Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/77c6fc-8a99-42f4-ac23-56c6a1031dbb/1/ko4Kpefc12El2UxbmWge4qcMZYA.roa
File:                     ko4Kpefc12El2UxbmWge4qcMZYA.roa (raw, json)
Hash identifier:          EeTlI9E/2clyBLKy3K32WRlp7Z5d12RmPhVQmqrbqE4=
Subject key identifier:   92:8E:0A:A5:E7:DC:D7:61:25:D9:4C:5B:99:68:1E:E2:A7:0C:65:80
Certificate issuer:       /CN=252cb35c3f56b2798ff61bd4d9a5ced0ee039fb0
Certificate serial:       018CC9BCFA4CFF4DFD55B4C24886B2142908
Authority key identifier: 25:2C:B3:5C:3F:56:B2:79:8F:F6:1B:D4:D9:A5:CE:D0:EE:03:9F:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JSyzXD9WsnmP9hvU2aXO0O4Dn7A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/77c6fc-8a99-42f4-ac23-56c6a1031dbb/1/ko4Kpefc12El2UxbmWge4qcMZYA.roa
Signing time:             Tue 02 Jan 2024 10:34:14 +0000
ROA not before:           Tue 02 Jan 2024 10:34:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41157
IP address blocks:        81.201.176.0/20 maxlen: 20
                          2a02:2218::/29 maxlen: 32
                          2a02:2218::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/77c6fc-8a99-42f4-ac23-56c6a1031dbb/1/JSyzXD9WsnmP9hvU2aXO0O4Dn7A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/77c6fc-8a99-42f4-ac23-56c6a1031dbb/1/JSyzXD9WsnmP9hvU2aXO0O4Dn7A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JSyzXD9WsnmP9hvU2aXO0O4Dn7A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 03:05:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:fa:4c:ff:4d:fd:55:b4:c2:48:86:b2:14:29:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=252cb35c3f56b2798ff61bd4d9a5ced0ee039fb0
        Validity
            Not Before: Jan  2 10:34:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=928e0aa5e7dcd76125d94c5b99681ee2a70c6580
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:4f:b3:81:e5:cd:26:04:8a:c9:2d:27:42:5e:
                    4b:dc:76:f6:61:e6:c9:e7:72:bb:2e:6c:18:6b:bc:
                    c5:2e:81:40:d6:41:59:e1:be:01:b3:9a:34:3c:0b:
                    48:73:bf:7f:11:d5:43:f5:7a:c1:36:a9:92:9a:8a:
                    02:d7:ac:71:4a:3e:e7:4e:af:76:d1:db:c2:bc:a5:
                    55:f2:b2:51:a4:a8:86:20:b5:c9:8b:4b:7c:d6:da:
                    de:95:dc:bc:f0:95:83:11:4d:0a:29:0f:09:b1:10:
                    da:ef:b9:aa:72:20:25:77:f0:fc:7b:e9:b1:9d:2d:
                    d1:0a:7b:9b:1e:b5:6b:2b:6c:1f:56:ca:6e:bf:7d:
                    12:36:82:0c:3b:b6:cb:ea:0c:72:ea:8b:21:38:06:
                    5b:12:4a:d2:71:9c:b2:22:34:9e:7f:56:a6:78:c7:
                    19:e8:a8:5f:f1:02:3a:f2:2b:66:eb:06:17:24:a7:
                    a5:d5:e0:3f:ae:bd:1a:1a:b7:2d:62:12:2f:9a:c4:
                    57:c3:19:35:c9:45:ec:b7:a5:84:24:14:f8:04:51:
                    22:27:b9:a4:d1:b0:ad:bd:52:70:50:a2:90:f8:ef:
                    79:23:31:c0:e4:1f:6c:4b:f8:24:8c:83:ba:6a:1a:
                    e1:c8:9e:32:40:ef:97:32:da:44:1c:85:51:96:10:
                    22:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:8E:0A:A5:E7:DC:D7:61:25:D9:4C:5B:99:68:1E:E2:A7:0C:65:80
            X509v3 Authority Key Identifier:
                keyid:25:2C:B3:5C:3F:56:B2:79:8F:F6:1B:D4:D9:A5:CE:D0:EE:03:9F:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JSyzXD9WsnmP9hvU2aXO0O4Dn7A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/77c6fc-8a99-42f4-ac23-56c6a1031dbb/1/ko4Kpefc12El2UxbmWge4qcMZYA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/77c6fc-8a99-42f4-ac23-56c6a1031dbb/1/JSyzXD9WsnmP9hvU2aXO0O4Dn7A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.201.176.0/20
                IPv6:
                  2a02:2218::/29

    Signature Algorithm: sha256WithRSAEncryption
         20:1e:1a:2e:e5:65:2e:87:67:fa:0a:6f:97:b2:bd:5b:7a:81:
         bb:2c:55:25:ad:2c:7f:af:ad:c4:10:e3:19:da:80:09:62:56:
         90:58:41:c9:66:7a:8b:46:1b:db:3b:73:eb:aa:78:33:33:a0:
         ed:d9:16:24:1f:e0:6d:62:a4:f5:10:95:e6:dc:28:59:80:46:
         c9:b0:55:b3:af:cd:26:67:ae:88:ed:44:fe:2a:8e:9c:08:a0:
         f6:5e:70:72:8d:8e:b3:08:61:05:1a:2c:c7:18:d5:cd:41:04:
         b1:14:b2:8d:7d:ed:29:c6:24:9d:39:fa:f2:4c:4e:ec:e5:c5:
         d9:c1:78:84:9b:04:14:93:36:68:85:41:a1:45:b6:a0:a2:70:
         a8:60:e6:27:ea:49:68:28:09:ff:66:b1:d4:94:e5:b7:bf:a1:
         55:44:ce:35:de:b6:3a:90:44:b8:e9:98:bb:82:d9:3f:72:dd:
         ec:7e:78:a2:65:58:f5:ce:1a:e6:9a:ba:32:ab:b5:b3:a3:1f:
         ba:50:0d:50:58:94:1b:74:0a:f9:97:89:4e:2f:9e:9c:50:9d:
         e0:36:a3:17:f4:84:d0:bd:37:56:82:0d:65:5f:64:7c:91:43:
         45:40:c1:36:c1:7c:3e:e3:ec:69:4a:68:da:c5:df:9f:1b:39:
         3c:b4:a0:da
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJvPpM/039VbTCSIayFCkIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1MmNiMzVjM2Y1NmIyNzk4ZmY2MWJkNGQ5YTVjZWQwZWUw
MzlmYjAwHhcNMjQwMTAyMTAzNDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjhlMGFhNWU3ZGNkNzYxMjVkOTRjNWI5OTY4MWVlMmE3MGM2NTgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApU+zgeXNJgSKyS0nQl5L3Hb2YebJ
53K7LmwYa7zFLoFA1kFZ4b4Bs5o0PAtIc79/EdVD9XrBNqmSmooC16xxSj7nTq92
0dvCvKVV8rJRpKiGILXJi0t81treldy88JWDEU0KKQ8JsRDa77mqciAld/D8e+mx
nS3RCnubHrVrK2wfVspuv30SNoIMO7bL6gxy6oshOAZbEkrScZyyIjSef1ameMcZ
6Khf8QI68itm6wYXJKel1eA/rr0aGrctYhIvmsRXwxk1yUXst6WEJBT4BFEiJ7mk
0bCtvVJwUKKQ+O95IzHA5B9sS/gkjIO6ahrhyJ4yQO+XMtpEHIVRlhAitwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJKOCqXn3NdhJdlMW5loHuKnDGWAMB8GA1UdIwQY
MBaAFCUss1w/VrJ5j/Yb1NmlztDuA5+wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlN5elhEOVdzbm1QOWh2VTJhWE8wTzREbjdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy83N2M2ZmMtOGE5OS00MmY0LWFjMjMt
NTZjNmExMDMxZGJiLzEva280S3BlZmMxMkVsMlV4Ym1XZ2U0cWNNWllBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy83N2M2ZmMtOGE5OS00MmY0LWFjMjMtNTZjNmExMDMxZGJi
LzEvSlN5elhEOVdzbm1QOWh2VTJhWE8wTzREbjdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQEUcmwMA0E
AgACMAcDBQMqAiIYMA0GCSqGSIb3DQEBCwUAA4IBAQAgHhou5WUuh2f6Cm+Xsr1b
eoG7LFUlrSx/r63EEOMZ2oAJYlaQWEHJZnqLRhvbO3PrqngzM6Dt2RYkH+BtYqT1
EJXm3ChZgEbJsFWzr80mZ66I7UT+Ko6cCKD2XnByjY6zCGEFGizHGNXNQQSxFLKN
fe0pxiSdOfryTE7s5cXZwXiEmwQUkzZohUGhRbagonCoYOYn6kloKAn/ZrHUlOW3
v6FVRM413rY6kES46Zi7gtk/ct3sfniiZVj1zhrmmroyq7Wzox+6UA1QWJQbdAr5
l4lOL56cUJ3gNqMX9ITQvTdWgg1lX2R8kUNFQME2wXw+4+xpSmjaxd+fGzk8tKDa
-----END CERTIFICATE-----