Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/0c6f47-4713-4471-b08f-a4213c93f1f7/1/d85kE3b0MrkxApHZgvgjJNksXAU.roa
File:                     d85kE3b0MrkxApHZgvgjJNksXAU.roa (raw, json)
Hash identifier:          meUuTyV+HklHIWap070pV2fmphtyo1+GuAaJzZRCDBE=
Subject key identifier:   77:CE:64:13:76:F4:32:B9:31:02:91:D9:82:F8:23:24:D9:2C:5C:05
Certificate issuer:       /CN=706d3abbb478b74ef2adef9bb7c4336e34111d51
Certificate serial:       0191763530AE34523B5238A97285212F2C3A
Authority key identifier: 70:6D:3A:BB:B4:78:B7:4E:F2:AD:EF:9B:B7:C4:33:6E:34:11:1D:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cG06u7R4t07yre-bt8QzbjQRHVE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/0c6f47-4713-4471-b08f-a4213c93f1f7/1/d85kE3b0MrkxApHZgvgjJNksXAU.roa
Signing time:             Wed 21 Aug 2024 18:31:22 +0000
ROA not before:           Wed 21 Aug 2024 18:31:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        45.157.139.0/24 maxlen: 24
                          178.211.136.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/0c6f47-4713-4471-b08f-a4213c93f1f7/1/cG06u7R4t07yre-bt8QzbjQRHVE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/0c6f47-4713-4471-b08f-a4213c93f1f7/1/cG06u7R4t07yre-bt8QzbjQRHVE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cG06u7R4t07yre-bt8QzbjQRHVE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:76:35:30:ae:34:52:3b:52:38:a9:72:85:21:2f:2c:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=706d3abbb478b74ef2adef9bb7c4336e34111d51
        Validity
            Not Before: Aug 21 18:31:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=77ce641376f432b9310291d982f82324d92c5c05
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:cc:25:de:5f:24:3e:ff:75:74:1c:1b:3d:2a:
                    b7:76:23:28:fb:10:1b:5a:b3:50:9a:7a:33:54:5d:
                    60:06:ca:87:aa:8d:db:38:b8:01:6d:7c:a7:32:18:
                    95:cc:95:82:07:d7:ca:38:11:32:00:2f:6c:ac:ab:
                    ed:58:47:33:2b:47:61:ad:52:0b:23:e6:72:4c:25:
                    33:29:3c:f0:ad:ff:34:31:78:5d:20:5a:3d:09:c9:
                    aa:7f:a5:be:58:77:3e:50:53:4d:22:ec:34:90:c7:
                    32:8d:04:91:f7:64:6c:60:49:2d:54:cf:31:33:7f:
                    ae:2f:1a:14:28:26:92:8a:ce:d9:ef:8d:27:49:96:
                    5e:4c:21:1d:7c:08:b5:16:82:f2:18:56:90:b9:ee:
                    2f:42:93:d0:7a:da:ef:50:e5:61:c0:7d:dc:11:fb:
                    fd:92:e1:69:57:83:5e:ee:ea:df:7d:6e:4c:c3:23:
                    0c:92:d4:57:52:6d:80:c0:01:1a:8f:18:85:58:7c:
                    3b:51:81:4d:a4:7f:e2:e9:2c:0c:e2:bd:a1:cf:77:
                    f9:7c:45:1b:3c:f7:e0:1e:bc:55:c9:d9:31:61:08:
                    48:bb:e5:a1:d8:97:d7:30:46:70:d2:5e:c7:e5:7b:
                    aa:62:5f:77:1a:bc:ef:0d:b2:c3:b1:de:f1:00:97:
                    54:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:CE:64:13:76:F4:32:B9:31:02:91:D9:82:F8:23:24:D9:2C:5C:05
            X509v3 Authority Key Identifier:
                keyid:70:6D:3A:BB:B4:78:B7:4E:F2:AD:EF:9B:B7:C4:33:6E:34:11:1D:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cG06u7R4t07yre-bt8QzbjQRHVE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/0c6f47-4713-4471-b08f-a4213c93f1f7/1/d85kE3b0MrkxApHZgvgjJNksXAU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/0c6f47-4713-4471-b08f-a4213c93f1f7/1/cG06u7R4t07yre-bt8QzbjQRHVE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.157.139.0/24
                  178.211.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:9f:65:a1:69:e2:8c:f2:bd:09:5d:f6:e8:ad:b2:70:b8:08:
         18:30:0e:52:26:6d:40:e4:2a:41:da:a9:ec:74:cc:2b:a8:14:
         00:04:95:de:3c:93:11:58:9c:dc:87:33:21:99:87:da:75:28:
         f4:03:cc:05:14:47:ad:77:e3:45:53:e7:57:05:ef:38:3d:ca:
         18:36:c4:f6:cb:2f:74:eb:17:a3:b6:8f:54:72:e9:fb:88:ed:
         34:7c:88:78:99:37:fd:1c:30:96:5a:3f:b1:83:1f:17:e5:97:
         bf:ff:52:ba:45:be:7e:64:32:ce:ac:7c:f5:01:9b:55:35:8f:
         b1:87:27:cd:14:68:46:08:05:cb:15:bf:02:73:19:23:a8:73:
         49:bb:3f:f5:a5:aa:1c:30:0d:a5:f7:18:c5:e0:a1:98:8e:90:
         ee:ad:9f:64:a8:32:de:0e:3e:d7:0d:39:39:ad:ce:5e:16:c4:
         6e:60:86:50:a7:df:2c:30:27:a8:46:c3:f6:92:82:80:9b:9e:
         8d:ae:02:4a:66:a4:72:a2:d8:be:af:cf:c8:d5:68:c1:45:db:
         33:2d:d7:13:67:84:85:c8:e3:b7:c5:95:c0:21:8a:2f:ad:ce:
         66:01:b5:0f:b1:27:31:5b:a5:93:3b:49:c8:6d:f9:74:d6:9e:
         95:1f:8d:00
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZF2NTCuNFI7UjipcoUhLyw6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwNmQzYWJiYjQ3OGI3NGVmMmFkZWY5YmI3YzQzMzZlMzQx
MTFkNTEwHhcNMjQwODIxMTgzMTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3N2NlNjQxMzc2ZjQzMmI5MzEwMjkxZDk4MmY4MjMyNGQ5MmM1YzA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvMwl3l8kPv91dBwbPSq3diMo+xAb
WrNQmnozVF1gBsqHqo3bOLgBbXynMhiVzJWCB9fKOBEyAC9srKvtWEczK0dhrVIL
I+ZyTCUzKTzwrf80MXhdIFo9Ccmqf6W+WHc+UFNNIuw0kMcyjQSR92RsYEktVM8x
M3+uLxoUKCaSis7Z740nSZZeTCEdfAi1FoLyGFaQue4vQpPQetrvUOVhwH3cEfv9
kuFpV4Ne7urffW5MwyMMktRXUm2AwAEajxiFWHw7UYFNpH/i6SwM4r2hz3f5fEUb
PPfgHrxVydkxYQhIu+Wh2JfXMEZw0l7H5XuqYl93GrzvDbLDsd7xAJdUewIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHfOZBN29DK5MQKR2YL4IyTZLFwFMB8GA1UdIwQY
MBaAFHBtOru0eLdO8q3vm7fEM240ER1RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0cwNnU3UjR0MDd5cmUtYnQ4UXpialFSSFZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy8wYzZmNDctNDcxMy00NDcxLWIwOGYt
YTQyMTNjOTNmMWY3LzEvZDg1a0UzYjBNcmt4QXBIWmd2Z2pKTmtzWEFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy8wYzZmNDctNDcxMy00NDcxLWIwOGYtYTQyMTNjOTNmMWY3
LzEvY0cwNnU3UjR0MDd5cmUtYnQ4UXpialFSSFZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALZ2LAwQA
stOIMA0GCSqGSIb3DQEBCwUAA4IBAQA8n2WhaeKM8r0JXfborbJwuAgYMA5SJm1A
5CpB2qnsdMwrqBQABJXePJMRWJzchzMhmYfadSj0A8wFFEetd+NFU+dXBe84PcoY
NsT2yy906xejto9Ucun7iO00fIh4mTf9HDCWWj+xgx8X5Ze//1K6Rb5+ZDLOrHz1
AZtVNY+xhyfNFGhGCAXLFb8CcxkjqHNJuz/1paocMA2l9xjF4KGYjpDurZ9kqDLe
Dj7XDTk5rc5eFsRuYIZQp98sMCeoRsP2koKAm56NrgJKZqRyoti+r8/I1WjBRdsz
LdcTZ4SFyOO3xZXAIYovrc5mAbUPsScxW6WTO0nIbfl01p6VH40A
-----END CERTIFICATE-----