Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/dTXmuqAdUiaORH9_k6_OEflaGJ0.roa
File:                     dTXmuqAdUiaORH9_k6_OEflaGJ0.roa (raw, json)
Hash identifier:          Y6xTs4fv/PmDrMOT6et08oHXBwWg0pSPHGe5dlh0Hi8=
Subject key identifier:   75:35:E6:BA:A0:1D:52:26:8E:44:7F:7F:93:AF:CE:11:F9:5A:18:9D
Certificate issuer:       /CN=00775d9471b85d963fef6d283590e2d942dd5c21
Certificate serial:       018CCA992F6B827E693A75C02785EABFB8A2
Authority key identifier: 00:77:5D:94:71:B8:5D:96:3F:EF:6D:28:35:90:E2:D9:42:DD:5C:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/dTXmuqAdUiaORH9_k6_OEflaGJ0.roa
Signing time:             Tue 02 Jan 2024 14:34:45 +0000
ROA not before:           Tue 02 Jan 2024 14:34:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6736
IP address blocks:        81.12.12.0/24 maxlen: 24
                          87.107.117.0/24 maxlen: 24
                          87.107.116.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/AHddlHG4XZY_720oNZDi2ULdXCE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/AHddlHG4XZY_720oNZDi2ULdXCE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 19:23:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:2f:6b:82:7e:69:3a:75:c0:27:85:ea:bf:b8:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00775d9471b85d963fef6d283590e2d942dd5c21
        Validity
            Not Before: Jan  2 14:34:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7535e6baa01d52268e447f7f93afce11f95a189d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:51:62:3b:89:3b:cf:29:9e:c5:12:9a:cb:17:
                    98:9c:85:0c:04:56:4d:9a:61:f0:df:0a:26:77:e5:
                    a5:00:d3:c3:0b:15:56:c0:ba:0b:8b:56:6d:0a:1b:
                    38:91:02:b6:64:1f:44:84:9b:e7:ec:bd:84:d1:4f:
                    85:9f:84:04:21:91:97:d7:2b:55:43:fe:78:42:12:
                    d4:95:9b:15:43:f0:fd:9c:88:ab:2c:2f:63:e2:c8:
                    6e:2d:d0:1f:fb:a7:ca:f0:77:24:43:f3:dd:9e:94:
                    5b:56:a3:24:10:35:24:3a:0e:51:70:78:f6:3e:d2:
                    ac:a8:2a:3e:45:0b:24:0d:92:c7:98:e2:ab:43:5a:
                    8e:57:4b:ae:6c:85:0f:85:c2:34:63:92:6d:49:0f:
                    c7:53:a0:ac:54:e4:a9:3f:78:4a:97:f8:79:8d:8f:
                    1d:57:25:c9:a3:8c:c0:ac:d8:ac:a6:cc:ea:44:36:
                    02:b9:32:cc:e3:1f:37:22:cd:ae:7e:e1:a7:c3:02:
                    b3:8f:15:2a:b8:a5:05:93:1a:20:62:e5:2b:73:7e:
                    1d:40:e7:a5:24:a4:f3:ce:07:55:ec:b3:7e:af:72:
                    57:5b:50:7d:de:9a:b9:78:09:86:ba:3e:82:37:c4:
                    bb:03:cb:f3:b2:9c:56:77:e0:36:5b:f6:31:2a:09:
                    ec:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:35:E6:BA:A0:1D:52:26:8E:44:7F:7F:93:AF:CE:11:F9:5A:18:9D
            X509v3 Authority Key Identifier:
                keyid:00:77:5D:94:71:B8:5D:96:3F:EF:6D:28:35:90:E2:D9:42:DD:5C:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/dTXmuqAdUiaORH9_k6_OEflaGJ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/AHddlHG4XZY_720oNZDi2ULdXCE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.12.12.0/24
                  87.107.116.0/23

    Signature Algorithm: sha256WithRSAEncryption
         21:7d:56:11:27:36:5b:1b:32:00:4d:91:9a:8e:75:7e:b1:ff:
         8a:63:cf:84:e4:fd:18:32:4e:ca:a2:41:a9:8f:b5:e1:0b:2c:
         a2:db:a0:42:54:3c:df:db:30:d3:18:c1:3a:a7:e8:ac:11:0e:
         26:f5:dd:ad:5c:85:21:9d:4b:f9:9e:cc:be:1e:80:8d:52:af:
         8e:fe:9f:1d:ae:e3:5e:16:87:11:fe:f3:0e:31:4c:bf:ca:61:
         14:f6:38:7d:5b:96:98:fe:2e:aa:dd:fb:fd:02:bd:5e:a6:51:
         5e:33:da:a9:78:9f:bc:b3:79:f7:a8:ca:cc:d7:b6:fb:d5:39:
         03:0b:4b:24:7c:a3:b4:39:e9:cd:9e:f4:2f:2b:6a:70:41:f6:
         4b:e2:e7:ca:66:42:cb:cf:8c:1e:9e:b6:47:60:2f:48:26:9d:
         eb:b2:8c:34:45:66:e9:ed:d9:9d:f6:c8:da:e6:ab:9f:70:08:
         96:56:ec:44:98:bd:68:89:0f:c8:fb:e7:08:73:cb:b9:42:19:
         5a:93:8b:5f:3b:f8:11:e2:ca:da:01:8d:f2:a8:02:3b:f3:5d:
         ee:0e:35:45:5d:25:78:95:04:6e:17:37:05:f8:c5:f1:35:6e:
         45:c5:cd:00:9c:00:4f:ac:65:27:58:42:36:60:68:72:89:cf:
         48:12:b0:2d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKmS9rgn5pOnXAJ4Xqv7iiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwNzc1ZDk0NzFiODVkOTYzZmVmNmQyODM1OTBlMmQ5NDJk
ZDVjMjEwHhcNMjQwMTAyMTQzNDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTM1ZTZiYWEwMWQ1MjI2OGU0NDdmN2Y5M2FmY2UxMWY5NWExODlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhFFiO4k7zymexRKayxeYnIUMBFZN
mmHw3womd+WlANPDCxVWwLoLi1ZtChs4kQK2ZB9EhJvn7L2E0U+Fn4QEIZGX1ytV
Q/54QhLUlZsVQ/D9nIirLC9j4shuLdAf+6fK8HckQ/PdnpRbVqMkEDUkOg5RcHj2
PtKsqCo+RQskDZLHmOKrQ1qOV0uubIUPhcI0Y5JtSQ/HU6CsVOSpP3hKl/h5jY8d
VyXJo4zArNispszqRDYCuTLM4x83Is2ufuGnwwKzjxUquKUFkxogYuUrc34dQOel
JKTzzgdV7LN+r3JXW1B93pq5eAmGuj6CN8S7A8vzspxWd+A2W/YxKgnsoQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHU15rqgHVImjkR/f5OvzhH5WhidMB8GA1UdIwQY
MBaAFAB3XZRxuF2WP+9tKDWQ4tlC3VwhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUhkZGxIRzRYWllfNzIwb05aRGkyVUxkWENFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi82Mzc2MGMtZTIxYi00YmFmLWE5YTQt
NzZiMzNlNGNlODIxLzEvZFRYbXVxQWRVaWFPUkg5X2s2X09FZmxhR0owLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi82Mzc2MGMtZTIxYi00YmFmLWE5YTQtNzZiMzNlNGNlODIx
LzEvQUhkZGxIRzRYWllfNzIwb05aRGkyVUxkWENFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUQwMAwQB
V2t0MA0GCSqGSIb3DQEBCwUAA4IBAQAhfVYRJzZbGzIATZGajnV+sf+KY8+E5P0Y
Mk7KokGpj7XhCyyi26BCVDzf2zDTGME6p+isEQ4m9d2tXIUhnUv5nsy+HoCNUq+O
/p8druNeFocR/vMOMUy/ymEU9jh9W5aY/i6q3fv9Ar1eplFeM9qpeJ+8s3n3qMrM
17b71TkDC0skfKO0OenNnvQvK2pwQfZL4ufKZkLLz4wenrZHYC9IJp3rsow0RWbp
7dmd9sja5qufcAiWVuxEmL1oiQ/I++cIc8u5Qhlak4tfO/gR4sraAY3yqAI7813u
DjVFXSV4lQRuFzcF+MXxNW5Fxc0AnABPrGUnWEI2YGhyic9IErAt
-----END CERTIFICATE-----