Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/7ec7a2-8318-462f-966e-7a531d483747/1/H3uth0GgEEDTXxQx-zYSgG_ftc8.roa
File:                     H3uth0GgEEDTXxQx-zYSgG_ftc8.roa (raw, json)
Hash identifier:          ZRjRXXGfyUd9eg11LeMcKe5eZvTxXT9guDQhbbBQkfQ=
Subject key identifier:   1F:7B:AD:87:41:A0:10:40:D3:5F:14:31:FB:36:12:80:6F:DF:B5:CF
Certificate issuer:       /CN=713b9404a0c43223addc8ea1b10ab74b777a2a01
Certificate serial:       018CC424C3A448B211B6DBEBC29D1AD6093B
Authority key identifier: 71:3B:94:04:A0:C4:32:23:AD:DC:8E:A1:B1:0A:B7:4B:77:7A:2A:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cTuUBKDEMiOt3I6hsQq3S3d6KgE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/7ec7a2-8318-462f-966e-7a531d483747/1/H3uth0GgEEDTXxQx-zYSgG_ftc8.roa
Signing time:             Mon 01 Jan 2024 08:29:52 +0000
ROA not before:           Mon 01 Jan 2024 08:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51013
IP address blocks:        81.95.108.0/24 maxlen: 24
                          2a02:4a8:10::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/7ec7a2-8318-462f-966e-7a531d483747/1/cTuUBKDEMiOt3I6hsQq3S3d6KgE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/7ec7a2-8318-462f-966e-7a531d483747/1/cTuUBKDEMiOt3I6hsQq3S3d6KgE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cTuUBKDEMiOt3I6hsQq3S3d6KgE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Jul 2024 10:02:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:c3:a4:48:b2:11:b6:db:eb:c2:9d:1a:d6:09:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=713b9404a0c43223addc8ea1b10ab74b777a2a01
        Validity
            Not Before: Jan  1 08:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1f7bad8741a01040d35f1431fb3612806fdfb5cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:b1:c1:e6:13:57:10:d9:d1:3d:7e:ce:99:c1:
                    89:4a:b3:bc:08:5e:51:89:04:a2:a9:2d:7a:21:2a:
                    e5:68:ec:6b:75:7b:86:f5:e2:57:4c:d1:60:49:5a:
                    a0:09:81:74:07:89:60:2d:89:a7:a1:97:3f:94:50:
                    02:0c:16:10:20:dc:88:6c:fb:f7:cd:a7:61:6b:f7:
                    71:cc:ae:cb:02:84:08:50:97:ab:b2:21:7c:e5:d0:
                    e4:6e:9e:5a:0d:72:25:5f:25:9a:61:e0:b0:04:af:
                    48:6e:dd:c5:cb:6c:eb:cc:21:2c:5e:f6:d5:b1:0e:
                    5e:15:83:69:6e:c8:0a:4a:4a:05:af:ac:4b:6c:39:
                    27:bd:ec:a8:79:d9:a3:ec:f9:b2:5f:b8:d3:e3:c8:
                    33:90:46:e5:4e:ef:d7:4f:56:05:d4:e0:4d:07:bd:
                    45:54:d8:6d:24:a9:be:16:64:26:37:02:94:69:2c:
                    f8:0c:b8:27:3f:bf:3c:44:05:08:ed:4c:14:c0:e1:
                    45:13:96:fd:98:19:c1:4a:f4:10:f5:92:e0:22:ab:
                    c4:b5:a1:c8:57:3e:0a:2c:a6:6f:fc:02:09:92:3f:
                    1b:bc:cd:f3:6b:26:51:d2:c2:90:f4:94:ef:89:68:
                    f8:66:65:ee:88:cd:a2:a6:b5:e4:4e:bd:fc:75:46:
                    65:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:7B:AD:87:41:A0:10:40:D3:5F:14:31:FB:36:12:80:6F:DF:B5:CF
            X509v3 Authority Key Identifier:
                keyid:71:3B:94:04:A0:C4:32:23:AD:DC:8E:A1:B1:0A:B7:4B:77:7A:2A:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cTuUBKDEMiOt3I6hsQq3S3d6KgE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7ec7a2-8318-462f-966e-7a531d483747/1/H3uth0GgEEDTXxQx-zYSgG_ftc8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7ec7a2-8318-462f-966e-7a531d483747/1/cTuUBKDEMiOt3I6hsQq3S3d6KgE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.95.108.0/24
                IPv6:
                  2a02:4a8:10::/48

    Signature Algorithm: sha256WithRSAEncryption
         8d:a1:01:78:a1:b8:66:5b:1d:b1:cc:a8:a3:10:14:d1:73:a0:
         1c:ff:25:04:be:65:64:4b:35:21:73:6f:96:c6:7b:f4:da:12:
         2e:6b:a3:5b:4e:8c:bd:f0:09:ed:80:38:a2:97:5e:ad:74:dc:
         db:66:d5:81:f8:34:d4:8e:6a:d6:61:27:9c:00:c7:e3:43:92:
         93:1f:56:25:b8:df:63:05:85:c5:bc:8d:44:2f:b9:2e:df:9d:
         76:d0:3b:f5:0e:23:7b:a2:d8:e4:85:88:62:a1:2e:1b:b4:99:
         08:8f:2d:f3:fa:1f:11:5f:03:59:02:2d:e7:26:60:5a:3e:ce:
         6f:8b:00:ce:1c:d7:e3:81:6d:34:74:3e:e0:97:8a:56:df:67:
         29:36:93:b1:d6:29:11:71:6c:65:bc:d8:6f:06:1e:8a:4b:9c:
         a1:86:2b:dc:e8:b4:28:d7:ce:5f:41:ab:27:bf:91:fe:66:e6:
         18:c4:35:fc:74:42:fe:f6:d3:17:70:14:90:0a:61:21:a0:af:
         26:b8:16:47:0e:db:27:57:b7:b5:ee:29:ae:1d:c5:64:ce:06:
         52:43:d6:19:1b:18:23:16:3f:04:dd:f1:13:8f:d2:78:f9:9c:
         e7:e6:4e:83:1d:cd:2b:62:50:b0:3f:22:be:6f:2c:01:54:ec:
         5a:37:56:1c
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzEJMOkSLIRttvrwp0a1gk7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcxM2I5NDA0YTBjNDMyMjNhZGRjOGVhMWIxMGFiNzRiNzc3
YTJhMDEwHhcNMjQwMTAxMDgyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjdiYWQ4NzQxYTAxMDQwZDM1ZjE0MzFmYjM2MTI4MDZmZGZiNWNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4LHB5hNXENnRPX7OmcGJSrO8CF5R
iQSiqS16ISrlaOxrdXuG9eJXTNFgSVqgCYF0B4lgLYmnoZc/lFACDBYQINyIbPv3
zadha/dxzK7LAoQIUJersiF85dDkbp5aDXIlXyWaYeCwBK9Ibt3Fy2zrzCEsXvbV
sQ5eFYNpbsgKSkoFr6xLbDknveyoedmj7PmyX7jT48gzkEblTu/XT1YF1OBNB71F
VNhtJKm+FmQmNwKUaSz4DLgnP788RAUI7UwUwOFFE5b9mBnBSvQQ9ZLgIqvEtaHI
Vz4KLKZv/AIJkj8bvM3zayZR0sKQ9JTviWj4ZmXuiM2iprXkTr38dUZlswIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFB97rYdBoBBA018UMfs2EoBv37XPMB8GA1UdIwQY
MBaAFHE7lASgxDIjrdyOobEKt0t3eioBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1R1VUJLREVNaU90M0k2aHNRcTNTM2Q2S2dFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My83ZWM3YTItODMxOC00NjJmLTk2NmUt
N2E1MzFkNDgzNzQ3LzEvSDN1dGgwR2dFRURUWHhReC16WVNnR19mdGM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My83ZWM3YTItODMxOC00NjJmLTk2NmUtN2E1MzFkNDgzNzQ3
LzEvY1R1VUJLREVNaU90M0k2aHNRcTNTM2Q2S2dFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAUV9sMA8E
AgACMAkDBwAqAgSoABAwDQYJKoZIhvcNAQELBQADggEBAI2hAXihuGZbHbHMqKMQ
FNFzoBz/JQS+ZWRLNSFzb5bGe/TaEi5ro1tOjL3wCe2AOKKXXq103Ntm1YH4NNSO
atZhJ5wAx+NDkpMfViW432MFhcW8jUQvuS7fnXbQO/UOI3ui2OSFiGKhLhu0mQiP
LfP6HxFfA1kCLecmYFo+zm+LAM4c1+OBbTR0PuCXilbfZyk2k7HWKRFxbGW82G8G
HopLnKGGK9zotCjXzl9Bqye/kf5m5hjENfx0Qv720xdwFJAKYSGgrya4FkcO2ydX
t7XuKa4dxWTOBlJD1hkbGCMWPwTd8ROP0nj5nOfmToMdzStiULA/Ir5vLAFU7Fo3
Vhw=
-----END CERTIFICATE-----