Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/hamXwVRc9HWCybxdSRYL-cEpjBU.roa
File:                     hamXwVRc9HWCybxdSRYL-cEpjBU.roa (raw, json)
Hash identifier:          VdBeWB8dhPxZN6vVvEDszaLcG75mGEP6Lwe9BxojBSg=
Subject key identifier:   85:A9:97:C1:54:5C:F4:75:82:C9:BC:5D:49:16:0B:F9:C1:29:8C:15
Certificate issuer:       /CN=00775d9471b85d963fef6d283590e2d942dd5c21
Certificate serial:       018CCA9938B756C9C58F70007FF553F0C5BD
Authority key identifier: 00:77:5D:94:71:B8:5D:96:3F:EF:6D:28:35:90:E2:D9:42:DD:5C:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/hamXwVRc9HWCybxdSRYL-cEpjBU.roa
Signing time:             Tue 02 Jan 2024 14:34:48 +0000
ROA not before:           Tue 02 Jan 2024 14:34:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202251
IP address blocks:        81.12.39.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/AHddlHG4XZY_720oNZDi2ULdXCE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/AHddlHG4XZY_720oNZDi2ULdXCE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:38:b7:56:c9:c5:8f:70:00:7f:f5:53:f0:c5:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00775d9471b85d963fef6d283590e2d942dd5c21
        Validity
            Not Before: Jan  2 14:34:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=85a997c1545cf47582c9bc5d49160bf9c1298c15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:f6:45:37:24:fa:a5:a5:ec:1f:bc:c4:32:39:
                    b3:7f:37:2f:96:7b:2f:67:9f:f6:c8:48:5c:1d:67:
                    8f:53:16:0c:9a:82:87:76:90:36:8d:f7:fc:e1:37:
                    c0:a8:cd:f0:7e:c4:95:26:4f:dc:a3:b5:88:a2:2e:
                    2d:48:dd:da:e8:8d:ca:bf:f4:af:5e:ce:82:fd:e2:
                    95:96:6e:01:81:09:49:21:1f:bd:a6:24:5f:25:3d:
                    3e:cd:89:2d:6b:b8:01:1e:e7:29:73:12:0e:6f:47:
                    43:cd:b5:6c:a3:07:c9:4d:e6:69:69:18:71:79:0b:
                    1c:ca:4a:eb:7d:a1:8e:1a:4e:2c:2a:74:78:69:ee:
                    dc:85:e8:b0:64:df:b1:12:eb:7b:00:84:0f:e8:bd:
                    07:ab:08:82:64:3c:6b:a3:64:0f:5b:18:e6:d3:4f:
                    05:d1:27:47:d3:b3:ed:ac:df:75:92:f6:de:9c:72:
                    d4:44:7e:dd:92:78:ee:f3:d9:8f:93:55:ee:db:93:
                    b9:5a:de:88:10:bd:c4:69:1d:48:73:86:e8:93:d8:
                    43:3b:dc:d0:a4:ea:1e:3d:15:99:d7:02:e6:19:9a:
                    0e:ea:87:66:b7:d2:d7:24:22:c1:91:94:60:e5:ca:
                    0e:7e:27:aa:db:60:42:66:71:d9:fc:69:49:8f:9e:
                    c3:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:A9:97:C1:54:5C:F4:75:82:C9:BC:5D:49:16:0B:F9:C1:29:8C:15
            X509v3 Authority Key Identifier:
                keyid:00:77:5D:94:71:B8:5D:96:3F:EF:6D:28:35:90:E2:D9:42:DD:5C:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/hamXwVRc9HWCybxdSRYL-cEpjBU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/AHddlHG4XZY_720oNZDi2ULdXCE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.12.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d1:24:74:aa:db:a4:08:d3:bc:22:05:ab:af:5d:01:0c:dd:df:
         27:fc:c7:8f:86:bb:7f:2c:98:1b:13:1f:70:0e:f8:5d:e2:a0:
         81:6a:45:51:3f:c5:53:1a:0d:08:e2:86:88:72:b1:78:7a:a5:
         ea:26:bb:04:73:cd:b6:1d:b9:70:08:0f:cb:74:c7:68:51:7b:
         d6:62:91:4e:2c:83:3b:d2:0e:a4:f9:35:7f:66:ae:6b:0f:35:
         f6:6b:a4:e9:cc:b2:71:6c:f5:40:6b:33:a0:b9:1b:1f:23:8c:
         39:5e:c8:d1:65:08:18:3c:b1:9c:41:9d:b0:f0:e1:cb:73:81:
         23:9d:79:80:0c:57:9b:55:2c:35:c8:4e:c9:d6:02:81:9f:9e:
         b4:6f:56:9f:12:8d:6e:11:ce:af:7c:f5:de:52:87:19:dc:b4:
         68:91:73:61:63:c0:63:25:3b:5d:48:e0:c2:24:d2:1e:6d:16:
         6a:70:40:5a:9b:03:80:06:a6:6b:21:4a:8f:a1:e2:e6:78:51:
         89:10:62:a4:da:e7:cd:64:ec:7b:f3:86:65:7f:c9:58:ab:4a:
         d9:f6:12:93:47:d8:fb:50:94:fa:63:3e:09:24:0f:a1:0c:a9:
         7d:77:fe:e5:6e:be:58:85:1c:f1:6e:b4:25:d9:ad:98:76:7a:
         e3:b9:79:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKmTi3VsnFj3AAf/VT8MW9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwNzc1ZDk0NzFiODVkOTYzZmVmNmQyODM1OTBlMmQ5NDJk
ZDVjMjEwHhcNMjQwMTAyMTQzNDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWE5OTdjMTU0NWNmNDc1ODJjOWJjNWQ0OTE2MGJmOWMxMjk4YzE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4/ZFNyT6paXsH7zEMjmzfzcvlnsv
Z5/2yEhcHWePUxYMmoKHdpA2jff84TfAqM3wfsSVJk/co7WIoi4tSN3a6I3Kv/Sv
Xs6C/eKVlm4BgQlJIR+9piRfJT0+zYkta7gBHucpcxIOb0dDzbVsowfJTeZpaRhx
eQscykrrfaGOGk4sKnR4ae7cheiwZN+xEut7AIQP6L0HqwiCZDxro2QPWxjm008F
0SdH07PtrN91kvbenHLURH7dknju89mPk1Xu25O5Wt6IEL3EaR1Ic4bok9hDO9zQ
pOoePRWZ1wLmGZoO6odmt9LXJCLBkZRg5coOfieq22BCZnHZ/GlJj57DoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIWpl8FUXPR1gsm8XUkWC/nBKYwVMB8GA1UdIwQY
MBaAFAB3XZRxuF2WP+9tKDWQ4tlC3VwhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUhkZGxIRzRYWllfNzIwb05aRGkyVUxkWENFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi82Mzc2MGMtZTIxYi00YmFmLWE5YTQt
NzZiMzNlNGNlODIxLzEvaGFtWHdWUmM5SFdDeWJ4ZFNSWUwtY0VwakJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi82Mzc2MGMtZTIxYi00YmFmLWE5YTQtNzZiMzNlNGNlODIx
LzEvQUhkZGxIRzRYWllfNzIwb05aRGkyVUxkWENFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUQwnMA0G
CSqGSIb3DQEBCwUAA4IBAQDRJHSq26QI07wiBauvXQEM3d8n/MePhrt/LJgbEx9w
Dvhd4qCBakVRP8VTGg0I4oaIcrF4eqXqJrsEc822HblwCA/LdMdoUXvWYpFOLIM7
0g6k+TV/Zq5rDzX2a6TpzLJxbPVAazOguRsfI4w5XsjRZQgYPLGcQZ2w8OHLc4Ej
nXmADFebVSw1yE7J1gKBn560b1afEo1uEc6vfPXeUocZ3LRokXNhY8BjJTtdSODC
JNIebRZqcEBamwOABqZrIUqPoeLmeFGJEGKk2ufNZOx784Zlf8lYq0rZ9hKTR9j7
UJT6Yz4JJA+hDKl9d/7lbr5YhRzxbrQl2a2YdnrjuXkd
-----END CERTIFICATE-----