Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/y86ptQnnJ1-tfUfhm58ESy07_xE.roa
File:                     y86ptQnnJ1-tfUfhm58ESy07_xE.roa (raw, json)
Hash identifier:          +9Wi5R4K8OHYEK9038kUeYAtLGqKLNHoSfCAqZmxgtI=
Subject key identifier:   CB:CE:A9:B5:09:E7:27:5F:AD:7D:47:E1:9B:9F:04:4B:2D:3B:FF:11
Certificate issuer:       /CN=92d7c2a1072d73507adbf6507de68aaac01785c0
Certificate serial:       018CC56DEBAF8EEE1C25367998FE283CB85B
Authority key identifier: 92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/y86ptQnnJ1-tfUfhm58ESy07_xE.roa
Signing time:             Mon 01 Jan 2024 14:29:24 +0000
ROA not before:           Mon 01 Jan 2024 14:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51472
IP address blocks:        81.23.15.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:eb:af:8e:ee:1c:25:36:79:98:fe:28:3c:b8:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92d7c2a1072d73507adbf6507de68aaac01785c0
        Validity
            Not Before: Jan  1 14:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cbcea9b509e7275fad7d47e19b9f044b2d3bff11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:28:59:09:2b:5c:3d:20:c0:cd:be:7e:13:24:
                    19:14:9f:a9:73:fa:80:48:5e:f3:31:45:3d:36:f6:
                    43:0e:db:05:c1:6f:7f:bd:1a:75:1e:00:7c:db:cf:
                    49:24:fe:fa:13:d4:a0:ad:7a:a3:b9:c2:ba:c0:af:
                    14:69:0c:f5:d5:a6:03:46:fc:42:42:e8:ac:ab:3c:
                    78:90:18:1c:f5:56:04:5c:84:3a:56:83:84:c6:0a:
                    a3:07:d7:98:de:d7:33:37:23:ce:8f:2b:c5:45:ae:
                    96:81:6e:8b:f9:f2:3b:fb:a3:26:37:9f:7d:4d:c9:
                    68:31:cf:58:c3:cc:5f:fe:f4:2a:ce:84:7b:93:a8:
                    3f:9b:d4:3a:37:eb:cb:ca:50:48:e8:f5:ad:64:8f:
                    d1:d6:be:27:d2:05:ec:b1:8e:2b:dd:82:0c:8b:ba:
                    05:f5:23:35:04:9d:c1:75:5d:76:e7:65:9b:ad:e2:
                    c0:08:80:21:74:c3:4f:7f:95:22:81:27:3f:c4:fd:
                    cf:24:f3:e1:45:9e:64:58:1e:f8:c7:0b:63:9c:d9:
                    56:8b:99:c9:87:58:38:0f:1d:45:df:1e:89:81:bd:
                    ef:39:d1:57:83:85:45:8b:43:a9:85:ab:63:95:f2:
                    9d:9b:30:ff:da:32:ad:b1:96:99:4d:d7:76:80:d2:
                    b2:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:CE:A9:B5:09:E7:27:5F:AD:7D:47:E1:9B:9F:04:4B:2D:3B:FF:11
            X509v3 Authority Key Identifier:
                keyid:92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/y86ptQnnJ1-tfUfhm58ESy07_xE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.23.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:dc:33:55:3c:23:73:91:70:4e:f4:e2:a3:1a:8b:85:0e:b5:
         05:2b:1a:81:73:09:50:88:eb:eb:f5:d2:46:49:b4:73:11:d4:
         6f:59:ca:3c:2a:5e:4d:c9:4e:b4:04:84:51:41:a2:dc:30:d4:
         fd:f8:d2:3f:6f:a1:6b:5c:c8:51:ed:35:96:e6:8f:89:5d:04:
         9b:08:7d:5f:e8:9c:1e:fb:03:be:b0:e5:02:2c:68:e6:e0:c2:
         6f:2d:be:bf:e4:54:e5:61:34:ee:1b:a5:bb:7f:6e:be:8e:33:
         d9:97:c0:08:2f:c9:1b:6f:0a:f3:d0:a8:da:a3:66:70:43:e0:
         ce:6b:3a:74:57:15:50:d8:b2:9a:46:34:10:c0:29:1a:20:49:
         0e:9f:03:7d:06:f6:84:11:98:8a:8d:d1:21:8b:d1:87:7c:33:
         0e:d4:66:93:16:a9:12:8b:fe:d3:32:ee:9c:b5:75:26:1c:69:
         28:b4:e6:e0:9d:5d:49:3c:58:5f:75:83:77:4c:07:5f:a8:40:
         e3:b2:49:f5:30:d8:3f:ac:ac:b6:81:41:22:20:1f:de:0d:05:
         d0:e2:e7:cc:77:42:03:85:fa:39:c3:86:1b:1f:ef:84:2b:01:
         ec:74:4c:c4:f7:3a:10:26:c3:de:23:d8:83:e6:73:f5:b6:90:
         bf:8e:0a:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbeuvju4cJTZ5mP4oPLhbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZDdjMmExMDcyZDczNTA3YWRiZjY1MDdkZTY4YWFhYzAx
Nzg1YzAwHhcNMjQwMTAxMTQyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmNlYTliNTA5ZTcyNzVmYWQ3ZDQ3ZTE5YjlmMDQ0YjJkM2JmZjExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkihZCStcPSDAzb5+EyQZFJ+pc/qA
SF7zMUU9NvZDDtsFwW9/vRp1HgB8289JJP76E9SgrXqjucK6wK8UaQz11aYDRvxC
Quisqzx4kBgc9VYEXIQ6VoOExgqjB9eY3tczNyPOjyvFRa6WgW6L+fI7+6MmN599
TcloMc9Yw8xf/vQqzoR7k6g/m9Q6N+vLylBI6PWtZI/R1r4n0gXssY4r3YIMi7oF
9SM1BJ3BdV1252WbreLACIAhdMNPf5UigSc/xP3PJPPhRZ5kWB74xwtjnNlWi5nJ
h1g4Dx1F3x6Jgb3vOdFXg4VFi0OphatjlfKdmzD/2jKtsZaZTdd2gNKyRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMvOqbUJ5ydfrX1H4ZufBEstO/8RMB8GA1UdIwQY
MBaAFJLXwqEHLXNQetv2UH3miqrAF4XAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTct
ODllNTZjODBkMWQwLzEveTg2cHRRbm5KMS10ZlVmaG01OEVTeTA3X3hFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTctODllNTZjODBkMWQw
LzEva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAURcPMA0G
CSqGSIb3DQEBCwUAA4IBAQCr3DNVPCNzkXBO9OKjGouFDrUFKxqBcwlQiOvr9dJG
SbRzEdRvWco8Kl5NyU60BIRRQaLcMNT9+NI/b6FrXMhR7TWW5o+JXQSbCH1f6Jwe
+wO+sOUCLGjm4MJvLb6/5FTlYTTuG6W7f26+jjPZl8AIL8kbbwrz0Kjao2ZwQ+DO
azp0VxVQ2LKaRjQQwCkaIEkOnwN9BvaEEZiKjdEhi9GHfDMO1GaTFqkSi/7TMu6c
tXUmHGkotObgnV1JPFhfdYN3TAdfqEDjskn1MNg/rKy2gUEiIB/eDQXQ4ufMd0ID
hfo5w4YbH++EKwHsdEzE9zoQJsPeI9iD5nP1tpC/jgom
-----END CERTIFICATE-----