Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/009074-66f6-4d4d-974a-da2ec8cfb888/1/__n851Fl673Rov1VBWIKvLW2vxM.roa
File:                     __n851Fl673Rov1VBWIKvLW2vxM.roa (raw, json)
Hash identifier:          LiDqxSmltXrNovag0SaNbc/jQEMKns7RXXX8OPXLYPU=
Subject key identifier:   FF:F9:FC:E7:51:65:EB:BD:D1:A2:FD:55:05:62:0A:BC:B5:B6:BF:13
Certificate issuer:       /CN=81812385b82dda0fd4826abb7aefeb0df3eb8ffd
Certificate serial:       018CC6B920CA97FB8659644B6686EBDD685F
Authority key identifier: 81:81:23:85:B8:2D:DA:0F:D4:82:6A:BB:7A:EF:EB:0D:F3:EB:8F:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gYEjhbgt2g_Ugmq7eu_rDfPrj_0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/009074-66f6-4d4d-974a-da2ec8cfb888/1/__n851Fl673Rov1VBWIKvLW2vxM.roa
Signing time:             Mon 01 Jan 2024 20:31:10 +0000
ROA not before:           Mon 01 Jan 2024 20:31:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209369
IP address blocks:        81.0.223.0/24 maxlen: 24
                          77.78.90.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/009074-66f6-4d4d-974a-da2ec8cfb888/1/gYEjhbgt2g_Ugmq7eu_rDfPrj_0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/009074-66f6-4d4d-974a-da2ec8cfb888/1/gYEjhbgt2g_Ugmq7eu_rDfPrj_0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gYEjhbgt2g_Ugmq7eu_rDfPrj_0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:20:ca:97:fb:86:59:64:4b:66:86:eb:dd:68:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81812385b82dda0fd4826abb7aefeb0df3eb8ffd
        Validity
            Not Before: Jan  1 20:31:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fff9fce75165ebbdd1a2fd5505620abcb5b6bf13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:cf:43:a2:98:3c:0d:93:a6:4c:fd:28:63:0a:
                    20:ec:94:d8:70:63:5f:c3:e2:2d:a4:13:85:ab:e2:
                    eb:3e:e4:a4:b6:b3:59:92:50:f1:86:46:34:a9:99:
                    00:8e:48:b8:3b:ea:93:30:e3:da:fb:81:7a:a5:3d:
                    9a:49:64:7b:06:d6:84:a2:cf:60:dd:d3:91:ff:cb:
                    c3:2d:28:1f:1a:0a:66:96:17:cc:8b:52:7b:8a:b3:
                    dc:b0:ab:dd:02:b4:b8:2d:c1:aa:00:3e:41:6b:03:
                    a8:23:7b:76:87:72:a2:13:7d:de:2e:1b:57:d6:ec:
                    71:ae:39:91:92:32:e8:dc:2d:f0:7b:41:2a:ab:2b:
                    5c:c6:2a:b2:b6:cb:b7:44:92:ef:ad:91:42:51:bd:
                    a1:62:eb:5c:d2:05:76:e0:4c:b7:5d:35:3b:30:e0:
                    59:ef:c0:ea:e8:f3:64:0c:51:43:dd:88:2f:1d:46:
                    33:dc:9e:7e:43:68:59:6c:c5:b9:d6:ea:5c:fe:9d:
                    93:bf:e1:f4:30:fd:46:09:06:77:09:29:7d:9d:64:
                    52:8b:de:85:a8:9d:0c:0e:bd:2d:86:19:74:67:d2:
                    f4:7d:c0:00:1b:20:93:65:e2:f9:b3:d6:7e:ea:5f:
                    b4:28:54:35:b2:e3:98:f5:3a:90:a5:03:57:7b:c9:
                    d8:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:F9:FC:E7:51:65:EB:BD:D1:A2:FD:55:05:62:0A:BC:B5:B6:BF:13
            X509v3 Authority Key Identifier:
                keyid:81:81:23:85:B8:2D:DA:0F:D4:82:6A:BB:7A:EF:EB:0D:F3:EB:8F:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gYEjhbgt2g_Ugmq7eu_rDfPrj_0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/009074-66f6-4d4d-974a-da2ec8cfb888/1/__n851Fl673Rov1VBWIKvLW2vxM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/009074-66f6-4d4d-974a-da2ec8cfb888/1/gYEjhbgt2g_Ugmq7eu_rDfPrj_0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.78.90.0/24
                  81.0.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:58:3e:6d:f3:1e:43:17:7c:69:f5:6c:10:8c:ae:ef:7e:47:
         84:29:5f:5d:9a:45:91:bd:c8:7b:e9:b1:86:e0:47:97:9b:99:
         2f:43:77:e3:39:28:40:8f:c8:3d:5b:03:19:11:39:c2:b8:57:
         51:77:b2:94:5a:95:35:ab:20:8c:c8:52:cd:0a:d8:40:70:99:
         43:d0:1f:14:b6:4b:ab:06:b5:8b:e8:5a:59:fe:b1:c3:cf:60:
         d0:ce:91:e9:fe:df:e9:29:a8:0f:e3:49:a6:5b:46:13:50:e0:
         f7:1a:1e:24:b6:d2:92:13:5d:9e:d0:55:2f:cf:ee:d0:d3:05:
         ce:c9:1e:5e:f1:b4:19:ca:9f:67:88:84:46:d3:c4:44:2e:61:
         0f:4e:b8:f0:7e:a1:44:b5:65:13:b8:07:ff:66:8d:42:4a:2b:
         cf:15:fc:cb:ed:fb:85:5d:e1:c2:ed:43:35:40:75:c3:1b:bd:
         aa:7a:96:cb:47:a2:f5:ea:39:05:d3:c5:72:e2:8d:5d:2f:3d:
         3f:07:00:c9:af:63:74:4f:03:f4:82:4c:15:f2:b7:ff:4d:9a:
         69:06:37:c1:39:5a:1e:a9:cb:ae:4f:04:d6:d2:52:57:fc:56:
         07:fb:1a:d7:1c:10:9e:ed:42:4b:5e:6d:f6:3c:83:e7:19:28:
         13:f6:a3:e4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGuSDKl/uGWWRLZobr3WhfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxODEyMzg1YjgyZGRhMGZkNDgyNmFiYjdhZWZlYjBkZjNl
YjhmZmQwHhcNMjQwMTAxMjAzMTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZmY5ZmNlNzUxNjVlYmJkZDFhMmZkNTUwNTYyMGFiY2I1YjZiZjEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAks9Dopg8DZOmTP0oYwog7JTYcGNf
w+ItpBOFq+LrPuSktrNZklDxhkY0qZkAjki4O+qTMOPa+4F6pT2aSWR7BtaEos9g
3dOR/8vDLSgfGgpmlhfMi1J7irPcsKvdArS4LcGqAD5BawOoI3t2h3KiE33eLhtX
1uxxrjmRkjLo3C3we0Eqqytcxiqytsu3RJLvrZFCUb2hYutc0gV24Ey3XTU7MOBZ
78Dq6PNkDFFD3YgvHUYz3J5+Q2hZbMW51upc/p2Tv+H0MP1GCQZ3CSl9nWRSi96F
qJ0MDr0thhl0Z9L0fcAAGyCTZeL5s9Z+6l+0KFQ1suOY9TqQpQNXe8nYvwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFP/5/OdRZeu90aL9VQViCry1tr8TMB8GA1UdIwQY
MBaAFIGBI4W4LdoP1IJqu3rv6w3z64/9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1lFamhiZ3QyZ19VZ21xN2V1X3JEZlByal8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi8wMDkwNzQtNjZmNi00ZDRkLTk3NGEt
ZGEyZWM4Y2ZiODg4LzEvX19uODUxRmw2NzNSb3YxVkJXSUt2TFcydnhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi8wMDkwNzQtNjZmNi00ZDRkLTk3NGEtZGEyZWM4Y2ZiODg4
LzEvZ1lFamhiZ3QyZ19VZ21xN2V1X3JEZlByal8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATU5aAwQA
UQDfMA0GCSqGSIb3DQEBCwUAA4IBAQCKWD5t8x5DF3xp9WwQjK7vfkeEKV9dmkWR
vch76bGG4EeXm5kvQ3fjOShAj8g9WwMZETnCuFdRd7KUWpU1qyCMyFLNCthAcJlD
0B8UtkurBrWL6FpZ/rHDz2DQzpHp/t/pKagP40mmW0YTUOD3Gh4kttKSE12e0FUv
z+7Q0wXOyR5e8bQZyp9niIRG08RELmEPTrjwfqFEtWUTuAf/Zo1CSivPFfzL7fuF
XeHC7UM1QHXDG72qepbLR6L16jkF08Vy4o1dLz0/BwDJr2N0TwP0gkwV8rf/TZpp
BjfBOVoeqcuuTwTW0lJX/FYH+xrXHBCe7UJLXm32PIPnGSgT9qPk
-----END CERTIFICATE-----