Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/bd4566-ac27-46f8-94f9-19d1bb61d9a7/1/3rRM1UU67-NncVP3_LftMbl2hFY.roa
File:                     3rRM1UU67-NncVP3_LftMbl2hFY.roa (raw, json)
Hash identifier:          CmDqzWxPDccHaO9H4nIQm1+mJLI9vAQm75ESbo4gAFw=
Subject key identifier:   DE:B4:4C:D5:45:3A:EF:E3:67:71:53:F7:FC:B7:ED:31:B9:76:84:56
Certificate issuer:       /CN=50182bee9aa010c1ffd2d804f6aa7b14bddb91f7
Certificate serial:       019425213B351D91B75A52EAE116632BEC81
Authority key identifier: 50:18:2B:EE:9A:A0:10:C1:FF:D2:D8:04:F6:AA:7B:14:BD:DB:91:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UBgr7pqgEMH_0tgE9qp7FL3bkfc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/bd4566-ac27-46f8-94f9-19d1bb61d9a7/1/3rRM1UU67-NncVP3_LftMbl2hFY.roa
Signing time:             Thu 02 Jan 2025 03:48:42 +0000
ROA not before:           Thu 02 Jan 2025 03:48:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     52468
IP address blocks:        81.199.115.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/bd4566-ac27-46f8-94f9-19d1bb61d9a7/1/UBgr7pqgEMH_0tgE9qp7FL3bkfc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/bd4566-ac27-46f8-94f9-19d1bb61d9a7/1/UBgr7pqgEMH_0tgE9qp7FL3bkfc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UBgr7pqgEMH_0tgE9qp7FL3bkfc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:3b:35:1d:91:b7:5a:52:ea:e1:16:63:2b:ec:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=50182bee9aa010c1ffd2d804f6aa7b14bddb91f7
        Validity
            Not Before: Jan  2 03:48:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=deb44cd5453aefe3677153f7fcb7ed31b9768456
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:91:4e:cb:2c:b2:ba:04:a0:a0:4d:92:6b:d1:
                    f4:f4:b2:88:07:b0:87:2e:47:a6:89:ce:99:4c:4b:
                    ac:cc:29:7c:21:6d:1f:b1:f3:51:ec:20:e2:96:28:
                    2a:53:e0:8a:cf:25:02:e0:6b:73:c6:f2:43:0c:05:
                    04:4d:da:74:3d:b9:8b:e0:33:19:85:b5:e7:39:7b:
                    5b:da:5b:8f:fa:d2:13:94:38:8a:96:8c:92:cb:33:
                    96:98:d2:48:84:20:22:36:84:38:58:05:c0:7f:24:
                    2c:c5:a2:93:e3:13:fe:b0:bf:51:ce:e8:42:31:4a:
                    5d:c5:f5:ea:ea:33:f3:c4:34:18:97:41:9e:85:bd:
                    26:62:e9:9d:ef:69:6d:48:54:15:78:61:1a:e7:3a:
                    fc:dc:96:f2:d7:4f:a5:45:ab:3a:70:80:f6:41:d5:
                    7f:88:63:1e:75:f4:7f:b2:01:cb:60:79:cf:99:dd:
                    e4:e9:a9:9d:f1:2b:52:5d:88:60:2f:1c:20:e0:b0:
                    08:db:f0:1c:5b:24:0a:eb:df:e4:3c:e0:8f:89:30:
                    55:91:58:be:5d:6f:d4:3b:2c:68:b4:12:61:0e:2d:
                    bb:ea:dc:2d:c4:91:02:c0:27:6d:bd:7f:d0:39:4c:
                    21:1b:e8:e2:91:87:d2:8d:89:57:56:a4:d5:5a:9b:
                    20:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:B4:4C:D5:45:3A:EF:E3:67:71:53:F7:FC:B7:ED:31:B9:76:84:56
            X509v3 Authority Key Identifier:
                keyid:50:18:2B:EE:9A:A0:10:C1:FF:D2:D8:04:F6:AA:7B:14:BD:DB:91:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UBgr7pqgEMH_0tgE9qp7FL3bkfc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/bd4566-ac27-46f8-94f9-19d1bb61d9a7/1/3rRM1UU67-NncVP3_LftMbl2hFY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/bd4566-ac27-46f8-94f9-19d1bb61d9a7/1/UBgr7pqgEMH_0tgE9qp7FL3bkfc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.199.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:79:54:b3:f6:47:bd:f0:0f:ec:68:bb:dd:2f:13:45:5d:06:
         38:41:25:ee:3a:53:6e:0f:a1:6c:b4:6b:e0:c4:f1:05:72:23:
         37:c5:8d:e4:47:fa:d6:fb:3b:2c:dc:56:d0:b3:86:55:df:70:
         17:2b:cd:4e:4e:27:2f:a7:db:87:e1:3b:36:88:15:7e:4b:41:
         5c:e5:8f:5f:b4:4f:d9:77:9c:4c:87:fe:09:b3:ae:4c:60:27:
         2e:12:1b:52:13:49:5b:25:5b:38:eb:c2:92:18:93:23:c1:05:
         0e:5f:4f:e8:7c:9f:a4:cb:05:31:5a:84:a2:2f:9b:d4:90:62:
         99:d9:35:e6:1b:e7:ae:6e:ac:93:17:fc:8e:77:7b:b2:29:4b:
         1a:f9:5f:4b:37:01:b4:b8:52:12:72:2a:08:2b:7f:67:b6:94:
         f4:2c:f9:f0:84:ba:03:a6:35:72:ac:d1:aa:5b:94:29:ac:30:
         b8:32:c9:fe:89:63:cc:1e:97:32:0e:20:be:c2:6e:2b:dc:fd:
         fe:73:66:dc:6e:97:41:5c:de:04:cb:e6:bc:1d:f5:d1:ce:37:
         e8:67:c2:97:97:16:e7:b8:4b:4b:f2:99:6c:d4:ea:0b:81:f2:
         3d:1c:ac:28:9c:c7:e0:d8:67:7e:8a:4e:20:67:1e:05:c9:44:
         df:87:94:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlITs1HZG3WlLq4RZjK+yBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwMTgyYmVlOWFhMDEwYzFmZmQyZDgwNGY2YWE3YjE0YmRk
YjkxZjcwHhcNMjUwMTAyMDM0ODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWI0NGNkNTQ1M2FlZmUzNjc3MTUzZjdmY2I3ZWQzMWI5NzY4NDU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1JFOyyyyugSgoE2Sa9H09LKIB7CH
Lkemic6ZTEuszCl8IW0fsfNR7CDiligqU+CKzyUC4GtzxvJDDAUETdp0PbmL4DMZ
hbXnOXtb2luP+tITlDiKloySyzOWmNJIhCAiNoQ4WAXAfyQsxaKT4xP+sL9RzuhC
MUpdxfXq6jPzxDQYl0Gehb0mYumd72ltSFQVeGEa5zr83Jby10+lRas6cID2QdV/
iGMedfR/sgHLYHnPmd3k6amd8StSXYhgLxwg4LAI2/AcWyQK69/kPOCPiTBVkVi+
XW/UOyxotBJhDi276twtxJECwCdtvX/QOUwhG+jikYfSjYlXVqTVWpsgQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN60TNVFOu/jZ3FT9/y37TG5doRWMB8GA1UdIwQY
MBaAFFAYK+6aoBDB/9LYBPaqexS925H3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUJncjdwcWdFTUhfMHRnRTlxcDdGTDNia2ZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC9iZDQ1NjYtYWMyNy00NmY4LTk0Zjkt
MTlkMWJiNjFkOWE3LzEvM3JSTTFVVTY3LU5uY1ZQM19MZnRNYmwyaEZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC9iZDQ1NjYtYWMyNy00NmY4LTk0ZjktMTlkMWJiNjFkOWE3
LzEvVUJncjdwcWdFTUhfMHRnRTlxcDdGTDNia2ZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUcdzMA0G
CSqGSIb3DQEBCwUAA4IBAQBFeVSz9ke98A/saLvdLxNFXQY4QSXuOlNuD6FstGvg
xPEFciM3xY3kR/rW+zss3FbQs4ZV33AXK81OTicvp9uH4Ts2iBV+S0Fc5Y9ftE/Z
d5xMh/4Js65MYCcuEhtSE0lbJVs468KSGJMjwQUOX0/ofJ+kywUxWoSiL5vUkGKZ
2TXmG+eubqyTF/yOd3uyKUsa+V9LNwG0uFIScioIK39ntpT0LPnwhLoDpjVyrNGq
W5QprDC4Msn+iWPMHpcyDiC+wm4r3P3+c2bcbpdBXN4Ey+a8HfXRzjfoZ8KXlxbn
uEtL8pls1OoLgfI9HKwonMfg2Gd+ik4gZx4FyUTfh5Q4
-----END CERTIFICATE-----