Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/7bdf52-6ac5-4c24-bfd0-b570907b59eb/1/d0JTcLqGjG3taQkrSywda44GQJc.roa
File:                     d0JTcLqGjG3taQkrSywda44GQJc.roa (raw, json)
Hash identifier:          Jyt6fS5TufEp/gKivNl55LsBN8cDy2ZLLsIbAjNuskQ=
Subject key identifier:   77:42:53:70:BA:86:8C:6D:ED:69:09:2B:4B:2C:1D:6B:8E:06:40:97
Certificate issuer:       /CN=230340d27e4b24f9124977322edb36942e2d160c
Certificate serial:       018CC7942DAB58A7D638160321E5519C2AD9
Authority key identifier: 23:03:40:D2:7E:4B:24:F9:12:49:77:32:2E:DB:36:94:2E:2D:16:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IwNA0n5LJPkSSXcyLts2lC4tFgw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/7bdf52-6ac5-4c24-bfd0-b570907b59eb/1/d0JTcLqGjG3taQkrSywda44GQJc.roa
Signing time:             Tue 02 Jan 2024 00:30:26 +0000
ROA not before:           Tue 02 Jan 2024 00:30:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43386
IP address blocks:        81.6.139.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/7bdf52-6ac5-4c24-bfd0-b570907b59eb/1/IwNA0n5LJPkSSXcyLts2lC4tFgw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/7bdf52-6ac5-4c24-bfd0-b570907b59eb/1/IwNA0n5LJPkSSXcyLts2lC4tFgw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IwNA0n5LJPkSSXcyLts2lC4tFgw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 06:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:2d:ab:58:a7:d6:38:16:03:21:e5:51:9c:2a:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=230340d27e4b24f9124977322edb36942e2d160c
        Validity
            Not Before: Jan  2 00:30:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=77425370ba868c6ded69092b4b2c1d6b8e064097
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:d5:72:10:cd:93:51:84:07:05:2d:48:a0:88:
                    fd:b6:a8:82:7f:f1:a5:c7:e2:84:e5:a9:59:d4:9d:
                    74:25:ea:09:43:27:13:b6:cd:5c:d5:f5:36:d3:3c:
                    47:07:48:23:72:f3:a8:b0:c8:26:2c:3b:58:07:48:
                    ed:0b:63:d6:5b:26:1b:f2:a7:00:60:26:8f:28:63:
                    c4:0c:09:bb:e9:c6:e0:ff:26:d0:68:d1:40:95:7b:
                    62:f4:68:8f:83:5d:ab:fe:5d:9f:89:f0:42:cc:5e:
                    ec:f1:60:90:ba:9d:c1:4c:15:3c:da:f3:69:53:14:
                    d1:0d:97:6e:b9:0e:01:42:86:f8:5a:43:28:08:c6:
                    0d:58:2b:f2:2d:08:77:a7:b2:74:20:dc:35:ea:e3:
                    9d:13:ae:36:09:ce:07:bb:89:db:82:f8:17:fe:3c:
                    db:17:e3:4a:68:0e:b8:71:4a:b1:ba:42:1e:f8:6c:
                    5a:91:d4:fb:d9:f0:8e:2c:7d:60:a6:e2:f1:64:03:
                    1e:69:57:e1:3e:ec:05:6b:80:c5:12:38:8c:5e:91:
                    64:4a:ca:a7:4d:f0:a4:35:16:e4:b4:16:da:0e:05:
                    ff:2c:5c:bd:ff:e0:70:c3:0d:90:8c:81:dd:3f:d6:
                    e8:40:8c:56:5c:fe:60:eb:54:78:9d:67:18:bf:f3:
                    15:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:42:53:70:BA:86:8C:6D:ED:69:09:2B:4B:2C:1D:6B:8E:06:40:97
            X509v3 Authority Key Identifier:
                keyid:23:03:40:D2:7E:4B:24:F9:12:49:77:32:2E:DB:36:94:2E:2D:16:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IwNA0n5LJPkSSXcyLts2lC4tFgw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/7bdf52-6ac5-4c24-bfd0-b570907b59eb/1/d0JTcLqGjG3taQkrSywda44GQJc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/7bdf52-6ac5-4c24-bfd0-b570907b59eb/1/IwNA0n5LJPkSSXcyLts2lC4tFgw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.6.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:6e:ea:0e:61:71:e3:12:30:8a:36:67:6c:24:0a:02:2a:a3:
         6c:40:b8:73:3d:f3:f7:0a:89:b6:56:e7:0c:94:b9:cf:7b:e9:
         a2:75:fd:c5:9e:f1:1a:81:d5:42:eb:f3:12:4d:86:6c:31:73:
         93:08:ec:00:84:9c:1d:32:ef:3b:86:87:5f:35:ae:98:7b:64:
         9f:2c:7a:0c:1c:a4:03:10:e1:f7:75:1c:99:be:65:1d:fc:69:
         7a:b9:b0:e3:82:d8:11:db:26:e3:92:e2:fe:97:d5:98:0c:b5:
         11:57:9c:5d:d2:16:5f:5c:d4:05:86:2c:7f:e6:aa:53:b1:a9:
         5d:e7:06:11:9c:64:a8:0e:a6:a7:75:f1:0e:f9:c7:29:a8:72:
         11:75:dc:ed:54:80:3c:fa:ea:6d:f0:b7:66:09:3d:77:53:27:
         39:0a:da:33:c3:d6:ee:61:a8:e0:fa:b0:b9:9e:2b:62:f4:08:
         ff:4a:a6:36:6f:b2:69:89:ba:6b:dc:bb:7e:e3:3d:3a:ba:54:
         a8:e8:e4:99:d8:89:a1:a6:02:b9:6b:ae:0d:23:ab:e1:4b:c3:
         b1:d6:a2:ba:5e:47:ef:0b:86:78:28:3e:1d:f3:ef:7c:58:d8:
         f3:b2:eb:e7:5a:46:33:7b:d6:12:b5:3b:a9:ae:b7:ea:47:06:
         a3:51:eb:46
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlC2rWKfWOBYDIeVRnCrZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzMDM0MGQyN2U0YjI0ZjkxMjQ5NzczMjJlZGIzNjk0MmUy
ZDE2MGMwHhcNMjQwMTAyMDAzMDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzQyNTM3MGJhODY4YzZkZWQ2OTA5MmI0YjJjMWQ2YjhlMDY0MDk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgNVyEM2TUYQHBS1IoIj9tqiCf/Gl
x+KE5alZ1J10JeoJQycTts1c1fU20zxHB0gjcvOosMgmLDtYB0jtC2PWWyYb8qcA
YCaPKGPEDAm76cbg/ybQaNFAlXti9GiPg12r/l2fifBCzF7s8WCQup3BTBU82vNp
UxTRDZduuQ4BQob4WkMoCMYNWCvyLQh3p7J0INw16uOdE642Cc4Hu4nbgvgX/jzb
F+NKaA64cUqxukIe+GxakdT72fCOLH1gpuLxZAMeaVfhPuwFa4DFEjiMXpFkSsqn
TfCkNRbktBbaDgX/LFy9/+Bwww2QjIHdP9boQIxWXP5g61R4nWcYv/MVVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHdCU3C6hoxt7WkJK0ssHWuOBkCXMB8GA1UdIwQY
MBaAFCMDQNJ+SyT5Ekl3Mi7bNpQuLRYMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXdOQTBuNUxKUGtTU1hjeUx0czJsQzR0Rmd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS83YmRmNTItNmFjNS00YzI0LWJmZDAt
YjU3MDkwN2I1OWViLzEvZDBKVGNMcUdqRzN0YVFrclN5d2RhNDRHUUpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS83YmRmNTItNmFjNS00YzI0LWJmZDAtYjU3MDkwN2I1OWVi
LzEvSXdOQTBuNUxKUGtTU1hjeUx0czJsQzR0Rmd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUQaLMA0G
CSqGSIb3DQEBCwUAA4IBAQA4buoOYXHjEjCKNmdsJAoCKqNsQLhzPfP3Com2VucM
lLnPe+midf3FnvEagdVC6/MSTYZsMXOTCOwAhJwdMu87hodfNa6Ye2SfLHoMHKQD
EOH3dRyZvmUd/Gl6ubDjgtgR2ybjkuL+l9WYDLURV5xd0hZfXNQFhix/5qpTsald
5wYRnGSoDqandfEO+ccpqHIRddztVIA8+upt8LdmCT13Uyc5Ctozw9buYajg+rC5
niti9Aj/SqY2b7Jpibpr3Lt+4z06ulSo6OSZ2ImhpgK5a64NI6vhS8Ox1qK6Xkfv
C4Z4KD4d8+98WNjzsuvnWkYze9YStTuprrfqRwajUetG
-----END CERTIFICATE-----