Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/267966-f039-4174-810d-3f4ef81a2e53/1/d7SrKGmpbRGhFCh3RX5e5T2fD60.roa
File:                     d7SrKGmpbRGhFCh3RX5e5T2fD60.roa (raw, json)
Hash identifier:          JXvacQTnS63EVW2fne+5y8mbfEH/c3t2itqCZvYLTDY=
Subject key identifier:   77:B4:AB:28:69:A9:6D:11:A1:14:28:77:45:7E:5E:E5:3D:9F:0F:AD
Certificate issuer:       /CN=4bc858e50856354684a5d04a3ecc3592580d548d
Certificate serial:       019284F96D3DB9A656CD0D14A113C26A45AC
Authority key identifier: 4B:C8:58:E5:08:56:35:46:84:A5:D0:4A:3E:CC:35:92:58:0D:54:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S8hY5QhWNUaEpdBKPsw1klgNVI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/267966-f039-4174-810d-3f4ef81a2e53/1/d7SrKGmpbRGhFCh3RX5e5T2fD60.roa
Signing time:             Sun 13 Oct 2024 08:23:11 +0000
ROA not before:           Sun 13 Oct 2024 08:23:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60631
IP address blocks:        185.229.133.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/267966-f039-4174-810d-3f4ef81a2e53/1/S8hY5QhWNUaEpdBKPsw1klgNVI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/267966-f039-4174-810d-3f4ef81a2e53/1/S8hY5QhWNUaEpdBKPsw1klgNVI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S8hY5QhWNUaEpdBKPsw1klgNVI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:84:f9:6d:3d:b9:a6:56:cd:0d:14:a1:13:c2:6a:45:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4bc858e50856354684a5d04a3ecc3592580d548d
        Validity
            Not Before: Oct 13 08:23:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=77b4ab2869a96d11a1142877457e5ee53d9f0fad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:03:78:e7:5c:2a:32:48:a8:88:96:34:57:80:
                    af:9f:b3:29:e1:c2:91:0a:e4:c6:59:e7:7c:a7:ca:
                    c8:0e:68:9e:aa:42:f9:05:f4:88:d7:b9:74:78:42:
                    64:1b:41:0c:e2:99:64:3b:18:dd:54:a2:33:0c:f6:
                    de:dc:bf:4f:08:28:90:ea:7e:33:83:50:d3:fc:6c:
                    cf:4c:07:03:be:9f:a8:f6:7f:32:c8:ca:07:53:fc:
                    fe:2c:a2:3b:a2:ec:0d:46:cc:08:71:3e:81:c0:2b:
                    a8:23:5c:84:08:a2:cd:2c:7e:7e:bf:01:cf:36:91:
                    f9:31:fa:3c:f7:0c:6d:5f:7a:83:92:50:f7:43:85:
                    bd:3e:f1:f8:13:c7:57:c3:67:0c:71:c4:8e:48:2b:
                    b4:4b:9a:3e:b1:e9:0e:bb:3c:5d:32:dd:b4:5c:fd:
                    71:3a:b2:75:08:21:0e:be:f6:5f:9a:66:2b:2d:5f:
                    1b:50:6f:54:13:d9:c1:e0:24:2c:e9:b3:e5:b9:2f:
                    65:b0:7f:cf:61:1a:ec:29:ff:b6:49:07:43:64:e7:
                    85:c9:8d:f7:ae:74:45:29:0a:26:05:8a:38:2e:92:
                    40:bb:2b:9e:24:1f:a8:67:14:cd:de:09:7d:80:8f:
                    c9:59:d9:cd:50:ad:48:eb:b8:47:15:03:86:99:9f:
                    d7:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:B4:AB:28:69:A9:6D:11:A1:14:28:77:45:7E:5E:E5:3D:9F:0F:AD
            X509v3 Authority Key Identifier:
                keyid:4B:C8:58:E5:08:56:35:46:84:A5:D0:4A:3E:CC:35:92:58:0D:54:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S8hY5QhWNUaEpdBKPsw1klgNVI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/267966-f039-4174-810d-3f4ef81a2e53/1/d7SrKGmpbRGhFCh3RX5e5T2fD60.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/267966-f039-4174-810d-3f4ef81a2e53/1/S8hY5QhWNUaEpdBKPsw1klgNVI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.229.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:45:6d:00:d0:8b:c4:8f:9a:f7:4a:d3:96:8e:a6:48:91:c0:
         4f:89:62:11:a1:a7:cc:bb:29:a6:70:b0:22:51:1e:3c:da:29:
         b7:d0:07:7e:ef:e1:5a:7b:cf:ec:7e:de:02:35:c6:85:6e:ad:
         3b:48:fc:1e:3a:b9:e2:c5:fd:d0:3c:ff:e6:36:e2:59:ec:12:
         3c:9c:62:e8:53:c0:3e:a4:76:f0:f9:e4:8b:d3:9c:bd:62:83:
         92:ea:31:56:c7:86:cc:69:99:c8:87:75:fa:89:2a:d2:6d:9b:
         51:75:f6:b0:f0:3a:05:56:f1:97:a1:19:fd:24:f3:36:80:83:
         71:13:ac:06:ec:ef:50:9c:83:a4:6e:9b:a8:d1:10:ce:d8:83:
         3f:95:e0:d9:54:ed:49:c9:9a:4e:3b:63:0f:96:84:3f:4b:2e:
         e3:c0:94:6f:6d:06:80:4c:fb:d4:f4:43:60:be:f8:8d:1b:ff:
         95:50:d3:b8:e6:56:db:cf:d9:2a:6c:68:74:07:88:4e:91:1a:
         f0:48:c1:92:87:cb:33:51:d7:b3:32:a9:1f:db:9e:d8:c1:e2:
         be:4b:0a:54:c7:de:89:38:79:cb:c0:e3:0e:7f:ba:3c:af:26:
         63:95:14:2a:0f:f4:38:3c:f7:28:df:53:dc:54:43:bf:f1:67:
         2f:46:b4:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKE+W09uaZWzQ0UoRPCakWsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiYzg1OGU1MDg1NjM1NDY4NGE1ZDA0YTNlY2MzNTkyNTgw
ZDU0OGQwHhcNMjQxMDEzMDgyMzExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3N2I0YWIyODY5YTk2ZDExYTExNDI4Nzc0NTdlNWVlNTNkOWYwZmFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAowN451wqMkioiJY0V4Cvn7Mp4cKR
CuTGWed8p8rIDmieqkL5BfSI17l0eEJkG0EM4plkOxjdVKIzDPbe3L9PCCiQ6n4z
g1DT/GzPTAcDvp+o9n8yyMoHU/z+LKI7ouwNRswIcT6BwCuoI1yECKLNLH5+vwHP
NpH5Mfo89wxtX3qDklD3Q4W9PvH4E8dXw2cMccSOSCu0S5o+sekOuzxdMt20XP1x
OrJ1CCEOvvZfmmYrLV8bUG9UE9nB4CQs6bPluS9lsH/PYRrsKf+2SQdDZOeFyY33
rnRFKQomBYo4LpJAuyueJB+oZxTN3gl9gI/JWdnNUK1I67hHFQOGmZ/XsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHe0qyhpqW0RoRQod0V+XuU9nw+tMB8GA1UdIwQY
MBaAFEvIWOUIVjVGhKXQSj7MNZJYDVSNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzhoWTVRaFdOVWFFcGRCS1BzdzFrbGdOVkkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS8yNjc5NjYtZjAzOS00MTc0LTgxMGQt
M2Y0ZWY4MWEyZTUzLzEvZDdTcktHbXBiUkdoRkNoM1JYNWU1VDJmRDYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS8yNjc5NjYtZjAzOS00MTc0LTgxMGQtM2Y0ZWY4MWEyZTUz
LzEvUzhoWTVRaFdOVWFFcGRCS1BzdzFrbGdOVkkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueWFMA0G
CSqGSIb3DQEBCwUAA4IBAQBwRW0A0IvEj5r3StOWjqZIkcBPiWIRoafMuymmcLAi
UR482im30Ad+7+Fae8/sft4CNcaFbq07SPweOrnixf3QPP/mNuJZ7BI8nGLoU8A+
pHbw+eSL05y9YoOS6jFWx4bMaZnIh3X6iSrSbZtRdfaw8DoFVvGXoRn9JPM2gINx
E6wG7O9QnIOkbpuo0RDO2IM/leDZVO1JyZpOO2MPloQ/Sy7jwJRvbQaATPvU9ENg
vviNG/+VUNO45lbbz9kqbGh0B4hOkRrwSMGSh8szUdezMqkf257YweK+SwpUx96J
OHnLwOMOf7o8ryZjlRQqD/Q4PPco31PcVEO/8WcvRrR7
-----END CERTIFICATE-----