Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/1-PxhxwwQjiytzxwRjFv8dn3e9_4.roa
File:                     1-PxhxwwQjiytzxwRjFv8dn3e9_4.roa (raw, json)
Hash identifier:          y/L7YiZWqXrbLYbHmeAGyiemRhLuyZpXvVjcXWykG9k=
Subject key identifier:   F8:FC:61:C7:0C:10:8E:2C:AD:CF:1C:11:8C:5B:FC:76:7D:DE:F7:FE
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       019131444AA3B69CEB02FF74FD9AFD89D431
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/1-PxhxwwQjiytzxwRjFv8dn3e9_4.roa
Signing time:             Thu 08 Aug 2024 09:14:04 +0000
ROA not before:           Thu 08 Aug 2024 09:14:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2914
IP address blocks:        77.83.32.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 16:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:31:44:4a:a3:b6:9c:eb:02:ff:74:fd:9a:fd:89:d4:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Aug  8 09:14:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f8fc61c70c108e2cadcf1c118c5bfc767ddef7fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:9b:bc:c9:be:cd:16:3c:64:0c:6d:fa:dc:09:
                    58:a0:38:e3:d5:d6:ed:7a:43:eb:b2:8b:27:18:26:
                    eb:d5:51:99:bd:7a:45:08:13:09:18:7a:f3:55:12:
                    2c:73:f6:19:80:10:61:36:1e:ed:34:94:99:bd:59:
                    44:92:87:e2:bc:83:37:ff:84:8a:ac:9c:f4:c6:04:
                    19:ff:31:21:9c:c9:15:27:c5:2d:20:76:df:c0:46:
                    d4:23:66:11:a1:bb:9d:6b:1f:04:b5:45:24:b3:25:
                    61:37:24:f4:02:61:39:db:ae:69:de:82:95:0f:5f:
                    47:ba:00:9e:93:77:69:fe:32:3c:69:19:c9:e6:68:
                    70:e8:4c:4e:61:ca:6f:f9:4d:a3:2b:59:02:82:d2:
                    74:de:06:f5:3b:82:00:b7:49:23:d7:6c:d1:a0:db:
                    d9:c2:79:be:ab:35:84:2d:e5:e9:d8:d5:60:a0:06:
                    7b:76:6a:81:98:d2:df:1e:ef:05:e9:0c:d0:aa:9f:
                    22:7f:91:b8:99:90:a8:27:fb:2a:75:80:b1:1c:64:
                    26:9b:e5:2d:08:b9:c1:a3:8f:35:63:e4:7c:53:72:
                    e8:70:ca:50:70:24:85:83:34:e4:a7:7a:11:7f:8f:
                    67:3f:34:c6:2b:fb:e0:7d:51:d3:b0:fe:29:aa:be:
                    1a:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:FC:61:C7:0C:10:8E:2C:AD:CF:1C:11:8C:5B:FC:76:7D:DE:F7:FE
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/1-PxhxwwQjiytzxwRjFv8dn3e9_4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.83.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         39:e8:c3:33:ae:7b:80:fc:c7:b5:b2:56:89:9d:53:09:86:b0:
         e6:0a:70:27:10:b4:89:d5:1e:9e:e1:5e:09:1d:f9:4e:e4:c6:
         5d:d2:13:02:1a:2b:79:b2:95:c5:d2:30:98:4b:eb:1c:9a:1e:
         c4:64:36:1b:8d:9e:34:73:d3:cf:c2:08:e9:9c:1f:a5:fb:98:
         d6:f9:c8:14:ac:32:0c:be:4f:63:45:f8:12:84:4b:06:4f:3b:
         9a:c2:b3:fe:d8:df:92:81:fa:e6:2f:5a:a2:7c:a1:9d:7a:77:
         95:41:f3:df:33:4f:d9:41:ca:9d:28:1b:07:32:b4:aa:98:aa:
         ae:cb:91:80:ef:3a:63:75:11:67:59:80:63:58:11:c8:8c:a1:
         54:e5:b8:3b:5a:f7:05:b0:7f:a8:22:3c:54:77:71:6a:a7:5b:
         85:ea:ba:bb:a1:86:f8:37:9f:38:ae:46:3a:e2:b8:51:a7:1a:
         fc:50:93:dc:e5:62:e9:b5:e2:ea:74:dc:06:b2:dc:8b:3e:b2:
         e2:d0:9c:15:2c:b4:f6:bd:ce:a3:32:e7:7a:ec:ac:99:d0:a2:
         43:a9:5d:c7:1f:11:ff:d2:b0:38:54:56:6e:db:e3:56:84:11:
         eb:4e:12:41:85:eb:aa:5f:3e:06:c1:30:16:a2:02:c1:6e:32:
         21:e6:8a:6e
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZExREqjtpzrAv90/Zr9idQxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjQwODA4MDkxNDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOGZjNjFjNzBjMTA4ZTJjYWRjZjFjMTE4YzViZmM3NjdkZGVmN2ZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnZu8yb7NFjxkDG363AlYoDjj1dbt
ekPrsosnGCbr1VGZvXpFCBMJGHrzVRIsc/YZgBBhNh7tNJSZvVlEkofivIM3/4SK
rJz0xgQZ/zEhnMkVJ8UtIHbfwEbUI2YRobudax8EtUUksyVhNyT0AmE5265p3oKV
D19HugCek3dp/jI8aRnJ5mhw6ExOYcpv+U2jK1kCgtJ03gb1O4IAt0kj12zRoNvZ
wnm+qzWELeXp2NVgoAZ7dmqBmNLfHu8F6QzQqp8if5G4mZCoJ/sqdYCxHGQmm+Ut
CLnBo481Y+R8U3LocMpQcCSFgzTkp3oRf49nPzTGK/vgfVHTsP4pqr4aGwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPj8YccMEI4src8cEYxb/HZ93vf+MB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvMS1QeGh4d3dRaml5dHp4d1JqRnY4ZG4zZTlfNC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMTYvMDk0MDgxLThhZWItNDJiZi1hNTc4LWEzY2EwZGI4MzI1
NC8xL0d3UVZ2OFE3T09uUDBhRXBsU0F1aDJOMUw5NC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAk1TIDAN
BgkqhkiG9w0BAQsFAAOCAQEAOejDM657gPzHtbJWiZ1TCYaw5gpwJxC0idUenuFe
CR35TuTGXdITAhorebKVxdIwmEvrHJoexGQ2G42eNHPTz8II6ZwfpfuY1vnIFKwy
DL5PY0X4EoRLBk87msKz/tjfkoH65i9aonyhnXp3lUHz3zNP2UHKnSgbBzK0qpiq
rsuRgO86Y3URZ1mAY1gRyIyhVOW4O1r3BbB/qCI8VHdxaqdbheq6u6GG+DefOK5G
OuK4Uaca/FCT3OVi6bXi6nTcBrLciz6y4tCcFSy09r3OozLneuysmdCiQ6ldxx8R
/9KwOFRWbtvjVoQR604SQYXrql8+BsEwFqICwW4yIeaKbg==
-----END CERTIFICATE-----