Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/21492f-1663-409d-bfb2-6a0451c49d4d/1/NiIyQc4-WlCedIn6p8ScUSrBMCw.roa
File:                     NiIyQc4-WlCedIn6p8ScUSrBMCw.roa (raw, json)
Hash identifier:          ao3kFnmR/+F35EeF8PMOSiarB8BoKWoU9LE5ic0qSt8=
Subject key identifier:   36:22:32:41:CE:3E:5A:50:9E:74:89:FA:A7:C4:9C:51:2A:C1:30:2C
Certificate issuer:       /CN=621a130a90cb037e3803fea0bf465aa082fe3498
Certificate serial:       019049EB477F1A32B104432611C05737BF41
Authority key identifier: 62:1A:13:0A:90:CB:03:7E:38:03:FE:A0:BF:46:5A:A0:82:FE:34:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YhoTCpDLA344A_6gv0ZaoIL-NJg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/21492f-1663-409d-bfb2-6a0451c49d4d/1/NiIyQc4-WlCedIn6p8ScUSrBMCw.roa
Signing time:             Mon 24 Jun 2024 11:04:34 +0000
ROA not before:           Mon 24 Jun 2024 11:04:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        81.30.104.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/21492f-1663-409d-bfb2-6a0451c49d4d/1/YhoTCpDLA344A_6gv0ZaoIL-NJg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/21492f-1663-409d-bfb2-6a0451c49d4d/1/YhoTCpDLA344A_6gv0ZaoIL-NJg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YhoTCpDLA344A_6gv0ZaoIL-NJg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Sep 2024 14:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:49:eb:47:7f:1a:32:b1:04:43:26:11:c0:57:37:bf:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=621a130a90cb037e3803fea0bf465aa082fe3498
        Validity
            Not Before: Jun 24 11:04:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=36223241ce3e5a509e7489faa7c49c512ac1302c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:c5:5a:fc:b2:f6:33:21:8b:8e:bf:1d:da:37:
                    d1:c0:25:13:f7:5a:2c:5f:86:a5:f5:e6:30:5a:bc:
                    c8:84:de:b8:f2:1b:3b:99:34:7f:33:60:4b:3e:ce:
                    3b:18:88:ee:de:08:4d:1f:b5:08:07:86:34:74:2c:
                    cd:0b:88:4c:d5:fb:79:1e:33:da:80:68:01:3e:2a:
                    37:8a:e6:a0:9f:8d:cf:8e:a3:67:eb:00:22:1b:81:
                    e1:e2:50:99:8b:5f:e4:7b:8b:37:e2:65:40:57:07:
                    c4:6a:b9:2f:81:88:87:54:61:fc:c5:47:cf:22:14:
                    52:26:7e:a9:01:0a:60:14:df:35:e3:f2:06:8d:d8:
                    53:b3:e8:d3:34:8b:2e:53:e2:34:62:fa:9a:81:72:
                    00:57:b0:82:09:57:e9:52:f1:ce:a6:a3:be:72:a5:
                    e6:dc:c1:27:91:66:c8:9c:ca:bd:76:db:27:06:b7:
                    22:4f:57:5b:9e:d0:8f:e2:53:64:01:22:aa:34:86:
                    27:7d:25:20:bf:58:5f:44:bf:6b:2b:e5:96:12:e5:
                    5a:c8:fe:13:34:12:a4:83:6a:4f:b6:be:62:96:05:
                    2f:27:54:3b:21:ca:13:76:77:c0:f0:fa:3a:d8:c9:
                    13:87:fd:5d:46:95:48:b2:5b:69:31:1d:dd:10:30:
                    ef:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:22:32:41:CE:3E:5A:50:9E:74:89:FA:A7:C4:9C:51:2A:C1:30:2C
            X509v3 Authority Key Identifier:
                keyid:62:1A:13:0A:90:CB:03:7E:38:03:FE:A0:BF:46:5A:A0:82:FE:34:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YhoTCpDLA344A_6gv0ZaoIL-NJg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/21492f-1663-409d-bfb2-6a0451c49d4d/1/NiIyQc4-WlCedIn6p8ScUSrBMCw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/21492f-1663-409d-bfb2-6a0451c49d4d/1/YhoTCpDLA344A_6gv0ZaoIL-NJg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.30.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:d7:c8:c1:91:08:19:7c:23:97:ec:7d:62:d3:d4:06:34:77:
         07:e0:6a:70:d7:6b:a2:92:c1:5f:1f:72:f4:b0:e4:43:04:a1:
         76:3b:90:e9:ca:95:1c:ce:7b:a0:16:30:3d:c5:5a:41:3b:39:
         0b:fa:fa:d9:eb:b9:a5:87:31:fb:da:77:b2:eb:5e:2a:07:9f:
         a4:6c:ae:ba:f1:32:c3:d8:ad:23:8a:37:51:03:21:0a:ef:db:
         03:8a:05:23:f2:6f:15:d8:1d:e5:9d:91:e3:2c:04:7f:bf:e7:
         b7:00:13:9d:af:3b:6c:47:cd:c6:1c:dc:d5:a8:bb:bd:03:0e:
         6e:e6:c1:f4:6b:98:37:c3:bc:c3:cd:9d:ba:34:5e:10:11:f6:
         ae:2e:71:e0:02:e8:e1:eb:4e:df:5e:7d:c7:ac:e2:62:7d:b6:
         8b:4d:9a:52:16:b7:5f:c7:a8:63:99:c5:17:36:c3:26:48:36:
         ed:8c:5f:78:88:65:28:ab:28:a3:d0:1d:6a:6c:07:6e:17:97:
         24:25:cd:02:3a:66:61:ac:86:8d:1e:43:5a:7a:87:e0:59:2f:
         4c:9b:82:51:ec:a7:f6:11:76:5c:5b:af:a1:05:da:c6:de:ef:
         d2:99:06:2f:56:cd:aa:56:c5:d2:e5:45:3c:49:50:1e:7d:d8:
         b3:54:ef:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBJ60d/GjKxBEMmEcBXN79BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMWExMzBhOTBjYjAzN2UzODAzZmVhMGJmNDY1YWEwODJm
ZTM0OTgwHhcNMjQwNjI0MTEwNDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjIyMzI0MWNlM2U1YTUwOWU3NDg5ZmFhN2M0OWM1MTJhYzEzMDJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr8Va/LL2MyGLjr8d2jfRwCUT91os
X4al9eYwWrzIhN648hs7mTR/M2BLPs47GIju3ghNH7UIB4Y0dCzNC4hM1ft5HjPa
gGgBPio3iuagn43PjqNn6wAiG4Hh4lCZi1/ke4s34mVAVwfEarkvgYiHVGH8xUfP
IhRSJn6pAQpgFN814/IGjdhTs+jTNIsuU+I0YvqagXIAV7CCCVfpUvHOpqO+cqXm
3MEnkWbInMq9dtsnBrciT1dbntCP4lNkASKqNIYnfSUgv1hfRL9rK+WWEuVayP4T
NBKkg2pPtr5ilgUvJ1Q7IcoTdnfA8Po62MkTh/1dRpVIsltpMR3dEDDv2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDYiMkHOPlpQnnSJ+qfEnFEqwTAsMB8GA1UdIwQY
MBaAFGIaEwqQywN+OAP+oL9GWqCC/jSYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWhvVENwRExBMzQ0QV82Z3YwWmFvSUwtTkpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC8yMTQ5MmYtMTY2My00MDlkLWJmYjIt
NmEwNDUxYzQ5ZDRkLzEvTmlJeVFjNC1XbENlZEluNnA4U2NVU3JCTUN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC8yMTQ5MmYtMTY2My00MDlkLWJmYjItNmEwNDUxYzQ5ZDRk
LzEvWWhvVENwRExBMzQ0QV82Z3YwWmFvSUwtTkpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUR5oMA0G
CSqGSIb3DQEBCwUAA4IBAQBd18jBkQgZfCOX7H1i09QGNHcH4Gpw12uiksFfH3L0
sORDBKF2O5DpypUcznugFjA9xVpBOzkL+vrZ67mlhzH72ney614qB5+kbK668TLD
2K0jijdRAyEK79sDigUj8m8V2B3lnZHjLAR/v+e3ABOdrztsR83GHNzVqLu9Aw5u
5sH0a5g3w7zDzZ26NF4QEfauLnHgAujh607fXn3HrOJifbaLTZpSFrdfx6hjmcUX
NsMmSDbtjF94iGUoqyij0B1qbAduF5ckJc0COmZhrIaNHkNaeofgWS9Mm4JR7Kf2
EXZcW6+hBdrG3u/SmQYvVs2qVsXS5UU8SVAefdizVO8a
-----END CERTIFICATE-----