Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/6b544c-50e7-4f96-8c8d-8dee1da10741/1/ZFRtbjp7XCI4GHqt1ZgCwZkast4.roa
File:                     ZFRtbjp7XCI4GHqt1ZgCwZkast4.roa (raw, json)
Hash identifier:          z+Xd+9kKo+cN8+/6XubJNZh35Ux0PoN1ziMYuy4fMuo=
Subject key identifier:   64:54:6D:6E:3A:7B:5C:22:38:18:7A:AD:D5:98:02:C1:99:1A:B2:DE
Certificate issuer:       /CN=ec7469c5428eef9ab768d9ed6c2c89443a6bb4be
Certificate serial:       01906F01F8D7C8E84043CEEF8A1BBFEF43B5
Authority key identifier: EC:74:69:C5:42:8E:EF:9A:B7:68:D9:ED:6C:2C:89:44:3A:6B:B4:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7HRpxUKO75q3aNntbCyJRDprtL4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/6b544c-50e7-4f96-8c8d-8dee1da10741/1/ZFRtbjp7XCI4GHqt1ZgCwZkast4.roa
Signing time:             Mon 01 Jul 2024 15:55:18 +0000
ROA not before:           Mon 01 Jul 2024 15:55:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52209
IP address blocks:        81.30.107.0/24 maxlen: 24
                          2a09:cbc0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/6b544c-50e7-4f96-8c8d-8dee1da10741/1/7HRpxUKO75q3aNntbCyJRDprtL4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/6b544c-50e7-4f96-8c8d-8dee1da10741/1/7HRpxUKO75q3aNntbCyJRDprtL4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7HRpxUKO75q3aNntbCyJRDprtL4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 08:00:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:6f:01:f8:d7:c8:e8:40:43:ce:ef:8a:1b:bf:ef:43:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec7469c5428eef9ab768d9ed6c2c89443a6bb4be
        Validity
            Not Before: Jul  1 15:55:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=64546d6e3a7b5c2238187aadd59802c1991ab2de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:85:c3:82:77:bb:c0:95:d3:c2:b3:4d:a0:a2:
                    f8:05:83:0a:aa:66:89:ab:47:34:4b:fc:70:1f:a6:
                    d0:f9:6a:8d:b2:93:b5:37:d2:7b:78:2a:81:39:39:
                    43:bd:31:43:ad:2f:a8:bb:2e:9b:29:4b:b7:c4:77:
                    67:b5:d5:52:96:c0:de:87:d3:6d:14:66:82:f4:9a:
                    ea:f8:b3:6b:20:06:46:a8:18:6e:ad:30:cd:15:c2:
                    88:2a:07:a2:7f:be:7c:b2:6d:f6:01:b7:73:14:4b:
                    30:02:de:47:99:10:d4:1b:d1:c0:fc:28:fc:3b:9f:
                    25:c7:61:41:f3:88:cf:4e:21:2d:c3:08:12:1a:e4:
                    c8:fb:d8:48:24:6d:44:6b:7d:a2:af:13:47:af:07:
                    90:da:ab:2d:1c:70:70:f6:67:66:e0:4b:99:4f:ac:
                    3f:41:86:15:f4:24:49:5f:1c:e3:2d:d5:32:e2:33:
                    0e:72:f8:6d:bb:14:5a:bd:db:ee:be:40:76:1f:6f:
                    f0:00:dd:90:55:37:97:f2:a8:6c:18:1e:65:e0:fe:
                    ec:0c:10:30:be:62:6d:34:31:95:66:a7:5b:e2:8b:
                    e5:6a:f9:76:f7:1e:04:0b:7f:18:fa:33:7d:9d:58:
                    cf:5b:4d:63:33:31:4d:c6:04:8d:ee:51:a7:6c:62:
                    ec:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:54:6D:6E:3A:7B:5C:22:38:18:7A:AD:D5:98:02:C1:99:1A:B2:DE
            X509v3 Authority Key Identifier:
                keyid:EC:74:69:C5:42:8E:EF:9A:B7:68:D9:ED:6C:2C:89:44:3A:6B:B4:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7HRpxUKO75q3aNntbCyJRDprtL4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/6b544c-50e7-4f96-8c8d-8dee1da10741/1/ZFRtbjp7XCI4GHqt1ZgCwZkast4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/6b544c-50e7-4f96-8c8d-8dee1da10741/1/7HRpxUKO75q3aNntbCyJRDprtL4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.30.107.0/24
                IPv6:
                  2a09:cbc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         44:a3:2b:47:fa:4b:78:79:b7:8a:75:85:20:31:64:4a:ed:5e:
         1b:d2:b1:b2:6b:7c:54:d0:14:7e:12:06:e9:be:b9:de:cd:a3:
         80:18:f8:06:65:1e:d2:3e:ed:62:95:84:45:83:5c:2f:f7:82:
         c9:ce:42:34:5f:ac:73:cb:9c:b4:5f:17:d3:80:02:a3:fe:04:
         50:5d:32:34:00:4f:fd:01:05:21:aa:7e:e6:82:64:ff:82:5a:
         30:3a:96:43:23:93:3b:61:40:e1:8d:5c:2f:8d:bc:3b:0d:b9:
         07:ba:86:46:de:41:d9:01:84:81:4b:23:41:a4:66:bb:f9:c5:
         08:86:a5:fa:ad:19:91:76:5c:f4:71:18:42:00:19:ee:b9:3a:
         24:ee:4f:45:a7:b5:b5:96:c0:9c:5f:2a:8d:a2:2f:52:a1:f0:
         98:5a:e1:03:66:b5:ab:ce:7a:f1:2c:63:ab:9b:c4:53:2d:e5:
         fc:13:8b:ce:e1:09:9d:f8:04:64:34:8d:8b:fc:55:83:f7:8e:
         57:79:b0:da:ec:16:f9:c5:23:13:b2:8f:0d:e1:05:b8:4f:97:
         16:84:ee:32:13:77:4f:1e:5d:d4:f5:51:20:a5:1c:62:55:d8:
         d4:9a:c2:49:75:dc:cb:d9:ba:ae:3b:d5:8b:54:ef:c0:3a:ff:
         c4:62:f9:f5
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZBvAfjXyOhAQ87vihu/70O1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjNzQ2OWM1NDI4ZWVmOWFiNzY4ZDllZDZjMmM4OTQ0M2E2
YmI0YmUwHhcNMjQwNzAxMTU1NTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDU0NmQ2ZTNhN2I1YzIyMzgxODdhYWRkNTk4MDJjMTk5MWFiMmRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4YXDgne7wJXTwrNNoKL4BYMKqmaJ
q0c0S/xwH6bQ+WqNspO1N9J7eCqBOTlDvTFDrS+ouy6bKUu3xHdntdVSlsDeh9Nt
FGaC9Jrq+LNrIAZGqBhurTDNFcKIKgeif758sm32AbdzFEswAt5HmRDUG9HA/Cj8
O58lx2FB84jPTiEtwwgSGuTI+9hIJG1Ea32irxNHrweQ2qstHHBw9mdm4EuZT6w/
QYYV9CRJXxzjLdUy4jMOcvhtuxRavdvuvkB2H2/wAN2QVTeX8qhsGB5l4P7sDBAw
vmJtNDGVZqdb4ovlavl29x4EC38Y+jN9nVjPW01jMzFNxgSN7lGnbGLs6QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGRUbW46e1wiOBh6rdWYAsGZGrLeMB8GA1UdIwQY
MBaAFOx0acVCju+at2jZ7WwsiUQ6a7S+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0hScHhVS083NXEzYU5udGJDeUpSRHBydEw0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny82YjU0NGMtNTBlNy00Zjk2LThjOGQt
OGRlZTFkYTEwNzQxLzEvWkZSdGJqcDdYQ0k0R0hxdDFaZ0N3Wmthc3Q0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny82YjU0NGMtNTBlNy00Zjk2LThjOGQtOGRlZTFkYTEwNzQx
LzEvN0hScHhVS083NXEzYU5udGJDeUpSRHBydEw0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAUR5rMA0E
AgACMAcDBQMqCcvAMA0GCSqGSIb3DQEBCwUAA4IBAQBEoytH+kt4ebeKdYUgMWRK
7V4b0rGya3xU0BR+EgbpvrnezaOAGPgGZR7SPu1ilYRFg1wv94LJzkI0X6xzy5y0
XxfTgAKj/gRQXTI0AE/9AQUhqn7mgmT/glowOpZDI5M7YUDhjVwvjbw7DbkHuoZG
3kHZAYSBSyNBpGa7+cUIhqX6rRmRdlz0cRhCABnuuTok7k9Fp7W1lsCcXyqNoi9S
ofCYWuEDZrWrznrxLGOrm8RTLeX8E4vO4Qmd+ARkNI2L/FWD945XebDa7Bb5xSMT
so8N4QW4T5cWhO4yE3dPHl3U9VEgpRxiVdjUmsJJddzL2bquO9WLVO/AOv/EYvn1
-----END CERTIFICATE-----