Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/852140-a27f-449b-b5ff-223742ee4375/1/r_bOLpGR44Uxr2yZR3U8n-cd72g.roa
File:                     r_bOLpGR44Uxr2yZR3U8n-cd72g.roa (raw, json)
Hash identifier:          77U0OrAigBGcas60BhBB6LRX9fbaZ0dNBtqvHrAGNSA=
Subject key identifier:   AF:F6:CE:2E:91:91:E3:85:31:AF:6C:99:47:75:3C:9F:E7:1D:EF:68
Certificate issuer:       /CN=cfd6e161dcfb7b72775149d435b79ba9d56d1417
Certificate serial:       0195EB54112F9FC8C2D0E057BAD394BAD4D5
Authority key identifier: CF:D6:E1:61:DC:FB:7B:72:77:51:49:D4:35:B7:9B:A9:D5:6D:14:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z9bhYdz7e3J3UUnUNbebqdVtFBc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/852140-a27f-449b-b5ff-223742ee4375/1/r_bOLpGR44Uxr2yZR3U8n-cd72g.roa
Signing time:             Mon 31 Mar 2025 08:31:49 +0000
ROA not before:           Mon 31 Mar 2025 08:31:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6871
IP address blocks:        81.140.0.0/17 maxlen: 17
                          81.140.128.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/852140-a27f-449b-b5ff-223742ee4375/1/z9bhYdz7e3J3UUnUNbebqdVtFBc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/852140-a27f-449b-b5ff-223742ee4375/1/z9bhYdz7e3J3UUnUNbebqdVtFBc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z9bhYdz7e3J3UUnUNbebqdVtFBc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:eb:54:11:2f:9f:c8:c2:d0:e0:57:ba:d3:94:ba:d4:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfd6e161dcfb7b72775149d435b79ba9d56d1417
        Validity
            Not Before: Mar 31 08:31:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aff6ce2e9191e38531af6c9947753c9fe71def68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:2a:7a:3d:14:4b:ac:01:80:12:9c:34:ab:e8:
                    4e:42:9a:4e:38:5a:ca:33:31:07:fc:d8:e1:2c:00:
                    69:95:04:68:5f:f1:15:9f:d4:9e:2f:72:a9:f1:6e:
                    d0:c1:7a:f2:8d:e1:61:95:12:ad:1a:66:14:69:75:
                    75:d1:ff:d7:5b:d5:fb:4f:01:d2:ee:86:ff:e3:2e:
                    b4:1a:28:1f:7e:66:f0:7d:52:20:2d:b0:e5:cf:84:
                    2f:ba:a9:74:c9:8c:e2:6f:5c:b7:82:85:22:cc:78:
                    a3:3d:59:b4:57:a9:bf:36:c9:9e:bc:99:f4:a4:60:
                    b3:25:70:64:4f:ff:1a:64:46:71:4a:c8:e9:d2:56:
                    ff:2e:90:91:8d:31:65:c6:9d:bc:84:8f:67:9d:bf:
                    9e:20:c6:df:79:53:cd:5c:64:94:0e:2f:b1:af:ed:
                    e4:f7:d5:82:5c:89:97:bd:53:6f:c2:b3:b9:9f:0e:
                    3f:23:ad:31:9b:1e:b3:ee:0c:16:7e:3b:32:56:98:
                    81:d0:05:6c:19:0d:e4:80:c3:32:02:12:65:82:23:
                    91:3b:df:4e:f0:f4:98:30:81:bf:ff:72:1b:8b:eb:
                    e6:64:ab:e5:b6:cc:1e:0d:1f:95:1f:ec:fd:8d:06:
                    05:9d:e0:e5:ea:44:99:5b:41:3b:5f:8e:f5:4d:e5:
                    a5:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:F6:CE:2E:91:91:E3:85:31:AF:6C:99:47:75:3C:9F:E7:1D:EF:68
            X509v3 Authority Key Identifier:
                keyid:CF:D6:E1:61:DC:FB:7B:72:77:51:49:D4:35:B7:9B:A9:D5:6D:14:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z9bhYdz7e3J3UUnUNbebqdVtFBc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/852140-a27f-449b-b5ff-223742ee4375/1/r_bOLpGR44Uxr2yZR3U8n-cd72g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/852140-a27f-449b-b5ff-223742ee4375/1/z9bhYdz7e3J3UUnUNbebqdVtFBc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.140.0.0-81.140.159.255

    Signature Algorithm: sha256WithRSAEncryption
         4b:8f:32:34:f5:13:18:c8:72:98:b1:91:fa:51:e9:2e:af:11:
         c2:8c:7f:89:bc:55:73:5c:2b:76:58:45:28:12:6e:e1:51:08:
         f1:6e:b8:ad:c2:52:ff:03:c0:b1:0c:33:e5:e2:7f:7f:3f:f2:
         83:84:4a:ef:ff:82:b4:06:6f:0d:e2:f6:db:5c:39:22:ee:77:
         c0:86:4a:14:74:81:8a:0f:cf:cb:79:92:66:5c:c2:3a:39:72:
         d4:97:22:a3:36:49:e0:11:4b:57:15:0c:5c:69:d8:19:e8:63:
         51:e5:df:0e:a5:df:a5:80:43:ed:e3:2e:10:83:aa:38:1c:11:
         9e:d5:37:8f:24:c2:09:e3:fe:c3:4b:3a:22:7c:9c:1d:37:9c:
         38:cb:c5:be:b7:14:4f:01:33:a0:68:c0:57:9f:f0:6c:87:1f:
         2b:90:a3:b7:51:54:53:25:2b:fd:88:9a:fd:7c:93:52:eb:0d:
         cd:4a:f3:d0:6e:f4:48:bd:fd:b9:76:76:0e:85:e6:df:aa:f7:
         cd:fb:06:7e:11:07:ff:5a:dc:82:33:40:be:6c:0c:65:7e:75:
         94:a0:3d:64:85:78:68:2b:1f:83:1a:b9:4e:37:14:7a:f9:86:
         79:fb:63:1d:c8:af:08:c0:c7:ae:32:64:fc:a5:71:23:b1:80:
         95:39:dd:b0
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZXrVBEvn8jC0OBXutOUutTVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmZDZlMTYxZGNmYjdiNzI3NzUxNDlkNDM1Yjc5YmE5ZDU2
ZDE0MTcwHhcNMjUwMzMxMDgzMTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmY2Y2UyZTkxOTFlMzg1MzFhZjZjOTk0Nzc1M2M5ZmU3MWRlZjY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsCp6PRRLrAGAEpw0q+hOQppOOFrK
MzEH/NjhLABplQRoX/EVn9SeL3Kp8W7QwXryjeFhlRKtGmYUaXV10f/XW9X7TwHS
7ob/4y60GigffmbwfVIgLbDlz4Qvuql0yYzib1y3goUizHijPVm0V6m/NsmevJn0
pGCzJXBkT/8aZEZxSsjp0lb/LpCRjTFlxp28hI9nnb+eIMbfeVPNXGSUDi+xr+3k
99WCXImXvVNvwrO5nw4/I60xmx6z7gwWfjsyVpiB0AVsGQ3kgMMyAhJlgiORO99O
8PSYMIG//3Ibi+vmZKvltsweDR+VH+z9jQYFneDl6kSZW0E7X471TeWlKwIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFK/2zi6RkeOFMa9smUd1PJ/nHe9oMB8GA1UdIwQY
MBaAFM/W4WHc+3tyd1FJ1DW3m6nVbRQXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejliaFlkejdlM0ozVVVuVU5iZWJxZFZ0RkJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS84NTIxNDAtYTI3Zi00NDliLWI1ZmYt
MjIzNzQyZWU0Mzc1LzEvcl9iT0xwR1I0NFV4cjJ5WlIzVThuLWNkNzJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS84NTIxNDAtYTI3Zi00NDliLWI1ZmYtMjIzNzQyZWU0Mzc1
LzEvejliaFlkejdlM0ozVVVuVU5iZWJxZFZ0RkJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCYGCCsGAQUFBwEHAQH/BBcwFTATBAIAATANMAsDAwJRjAME
BVGMgDANBgkqhkiG9w0BAQsFAAOCAQEAS48yNPUTGMhymLGR+lHpLq8Rwox/ibxV
c1wrdlhFKBJu4VEI8W64rcJS/wPAsQwz5eJ/fz/yg4RK7/+CtAZvDeL221w5Iu53
wIZKFHSBig/Py3mSZlzCOjly1JciozZJ4BFLVxUMXGnYGehjUeXfDqXfpYBD7eMu
EIOqOBwRntU3jyTCCeP+w0s6InycHTecOMvFvrcUTwEzoGjAV5/wbIcfK5Cjt1FU
UyUr/Yia/XyTUusNzUrz0G70SL39uXZ2DoXm36r3zfsGfhEH/1rcgjNAvmwMZX51
lKA9ZIV4aCsfgxq5TjcUevmGeftjHcivCMDHrjJk/KVxI7GAlTndsA==
-----END CERTIFICATE-----