Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/bdVbtzYPYD9Q2_d-Kh44ldZokf4.roa
File:                     bdVbtzYPYD9Q2_d-Kh44ldZokf4.roa (raw, json)
Hash identifier:          CygtYAV68pNiItWcvbjTMsCmWK39gnx0MaLmVruLNhg=
Subject key identifier:   6D:D5:5B:B7:36:0F:60:3F:50:DB:F7:7E:2A:1E:38:95:D6:68:91:FE
Certificate issuer:       /CN=00775d9471b85d963fef6d283590e2d942dd5c21
Certificate serial:       018CCA99307C1C7583BA142FCE3597D6A8ED
Authority key identifier: 00:77:5D:94:71:B8:5D:96:3F:EF:6D:28:35:90:E2:D9:42:DD:5C:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/bdVbtzYPYD9Q2_d-Kh44ldZokf4.roa
Signing time:             Tue 02 Jan 2024 14:34:46 +0000
ROA not before:           Tue 02 Jan 2024 14:34:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29577
IP address blocks:        81.12.0.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/AHddlHG4XZY_720oNZDi2ULdXCE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/AHddlHG4XZY_720oNZDi2ULdXCE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:30:7c:1c:75:83:ba:14:2f:ce:35:97:d6:a8:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00775d9471b85d963fef6d283590e2d942dd5c21
        Validity
            Not Before: Jan  2 14:34:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6dd55bb7360f603f50dbf77e2a1e3895d66891fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:40:d9:17:f8:b8:f8:6d:c6:63:fa:67:b0:f9:
                    6e:cb:4f:06:45:eb:65:14:57:22:20:ed:7f:ef:cc:
                    0b:c4:b0:0c:4f:66:cc:6f:b5:50:1f:94:01:28:36:
                    a3:b5:88:0a:53:77:3b:5e:c7:c2:49:d3:dd:e6:5f:
                    40:b2:5d:2f:f9:31:ce:ba:bb:d0:81:de:88:3a:04:
                    a4:6f:b5:2d:9d:f3:5c:e1:de:19:5f:3d:c1:d8:95:
                    7d:ac:ff:85:1c:a5:5a:25:f0:a3:ca:9b:a4:6f:a8:
                    a3:9a:d1:cc:0f:0f:12:85:80:b9:32:43:a6:9c:62:
                    69:df:00:d2:21:9c:e5:db:f7:fa:9d:70:3d:0f:2f:
                    4a:5b:8f:cf:35:6b:81:33:a3:c8:f1:26:89:04:a8:
                    76:f6:71:81:16:e1:75:7d:f2:cb:29:49:b6:1e:cd:
                    67:f7:21:51:75:93:2b:39:57:4a:b9:03:53:ca:c7:
                    4e:4b:52:08:38:a5:ae:22:1b:e5:4b:7c:1e:59:00:
                    06:84:aa:9c:ed:27:ce:5b:94:16:6f:06:fe:0f:dc:
                    b2:2b:08:f1:ca:a0:ac:87:50:d1:26:d4:44:5d:fc:
                    75:d5:47:21:7b:04:8e:b3:fb:f8:f8:06:0e:f6:63:
                    5a:89:b8:bb:e1:3e:60:5c:b7:53:68:e7:46:ce:3d:
                    48:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:D5:5B:B7:36:0F:60:3F:50:DB:F7:7E:2A:1E:38:95:D6:68:91:FE
            X509v3 Authority Key Identifier:
                keyid:00:77:5D:94:71:B8:5D:96:3F:EF:6D:28:35:90:E2:D9:42:DD:5C:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/bdVbtzYPYD9Q2_d-Kh44ldZokf4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/AHddlHG4XZY_720oNZDi2ULdXCE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.12.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         03:47:88:a8:31:42:62:aa:e4:fa:8d:b8:8f:c4:33:97:78:9b:
         f2:ec:89:08:28:67:96:1b:bc:a3:de:dc:3b:ef:d1:1c:3f:af:
         5c:fa:ab:6a:b9:42:42:82:5b:6f:2d:b3:77:65:9d:c4:cf:0c:
         5b:0a:5f:21:8e:b7:bd:87:6f:9e:c2:42:13:74:3e:55:a5:ff:
         15:07:10:d7:3b:dd:5a:5e:ee:e5:71:bc:fb:d9:83:0d:7f:5d:
         bb:f0:d9:97:e3:c0:29:57:ff:17:50:91:ce:a8:4f:83:d8:d6:
         8d:26:62:71:75:d1:0e:4b:9c:82:b0:19:4e:ff:2e:2d:30:d1:
         7f:41:0a:e8:72:2e:59:5c:c3:a7:ee:58:45:44:90:65:7b:99:
         e1:7d:0d:b5:02:5b:b3:46:ad:33:ab:c6:d0:4d:97:de:27:10:
         42:f4:80:11:34:16:94:59:50:23:9a:b3:35:a3:38:56:59:53:
         ef:99:a8:c6:23:9f:61:08:6f:46:30:06:29:27:c2:00:66:d9:
         13:43:f0:ea:77:d3:fc:bf:81:4f:ed:89:49:fe:7e:92:1f:1c:
         eb:ab:2a:32:e5:4c:f0:7f:10:d6:62:8e:43:ea:80:8f:0e:04:
         3b:98:83:b0:5e:49:da:83:99:72:3c:65:79:ee:9e:ed:af:92:
         08:fa:6a:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKmTB8HHWDuhQvzjWX1qjtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwNzc1ZDk0NzFiODVkOTYzZmVmNmQyODM1OTBlMmQ5NDJk
ZDVjMjEwHhcNMjQwMTAyMTQzNDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGQ1NWJiNzM2MGY2MDNmNTBkYmY3N2UyYTFlMzg5NWQ2Njg5MWZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7EDZF/i4+G3GY/pnsPluy08GRetl
FFciIO1/78wLxLAMT2bMb7VQH5QBKDajtYgKU3c7XsfCSdPd5l9Asl0v+THOurvQ
gd6IOgSkb7UtnfNc4d4ZXz3B2JV9rP+FHKVaJfCjypukb6ijmtHMDw8ShYC5MkOm
nGJp3wDSIZzl2/f6nXA9Dy9KW4/PNWuBM6PI8SaJBKh29nGBFuF1ffLLKUm2Hs1n
9yFRdZMrOVdKuQNTysdOS1IIOKWuIhvlS3weWQAGhKqc7SfOW5QWbwb+D9yyKwjx
yqCsh1DRJtREXfx11UchewSOs/v4+AYO9mNaibi74T5gXLdTaOdGzj1InwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG3VW7c2D2A/UNv3fioeOJXWaJH+MB8GA1UdIwQY
MBaAFAB3XZRxuF2WP+9tKDWQ4tlC3VwhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUhkZGxIRzRYWllfNzIwb05aRGkyVUxkWENFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi82Mzc2MGMtZTIxYi00YmFmLWE5YTQt
NzZiMzNlNGNlODIxLzEvYmRWYnR6WVBZRDlRMl9kLUtoNDRsZFpva2Y0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi82Mzc2MGMtZTIxYi00YmFmLWE5YTQtNzZiMzNlNGNlODIx
LzEvQUhkZGxIRzRYWllfNzIwb05aRGkyVUxkWENFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCUQwAMA0G
CSqGSIb3DQEBCwUAA4IBAQADR4ioMUJiquT6jbiPxDOXeJvy7IkIKGeWG7yj3tw7
79EcP69c+qtquUJCgltvLbN3ZZ3EzwxbCl8hjre9h2+ewkITdD5Vpf8VBxDXO91a
Xu7lcbz72YMNf1278NmX48ApV/8XUJHOqE+D2NaNJmJxddEOS5yCsBlO/y4tMNF/
QQroci5ZXMOn7lhFRJBle5nhfQ21AluzRq0zq8bQTZfeJxBC9IARNBaUWVAjmrM1
ozhWWVPvmajGI59hCG9GMAYpJ8IAZtkTQ/Dqd9P8v4FP7YlJ/n6SHxzrqyoy5Uzw
fxDWYo5D6oCPDgQ7mIOwXknag5lyPGV57p7tr5II+mrV
-----END CERTIFICATE-----