Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/19f2e6-1bf3-4f7a-8817-8095f3297179/1/thJDuyjaFRsK8zEy_VAwsknj1Uk.roa
File:                     thJDuyjaFRsK8zEy_VAwsknj1Uk.roa (raw, json)
Hash identifier:          GfUqgnvib6gSBae+qz188eIR+Z7HPyMJEEbeRbaVKxk=
Subject key identifier:   B6:12:43:BB:28:DA:15:1B:0A:F3:31:32:FD:50:30:B2:49:E3:D5:49
Certificate issuer:       /CN=afb4e04a0ed344112c1853cab09f52e1cd9abaf2
Certificate serial:       01915F2E37CA8C8899FA592C686F7FBF83CD
Authority key identifier: AF:B4:E0:4A:0E:D3:44:11:2C:18:53:CA:B0:9F:52:E1:CD:9A:BA:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r7TgSg7TRBEsGFPKsJ9S4c2auvI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/19f2e6-1bf3-4f7a-8817-8095f3297179/1/thJDuyjaFRsK8zEy_VAwsknj1Uk.roa
Signing time:             Sat 17 Aug 2024 07:12:30 +0000
ROA not before:           Sat 17 Aug 2024 07:12:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57242
IP address blocks:        81.163.211.0/24 maxlen: 24
                          81.163.214.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/19f2e6-1bf3-4f7a-8817-8095f3297179/1/r7TgSg7TRBEsGFPKsJ9S4c2auvI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/19f2e6-1bf3-4f7a-8817-8095f3297179/1/r7TgSg7TRBEsGFPKsJ9S4c2auvI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r7TgSg7TRBEsGFPKsJ9S4c2auvI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:5f:2e:37:ca:8c:88:99:fa:59:2c:68:6f:7f:bf:83:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=afb4e04a0ed344112c1853cab09f52e1cd9abaf2
        Validity
            Not Before: Aug 17 07:12:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b61243bb28da151b0af33132fd5030b249e3d549
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:b1:da:75:b8:2b:a8:a0:55:c7:e6:e1:4a:f3:
                    58:14:1d:b8:e9:49:4a:28:2e:dd:e1:e0:c4:d4:2e:
                    31:79:4f:bd:22:7e:85:79:e4:78:7c:73:4b:0b:25:
                    6f:74:ce:81:38:1a:b7:9d:c8:0b:d9:be:b6:1d:dc:
                    8a:b4:1b:52:88:21:4f:4e:1b:52:6f:86:a6:d2:1d:
                    5a:29:7b:f0:80:83:db:a1:99:13:15:b1:2f:ab:2a:
                    d6:54:52:85:d9:6a:bf:f0:fc:00:87:33:60:85:16:
                    ad:9c:c5:18:7f:f0:38:1f:a9:62:d5:4e:08:31:98:
                    ef:41:96:4c:20:59:dc:5c:55:4d:8f:10:e1:10:b1:
                    c0:34:3a:6c:55:6d:cd:45:17:25:fa:86:a3:05:31:
                    e1:63:c6:4f:c2:8f:b9:ce:bc:21:bb:58:bd:c0:f2:
                    55:a5:c1:87:87:77:d9:fe:51:cd:ef:34:2c:12:a5:
                    a5:b5:d2:87:24:08:6a:a1:92:03:63:b8:11:14:ce:
                    61:6b:af:f5:e7:43:d7:26:12:0b:f6:67:ed:df:9c:
                    9f:67:87:a7:77:d9:f4:5f:a1:0f:52:50:a9:c3:d3:
                    77:8b:62:9f:68:c9:26:68:9d:fd:55:50:49:11:fb:
                    b3:6b:27:f1:6b:7a:f2:28:0d:44:4f:30:5e:92:ae:
                    1e:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:12:43:BB:28:DA:15:1B:0A:F3:31:32:FD:50:30:B2:49:E3:D5:49
            X509v3 Authority Key Identifier:
                keyid:AF:B4:E0:4A:0E:D3:44:11:2C:18:53:CA:B0:9F:52:E1:CD:9A:BA:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r7TgSg7TRBEsGFPKsJ9S4c2auvI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/19f2e6-1bf3-4f7a-8817-8095f3297179/1/thJDuyjaFRsK8zEy_VAwsknj1Uk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/19f2e6-1bf3-4f7a-8817-8095f3297179/1/r7TgSg7TRBEsGFPKsJ9S4c2auvI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.163.211.0/24
                  81.163.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:8a:c0:25:58:59:ea:b0:03:59:1b:38:cb:17:67:0b:67:db:
         e4:45:de:08:9f:60:59:f2:8b:00:c6:a6:18:e0:68:64:c3:6d:
         37:59:55:87:62:79:cd:c7:96:f2:73:c1:d6:ed:67:0c:0f:d4:
         29:b2:3b:f1:73:02:d6:d0:21:86:98:e1:f4:b3:18:85:98:db:
         ed:85:04:3b:fe:8d:f0:83:27:4e:a1:46:d2:62:6e:7d:88:77:
         e5:94:0f:a7:8e:d2:49:0b:a6:2b:57:1d:ad:32:19:0b:0c:53:
         40:20:a6:4f:ed:a5:cc:df:2d:1c:4f:f1:6c:c1:29:50:e1:3d:
         23:48:39:2b:b6:20:51:15:f3:b7:67:9b:96:d9:00:e6:77:13:
         bc:92:18:87:0a:cc:c0:e6:d9:59:c9:be:3c:33:f8:6e:15:bb:
         b1:db:bd:a5:6a:60:ae:27:b7:eb:b6:54:9b:a4:ca:2c:66:94:
         bf:0f:94:be:d7:6c:a1:ac:cb:98:52:53:62:46:3b:2f:1d:28:
         e3:02:58:27:a4:7a:c1:07:0a:d5:7d:81:6b:3b:9b:8d:de:d4:
         33:90:84:88:e9:43:e8:47:36:0e:b8:0a:60:61:10:00:fb:dd:
         50:e6:fe:cb:d3:00:61:20:96:c0:e0:da:1a:77:55:69:e6:e1:
         20:f6:cb:47
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZFfLjfKjIiZ+lksaG9/v4PNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmYjRlMDRhMGVkMzQ0MTEyYzE4NTNjYWIwOWY1MmUxY2Q5
YWJhZjIwHhcNMjQwODE3MDcxMjMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjEyNDNiYjI4ZGExNTFiMGFmMzMxMzJmZDUwMzBiMjQ5ZTNkNTQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqbHadbgrqKBVx+bhSvNYFB246UlK
KC7d4eDE1C4xeU+9In6FeeR4fHNLCyVvdM6BOBq3ncgL2b62HdyKtBtSiCFPThtS
b4am0h1aKXvwgIPboZkTFbEvqyrWVFKF2Wq/8PwAhzNghRatnMUYf/A4H6li1U4I
MZjvQZZMIFncXFVNjxDhELHANDpsVW3NRRcl+oajBTHhY8ZPwo+5zrwhu1i9wPJV
pcGHh3fZ/lHN7zQsEqWltdKHJAhqoZIDY7gRFM5ha6/150PXJhIL9mft35yfZ4en
d9n0X6EPUlCpw9N3i2KfaMkmaJ39VVBJEfuzayfxa3ryKA1ETzBekq4eBQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLYSQ7so2hUbCvMxMv1QMLJJ49VJMB8GA1UdIwQY
MBaAFK+04EoO00QRLBhTyrCfUuHNmrryMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjdUZ1NnN1RSQkVzR0ZQS3NKOVM0YzJhdXZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy8xOWYyZTYtMWJmMy00ZjdhLTg4MTct
ODA5NWYzMjk3MTc5LzEvdGhKRHV5amFGUnNLOHpFeV9WQXdza25qMVVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy8xOWYyZTYtMWJmMy00ZjdhLTg4MTctODA5NWYzMjk3MTc5
LzEvcjdUZ1NnN1RSQkVzR0ZQS3NKOVM0YzJhdXZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUaPTAwQA
UaPWMA0GCSqGSIb3DQEBCwUAA4IBAQBnisAlWFnqsANZGzjLF2cLZ9vkRd4In2BZ
8osAxqYY4Ghkw203WVWHYnnNx5byc8HW7WcMD9QpsjvxcwLW0CGGmOH0sxiFmNvt
hQQ7/o3wgydOoUbSYm59iHfllA+njtJJC6YrVx2tMhkLDFNAIKZP7aXM3y0cT/Fs
wSlQ4T0jSDkrtiBRFfO3Z5uW2QDmdxO8khiHCszA5tlZyb48M/huFbux272lamCu
J7frtlSbpMosZpS/D5S+12yhrMuYUlNiRjsvHSjjAlgnpHrBBwrVfYFrO5uN3tQz
kISI6UPoRzYOuApgYRAA+91Q5v7L0wBhIJbA4Noad1Vp5uEg9stH
-----END CERTIFICATE-----