Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/ciVxkeVphk7IAvdQ29VnTVmXsBE.roa
File:                     ciVxkeVphk7IAvdQ29VnTVmXsBE.roa (raw, json)
Hash identifier:          oDRh7BWSl9XnB6+05kPBLgyHYFESy3NeTW1/pyHj7m8=
Subject key identifier:   72:25:71:91:E5:69:86:4E:C8:02:F7:50:DB:D5:67:4D:59:97:B0:11
Certificate issuer:       /CN=5da432a4ec3b0ac4ca4e4ecec0e9f4d46b497af0
Certificate serial:       018CCA2AA0722B0F854D073EA0579AE423A7
Authority key identifier: 5D:A4:32:A4:EC:3B:0A:C4:CA:4E:4E:CE:C0:E9:F4:D4:6B:49:7A:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XaQypOw7CsTKTk7OwOn01GtJevA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/ciVxkeVphk7IAvdQ29VnTVmXsBE.roa
Signing time:             Tue 02 Jan 2024 12:34:00 +0000
ROA not before:           Tue 02 Jan 2024 12:34:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207353
IP address blocks:        77.220.216.0/21 maxlen: 24
                          185.62.100.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/XaQypOw7CsTKTk7OwOn01GtJevA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/XaQypOw7CsTKTk7OwOn01GtJevA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XaQypOw7CsTKTk7OwOn01GtJevA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:a0:72:2b:0f:85:4d:07:3e:a0:57:9a:e4:23:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5da432a4ec3b0ac4ca4e4ecec0e9f4d46b497af0
        Validity
            Not Before: Jan  2 12:34:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=72257191e569864ec802f750dbd5674d5997b011
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:43:94:1e:40:4a:c0:7f:8f:fa:d6:28:83:8f:
                    7a:f2:3e:9a:b8:14:7c:10:2f:ca:d8:68:67:01:56:
                    38:bf:51:99:c7:87:a0:b0:13:77:a4:78:a8:96:74:
                    a9:5e:45:be:85:08:43:ff:55:47:7c:ae:cd:a0:fd:
                    a1:ff:92:8b:be:0b:ce:1a:1a:79:7d:02:66:88:bc:
                    5a:56:5d:2f:5c:4c:12:74:1b:08:2a:45:d5:39:6c:
                    aa:01:91:ec:ec:86:7e:7a:7d:5c:2f:94:8e:a6:02:
                    75:bf:25:04:8e:10:9f:dd:a6:b0:19:4b:52:fa:2b:
                    55:e2:ed:56:80:e8:1e:28:8c:e9:5f:f3:67:68:1b:
                    11:71:ce:a7:c0:8a:53:f9:1e:a4:6b:66:10:26:b3:
                    ba:85:d7:04:90:a6:0d:b4:3c:7a:dc:d6:ee:44:ef:
                    0a:45:9b:9d:90:d2:9e:45:ef:0c:d6:e7:f5:7b:bd:
                    ad:18:dc:cf:d7:e8:83:0f:5e:d8:93:9f:52:cd:23:
                    7d:e3:90:14:e7:a7:b1:44:70:ef:c4:d1:28:9d:39:
                    0e:37:3d:06:f8:e1:ce:60:1c:04:a8:9c:f2:99:89:
                    a0:21:f3:da:33:68:38:bc:60:e8:03:30:21:57:a2:
                    1c:3f:65:3e:90:79:d5:6b:42:aa:e3:09:e7:46:e4:
                    19:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:25:71:91:E5:69:86:4E:C8:02:F7:50:DB:D5:67:4D:59:97:B0:11
            X509v3 Authority Key Identifier:
                keyid:5D:A4:32:A4:EC:3B:0A:C4:CA:4E:4E:CE:C0:E9:F4:D4:6B:49:7A:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaQypOw7CsTKTk7OwOn01GtJevA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/ciVxkeVphk7IAvdQ29VnTVmXsBE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/XaQypOw7CsTKTk7OwOn01GtJevA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.220.216.0/21
                  185.62.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:da:64:c7:9d:b9:08:28:fd:b3:e3:db:15:ed:e4:00:a3:1b:
         63:32:32:85:b1:e5:26:2a:ea:39:14:fd:0e:81:0b:28:10:f6:
         6b:c1:46:f1:65:6d:46:71:09:f4:ab:a9:40:70:08:cf:56:32:
         9c:ea:b2:74:25:30:97:81:f2:d9:2a:3c:88:e9:73:ea:a9:89:
         62:9e:9f:0c:01:8f:29:8e:2f:46:2e:9b:d7:81:a8:c2:d4:3e:
         fe:3e:02:a1:73:97:ea:f8:a0:49:42:08:cc:c7:a3:8e:07:f9:
         ac:dc:0b:36:7c:d9:c0:48:39:f7:a6:9f:79:55:64:19:7b:5a:
         56:f6:19:73:8e:59:b9:e6:56:20:75:70:08:64:65:0c:c6:d2:
         7a:6b:45:d0:ed:d1:1e:66:9e:a9:39:1b:af:ac:5a:51:c6:d9:
         85:e3:67:b8:d3:d8:a4:5a:87:a3:5e:a1:e9:44:12:18:c3:53:
         9f:c0:8b:b3:1f:fe:99:29:1d:06:e1:97:1c:08:01:22:bb:b4:
         83:e5:04:1f:86:c8:69:bd:7d:bb:81:de:07:b6:12:bd:50:3a:
         db:9c:c6:c2:0f:70:fc:74:2d:cf:c9:a0:90:ec:91:1a:ea:c2:
         f8:7d:72:04:7a:11:59:65:e1:b4:6a:ac:16:f4:e7:c0:a2:df:
         e7:08:c9:fa
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKKqByKw+FTQc+oFea5COnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkYTQzMmE0ZWMzYjBhYzRjYTRlNGVjZWMwZTlmNGQ0NmI0
OTdhZjAwHhcNMjQwMTAyMTIzNDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjI1NzE5MWU1Njk4NjRlYzgwMmY3NTBkYmQ1Njc0ZDU5OTdiMDExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhkOUHkBKwH+P+tYog4968j6auBR8
EC/K2GhnAVY4v1GZx4egsBN3pHiolnSpXkW+hQhD/1VHfK7NoP2h/5KLvgvOGhp5
fQJmiLxaVl0vXEwSdBsIKkXVOWyqAZHs7IZ+en1cL5SOpgJ1vyUEjhCf3aawGUtS
+itV4u1WgOgeKIzpX/NnaBsRcc6nwIpT+R6ka2YQJrO6hdcEkKYNtDx63NbuRO8K
RZudkNKeRe8M1uf1e72tGNzP1+iDD17Yk59SzSN945AU56exRHDvxNEonTkONz0G
+OHOYBwEqJzymYmgIfPaM2g4vGDoAzAhV6IcP2U+kHnVa0Kq4wnnRuQZ3QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHIlcZHlaYZOyAL3UNvVZ01Zl7ARMB8GA1UdIwQY
MBaAFF2kMqTsOwrEyk5OzsDp9NRrSXrwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGFReXBPdzdDc1RLVGs3T3dPbjAxR3RKZXZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85ZTg0N2YtNDE0Ni00NTY2LThjM2Ut
MWJhNTQzZWVhZWQ3LzEvY2lWeGtlVnBoazdJQXZkUTI5Vm5UVm1Yc0JFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85ZTg0N2YtNDE0Ni00NTY2LThjM2UtMWJhNTQzZWVhZWQ3
LzEvWGFReXBPdzdDc1RLVGs3T3dPbjAxR3RKZXZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDTdzYAwQA
uT5kMA0GCSqGSIb3DQEBCwUAA4IBAQB82mTHnbkIKP2z49sV7eQAoxtjMjKFseUm
Kuo5FP0OgQsoEPZrwUbxZW1GcQn0q6lAcAjPVjKc6rJ0JTCXgfLZKjyI6XPqqYli
np8MAY8pji9GLpvXgajC1D7+PgKhc5fq+KBJQgjMx6OOB/ms3As2fNnASDn3pp95
VWQZe1pW9hlzjlm55lYgdXAIZGUMxtJ6a0XQ7dEeZp6pORuvrFpRxtmF42e409ik
WoejXqHpRBIYw1OfwIuzH/6ZKR0G4ZccCAEiu7SD5QQfhshpvX27gd4HthK9UDrb
nMbCD3D8dC3PyaCQ7JEa6sL4fXIEehFZZeG0aqwW9OfAot/nCMn6
-----END CERTIFICATE-----