UzYQcXlxVgncpCK8B6CYRoxSlFI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.102.240.0/21
                  77.81.240.0/21
                IPv6:
                  2a06:cd40:300::/48

    Signature Algorithm: sha256WithRSAEncryption
         90:69:07:e9:8a:a7:20:c1:e7:2a:10:94:fe:a5:49:b5:c0:9c:
         c9:15:bd:df:97:84:27:9e:35:58:dc:e3:43:07:46:1a:80:dd:
         28:c5:4b:22:0d:14:0d:15:55:bc:d7:07:61:4a:0b:29:29:ea:
         65:8f:05:e1:82:cc:5e:e9:e6:ef:2b:f7:db:a7:fd:0f:1a:b4:
         a8:16:25:51:b2:02:1e:3f:ed:58:f7:cc:3e:27:de:43:00:f4:
         29:0b:55:2b:a9:76:aa:b0:1c:b9:c6:f6:eb:eb:4c:38:47:c3:
         4d:96:e5:af:b2:20:c1:64:a9:92:26:55:51:32:5d:0d:0d:65:
         7d:83:ce:33:f4:56:47:eb:5a:a3:5c:32:8f:14:4b:7f:18:3e:
         b6:59:15:3a:6e:83:e2:03:10:6d:dd:56:bd:4f:b5:3d:f3:a6:
         0d:fb:2c:fc:d3:04:7b:bf:9d:1c:4e:44:c2:e7:4a:b7:f5:da:
         ec:f1:1c:f0:ec:d2:bb:f6:55:d9:9e:33:d5:de:94:d6:fb:0b:
         8c:57:56:95:2c:ad:50:99:0d:95:32:d9:91:a5:ca:f0:2f:c7:
         1a:85:ed:c7:5d:15:00:af:6b:08:3a:05:ca:b2:69:fb:25:68:
         39:a3:9a:fe:86:04:a8:b0:0f:f8:df:d1:6d:20:af:bc:31:90:
         c6:91:0f:d4
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYzDtyuT6BrO2eplqq2hHxKUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzMzYxMDcxNzk3MTU2MDlkY2E0MjJiYzA3YTA5ODQ2OGM1
Mjk0NTIwHhcNMjQwMTAxMDYzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZWYzODQ2Yjc2MmZiZTNhZGE0NGViZjNhZmNkMTZmMWNjNjlmOGM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjHgfT0oXO0mA1TP7nVr0IAtR//Nd
DDlJIuktjxJP0+5pQpjtrlrI5lVVirR26PgR/+ncl2uHUc6iurc6igEzjCYv4pFf
Stmxh2fCHOWnJy1rsnWtnTZuSMCxRdbdtToS03YvIbVwpnkHlsJdYqkRz40bRefQ
Dp1deBYx02pZkDS1ceprWW6oCN9YNvdpcFwHn35cHOnedxTzXgyjCAWAa3yC2FOB
xyfRDuX+O+tRLfOEjZ5n/OaEzf1jpD0GamnQK0rEcBAQgaP+SPNRyEG1cVxaiB1P
nfMN5kuEcB04PJb7COo8wCCDnV5yNZsPONi3bSzoUrxbJ6ar01kIfz6u5QIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFK7zhGt2L7462kTr86/NFvHMafjIMB8GA1UdIwQY
MBaAFFM2EHF5cVYJ3KQivAegmEaMUpRSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXpZUWNYbHhWZ25jcENLOEI2Q1lSb3hTbEZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS84MWRmMzMtNzUzOC00MGQ4LWI4MWUt
ZDE4NjEwMDc1ZWZjLzEvcnZPRWEzWXZ2anJhUk92enI4MFc4Y3hwLU1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS84MWRmMzMtNzUzOC00MGQ4LWI4MWUtZDE4NjEwMDc1ZWZj
LzEvVXpZUWNYbHhWZ25jcENLOEI2Q1lSb3hTbEZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQDLmbwAwQD
TVHwMA8EAgACMAkDBwAqBs1AAwAwDQYJKoZIhvcNAQELBQADggEBAJBpB+mKpyDB
5yoQlP6lSbXAnMkVvd+XhCeeNVjc40MHRhqA3SjFSyINFA0VVbzXB2FKCykp6mWP
BeGCzF7p5u8r99un/Q8atKgWJVGyAh4/7Vj3zD4n3kMA9CkLVSupdqqwHLnG9uvr
TDhHw02W5a+yIMFkqZImVVEyXQ0NZX2DzjP0VkfrWqNcMo8US38YPrZZFTpug+ID
EG3dVr1PtT3zpg37LPzTBHu/nRxORMLnSrf12uzxHPDs0rv2VdmeM9XelNb7C4xX
VpUsrVCZDZUy2ZGlyvAvxxqF7cddFQCvawg6BcqyafslaDmjmv6GBKiwD/jf0W0g
r7wxkMaRD9Q=
-----END CERTIFICATE-----