Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/bfdda9-2742-4b2f-85b6-ef9c95276932/1/x_Xf4Jqyyc0fFXsSDRqm9udhIVI.roa
File:                     x_Xf4Jqyyc0fFXsSDRqm9udhIVI.roa (raw, json)
Hash identifier:          PlMN1TVk8NoS6Aua7QPjL03Q/9G8l3AM9SUL31+F8Xs=
Subject key identifier:   C7:F5:DF:E0:9A:B2:C9:CD:1F:15:7B:12:0D:1A:A6:F6:E7:61:21:52
Certificate issuer:       /CN=991e4b179e0953b9ecc585ad9859a00be3568001
Certificate serial:       018CC6B7C48A3C625CF2A732A858CE3C9FCB
Authority key identifier: 99:1E:4B:17:9E:09:53:B9:EC:C5:85:AD:98:59:A0:0B:E3:56:80:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mR5LF54JU7nsxYWtmFmgC-NWgAE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/bfdda9-2742-4b2f-85b6-ef9c95276932/1/x_Xf4Jqyyc0fFXsSDRqm9udhIVI.roa
Signing time:             Mon 01 Jan 2024 20:29:41 +0000
ROA not before:           Mon 01 Jan 2024 20:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8726
IP address blocks:        81.21.192.0/21 maxlen: 21
                          81.21.200.0/22 maxlen: 22
                          81.21.204.0/23 maxlen: 23
                          81.21.207.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/bfdda9-2742-4b2f-85b6-ef9c95276932/1/mR5LF54JU7nsxYWtmFmgC-NWgAE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/bfdda9-2742-4b2f-85b6-ef9c95276932/1/mR5LF54JU7nsxYWtmFmgC-NWgAE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mR5LF54JU7nsxYWtmFmgC-NWgAE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:c4:8a:3c:62:5c:f2:a7:32:a8:58:ce:3c:9f:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=991e4b179e0953b9ecc585ad9859a00be3568001
        Validity
            Not Before: Jan  1 20:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c7f5dfe09ab2c9cd1f157b120d1aa6f6e7612152
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:cc:57:eb:f4:fa:3f:58:14:8c:5f:78:c8:aa:
                    c8:99:91:79:ff:1a:e4:29:45:d8:5c:f3:c6:a4:5b:
                    da:a3:8f:fb:eb:b4:86:1e:da:14:d0:ee:a3:92:ff:
                    db:9d:43:8c:1f:5a:d6:e0:01:98:3f:c7:4b:c8:e1:
                    8e:d0:1e:9a:a1:7b:dd:9d:74:d8:5d:46:1e:a5:d0:
                    77:68:26:0b:02:07:04:f3:ba:5f:77:6b:83:7e:7b:
                    d2:81:fe:5b:1b:26:89:92:3f:59:62:65:a8:9d:40:
                    19:59:be:f7:d2:65:1b:a0:9a:ae:a8:f2:d5:0a:30:
                    08:96:b9:1a:42:b7:e6:2d:c9:a8:a5:f9:ce:c9:b8:
                    9a:dd:7f:dd:93:bb:2c:e2:3e:af:93:0d:04:42:29:
                    86:b8:8c:9e:de:0a:ae:e9:25:12:00:8a:72:f2:50:
                    79:f0:04:f3:e9:4f:42:cc:83:60:ce:03:e6:5f:90:
                    81:cd:d8:8d:d2:22:08:48:18:c2:5f:c4:31:72:77:
                    01:7f:59:8a:63:5a:fa:45:15:7d:c5:52:9c:c3:b1:
                    fd:58:02:11:90:d6:1c:84:78:e2:c7:30:91:3b:b9:
                    07:34:4e:ef:c3:65:be:1d:1c:6c:27:3f:b6:ea:53:
                    35:11:51:7d:37:f2:ea:a0:be:a3:f7:7b:44:ed:85:
                    7e:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:F5:DF:E0:9A:B2:C9:CD:1F:15:7B:12:0D:1A:A6:F6:E7:61:21:52
            X509v3 Authority Key Identifier:
                keyid:99:1E:4B:17:9E:09:53:B9:EC:C5:85:AD:98:59:A0:0B:E3:56:80:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mR5LF54JU7nsxYWtmFmgC-NWgAE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/bfdda9-2742-4b2f-85b6-ef9c95276932/1/x_Xf4Jqyyc0fFXsSDRqm9udhIVI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/bfdda9-2742-4b2f-85b6-ef9c95276932/1/mR5LF54JU7nsxYWtmFmgC-NWgAE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.21.192.0-81.21.205.255
                  81.21.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:34:35:b3:8d:72:77:81:dc:b9:5b:06:bc:57:ab:6d:dd:49:
         a9:66:86:c0:0c:ff:5c:b6:66:8a:3d:2a:f0:94:e6:f7:f0:8e:
         2d:c5:32:fb:9c:20:7c:d6:04:d2:07:68:34:fa:06:44:14:18:
         9e:26:4d:9f:cc:1e:8c:90:e7:43:70:9b:94:c3:81:40:20:47:
         f3:a1:22:26:a5:2a:5d:7f:8c:dc:a1:82:a1:5f:d4:ce:10:d2:
         52:a8:16:39:0f:22:53:19:1e:1a:0c:7e:84:fe:54:33:35:3d:
         74:c1:ee:4c:a0:92:de:41:01:8c:18:41:90:5c:19:17:97:4b:
         5d:d4:56:c3:d4:66:0f:a6:44:f7:11:e5:52:f3:80:fd:8d:cf:
         75:da:4c:da:42:51:37:63:9d:ff:ba:04:16:1b:07:44:fb:59:
         63:30:39:34:09:ef:87:6e:07:d4:e7:1e:6c:b8:0b:54:84:51:
         91:9e:ef:28:ab:7e:4c:a1:5f:74:f1:54:26:bc:f3:6e:11:96:
         a0:85:9f:1d:45:93:58:0d:92:70:be:c1:c6:79:12:ad:ee:9b:
         54:73:e6:18:b2:df:c3:c5:e8:c0:b6:0e:62:73:b8:f0:53:56:
         bf:db:5e:d3:19:d7:97:5f:59:1f:4a:1b:61:85:71:1b:5c:36:
         86:01:01:6e
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzGt8SKPGJc8qcyqFjOPJ/LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5MWU0YjE3OWUwOTUzYjllY2M1ODVhZDk4NTlhMDBiZTM1
NjgwMDEwHhcNMjQwMTAxMjAyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjN2Y1ZGZlMDlhYjJjOWNkMWYxNTdiMTIwZDFhYTZmNmU3NjEyMTUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAocxX6/T6P1gUjF94yKrImZF5/xrk
KUXYXPPGpFvao4/767SGHtoU0O6jkv/bnUOMH1rW4AGYP8dLyOGO0B6aoXvdnXTY
XUYepdB3aCYLAgcE87pfd2uDfnvSgf5bGyaJkj9ZYmWonUAZWb730mUboJquqPLV
CjAIlrkaQrfmLcmopfnOybia3X/dk7ss4j6vkw0EQimGuIye3gqu6SUSAIpy8lB5
8ATz6U9CzINgzgPmX5CBzdiN0iIISBjCX8QxcncBf1mKY1r6RRV9xVKcw7H9WAIR
kNYchHjixzCRO7kHNE7vw2W+HRxsJz+26lM1EVF9N/LqoL6j93tE7YV+NwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFMf13+CassnNHxV7Eg0apvbnYSFSMB8GA1UdIwQY
MBaAFJkeSxeeCVO57MWFrZhZoAvjVoABMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVI1TEY1NEpVN25zeFlXdG1GbWdDLU5XZ0FFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9iZmRkYTktMjc0Mi00YjJmLTg1YjYt
ZWY5Yzk1Mjc2OTMyLzEveF9YZjRKcXl5YzBmRlhzU0RScW05dWRoSVZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9iZmRkYTktMjc0Mi00YjJmLTg1YjYtZWY5Yzk1Mjc2OTMy
LzEvbVI1TEY1NEpVN25zeFlXdG1GbWdDLU5XZ0FFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAZRFcAD
BAFRFcwDBABRFc8wDQYJKoZIhvcNAQELBQADggEBABg0NbONcneB3LlbBrxXq23d
SalmhsAM/1y2Zoo9KvCU5vfwji3FMvucIHzWBNIHaDT6BkQUGJ4mTZ/MHoyQ50Nw
m5TDgUAgR/OhIialKl1/jNyhgqFf1M4Q0lKoFjkPIlMZHhoMfoT+VDM1PXTB7kyg
kt5BAYwYQZBcGReXS13UVsPUZg+mRPcR5VLzgP2Nz3XaTNpCUTdjnf+6BBYbB0T7
WWMwOTQJ74duB9TnHmy4C1SEUZGe7yirfkyhX3TxVCa8824RlqCFnx1Fk1gNknC+
wcZ5Eq3um1Rz5hiy38PF6MC2DmJzuPBTVr/bXtMZ15dfWR9KG2GFcRtcNoYBAW4=
-----END CERTIFICATE-----