Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/4d58f5-5c3f-4aca-97b8-6d8a69a0ad43/1/Q_kzu-Gv34B_dydnf9PrZ0JmPZc.roa
File:                     Q_kzu-Gv34B_dydnf9PrZ0JmPZc.roa (raw, json)
Hash identifier:          IILFxRrMFmNPEBnVUwyinMZmQ6O7dJOUr1LchwpPfrQ=
Subject key identifier:   43:F9:33:BB:E1:AF:DF:80:7F:77:27:67:7F:D3:EB:67:42:66:3D:97
Certificate issuer:       /CN=36c7095e045986053b9b3e8789036726837dd1f5
Certificate serial:       0191BB4897F74FC2477BE1839B34DCE50BB0
Authority key identifier: 36:C7:09:5E:04:59:86:05:3B:9B:3E:87:89:03:67:26:83:7D:D1:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NscJXgRZhgU7mz6HiQNnJoN90fU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/4d58f5-5c3f-4aca-97b8-6d8a69a0ad43/1/Q_kzu-Gv34B_dydnf9PrZ0JmPZc.roa
Signing time:             Wed 04 Sep 2024 04:26:22 +0000
ROA not before:           Wed 04 Sep 2024 04:26:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39214
IP address blocks:        81.20.16.0/20 maxlen: 20
                          81.20.16.0/24 maxlen: 24
                          81.20.17.0/24 maxlen: 24
                          81.20.20.0/23 maxlen: 23
                          81.20.22.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/4d58f5-5c3f-4aca-97b8-6d8a69a0ad43/1/NscJXgRZhgU7mz6HiQNnJoN90fU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/4d58f5-5c3f-4aca-97b8-6d8a69a0ad43/1/NscJXgRZhgU7mz6HiQNnJoN90fU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NscJXgRZhgU7mz6HiQNnJoN90fU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 Nov 2024 13:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:bb:48:97:f7:4f:c2:47:7b:e1:83:9b:34:dc:e5:0b:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c7095e045986053b9b3e8789036726837dd1f5
        Validity
            Not Before: Sep  4 04:26:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=43f933bbe1afdf807f7727677fd3eb6742663d97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:16:71:ca:bb:4b:28:8b:50:c3:47:bd:a6:eb:
                    78:2b:ab:24:f7:4f:69:04:2a:02:3b:7f:7b:b9:38:
                    0f:9e:fc:a2:7d:f6:be:a8:9b:c2:c3:f8:12:82:4b:
                    f7:0e:7c:aa:00:8f:35:dd:01:3d:49:90:df:97:a8:
                    6d:00:86:05:8f:a5:89:ca:39:04:b6:4a:1c:ac:36:
                    35:16:54:21:fd:96:26:71:f1:05:22:81:db:90:45:
                    78:75:16:ad:ba:ea:08:55:dd:9f:0a:2f:65:a1:db:
                    c6:34:86:b6:55:d4:da:85:46:58:21:ec:52:e1:25:
                    53:d9:10:37:04:17:67:68:0b:2c:26:9b:32:9d:69:
                    49:fe:e1:ae:07:4d:f5:b5:5d:4f:0f:9d:f5:c4:d2:
                    ce:51:c8:31:b9:d4:75:55:bf:77:71:5f:ad:9d:c6:
                    ee:db:8d:41:c1:bc:80:83:cf:75:3c:77:e6:b3:a5:
                    0e:7d:37:fe:81:b1:42:cf:2f:5c:45:8d:1e:75:74:
                    84:a7:0f:f2:70:83:8c:cd:a6:f2:64:7b:fe:4b:01:
                    93:7c:9c:a9:a1:f3:f9:d7:ee:ff:09:88:43:cd:3b:
                    2a:90:ac:54:51:39:36:5b:e5:64:02:4b:00:ed:c1:
                    a7:cd:e7:0a:c3:2e:15:48:73:12:95:bc:e4:09:5c:
                    e2:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:F9:33:BB:E1:AF:DF:80:7F:77:27:67:7F:D3:EB:67:42:66:3D:97
            X509v3 Authority Key Identifier:
                keyid:36:C7:09:5E:04:59:86:05:3B:9B:3E:87:89:03:67:26:83:7D:D1:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NscJXgRZhgU7mz6HiQNnJoN90fU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/4d58f5-5c3f-4aca-97b8-6d8a69a0ad43/1/Q_kzu-Gv34B_dydnf9PrZ0JmPZc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/4d58f5-5c3f-4aca-97b8-6d8a69a0ad43/1/NscJXgRZhgU7mz6HiQNnJoN90fU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.20.16.0/20

    Signature Algorithm: sha256WithRSAEncryption
         40:0c:e1:14:8c:8e:c5:36:59:34:be:9d:a9:12:04:69:f1:fb:
         3e:7b:82:0a:fa:5d:a2:11:56:f1:22:59:70:3a:7d:e6:2f:4a:
         b5:35:09:02:b5:05:6b:e7:88:62:8e:b0:75:19:b6:31:d0:f5:
         14:0b:f6:16:c1:dd:ed:93:71:5b:59:af:7b:a5:65:7d:70:4b:
         2b:d9:40:15:28:91:9a:bc:d9:85:85:ee:5f:bd:7e:52:20:26:
         d2:1b:39:c1:61:99:e3:9c:ad:75:ca:18:90:f8:2a:76:83:de:
         ee:91:da:9b:88:b7:b2:7e:4c:e7:f1:37:0e:92:ba:27:ba:1c:
         9d:cc:23:9a:4d:0b:83:f8:7c:e5:1a:34:de:7f:76:68:29:16:
         6c:34:92:c7:eb:e9:b4:a8:8e:83:5c:29:97:36:7e:87:66:fe:
         a8:6b:6c:74:6e:eb:e2:98:50:75:28:a7:33:23:ca:19:dd:32:
         40:e8:8e:71:57:53:71:17:e8:2a:a1:49:5f:af:10:89:72:1b:
         85:3e:f1:4c:6e:92:83:39:bb:99:00:14:78:70:c3:bc:bd:00:
         64:7a:1d:94:0e:3b:7f:a7:29:72:1e:62:d9:3c:ed:4b:b3:e0:
         50:3e:32:3c:6b:98:3e:fc:38:8c:65:e9:c9:29:9b:c1:06:88:
         15:45:2b:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZG7SJf3T8JHe+GDmzTc5QuwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzcwOTVlMDQ1OTg2MDUzYjliM2U4Nzg5MDM2NzI2ODM3
ZGQxZjUwHhcNMjQwOTA0MDQyNjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2Y5MzNiYmUxYWZkZjgwN2Y3NzI3Njc3ZmQzZWI2NzQyNjYzZDk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqRZxyrtLKItQw0e9put4K6sk909p
BCoCO397uTgPnvyiffa+qJvCw/gSgkv3DnyqAI813QE9SZDfl6htAIYFj6WJyjkE
tkocrDY1FlQh/ZYmcfEFIoHbkEV4dRatuuoIVd2fCi9lodvGNIa2VdTahUZYIexS
4SVT2RA3BBdnaAssJpsynWlJ/uGuB031tV1PD531xNLOUcgxudR1Vb93cV+tncbu
241BwbyAg891PHfms6UOfTf+gbFCzy9cRY0edXSEpw/ycIOMzabyZHv+SwGTfJyp
ofP51+7/CYhDzTsqkKxUUTk2W+VkAksA7cGnzecKwy4VSHMSlbzkCVziHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEP5M7vhr9+Af3cnZ3/T62dCZj2XMB8GA1UdIwQY
MBaAFDbHCV4EWYYFO5s+h4kDZyaDfdH1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNjSlhnUlpoZ1U3bXo2SGlRTm5Kb045MGZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy80ZDU4ZjUtNWMzZi00YWNhLTk3Yjgt
NmQ4YTY5YTBhZDQzLzEvUV9renUtR3YzNEJfZHlkbmY5UHJaMEptUFpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy80ZDU4ZjUtNWMzZi00YWNhLTk3YjgtNmQ4YTY5YTBhZDQz
LzEvTnNjSlhnUlpoZ1U3bXo2SGlRTm5Kb045MGZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEURQQMA0G
CSqGSIb3DQEBCwUAA4IBAQBADOEUjI7FNlk0vp2pEgRp8fs+e4IK+l2iEVbxIllw
On3mL0q1NQkCtQVr54hijrB1GbYx0PUUC/YWwd3tk3FbWa97pWV9cEsr2UAVKJGa
vNmFhe5fvX5SICbSGznBYZnjnK11yhiQ+Cp2g97ukdqbiLeyfkzn8TcOkronuhyd
zCOaTQuD+HzlGjTef3ZoKRZsNJLH6+m0qI6DXCmXNn6HZv6oa2x0buvimFB1KKcz
I8oZ3TJA6I5xV1NxF+gqoUlfrxCJchuFPvFMbpKDObuZABR4cMO8vQBkeh2UDjt/
pylyHmLZPO1Ls+BQPjI8a5g+/DiMZenJKZvBBogVRSua
-----END CERTIFICATE-----