Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/dmcDgcBSWhib5MaekgQR3YJRaVc.roa
File:                     dmcDgcBSWhib5MaekgQR3YJRaVc.roa (raw, json)
Hash identifier:          5guBv4Sg27HBhhwasCmTQand9+udt9D8e0/P4b9+YfQ=
Subject key identifier:   76:67:03:81:C0:52:5A:18:9B:E4:C6:9E:92:04:11:DD:82:51:69:57
Certificate issuer:       /CN=00775d9471b85d963fef6d283590e2d942dd5c21
Certificate serial:       018CCA9934705E252B03F37D41F60A345239
Authority key identifier: 00:77:5D:94:71:B8:5D:96:3F:EF:6D:28:35:90:E2:D9:42:DD:5C:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/dmcDgcBSWhib5MaekgQR3YJRaVc.roa
Signing time:             Tue 02 Jan 2024 14:34:47 +0000
ROA not before:           Tue 02 Jan 2024 14:34:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51469
IP address blocks:        81.12.32.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/AHddlHG4XZY_720oNZDi2ULdXCE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/AHddlHG4XZY_720oNZDi2ULdXCE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 20:24:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:34:70:5e:25:2b:03:f3:7d:41:f6:0a:34:52:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00775d9471b85d963fef6d283590e2d942dd5c21
        Validity
            Not Before: Jan  2 14:34:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=76670381c0525a189be4c69e920411dd82516957
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:14:e1:52:33:b8:41:ca:39:65:21:2f:ed:bf:
                    de:fc:43:76:3d:2f:e1:8d:b9:d1:ea:10:76:ff:e9:
                    27:ab:af:59:78:2d:e1:1d:80:58:c4:18:a4:f3:57:
                    1c:c4:62:44:4b:47:6e:bc:5d:fc:1a:31:6d:a4:af:
                    e4:bd:0a:cc:40:18:1f:bd:77:6c:fb:13:ae:3b:44:
                    f3:3c:e0:96:36:38:b6:aa:3d:a1:29:69:3d:71:91:
                    ef:57:39:33:fd:30:62:3b:a8:94:c2:75:ee:0e:b3:
                    46:68:fc:ee:34:a2:ba:e8:a4:51:f6:d4:4a:81:b9:
                    6f:63:d2:5a:76:1c:df:8f:2a:27:95:19:43:fb:b4:
                    92:4b:27:b5:f7:a1:05:5e:a6:d4:6a:ef:51:ae:22:
                    83:93:3f:7b:84:ec:63:8a:f6:4a:16:ce:19:9c:34:
                    d8:8f:eb:f0:20:8e:98:69:f7:16:45:73:e1:6e:9d:
                    0b:ad:38:e4:eb:61:57:3e:8e:85:e8:0c:07:2f:d5:
                    c7:90:cc:9b:f2:0c:2c:92:a8:a0:c2:11:70:7a:33:
                    e7:1f:aa:24:23:07:71:47:2c:7a:75:96:9f:62:52:
                    28:60:79:f3:52:3b:6f:aa:54:5e:f6:98:8f:e6:92:
                    1f:7f:8a:38:a1:ba:da:45:87:a8:38:72:5d:0c:f2:
                    98:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:67:03:81:C0:52:5A:18:9B:E4:C6:9E:92:04:11:DD:82:51:69:57
            X509v3 Authority Key Identifier:
                keyid:00:77:5D:94:71:B8:5D:96:3F:EF:6D:28:35:90:E2:D9:42:DD:5C:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/dmcDgcBSWhib5MaekgQR3YJRaVc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/AHddlHG4XZY_720oNZDi2ULdXCE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.12.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6a:09:70:c3:2d:33:b2:b9:8d:e3:db:80:8a:eb:a6:88:6e:24:
         5a:0e:4e:69:e4:1f:1d:b5:7e:ec:fe:57:81:02:56:e5:eb:e6:
         e3:86:34:ed:8b:92:51:29:52:07:80:54:a4:b9:cd:01:ae:23:
         f2:81:d1:6c:cc:6b:49:18:b9:e3:cc:0f:11:89:15:00:c7:d6:
         76:cc:1f:cc:1c:2c:e9:35:a4:5a:22:d6:e7:15:27:66:04:ab:
         ea:f3:01:39:a2:c6:31:40:3e:65:2f:09:ae:d5:df:da:10:60:
         92:d7:d5:39:97:a3:57:8d:30:af:eb:54:c7:9d:69:71:77:30:
         cb:cb:9e:64:1a:43:c0:5c:25:45:97:02:d0:41:5e:c6:23:b8:
         84:a8:46:54:27:3a:38:38:87:82:41:f5:63:8a:63:56:0d:d4:
         12:c0:15:1d:04:8c:de:31:d6:95:34:91:97:cb:4b:c8:94:ee:
         63:6c:b1:30:da:d0:99:b0:9b:a9:82:b9:3a:ed:19:90:e2:e6:
         8b:c8:f6:f4:82:d7:19:8d:13:46:df:19:a0:40:55:b6:f1:08:
         22:2c:49:cc:4f:89:27:93:3b:bc:89:07:a9:9a:1a:1d:0a:7f:
         7f:db:94:1f:20:f6:67:65:e3:92:d8:38:26:8a:35:5d:0a:54:
         94:e1:e4:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKmTRwXiUrA/N9QfYKNFI5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwNzc1ZDk0NzFiODVkOTYzZmVmNmQyODM1OTBlMmQ5NDJk
ZDVjMjEwHhcNMjQwMTAyMTQzNDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjY3MDM4MWMwNTI1YTE4OWJlNGM2OWU5MjA0MTFkZDgyNTE2OTU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlhThUjO4Qco5ZSEv7b/e/EN2PS/h
jbnR6hB2/+knq69ZeC3hHYBYxBik81ccxGJES0duvF38GjFtpK/kvQrMQBgfvXds
+xOuO0TzPOCWNji2qj2hKWk9cZHvVzkz/TBiO6iUwnXuDrNGaPzuNKK66KRR9tRK
gblvY9JadhzfjyonlRlD+7SSSye196EFXqbUau9RriKDkz97hOxjivZKFs4ZnDTY
j+vwII6YafcWRXPhbp0LrTjk62FXPo6F6AwHL9XHkMyb8gwskqigwhFwejPnH6ok
IwdxRyx6dZafYlIoYHnzUjtvqlRe9piP5pIff4o4obraRYeoOHJdDPKYBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHZnA4HAUloYm+TGnpIEEd2CUWlXMB8GA1UdIwQY
MBaAFAB3XZRxuF2WP+9tKDWQ4tlC3VwhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUhkZGxIRzRYWllfNzIwb05aRGkyVUxkWENFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi82Mzc2MGMtZTIxYi00YmFmLWE5YTQt
NzZiMzNlNGNlODIxLzEvZG1jRGdjQlNXaGliNU1hZWtnUVIzWUpSYVZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi82Mzc2MGMtZTIxYi00YmFmLWE5YTQtNzZiMzNlNGNlODIx
LzEvQUhkZGxIRzRYWllfNzIwb05aRGkyVUxkWENFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCUQwgMA0G
CSqGSIb3DQEBCwUAA4IBAQBqCXDDLTOyuY3j24CK66aIbiRaDk5p5B8dtX7s/leB
Albl6+bjhjTti5JRKVIHgFSkuc0BriPygdFszGtJGLnjzA8RiRUAx9Z2zB/MHCzp
NaRaItbnFSdmBKvq8wE5osYxQD5lLwmu1d/aEGCS19U5l6NXjTCv61THnWlxdzDL
y55kGkPAXCVFlwLQQV7GI7iEqEZUJzo4OIeCQfVjimNWDdQSwBUdBIzeMdaVNJGX
y0vIlO5jbLEw2tCZsJupgrk67RmQ4uaLyPb0gtcZjRNG3xmgQFW28QgiLEnMT4kn
kzu8iQepmhodCn9/25QfIPZnZeOS2DgmijVdClSU4eQC
-----END CERTIFICATE-----