Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/8eda9a-d13c-4430-8cf4-57ec12e8641e/1/Xc77nOZFw1uoO06GdpYii_vECtY.roa
File:                     Xc77nOZFw1uoO06GdpYii_vECtY.roa (raw, json)
Hash identifier:          tT3mpiy3vobBovPeVkyWYXW9iQfSLh0nCunNyn4d2/k=
Subject key identifier:   5D:CE:FB:9C:E6:45:C3:5B:A8:3B:4E:86:76:96:22:8B:FB:C4:0A:D6
Certificate issuer:       /CN=a499903dab85f6a59772b3edfd4bf0e491af57c4
Certificate serial:       018CC26D741F41A76B62761EBB1B504FA774
Authority key identifier: A4:99:90:3D:AB:85:F6:A5:97:72:B3:ED:FD:4B:F0:E4:91:AF:57:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pJmQPauF9qWXcrPt_Uvw5JGvV8Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/8eda9a-d13c-4430-8cf4-57ec12e8641e/1/Xc77nOZFw1uoO06GdpYii_vECtY.roa
Signing time:             Mon 01 Jan 2024 00:30:02 +0000
ROA not before:           Mon 01 Jan 2024 00:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211286
IP address blocks:        141.39.220.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/8eda9a-d13c-4430-8cf4-57ec12e8641e/1/pJmQPauF9qWXcrPt_Uvw5JGvV8Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/8eda9a-d13c-4430-8cf4-57ec12e8641e/1/pJmQPauF9qWXcrPt_Uvw5JGvV8Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pJmQPauF9qWXcrPt_Uvw5JGvV8Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 19:02:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:74:1f:41:a7:6b:62:76:1e:bb:1b:50:4f:a7:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a499903dab85f6a59772b3edfd4bf0e491af57c4
        Validity
            Not Before: Jan  1 00:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5dcefb9ce645c35ba83b4e867696228bfbc40ad6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:b4:9f:d0:50:b4:29:69:ad:0e:e5:43:c9:7d:
                    ea:46:fe:e6:99:fb:df:7b:db:31:3d:24:24:03:48:
                    75:df:c3:b9:45:c7:09:4f:fa:67:37:c8:9b:75:0f:
                    2b:de:82:da:70:13:00:b0:c2:d5:dd:c1:c7:06:8b:
                    fa:ae:db:f4:18:a4:d1:ef:c8:f7:37:71:74:f6:f2:
                    a2:f4:5f:ec:39:4c:3b:af:e5:81:fe:e2:b3:36:bd:
                    36:c0:47:ff:e1:72:e2:d6:0b:4e:ae:97:91:a3:f4:
                    f5:8b:1f:ea:c5:92:05:69:1c:f4:21:60:ce:10:ce:
                    11:b0:9c:9e:f8:18:ef:2f:ff:fe:6e:81:df:b2:72:
                    88:5d:fc:0e:0c:8e:9d:fd:3a:54:12:8a:01:9a:37:
                    2e:b2:d8:ea:19:64:81:a0:09:33:98:28:27:f6:fd:
                    1b:9e:8e:33:0b:61:77:ce:9a:82:e9:bc:e9:7d:2f:
                    14:21:06:da:77:47:1c:71:a2:a7:e4:75:bf:a5:10:
                    06:5a:f8:3c:69:7c:ab:75:26:22:59:42:9c:e2:e6:
                    7d:24:41:1d:34:aa:67:e2:f4:e6:6f:cd:90:67:b9:
                    09:86:74:98:4b:82:87:cf:c1:2e:dd:27:1d:92:b9:
                    9f:e5:a8:b5:28:72:e6:a0:15:28:49:a0:c4:e7:c5:
                    d6:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:CE:FB:9C:E6:45:C3:5B:A8:3B:4E:86:76:96:22:8B:FB:C4:0A:D6
            X509v3 Authority Key Identifier:
                keyid:A4:99:90:3D:AB:85:F6:A5:97:72:B3:ED:FD:4B:F0:E4:91:AF:57:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pJmQPauF9qWXcrPt_Uvw5JGvV8Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/8eda9a-d13c-4430-8cf4-57ec12e8641e/1/Xc77nOZFw1uoO06GdpYii_vECtY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/8eda9a-d13c-4430-8cf4-57ec12e8641e/1/pJmQPauF9qWXcrPt_Uvw5JGvV8Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.39.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         40:b6:3c:e4:ed:a5:2a:d1:25:6e:03:45:bc:96:55:2d:92:56:
         cd:de:63:fb:c9:67:78:57:42:61:dc:f4:00:89:cc:1d:53:1d:
         9c:fa:16:92:4e:de:99:c9:f5:01:fc:dd:6c:6a:a1:91:ee:8b:
         9e:c1:f9:eb:e5:17:d5:4c:6e:ad:8f:12:71:bc:e0:f1:ad:92:
         21:9c:b2:61:27:e9:31:68:11:6d:3e:a3:cd:0e:a9:26:a9:db:
         66:34:1e:ac:c9:10:73:2a:f6:d6:31:02:af:3e:a6:13:ce:11:
         d9:b6:74:0d:cb:ec:c0:93:a4:e7:58:d8:5b:96:07:54:78:be:
         9b:06:96:96:f6:fa:0b:b2:68:ec:46:8b:b5:8e:59:90:2d:66:
         69:5e:49:cc:55:1c:67:1f:9e:19:a9:6c:c5:be:4d:ec:fa:8d:
         23:02:b2:10:5a:77:4d:43:bd:32:df:31:5d:4a:e7:a0:d2:a9:
         77:75:b4:c2:83:a2:a0:c3:7e:b6:96:42:17:1b:8b:5e:5f:74:
         60:56:63:02:b3:c4:27:1c:1d:b3:9a:88:46:d7:56:5a:43:3d:
         97:53:e6:e6:b8:d8:90:e9:f9:3d:61:64:fc:31:7a:1a:c3:df:
         c5:a7:80:a4:6a:b8:6c:52:fb:a0:71:38:fb:db:f7:40:3d:b6:
         f2:ea:f5:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbXQfQadrYnYeuxtQT6d0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0OTk5MDNkYWI4NWY2YTU5NzcyYjNlZGZkNGJmMGU0OTFh
ZjU3YzQwHhcNMjQwMTAxMDAzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGNlZmI5Y2U2NDVjMzViYTgzYjRlODY3Njk2MjI4YmZiYzQwYWQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlLSf0FC0KWmtDuVDyX3qRv7mmfvf
e9sxPSQkA0h138O5RccJT/pnN8ibdQ8r3oLacBMAsMLV3cHHBov6rtv0GKTR78j3
N3F09vKi9F/sOUw7r+WB/uKzNr02wEf/4XLi1gtOrpeRo/T1ix/qxZIFaRz0IWDO
EM4RsJye+BjvL//+boHfsnKIXfwODI6d/TpUEooBmjcustjqGWSBoAkzmCgn9v0b
no4zC2F3zpqC6bzpfS8UIQbad0cccaKn5HW/pRAGWvg8aXyrdSYiWUKc4uZ9JEEd
NKpn4vTmb82QZ7kJhnSYS4KHz8Eu3Scdkrmf5ai1KHLmoBUoSaDE58XWCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF3O+5zmRcNbqDtOhnaWIov7xArWMB8GA1UdIwQY
MBaAFKSZkD2rhfall3Kz7f1L8OSRr1fEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcEptUVBhdUY5cVdYY3JQdF9Vdnc1Skd2VjhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC84ZWRhOWEtZDEzYy00NDMwLThjZjQt
NTdlYzEyZTg2NDFlLzEvWGM3N25PWkZ3MXVvTzA2R2RwWWlpX3ZFQ3RZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC84ZWRhOWEtZDEzYy00NDMwLThjZjQtNTdlYzEyZTg2NDFl
LzEvcEptUVBhdUY5cVdYY3JQdF9Vdnc1Skd2VjhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCjSfcMA0G
CSqGSIb3DQEBCwUAA4IBAQBAtjzk7aUq0SVuA0W8llUtklbN3mP7yWd4V0Jh3PQA
icwdUx2c+haSTt6ZyfUB/N1saqGR7ouewfnr5RfVTG6tjxJxvODxrZIhnLJhJ+kx
aBFtPqPNDqkmqdtmNB6syRBzKvbWMQKvPqYTzhHZtnQNy+zAk6TnWNhblgdUeL6b
BpaW9voLsmjsRou1jlmQLWZpXknMVRxnH54ZqWzFvk3s+o0jArIQWndNQ70y3zFd
Sueg0ql3dbTCg6Kgw362lkIXG4teX3RgVmMCs8QnHB2zmohG11ZaQz2XU+bmuNiQ
6fk9YWT8MXoaw9/Fp4CkarhsUvugcTj72/dAPbby6vUR
-----END CERTIFICATE-----