Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/77217d-814b-486a-8ef2-fe0333ed005f/1/3WkaDYGNtPPN-dUa8K7sKEALdLw.roa
File:                     3WkaDYGNtPPN-dUa8K7sKEALdLw.roa (raw, json)
Hash identifier:          8KwEBCwEhUE00O15KXiEfWfulpY0ISXuomKlDnNVOjY=
Subject key identifier:   DD:69:1A:0D:81:8D:B4:F3:CD:F9:D5:1A:F0:AE:EC:28:40:0B:74:BC
Certificate issuer:       /CN=7302cdc29fdca09e9a0f3f7d2113da85a7e1d654
Certificate serial:       018CC9BC3004B13E10BEF663870E5138D639
Authority key identifier: 73:02:CD:C2:9F:DC:A0:9E:9A:0F:3F:7D:21:13:DA:85:A7:E1:D6:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cwLNwp_coJ6aDz99IRPahafh1lQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/77217d-814b-486a-8ef2-fe0333ed005f/1/3WkaDYGNtPPN-dUa8K7sKEALdLw.roa
Signing time:             Tue 02 Jan 2024 10:33:22 +0000
ROA not before:           Tue 02 Jan 2024 10:33:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51540
IP address blocks:        77.223.146.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/77217d-814b-486a-8ef2-fe0333ed005f/1/cwLNwp_coJ6aDz99IRPahafh1lQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/77217d-814b-486a-8ef2-fe0333ed005f/1/cwLNwp_coJ6aDz99IRPahafh1lQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cwLNwp_coJ6aDz99IRPahafh1lQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:30:04:b1:3e:10:be:f6:63:87:0e:51:38:d6:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7302cdc29fdca09e9a0f3f7d2113da85a7e1d654
        Validity
            Not Before: Jan  2 10:33:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dd691a0d818db4f3cdf9d51af0aeec28400b74bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:74:e7:9e:24:7d:fe:13:0c:cd:e0:7e:d0:af:
                    23:34:17:c3:94:e9:46:db:34:74:ff:23:80:38:e7:
                    23:6c:18:41:3a:fb:c8:b5:85:5c:d0:a6:ed:49:65:
                    82:5a:ae:66:46:e2:d9:86:64:b3:8e:98:6c:37:6f:
                    ce:69:39:d4:c8:09:f2:86:71:10:50:a2:b1:68:22:
                    fc:04:0e:11:0a:2a:d3:b1:2c:84:a6:25:91:2c:5b:
                    ec:fc:a6:a9:d6:29:17:19:e3:e6:1b:60:cd:f1:91:
                    ee:95:85:20:f1:8f:48:d8:18:65:c5:fb:34:ba:45:
                    d2:23:48:d8:28:a0:c8:49:ab:a7:f4:2d:cb:c9:18:
                    b2:4a:f0:80:26:66:15:f4:67:41:8e:82:3d:dd:16:
                    a8:76:ee:52:df:19:2f:a5:a3:ad:81:5d:42:2d:ef:
                    c9:3b:1c:e8:3c:91:3a:72:8b:0d:97:c1:78:d5:1f:
                    a1:2e:0c:4b:91:51:f7:cf:c0:fe:83:55:36:0e:a5:
                    58:42:f6:56:4b:0f:55:b1:32:19:4d:48:4a:38:ec:
                    e5:d0:4b:0f:b7:81:50:bf:a0:af:05:1c:cd:04:f7:
                    18:0a:9a:3e:57:e9:fb:8b:b1:dd:de:38:a2:6e:42:
                    c7:05:dd:82:49:50:9d:60:dc:32:be:d1:eb:94:cc:
                    42:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:69:1A:0D:81:8D:B4:F3:CD:F9:D5:1A:F0:AE:EC:28:40:0B:74:BC
            X509v3 Authority Key Identifier:
                keyid:73:02:CD:C2:9F:DC:A0:9E:9A:0F:3F:7D:21:13:DA:85:A7:E1:D6:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cwLNwp_coJ6aDz99IRPahafh1lQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/77217d-814b-486a-8ef2-fe0333ed005f/1/3WkaDYGNtPPN-dUa8K7sKEALdLw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/77217d-814b-486a-8ef2-fe0333ed005f/1/cwLNwp_coJ6aDz99IRPahafh1lQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.223.146.0/23

    Signature Algorithm: sha256WithRSAEncryption
         62:1e:3f:6f:99:f8:76:fb:57:60:dc:ce:f0:64:43:45:70:05:
         e8:fa:ea:3c:62:cc:79:6e:99:55:02:a5:66:6a:14:6f:08:15:
         b8:a3:19:b3:69:bc:19:6f:e2:6a:05:a4:22:1b:2b:df:14:13:
         d9:4d:26:4d:6a:d5:af:f3:10:6b:66:62:1a:52:d3:3a:db:79:
         f6:c9:c9:fd:40:a6:a9:a9:2b:5a:1a:0f:e5:ec:71:48:35:ea:
         fa:95:db:6a:27:32:2f:fe:8e:a3:27:3c:11:e5:45:47:af:6e:
         fd:32:c3:68:ff:ba:f2:2f:5a:1b:0f:6d:4a:98:cc:72:6c:e0:
         fc:93:49:f6:bc:55:00:8f:e9:06:a7:48:73:75:b9:e6:a1:b9:
         69:6f:48:5b:56:8b:d0:2d:1d:8d:e9:7b:8a:ea:3c:53:79:69:
         2a:06:bf:42:05:bf:93:c5:39:ff:f7:fd:d2:73:04:5c:0b:34:
         55:19:75:b4:da:31:3d:e9:fb:98:2d:42:d1:49:09:b5:fa:84:
         68:d0:5c:38:c9:c7:33:30:24:a8:66:8f:fb:1a:ff:c8:dd:ad:
         53:d8:32:d9:85:48:7e:72:16:08:9b:d3:41:79:3c:31:35:06:
         61:1f:8c:5a:bc:27:81:57:f9:68:d3:17:d1:14:63:16:65:60:
         e2:e3:20:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvDAEsT4QvvZjhw5RONY5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczMDJjZGMyOWZkY2EwOWU5YTBmM2Y3ZDIxMTNkYTg1YTdl
MWQ2NTQwHhcNMjQwMTAyMTAzMzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDY5MWEwZDgxOGRiNGYzY2RmOWQ1MWFmMGFlZWMyODQwMGI3NGJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm3TnniR9/hMMzeB+0K8jNBfDlOlG
2zR0/yOAOOcjbBhBOvvItYVc0KbtSWWCWq5mRuLZhmSzjphsN2/OaTnUyAnyhnEQ
UKKxaCL8BA4RCirTsSyEpiWRLFvs/Kap1ikXGePmG2DN8ZHulYUg8Y9I2Bhlxfs0
ukXSI0jYKKDISaun9C3LyRiySvCAJmYV9GdBjoI93Raodu5S3xkvpaOtgV1CLe/J
OxzoPJE6cosNl8F41R+hLgxLkVH3z8D+g1U2DqVYQvZWSw9VsTIZTUhKOOzl0EsP
t4FQv6CvBRzNBPcYCpo+V+n7i7Hd3jiibkLHBd2CSVCdYNwyvtHrlMxCfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN1pGg2BjbTzzfnVGvCu7ChAC3S8MB8GA1UdIwQY
MBaAFHMCzcKf3KCemg8/fSET2oWn4dZUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3dMTndwX2NvSjZhRHo5OUlSUGFoYWZoMWxRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC83NzIxN2QtODE0Yi00ODZhLThlZjIt
ZmUwMzMzZWQwMDVmLzEvM1drYURZR050UFBOLWRVYThLN3NLRUFMZEx3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC83NzIxN2QtODE0Yi00ODZhLThlZjItZmUwMzMzZWQwMDVm
LzEvY3dMTndwX2NvSjZhRHo5OUlSUGFoYWZoMWxRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBTd+SMA0G
CSqGSIb3DQEBCwUAA4IBAQBiHj9vmfh2+1dg3M7wZENFcAXo+uo8Ysx5bplVAqVm
ahRvCBW4oxmzabwZb+JqBaQiGyvfFBPZTSZNatWv8xBrZmIaUtM623n2ycn9QKap
qStaGg/l7HFINer6ldtqJzIv/o6jJzwR5UVHr279MsNo/7ryL1obD21KmMxybOD8
k0n2vFUAj+kGp0hzdbnmoblpb0hbVovQLR2N6XuK6jxTeWkqBr9CBb+TxTn/9/3S
cwRcCzRVGXW02jE96fuYLULRSQm1+oRo0Fw4ycczMCSoZo/7Gv/I3a1T2DLZhUh+
chYIm9NBeTwxNQZhH4xavCeBV/lo0xfRFGMWZWDi4yDB
-----END CERTIFICATE-----