Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/a1c142-8943-49f4-8cc9-6ef2b9d7f104/1/kPOSuqmzBSieWy3VrLzX2cS-4t0.roa
File:                     kPOSuqmzBSieWy3VrLzX2cS-4t0.roa (raw, json)
Hash identifier:          EO7zV9agxnTBbNYDna+B9Tk2Shu6WJbFV8gKIDOvHH4=
Subject key identifier:   90:F3:92:BA:A9:B3:05:28:9E:5B:2D:D5:AC:BC:D7:D9:C4:BE:E2:DD
Certificate issuer:       /CN=b3143920956802a8eb4b4627a2ff4f3987ec1a3d
Certificate serial:       018CCA2973312ABB58EEC667CC5B2CB479C8
Authority key identifier: B3:14:39:20:95:68:02:A8:EB:4B:46:27:A2:FF:4F:39:87:EC:1A:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sxQ5IJVoAqjrS0Ynov9POYfsGj0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/a1c142-8943-49f4-8cc9-6ef2b9d7f104/1/kPOSuqmzBSieWy3VrLzX2cS-4t0.roa
Signing time:             Tue 02 Jan 2024 12:32:43 +0000
ROA not before:           Tue 02 Jan 2024 12:32:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197444
IP address blocks:        81.25.21.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/a1c142-8943-49f4-8cc9-6ef2b9d7f104/1/sxQ5IJVoAqjrS0Ynov9POYfsGj0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/a1c142-8943-49f4-8cc9-6ef2b9d7f104/1/sxQ5IJVoAqjrS0Ynov9POYfsGj0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sxQ5IJVoAqjrS0Ynov9POYfsGj0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:73:31:2a:bb:58:ee:c6:67:cc:5b:2c:b4:79:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b3143920956802a8eb4b4627a2ff4f3987ec1a3d
        Validity
            Not Before: Jan  2 12:32:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=90f392baa9b305289e5b2dd5acbcd7d9c4bee2dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:15:78:5b:c0:ae:94:b6:ea:f5:dd:e7:92:22:
                    40:15:d3:62:14:bf:b7:b1:c2:2a:c1:fc:b1:a3:58:
                    fa:91:14:1b:b4:53:54:ee:ca:14:dd:1d:e6:de:51:
                    95:36:cb:fd:32:7a:ec:50:e3:66:8f:ea:d3:df:6e:
                    c4:ad:52:34:bf:7a:5e:7c:12:44:63:a6:de:e6:2f:
                    1b:e2:42:ed:df:bf:f5:fa:90:6f:99:15:a2:c6:75:
                    7c:bf:55:74:19:dd:de:38:cd:2e:4c:24:9f:61:24:
                    6b:bc:60:39:2b:f3:24:99:5e:22:23:45:25:80:b0:
                    c5:82:f7:9f:10:38:8c:fc:51:ec:99:61:2c:55:ae:
                    6a:e6:9d:ac:90:27:e0:4e:10:3b:7d:5d:fe:f4:a7:
                    50:38:3f:7a:4f:ff:0c:b1:69:33:32:3b:17:b0:67:
                    c7:9b:ac:99:18:a1:0e:f3:2b:f6:34:8c:6e:2b:eb:
                    af:e3:a9:ad:64:27:b8:9b:a2:34:63:cc:e1:0e:18:
                    67:73:66:92:3b:79:86:c2:06:a6:f4:43:f4:c7:5d:
                    d6:01:98:2b:e7:9a:d9:45:2e:31:27:8b:7a:93:ec:
                    de:bb:95:ef:09:ba:83:de:69:21:aa:2a:32:f2:f6:
                    b7:7d:d5:b9:5c:d8:41:aa:6e:1f:7a:d6:61:4d:81:
                    37:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:F3:92:BA:A9:B3:05:28:9E:5B:2D:D5:AC:BC:D7:D9:C4:BE:E2:DD
            X509v3 Authority Key Identifier:
                keyid:B3:14:39:20:95:68:02:A8:EB:4B:46:27:A2:FF:4F:39:87:EC:1A:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sxQ5IJVoAqjrS0Ynov9POYfsGj0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/a1c142-8943-49f4-8cc9-6ef2b9d7f104/1/kPOSuqmzBSieWy3VrLzX2cS-4t0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/a1c142-8943-49f4-8cc9-6ef2b9d7f104/1/sxQ5IJVoAqjrS0Ynov9POYfsGj0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.25.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:83:7f:cf:a7:1b:e1:fc:64:46:65:d8:8b:0d:67:39:97:cc:
         7a:44:89:dc:26:e4:c6:d3:98:a7:da:41:5a:21:db:ef:b4:f3:
         12:67:1d:43:c0:da:e8:8a:f5:8a:a0:b6:07:b7:6e:1f:21:f8:
         26:da:6c:e0:b3:ca:fc:4e:75:92:4e:c9:78:dc:c9:3c:6b:19:
         b3:49:b2:c9:15:30:12:d7:ee:b9:a1:9c:0d:13:b3:ab:8c:9e:
         48:42:69:82:71:01:d2:af:bd:cc:2f:c0:50:e8:f3:06:58:1a:
         5b:e6:ad:72:1d:4b:4b:c5:7f:59:1b:e1:bc:f8:db:c1:e7:bb:
         1c:f7:34:db:8c:cc:07:09:bd:ea:c4:cf:cd:8b:1d:b5:e8:91:
         01:42:6c:f6:c6:75:b2:8f:01:b7:44:b2:5b:eb:46:85:d6:47:
         d8:eb:29:e4:02:cf:5b:36:07:b2:a6:39:35:ef:46:b4:cd:eb:
         37:c4:27:04:36:01:19:ea:9c:79:8d:ef:3f:83:fa:dc:5d:a6:
         8f:e3:80:c2:7b:52:fd:25:13:37:43:46:1f:fc:e0:16:b3:18:
         a6:3e:89:a9:cf:b0:cf:3b:58:4a:dd:fa:97:70:0a:56:56:88:
         74:b2:66:65:5e:5e:16:fb:18:28:34:aa:3b:7d:c6:28:0b:b5:
         1e:6a:b9:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKXMxKrtY7sZnzFsstHnIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzMTQzOTIwOTU2ODAyYThlYjRiNDYyN2EyZmY0ZjM5ODdl
YzFhM2QwHhcNMjQwMTAyMTIzMjQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGYzOTJiYWE5YjMwNTI4OWU1YjJkZDVhY2JjZDdkOWM0YmVlMmRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAixV4W8CulLbq9d3nkiJAFdNiFL+3
scIqwfyxo1j6kRQbtFNU7soU3R3m3lGVNsv9MnrsUONmj+rT327ErVI0v3pefBJE
Y6be5i8b4kLt37/1+pBvmRWixnV8v1V0Gd3eOM0uTCSfYSRrvGA5K/MkmV4iI0Ul
gLDFgvefEDiM/FHsmWEsVa5q5p2skCfgThA7fV3+9KdQOD96T/8MsWkzMjsXsGfH
m6yZGKEO8yv2NIxuK+uv46mtZCe4m6I0Y8zhDhhnc2aSO3mGwgam9EP0x13WAZgr
55rZRS4xJ4t6k+zeu5XvCbqD3mkhqioy8va3fdW5XNhBqm4fetZhTYE3nQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJDzkrqpswUonlst1ay819nEvuLdMB8GA1UdIwQY
MBaAFLMUOSCVaAKo60tGJ6L/TzmH7Bo9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3hRNUlKVm9BcWpyUzBZbm92OVBPWWZzR2owLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS9hMWMxNDItODk0My00OWY0LThjYzkt
NmVmMmI5ZDdmMTA0LzEva1BPU3VxbXpCU2llV3kzVnJMelgyY1MtNHQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS9hMWMxNDItODk0My00OWY0LThjYzktNmVmMmI5ZDdmMTA0
LzEvc3hRNUlKVm9BcWpyUzBZbm92OVBPWWZzR2owLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAURkVMA0G
CSqGSIb3DQEBCwUAA4IBAQApg3/Ppxvh/GRGZdiLDWc5l8x6RIncJuTG05in2kFa
IdvvtPMSZx1DwNroivWKoLYHt24fIfgm2mzgs8r8TnWSTsl43Mk8axmzSbLJFTAS
1+65oZwNE7OrjJ5IQmmCcQHSr73ML8BQ6PMGWBpb5q1yHUtLxX9ZG+G8+NvB57sc
9zTbjMwHCb3qxM/Nix216JEBQmz2xnWyjwG3RLJb60aF1kfY6ynkAs9bNgeypjk1
70a0zes3xCcENgEZ6px5je8/g/rcXaaP44DCe1L9JRM3Q0Yf/OAWsximPompz7DP
O1hK3fqXcApWVoh0smZlXl4W+xgoNKo7fcYoC7UearmX
-----END CERTIFICATE-----