Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/7bdf52-6ac5-4c24-bfd0-b570907b59eb/1/Z5rHjvgUx6fqbRaZqPzICbQhxAo.roa
File:                     Z5rHjvgUx6fqbRaZqPzICbQhxAo.roa (raw, json)
Hash identifier:          Hr5e9lSTAKKoeT+GNvDZkLLHCeBQ5EKql5SfhHCvpsU=
Subject key identifier:   67:9A:C7:8E:F8:14:C7:A7:EA:6D:16:99:A8:FC:C8:09:B4:21:C4:0A
Certificate issuer:       /CN=230340d27e4b24f9124977322edb36942e2d160c
Certificate serial:       018CC7942ECB83C99D70FB84A3E24957DF40
Authority key identifier: 23:03:40:D2:7E:4B:24:F9:12:49:77:32:2E:DB:36:94:2E:2D:16:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IwNA0n5LJPkSSXcyLts2lC4tFgw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/7bdf52-6ac5-4c24-bfd0-b570907b59eb/1/Z5rHjvgUx6fqbRaZqPzICbQhxAo.roa
Signing time:             Tue 02 Jan 2024 00:30:26 +0000
ROA not before:           Tue 02 Jan 2024 00:30:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208930
IP address blocks:        81.6.136.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/7bdf52-6ac5-4c24-bfd0-b570907b59eb/1/IwNA0n5LJPkSSXcyLts2lC4tFgw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/7bdf52-6ac5-4c24-bfd0-b570907b59eb/1/IwNA0n5LJPkSSXcyLts2lC4tFgw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IwNA0n5LJPkSSXcyLts2lC4tFgw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:2e:cb:83:c9:9d:70:fb:84:a3:e2:49:57:df:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=230340d27e4b24f9124977322edb36942e2d160c
        Validity
            Not Before: Jan  2 00:30:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=679ac78ef814c7a7ea6d1699a8fcc809b421c40a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:0e:fb:c5:d1:9c:51:58:59:b9:ff:37:5e:92:
                    80:48:b4:e4:81:ef:b2:05:ed:8f:b8:a2:57:b8:2f:
                    e2:58:da:9c:04:c6:51:0e:cf:c4:d3:b0:c6:4f:bf:
                    8c:28:58:69:98:3b:4b:3a:e4:ea:a9:d0:7d:15:40:
                    85:77:41:8c:68:84:b8:6e:6f:62:32:26:2b:f1:aa:
                    68:1b:96:86:16:25:fe:32:d2:b3:b3:8c:3b:26:85:
                    62:f8:60:49:a4:f1:eb:04:37:82:cd:60:e6:35:6e:
                    d7:4a:9a:c9:15:ce:fd:32:a2:3a:38:f8:78:73:b8:
                    2f:70:d7:01:8b:fb:c5:68:fb:76:cc:7e:52:dd:84:
                    cf:b7:9f:1e:14:30:47:a2:0f:0f:e8:4f:42:2b:1c:
                    32:bc:b6:38:ea:81:a2:d8:fe:55:04:89:79:08:18:
                    d3:a7:9f:75:e7:0d:7b:f9:be:9a:01:3e:01:b4:e0:
                    e9:51:74:40:39:85:6d:10:a3:1c:0d:8c:b4:5e:ba:
                    91:77:d3:a0:fa:01:01:b5:e8:6f:60:44:09:fd:a6:
                    c0:1e:48:b3:f5:74:91:82:dd:b5:8a:2e:8e:c3:d7:
                    cc:b0:d8:64:a1:56:07:b2:64:c1:c1:07:5a:d5:d0:
                    57:e9:21:55:74:ac:30:c0:fe:09:7c:b2:62:57:a3:
                    63:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:9A:C7:8E:F8:14:C7:A7:EA:6D:16:99:A8:FC:C8:09:B4:21:C4:0A
            X509v3 Authority Key Identifier:
                keyid:23:03:40:D2:7E:4B:24:F9:12:49:77:32:2E:DB:36:94:2E:2D:16:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IwNA0n5LJPkSSXcyLts2lC4tFgw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/7bdf52-6ac5-4c24-bfd0-b570907b59eb/1/Z5rHjvgUx6fqbRaZqPzICbQhxAo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/7bdf52-6ac5-4c24-bfd0-b570907b59eb/1/IwNA0n5LJPkSSXcyLts2lC4tFgw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.6.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:f6:52:3a:2b:53:32:4a:23:f0:47:11:e4:c3:5f:d1:29:70:
         7b:41:83:e7:aa:b6:52:fe:09:f8:0e:09:d7:71:14:71:ad:3a:
         68:c0:ca:85:b2:a3:39:eb:96:2b:45:14:e6:a8:1e:67:7d:b8:
         12:3c:f8:68:8b:9d:dd:b3:e2:58:4d:2b:5c:4b:8d:72:93:8d:
         18:9f:81:b3:c3:62:26:67:e0:99:81:70:ba:c4:35:56:45:37:
         16:20:90:37:ee:25:d5:fa:a5:aa:f4:02:1e:40:46:01:39:c1:
         80:f7:bd:ce:7f:d9:2e:c0:63:d8:6e:de:28:ec:f9:b8:2a:76:
         bb:33:23:ae:16:5d:b1:ee:e1:53:38:36:18:8e:18:91:72:1c:
         5a:7d:bb:fc:0f:b8:1d:00:36:21:9a:47:e6:e8:58:17:74:4e:
         31:f1:07:18:32:d8:48:a4:57:32:38:76:47:ff:a1:33:ab:6b:
         ff:f2:6d:97:9b:70:b1:13:a3:9f:2f:a5:88:ef:3c:e5:dd:60:
         4c:81:18:e3:c3:8d:4f:51:df:51:01:06:4b:30:e8:38:be:53:
         f5:4b:b1:a8:39:20:60:8b:0c:90:90:14:f8:08:30:e5:50:c9:
         60:77:ca:c4:b3:5d:f5:d5:2e:76:5e:fb:8c:f5:47:ae:c4:5d:
         82:03:10:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlC7Lg8mdcPuEo+JJV99AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzMDM0MGQyN2U0YjI0ZjkxMjQ5NzczMjJlZGIzNjk0MmUy
ZDE2MGMwHhcNMjQwMTAyMDAzMDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzlhYzc4ZWY4MTRjN2E3ZWE2ZDE2OTlhOGZjYzgwOWI0MjFjNDBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlg77xdGcUVhZuf83XpKASLTkge+y
Be2PuKJXuC/iWNqcBMZRDs/E07DGT7+MKFhpmDtLOuTqqdB9FUCFd0GMaIS4bm9i
MiYr8apoG5aGFiX+MtKzs4w7JoVi+GBJpPHrBDeCzWDmNW7XSprJFc79MqI6OPh4
c7gvcNcBi/vFaPt2zH5S3YTPt58eFDBHog8P6E9CKxwyvLY46oGi2P5VBIl5CBjT
p5915w17+b6aAT4BtODpUXRAOYVtEKMcDYy0XrqRd9Og+gEBtehvYEQJ/abAHkiz
9XSRgt21ii6Ow9fMsNhkoVYHsmTBwQda1dBX6SFVdKwwwP4JfLJiV6NjmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGeax474FMen6m0Wmaj8yAm0IcQKMB8GA1UdIwQY
MBaAFCMDQNJ+SyT5Ekl3Mi7bNpQuLRYMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXdOQTBuNUxKUGtTU1hjeUx0czJsQzR0Rmd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS83YmRmNTItNmFjNS00YzI0LWJmZDAt
YjU3MDkwN2I1OWViLzEvWjVySGp2Z1V4NmZxYlJhWnFQeklDYlFoeEFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS83YmRmNTItNmFjNS00YzI0LWJmZDAtYjU3MDkwN2I1OWVi
LzEvSXdOQTBuNUxKUGtTU1hjeUx0czJsQzR0Rmd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUQaIMA0G
CSqGSIb3DQEBCwUAA4IBAQAQ9lI6K1MySiPwRxHkw1/RKXB7QYPnqrZS/gn4DgnX
cRRxrTpowMqFsqM565YrRRTmqB5nfbgSPPhoi53ds+JYTStcS41yk40Yn4Gzw2Im
Z+CZgXC6xDVWRTcWIJA37iXV+qWq9AIeQEYBOcGA973Of9kuwGPYbt4o7Pm4Kna7
MyOuFl2x7uFTODYYjhiRchxafbv8D7gdADYhmkfm6FgXdE4x8QcYMthIpFcyOHZH
/6Ezq2v/8m2Xm3CxE6OfL6WI7zzl3WBMgRjjw41PUd9RAQZLMOg4vlP1S7GoOSBg
iwyQkBT4CDDlUMlgd8rEs1311S52XvuM9UeuxF2CAxBo
-----END CERTIFICATE-----