Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/95/b28a1d-f471-4eb7-a8de-c0c74809439e/1/gH87DnFCIVeDMCdzZgdgeo0PCRQ.roa
File:                     gH87DnFCIVeDMCdzZgdgeo0PCRQ.roa (raw, json)
Hash identifier:          pS4ieprkTVj7xtpm2D2Dk/zZSNZ4iIRcoOU3KEt530k=
Subject key identifier:   80:7F:3B:0E:71:42:21:57:83:30:27:73:66:07:60:7A:8D:0F:09:14
Certificate issuer:       /CN=66af1c224db29a5104a61aac32f60956025fad43
Certificate serial:       019464AFA3AAEE191D427A2A9EFD2C3E707F
Authority key identifier: 66:AF:1C:22:4D:B2:9A:51:04:A6:1A:AC:32:F6:09:56:02:5F:AD:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zq8cIk2ymlEEphqsMvYJVgJfrUM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/95/b28a1d-f471-4eb7-a8de-c0c74809439e/1/gH87DnFCIVeDMCdzZgdgeo0PCRQ.roa
Signing time:             Tue 14 Jan 2025 12:00:19 +0000
ROA not before:           Tue 14 Jan 2025 12:00:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215037
IP address blocks:        81.177.208.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/95/b28a1d-f471-4eb7-a8de-c0c74809439e/1/Zq8cIk2ymlEEphqsMvYJVgJfrUM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/95/b28a1d-f471-4eb7-a8de-c0c74809439e/1/Zq8cIk2ymlEEphqsMvYJVgJfrUM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zq8cIk2ymlEEphqsMvYJVgJfrUM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:64:af:a3:aa:ee:19:1d:42:7a:2a:9e:fd:2c:3e:70:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66af1c224db29a5104a61aac32f60956025fad43
        Validity
            Not Before: Jan 14 12:00:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=807f3b0e71422157833027736607607a8d0f0914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:50:1b:3c:88:38:b4:af:2c:85:d6:7d:c9:fc:
                    a5:13:e8:a7:13:40:4f:52:b7:76:a2:6b:87:42:1f:
                    2c:b6:1c:31:9e:91:57:e1:2a:47:a3:94:a4:22:65:
                    ad:da:69:4d:ad:ed:06:e7:27:38:00:9a:df:96:78:
                    27:09:29:86:c4:88:80:38:a5:67:30:44:55:15:f0:
                    c1:7d:63:ef:99:76:86:6d:19:cb:f6:b2:9b:78:3f:
                    9d:0b:71:34:e1:d6:6e:3a:67:f4:4e:bb:60:f6:6c:
                    11:66:f6:29:07:bd:98:bb:9c:79:c6:6d:88:30:f6:
                    fa:81:b1:46:c5:52:aa:a2:6b:58:67:c3:ea:53:85:
                    db:d8:54:19:19:4b:1b:2d:05:93:e0:17:f2:8d:89:
                    57:c1:61:36:f4:e0:d2:a9:8c:1d:d9:1c:b1:22:70:
                    80:a9:80:df:5f:d6:49:9d:48:fd:7b:0b:49:cc:08:
                    8e:e0:5b:87:c0:88:0a:3c:02:b5:41:57:9a:db:f3:
                    29:1c:e7:25:90:e8:9e:0c:a2:83:e6:6d:50:9d:c8:
                    4b:4d:38:6d:4f:e7:ba:03:27:a4:e1:21:92:46:8e:
                    08:88:bb:72:d3:5d:24:c7:b4:1e:cb:fc:6f:77:c5:
                    15:9b:b2:ab:e5:20:a6:fb:f9:99:d9:3f:28:fa:dd:
                    90:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:7F:3B:0E:71:42:21:57:83:30:27:73:66:07:60:7A:8D:0F:09:14
            X509v3 Authority Key Identifier:
                keyid:66:AF:1C:22:4D:B2:9A:51:04:A6:1A:AC:32:F6:09:56:02:5F:AD:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zq8cIk2ymlEEphqsMvYJVgJfrUM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/b28a1d-f471-4eb7-a8de-c0c74809439e/1/gH87DnFCIVeDMCdzZgdgeo0PCRQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/95/b28a1d-f471-4eb7-a8de-c0c74809439e/1/Zq8cIk2ymlEEphqsMvYJVgJfrUM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.177.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         71:1c:47:b2:95:61:41:96:98:aa:46:2a:7a:1b:a4:3b:d1:da:
         88:91:67:4c:1b:1b:42:28:96:76:82:99:79:ee:fc:a1:35:30:
         a9:bf:09:e3:42:08:6c:9c:1d:0b:c8:05:bb:a1:28:d1:0b:be:
         37:79:46:c0:8c:45:80:f4:19:9c:e4:9d:07:a7:1f:37:1b:7b:
         ff:e6:12:6e:8c:af:e5:4d:f6:71:1a:df:8e:fa:95:e5:bb:38:
         e2:2d:24:cb:d4:f3:16:93:4c:4d:7b:0a:a1:0c:56:e4:2d:be:
         89:c4:3a:b1:b6:bc:37:d7:50:42:de:57:6b:4f:47:6c:a1:78:
         48:62:50:24:1d:cf:b8:58:24:07:d9:85:3f:91:5c:bb:e7:7b:
         31:9e:28:74:21:2d:4d:8e:b1:aa:d9:2c:93:46:87:45:9d:f2:
         08:b1:14:08:cd:2b:b9:00:12:11:14:8c:34:f1:84:38:6a:46:
         fc:ef:ec:3c:43:ab:fa:00:c4:a8:51:db:c5:ba:be:e0:09:2f:
         41:22:5a:56:d9:ff:0c:4d:ac:f4:11:59:0f:c0:e5:74:29:eb:
         c2:dc:9a:50:b9:ab:b4:58:27:22:cb:cf:92:9f:f6:30:53:df:
         0b:4f:65:6c:57:0e:d2:a0:80:72:3e:32:fe:a0:2e:43:da:e3:
         56:57:7c:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRkr6Oq7hkdQnoqnv0sPnB/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2YWYxYzIyNGRiMjlhNTEwNGE2MWFhYzMyZjYwOTU2MDI1
ZmFkNDMwHhcNMjUwMTE0MTIwMDE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDdmM2IwZTcxNDIyMTU3ODMzMDI3NzM2NjA3NjA3YThkMGYwOTE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAglAbPIg4tK8shdZ9yfylE+inE0BP
Urd2omuHQh8sthwxnpFX4SpHo5SkImWt2mlNre0G5yc4AJrflngnCSmGxIiAOKVn
MERVFfDBfWPvmXaGbRnL9rKbeD+dC3E04dZuOmf0Trtg9mwRZvYpB72Yu5x5xm2I
MPb6gbFGxVKqomtYZ8PqU4Xb2FQZGUsbLQWT4BfyjYlXwWE29ODSqYwd2RyxInCA
qYDfX9ZJnUj9ewtJzAiO4FuHwIgKPAK1QVea2/MpHOclkOieDKKD5m1QnchLTTht
T+e6Ayek4SGSRo4IiLty010kx7Qey/xvd8UVm7Kr5SCm+/mZ2T8o+t2Q8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIB/Ow5xQiFXgzAnc2YHYHqNDwkUMB8GA1UdIwQY
MBaAFGavHCJNsppRBKYarDL2CVYCX61DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnE4Y0lrMnltbEVFcGhxc012WUpWZ0pmclVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NS9iMjhhMWQtZjQ3MS00ZWI3LWE4ZGUt
YzBjNzQ4MDk0MzllLzEvZ0g4N0RuRkNJVmVETUNkelpnZGdlbzBQQ1JRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NS9iMjhhMWQtZjQ3MS00ZWI3LWE4ZGUtYzBjNzQ4MDk0Mzll
LzEvWnE4Y0lrMnltbEVFcGhxc012WUpWZ0pmclVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCUbHQMA0G
CSqGSIb3DQEBCwUAA4IBAQBxHEeylWFBlpiqRip6G6Q70dqIkWdMGxtCKJZ2gpl5
7vyhNTCpvwnjQghsnB0LyAW7oSjRC743eUbAjEWA9Bmc5J0Hpx83G3v/5hJujK/l
TfZxGt+O+pXluzjiLSTL1PMWk0xNewqhDFbkLb6JxDqxtrw311BC3ldrT0dsoXhI
YlAkHc+4WCQH2YU/kVy753sxnih0IS1NjrGq2SyTRodFnfIIsRQIzSu5ABIRFIw0
8YQ4akb87+w8Q6v6AMSoUdvFur7gCS9BIlpW2f8MTaz0EVkPwOV0KevC3JpQuau0
WCciy8+Sn/YwU98LT2VsVw7SoIByPjL+oC5D2uNWV3yK
-----END CERTIFICATE-----