Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/gcXteKmntgbAZd0CQrGgTaer6ws.roa
File:                     gcXteKmntgbAZd0CQrGgTaer6ws.roa (raw, json)
Hash identifier:          k6MtUkUyWMYdtWLrpT/MXYSWE8ts4N8nR0DY2nJ1i3A=
Subject key identifier:   81:C5:ED:78:A9:A7:B6:06:C0:65:DD:02:42:B1:A0:4D:A7:AB:EB:0B
Certificate issuer:       /CN=00775d9471b85d963fef6d283590e2d942dd5c21
Certificate serial:       018CCA9933736BC41AEC2975B6CD8D095CD2
Authority key identifier: 00:77:5D:94:71:B8:5D:96:3F:EF:6D:28:35:90:E2:D9:42:DD:5C:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/gcXteKmntgbAZd0CQrGgTaer6ws.roa
Signing time:             Tue 02 Jan 2024 14:34:46 +0000
ROA not before:           Tue 02 Jan 2024 14:34:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51235
IP address blocks:        81.12.56.0/23 maxlen: 23
                          87.107.139.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/AHddlHG4XZY_720oNZDi2ULdXCE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/AHddlHG4XZY_720oNZDi2ULdXCE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:33:73:6b:c4:1a:ec:29:75:b6:cd:8d:09:5c:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00775d9471b85d963fef6d283590e2d942dd5c21
        Validity
            Not Before: Jan  2 14:34:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=81c5ed78a9a7b606c065dd0242b1a04da7abeb0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:c6:45:89:1d:3b:6d:2e:1c:db:f8:49:b1:a4:
                    ad:01:15:36:85:fe:b6:2b:13:70:e5:15:b4:b1:7c:
                    66:a8:ea:9c:2f:89:da:bb:5b:02:08:2c:b7:95:19:
                    12:d9:62:dd:63:33:fa:cb:b8:a8:ce:de:af:6a:60:
                    03:b9:72:1b:6e:6d:73:e7:b7:0e:10:8c:6e:23:c9:
                    bb:ec:f6:ff:45:3a:08:f7:ec:00:93:63:8b:ac:79:
                    09:dc:e2:37:61:ad:8c:06:f3:3c:55:2b:51:33:6e:
                    21:54:69:d7:10:e9:bc:12:8d:b9:72:51:e3:47:d4:
                    fa:76:22:3b:08:0a:d6:14:72:55:34:5d:17:11:ec:
                    44:ba:3a:52:d3:51:2b:75:cc:cb:a8:8d:ed:ae:2e:
                    6b:41:e5:c8:6e:48:2a:67:18:50:5b:71:73:cc:3d:
                    af:fe:bd:e3:38:6e:55:ba:84:24:6e:5f:42:f0:13:
                    3a:6f:e0:93:b7:7d:ef:84:66:16:20:16:11:4b:ad:
                    42:86:8c:4b:67:7f:7c:c8:ec:3b:9e:f9:10:f3:e1:
                    fd:33:53:c6:c2:96:9c:69:4f:f8:a1:4b:9e:b9:61:
                    c2:45:4d:af:28:aa:38:6f:c8:a0:3c:35:0e:f0:9f:
                    c9:9e:ad:3a:de:d7:28:ee:2a:c0:07:87:f9:e5:73:
                    ba:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:C5:ED:78:A9:A7:B6:06:C0:65:DD:02:42:B1:A0:4D:A7:AB:EB:0B
            X509v3 Authority Key Identifier:
                keyid:00:77:5D:94:71:B8:5D:96:3F:EF:6D:28:35:90:E2:D9:42:DD:5C:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/gcXteKmntgbAZd0CQrGgTaer6ws.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/AHddlHG4XZY_720oNZDi2ULdXCE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.12.56.0/23
                  87.107.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c1:b7:07:f5:4c:92:9b:41:36:11:8f:b7:f6:6a:03:5a:7c:b8:
         15:11:2d:bf:d9:c9:89:64:05:d4:63:6c:3f:dd:c3:61:1b:9d:
         22:9a:83:55:c8:db:71:48:4f:78:f1:c1:65:b9:d1:ba:59:fa:
         18:ee:ff:80:0f:6a:c2:c2:ca:f8:20:91:72:54:82:16:cd:c5:
         64:ff:8c:e4:f6:4b:b0:d1:cd:6b:7d:54:10:31:89:06:d6:5a:
         ff:93:99:98:ae:0c:c1:30:ff:90:0b:1d:5b:95:46:d7:cc:2b:
         c7:86:ae:6e:a5:aa:ae:a1:a3:45:92:8b:66:d4:19:87:dc:fd:
         4e:d4:9b:4b:09:9f:36:b1:b7:0f:b3:d8:af:39:d2:26:e1:2d:
         57:11:c3:62:22:d6:f3:b1:c0:28:e7:34:1e:0a:fd:c3:4a:65:
         70:91:e6:aa:31:68:c9:e7:d9:3d:c4:47:2d:76:f6:60:bc:c2:
         8f:0f:6d:6e:cb:ee:33:20:9b:7a:f2:3d:38:92:de:b2:6b:a4:
         59:cb:3d:3c:1a:c6:a9:61:a9:9b:62:27:e0:dd:a3:82:49:b1:
         52:8c:7d:39:40:d1:3b:15:b4:6b:86:8a:54:ca:38:b8:c0:ad:
         90:94:07:6d:79:fe:70:52:7e:d6:cf:29:7b:ee:f5:9c:25:89:
         7e:f4:83:43
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKmTNza8Qa7Cl1ts2NCVzSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwNzc1ZDk0NzFiODVkOTYzZmVmNmQyODM1OTBlMmQ5NDJk
ZDVjMjEwHhcNMjQwMTAyMTQzNDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MWM1ZWQ3OGE5YTdiNjA2YzA2NWRkMDI0MmIxYTA0ZGE3YWJlYjBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnMZFiR07bS4c2/hJsaStARU2hf62
KxNw5RW0sXxmqOqcL4nau1sCCCy3lRkS2WLdYzP6y7iozt6vamADuXIbbm1z57cO
EIxuI8m77Pb/RToI9+wAk2OLrHkJ3OI3Ya2MBvM8VStRM24hVGnXEOm8Eo25clHj
R9T6diI7CArWFHJVNF0XEexEujpS01ErdczLqI3tri5rQeXIbkgqZxhQW3FzzD2v
/r3jOG5VuoQkbl9C8BM6b+CTt33vhGYWIBYRS61ChoxLZ398yOw7nvkQ8+H9M1PG
wpacaU/4oUueuWHCRU2vKKo4b8igPDUO8J/Jnq063tco7irAB4f55XO69wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIHF7Xipp7YGwGXdAkKxoE2nq+sLMB8GA1UdIwQY
MBaAFAB3XZRxuF2WP+9tKDWQ4tlC3VwhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUhkZGxIRzRYWllfNzIwb05aRGkyVUxkWENFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi82Mzc2MGMtZTIxYi00YmFmLWE5YTQt
NzZiMzNlNGNlODIxLzEvZ2NYdGVLbW50Z2JBWmQwQ1FyR2dUYWVyNndzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi82Mzc2MGMtZTIxYi00YmFmLWE5YTQtNzZiMzNlNGNlODIx
LzEvQUhkZGxIRzRYWllfNzIwb05aRGkyVUxkWENFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBUQw4AwQA
V2uLMA0GCSqGSIb3DQEBCwUAA4IBAQDBtwf1TJKbQTYRj7f2agNafLgVES2/2cmJ
ZAXUY2w/3cNhG50imoNVyNtxSE948cFludG6WfoY7v+AD2rCwsr4IJFyVIIWzcVk
/4zk9kuw0c1rfVQQMYkG1lr/k5mYrgzBMP+QCx1blUbXzCvHhq5upaquoaNFkotm
1BmH3P1O1JtLCZ82sbcPs9ivOdIm4S1XEcNiItbzscAo5zQeCv3DSmVwkeaqMWjJ
59k9xEctdvZgvMKPD21uy+4zIJt68j04kt6ya6RZyz08GsapYambYifg3aOCSbFS
jH05QNE7FbRrhopUyji4wK2QlAdtef5wUn7Wzyl77vWcJYl+9IND
-----END CERTIFICATE-----