Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/bd0d7d-f425-408a-b07d-07711ed02b75/1/exoVO57OcVlbrW3dFlqxMbRV-3k.roa
File:                     exoVO57OcVlbrW3dFlqxMbRV-3k.roa (raw, json)
Hash identifier:          4+wfdmERPGk5rVct3syoULulD0ss2tRDAHPKy/Fy+vE=
Subject key identifier:   7B:1A:15:3B:9E:CE:71:59:5B:AD:6D:DD:16:5A:B1:31:B4:55:FB:79
Certificate issuer:       /CN=d6e535ef216ebe6f7fc55cfbdc31532b912d8e63
Certificate serial:       019425FDB33DFB00A7C33E57A7730BB187C2
Authority key identifier: D6:E5:35:EF:21:6E:BE:6F:7F:C5:5C:FB:DC:31:53:2B:91:2D:8E:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1uU17yFuvm9_xVz73DFTK5EtjmM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/bd0d7d-f425-408a-b07d-07711ed02b75/1/exoVO57OcVlbrW3dFlqxMbRV-3k.roa
Signing time:             Thu 02 Jan 2025 07:49:30 +0000
ROA not before:           Thu 02 Jan 2025 07:49:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47692
IP address blocks:        81.173.84.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/bd0d7d-f425-408a-b07d-07711ed02b75/1/1uU17yFuvm9_xVz73DFTK5EtjmM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/bd0d7d-f425-408a-b07d-07711ed02b75/1/1uU17yFuvm9_xVz73DFTK5EtjmM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1uU17yFuvm9_xVz73DFTK5EtjmM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:b3:3d:fb:00:a7:c3:3e:57:a7:73:0b:b1:87:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d6e535ef216ebe6f7fc55cfbdc31532b912d8e63
        Validity
            Not Before: Jan  2 07:49:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7b1a153b9ece71595bad6ddd165ab131b455fb79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:09:38:86:66:42:ae:8c:e7:08:4b:dc:cd:58:
                    c5:dd:49:ae:6d:4d:d2:27:8a:02:aa:86:7b:31:d4:
                    71:6e:75:e5:77:e6:10:07:e9:94:77:1c:c5:d3:30:
                    43:89:1b:68:6c:df:54:df:b7:3c:33:5b:52:4f:99:
                    f6:45:a2:28:ea:ea:26:70:7f:d8:94:ea:0a:5d:0d:
                    1c:4d:a8:23:c0:cb:fb:01:84:62:db:5b:10:af:fb:
                    a6:05:55:c0:53:83:a1:65:3e:d5:4e:89:67:0f:57:
                    a0:8a:50:7c:1d:d0:bb:95:6e:25:9b:ca:95:a4:db:
                    50:13:27:c9:10:7a:5f:a9:21:b2:9b:bb:6c:60:99:
                    6e:b8:21:75:cc:1f:e2:16:d8:d8:91:38:8b:1d:73:
                    91:b1:97:00:3c:87:36:11:13:b4:91:06:e9:e2:3a:
                    c0:b8:b7:11:38:d1:f3:43:62:78:8d:7e:f3:e4:94:
                    3e:25:c7:cf:cc:2e:2e:9c:53:ca:93:c6:56:b8:30:
                    09:4d:f9:71:86:11:c7:0e:08:f6:61:d8:b8:6e:bd:
                    99:69:97:05:5b:4a:30:6d:8b:8d:16:f6:29:4b:26:
                    21:ff:1f:51:47:87:c3:3c:ee:b8:ea:d1:da:1c:58:
                    7f:0a:db:18:7e:4a:40:f3:36:ab:51:17:63:ce:de:
                    19:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:1A:15:3B:9E:CE:71:59:5B:AD:6D:DD:16:5A:B1:31:B4:55:FB:79
            X509v3 Authority Key Identifier:
                keyid:D6:E5:35:EF:21:6E:BE:6F:7F:C5:5C:FB:DC:31:53:2B:91:2D:8E:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1uU17yFuvm9_xVz73DFTK5EtjmM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/bd0d7d-f425-408a-b07d-07711ed02b75/1/exoVO57OcVlbrW3dFlqxMbRV-3k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/bd0d7d-f425-408a-b07d-07711ed02b75/1/1uU17yFuvm9_xVz73DFTK5EtjmM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.173.84.0/22

    Signature Algorithm: sha256WithRSAEncryption
         c0:f8:63:e1:15:86:84:37:03:ed:24:42:e6:df:4b:67:fc:c9:
         9d:e7:06:e1:f7:61:e7:41:b2:39:a8:5f:c2:e4:be:e1:5f:fd:
         55:df:4c:65:75:4c:be:1c:e3:b1:a2:4c:06:c3:06:8f:46:bb:
         db:b6:de:1a:09:07:0f:89:c4:9c:41:cc:c8:f4:49:72:95:ee:
         59:a8:b3:2f:c6:69:de:83:73:e9:59:47:56:99:81:40:ce:95:
         b8:a9:ed:26:37:ad:bb:09:da:43:e1:1a:a6:4d:ce:80:a9:a9:
         3e:35:5d:6d:80:7d:d9:c1:19:43:10:bc:88:22:3f:77:8a:5a:
         00:42:04:cb:e9:e8:55:e2:7e:f1:90:17:00:7d:84:72:5e:47:
         df:5a:98:68:53:0d:37:9a:c3:98:a2:96:8d:17:f3:e7:c9:f7:
         c3:e5:64:3a:a6:73:0c:95:82:8f:d8:76:cb:49:f8:a0:0a:b9:
         06:92:ac:1f:1b:10:41:0c:0c:54:ee:05:c8:b8:e7:6e:90:fb:
         fd:29:27:bc:25:3c:88:1d:ae:36:3c:19:6c:69:9f:7e:8b:0f:
         34:6a:4b:95:ce:1a:db:48:c4:aa:58:6f:61:24:af:58:01:2f:
         c9:62:47:5a:d7:cf:b8:a5:c9:02:64:4c:b9:a3:bb:a0:27:c5:
         c6:52:ed:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/bM9+wCnwz5Xp3MLsYfCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2ZTUzNWVmMjE2ZWJlNmY3ZmM1NWNmYmRjMzE1MzJiOTEy
ZDhlNjMwHhcNMjUwMTAyMDc0OTMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjFhMTUzYjllY2U3MTU5NWJhZDZkZGQxNjVhYjEzMWI0NTVmYjc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtQk4hmZCroznCEvczVjF3UmubU3S
J4oCqoZ7MdRxbnXld+YQB+mUdxzF0zBDiRtobN9U37c8M1tST5n2RaIo6uomcH/Y
lOoKXQ0cTagjwMv7AYRi21sQr/umBVXAU4OhZT7VTolnD1egilB8HdC7lW4lm8qV
pNtQEyfJEHpfqSGym7tsYJluuCF1zB/iFtjYkTiLHXORsZcAPIc2ERO0kQbp4jrA
uLcRONHzQ2J4jX7z5JQ+JcfPzC4unFPKk8ZWuDAJTflxhhHHDgj2Ydi4br2ZaZcF
W0owbYuNFvYpSyYh/x9RR4fDPO646tHaHFh/CtsYfkpA8zarURdjzt4ZhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHsaFTueznFZW61t3RZasTG0Vft5MB8GA1UdIwQY
MBaAFNblNe8hbr5vf8Vc+9wxUyuRLY5jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXVVMTd5RnV2bTlfeFZ6NzNERlRLNUV0am1NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy9iZDBkN2QtZjQyNS00MDhhLWIwN2Qt
MDc3MTFlZDAyYjc1LzEvZXhvVk81N09jVmxiclczZEZscXhNYlJWLTNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy9iZDBkN2QtZjQyNS00MDhhLWIwN2QtMDc3MTFlZDAyYjc1
LzEvMXVVMTd5RnV2bTlfeFZ6NzNERlRLNUV0am1NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCUa1UMA0G
CSqGSIb3DQEBCwUAA4IBAQDA+GPhFYaENwPtJELm30tn/Mmd5wbh92HnQbI5qF/C
5L7hX/1V30xldUy+HOOxokwGwwaPRrvbtt4aCQcPicScQczI9Elyle5ZqLMvxmne
g3PpWUdWmYFAzpW4qe0mN627CdpD4RqmTc6Aqak+NV1tgH3ZwRlDELyIIj93iloA
QgTL6ehV4n7xkBcAfYRyXkffWphoUw03msOYopaNF/PnyffD5WQ6pnMMlYKP2HbL
SfigCrkGkqwfGxBBDAxU7gXIuOdukPv9KSe8JTyIHa42PBlsaZ9+iw80akuVzhrb
SMSqWG9hJK9YAS/JYkda18+4pckCZEy5o7ugJ8XGUu3G
-----END CERTIFICATE-----