Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/W3embmPidGjM40yP8wnfgaEwkWA.roa
File:                     W3embmPidGjM40yP8wnfgaEwkWA.roa (raw, json)
Hash identifier:          MUZikKTuTLVgfrVyiP94SzJd2z8LuwWnXjqjkeWcrfg=
Subject key identifier:   5B:77:A6:6E:63:E2:74:68:CC:E3:4C:8F:F3:09:DF:81:A1:30:91:60
Certificate issuer:       /CN=1b2c219f3c297b775880c3b651a2003f9be6de5e
Certificate serial:       0194236A00CC50EBE22A901D7904B5562440
Authority key identifier: 1B:2C:21:9F:3C:29:7B:77:58:80:C3:B6:51:A2:00:3F:9B:E6:DE:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gywhnzwpe3dYgMO2UaIAP5vm3l4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/W3embmPidGjM40yP8wnfgaEwkWA.roa
Signing time:             Wed 01 Jan 2025 19:48:57 +0000
ROA not before:           Wed 01 Jan 2025 19:48:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216024
IP address blocks:        77.221.145.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/Gywhnzwpe3dYgMO2UaIAP5vm3l4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/Gywhnzwpe3dYgMO2UaIAP5vm3l4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gywhnzwpe3dYgMO2UaIAP5vm3l4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 09:01:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:00:cc:50:eb:e2:2a:90:1d:79:04:b5:56:24:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b2c219f3c297b775880c3b651a2003f9be6de5e
        Validity
            Not Before: Jan  1 19:48:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5b77a66e63e27468cce34c8ff309df81a1309160
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:aa:12:44:a8:04:9e:49:7c:0b:f3:dd:48:f2:
                    6f:f3:e4:81:c7:a9:f1:59:57:1d:76:31:3b:2b:5d:
                    1f:68:2c:3f:c2:e6:5b:ca:89:bb:4c:10:3b:18:58:
                    af:2f:11:80:8a:26:a5:fe:51:02:f2:9e:96:c2:55:
                    0a:71:ca:cb:4e:03:70:a1:b8:b1:1f:1d:76:36:d7:
                    a0:15:7c:91:57:49:a9:0e:6a:00:e5:d8:97:44:1c:
                    1b:2e:75:52:af:8d:2f:95:c8:4f:d0:bb:16:1a:bc:
                    04:07:fd:b0:fb:29:5d:e9:d4:a8:2b:8a:06:7a:c1:
                    6a:5b:93:9f:2d:18:92:3a:ac:4f:23:73:c1:42:64:
                    ec:39:7e:35:0a:0a:f2:05:21:6b:79:05:9b:c4:bb:
                    2e:56:aa:a7:84:92:23:0d:2c:48:da:ea:21:b6:68:
                    24:76:e7:1f:7e:e3:50:98:91:9c:2f:73:72:e9:8c:
                    cb:46:85:4b:7d:8b:3e:31:03:77:0a:92:32:eb:64:
                    6f:1a:c5:6f:2b:19:3b:54:06:14:c2:33:45:ba:1c:
                    04:be:fe:8d:c6:ad:9b:5f:ad:92:73:b9:b7:81:ba:
                    fe:58:49:c5:6d:df:36:2f:b2:ad:79:c4:47:8f:3a:
                    48:8f:5e:34:01:8f:93:90:1f:ac:43:b4:90:b6:c6:
                    c4:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:77:A6:6E:63:E2:74:68:CC:E3:4C:8F:F3:09:DF:81:A1:30:91:60
            X509v3 Authority Key Identifier:
                keyid:1B:2C:21:9F:3C:29:7B:77:58:80:C3:B6:51:A2:00:3F:9B:E6:DE:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gywhnzwpe3dYgMO2UaIAP5vm3l4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/W3embmPidGjM40yP8wnfgaEwkWA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/Gywhnzwpe3dYgMO2UaIAP5vm3l4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.221.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:17:de:4d:3b:57:3d:22:93:75:1a:38:80:bd:fa:7a:cb:a3:
         06:20:34:ba:d9:fb:ef:eb:d9:8f:0b:c9:cc:d2:84:f1:da:7c:
         b5:a6:91:1a:75:ba:f9:29:8b:ab:ca:ee:45:bf:b4:8b:5e:0b:
         32:13:be:a8:88:1c:1f:2d:45:ba:9e:64:8f:ee:8a:38:90:04:
         e6:32:3f:c9:5a:5a:fe:f9:27:42:8d:ec:c3:61:24:de:ee:86:
         c7:5f:dc:46:c8:eb:e5:ef:42:56:cc:82:5c:4d:4f:77:17:aa:
         82:e5:57:fc:e3:da:10:2c:9e:62:6f:14:a8:bb:96:24:e3:85:
         db:62:4a:08:78:e5:52:73:f4:44:b2:73:f0:35:d7:62:02:23:
         c7:dd:a8:8f:fa:91:5e:47:a2:79:40:bc:df:9d:5a:4d:b5:fc:
         2c:83:8a:92:fc:60:9f:2b:71:25:ac:08:f9:c2:01:19:f4:cb:
         17:9a:cb:f6:8a:8e:58:a6:f7:35:ad:d7:cc:3d:2d:c1:f6:ac:
         a0:1b:b6:74:73:e2:af:f5:26:83:8e:6e:8a:56:55:37:93:41:
         38:ae:f0:c0:8c:5b:fc:b7:85:e7:55:41:97:1a:1e:de:f4:e3:
         34:e5:4c:77:06:4c:33:d7:47:f3:49:f7:90:38:35:45:49:d7:
         10:4a:fa:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjagDMUOviKpAdeQS1ViRAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMmMyMTlmM2MyOTdiNzc1ODgwYzNiNjUxYTIwMDNmOWJl
NmRlNWUwHhcNMjUwMTAxMTk0ODU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Yjc3YTY2ZTYzZTI3NDY4Y2NlMzRjOGZmMzA5ZGY4MWExMzA5MTYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuKoSRKgEnkl8C/PdSPJv8+SBx6nx
WVcddjE7K10faCw/wuZbyom7TBA7GFivLxGAiial/lEC8p6WwlUKccrLTgNwobix
Hx12NtegFXyRV0mpDmoA5diXRBwbLnVSr40vlchP0LsWGrwEB/2w+yld6dSoK4oG
esFqW5OfLRiSOqxPI3PBQmTsOX41CgryBSFreQWbxLsuVqqnhJIjDSxI2uohtmgk
ducffuNQmJGcL3Ny6YzLRoVLfYs+MQN3CpIy62RvGsVvKxk7VAYUwjNFuhwEvv6N
xq2bX62Sc7m3gbr+WEnFbd82L7KtecRHjzpIj140AY+TkB+sQ7SQtsbENwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFt3pm5j4nRozONMj/MJ34GhMJFgMB8GA1UdIwQY
MBaAFBssIZ88KXt3WIDDtlGiAD+b5t5eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3l3aG56d3BlM2RZZ01PMlVhSUFQNXZtM2w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi9iMTFhNDAtNDhlOS00ZTA2LWJmMTEt
OTJjODFmMjJlNzEyLzEvVzNlbWJtUGlkR2pNNDB5UDh3bmZnYUV3a1dBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi9iMTFhNDAtNDhlOS00ZTA2LWJmMTEtOTJjODFmMjJlNzEy
LzEvR3l3aG56d3BlM2RZZ01PMlVhSUFQNXZtM2w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATd2RMA0G
CSqGSIb3DQEBCwUAA4IBAQBKF95NO1c9IpN1GjiAvfp6y6MGIDS62fvv69mPC8nM
0oTx2ny1ppEadbr5KYuryu5Fv7SLXgsyE76oiBwfLUW6nmSP7oo4kATmMj/JWlr+
+SdCjezDYSTe7obHX9xGyOvl70JWzIJcTU93F6qC5Vf849oQLJ5ibxSou5Yk44Xb
YkoIeOVSc/REsnPwNddiAiPH3aiP+pFeR6J5QLzfnVpNtfwsg4qS/GCfK3ElrAj5
wgEZ9MsXmsv2io5Ypvc1rdfMPS3B9qygG7Z0c+Kv9SaDjm6KVlU3k0E4rvDAjFv8
t4XnVUGXGh7e9OM05Ux3Bkwz10fzSfeQODVFSdcQSvri
-----END CERTIFICATE-----