Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/f01f35-2cca-4e5a-828a-6bffcb7c0f0a/1/PsdjzA_VaxK0TCCIrw3v0M11o6g.roa
File:                     PsdjzA_VaxK0TCCIrw3v0M11o6g.roa (raw, json)
Hash identifier:          pVgKRYFtLEwQh0LY8M7cv/v4JwEbMlpwF95+Ztt/OLI=
Subject key identifier:   3E:C7:63:CC:0F:D5:6B:12:B4:4C:20:88:AF:0D:EF:D0:CD:75:A3:A8
Certificate issuer:       /CN=d504e641e55a48aee0141e2c0d26227102caa6d4
Certificate serial:       018CC26D21DAB0D5D870C011C0EED90929F8
Authority key identifier: D5:04:E6:41:E5:5A:48:AE:E0:14:1E:2C:0D:26:22:71:02:CA:A6:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1QTmQeVaSK7gFB4sDSYicQLKptQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/f01f35-2cca-4e5a-828a-6bffcb7c0f0a/1/PsdjzA_VaxK0TCCIrw3v0M11o6g.roa
Signing time:             Mon 01 Jan 2024 00:29:41 +0000
ROA not before:           Mon 01 Jan 2024 00:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13259
IP address blocks:        77.232.156.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/f01f35-2cca-4e5a-828a-6bffcb7c0f0a/1/1QTmQeVaSK7gFB4sDSYicQLKptQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/f01f35-2cca-4e5a-828a-6bffcb7c0f0a/1/1QTmQeVaSK7gFB4sDSYicQLKptQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1QTmQeVaSK7gFB4sDSYicQLKptQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 22:03:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:21:da:b0:d5:d8:70:c0:11:c0:ee:d9:09:29:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d504e641e55a48aee0141e2c0d26227102caa6d4
        Validity
            Not Before: Jan  1 00:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3ec763cc0fd56b12b44c2088af0defd0cd75a3a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:c2:54:18:d0:25:cd:84:67:19:e8:74:d1:92:
                    ae:da:d3:c5:52:05:dc:3b:d3:96:81:12:72:0c:ea:
                    db:55:9e:54:fc:a4:61:da:74:53:2c:f1:1e:b3:3e:
                    9e:0a:52:07:d5:47:46:dc:73:fb:bc:53:db:d7:6d:
                    97:5e:e5:47:44:8b:10:7d:57:fb:61:4e:42:18:74:
                    28:78:42:f6:ba:b0:bb:30:49:dd:c7:0c:fe:6c:c8:
                    94:65:26:bf:38:5f:1d:f2:0a:0a:cc:57:e8:8b:b7:
                    fe:6b:41:76:ec:c5:8d:2c:4a:fa:8d:bb:d7:de:ee:
                    78:03:2b:8e:98:83:9b:2f:75:7a:cf:89:ed:f5:d9:
                    d9:a7:9b:c3:6b:2b:08:5f:73:a2:bb:11:ae:74:fe:
                    1e:20:fa:06:b4:b2:de:b7:89:bb:73:a9:03:90:7e:
                    30:e0:04:5a:aa:dc:75:e6:2b:98:a7:d4:11:92:36:
                    ca:40:ab:0b:cb:76:1a:96:34:bd:45:06:6d:03:97:
                    2f:82:19:ba:7b:7c:de:7c:a6:27:67:bb:7d:35:b2:
                    76:db:8b:b5:0f:15:59:34:ad:52:2b:7c:5e:69:13:
                    47:b0:1c:3d:64:5a:34:d1:52:d5:7a:02:b4:cf:e4:
                    55:34:5b:cf:3f:04:b2:a1:c4:c8:eb:d0:9c:bc:ec:
                    45:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:C7:63:CC:0F:D5:6B:12:B4:4C:20:88:AF:0D:EF:D0:CD:75:A3:A8
            X509v3 Authority Key Identifier:
                keyid:D5:04:E6:41:E5:5A:48:AE:E0:14:1E:2C:0D:26:22:71:02:CA:A6:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1QTmQeVaSK7gFB4sDSYicQLKptQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/f01f35-2cca-4e5a-828a-6bffcb7c0f0a/1/PsdjzA_VaxK0TCCIrw3v0M11o6g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/f01f35-2cca-4e5a-828a-6bffcb7c0f0a/1/1QTmQeVaSK7gFB4sDSYicQLKptQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.232.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         e0:36:57:96:47:d0:79:83:88:a1:9b:50:07:cb:3e:a7:60:54:
         c4:c2:51:38:3b:36:c6:8a:f7:db:91:15:92:34:33:eb:49:6e:
         6c:dc:26:a5:6d:97:d0:e9:69:31:b7:bb:01:9f:e1:74:a1:a1:
         b6:76:0f:03:e8:06:1b:93:f1:61:c4:2d:54:51:b7:7e:02:68:
         64:60:d1:89:9d:49:a0:b3:6f:17:40:48:9b:a6:8d:be:40:48:
         9a:a8:e6:8b:cb:94:d0:09:83:d7:88:d9:34:11:c0:b6:20:7b:
         f6:f9:03:6f:49:ae:76:05:85:7d:d5:30:0e:00:d4:01:92:69:
         3f:1d:84:ab:0a:ce:ab:cd:39:ad:e0:17:6a:3e:bc:8e:6f:4f:
         24:8b:32:0a:93:02:6a:36:bb:7b:c2:4e:5c:a6:b7:10:ed:52:
         c3:a9:90:98:b1:2b:77:10:21:e5:d1:29:09:4e:ef:81:6a:d7:
         84:1c:07:d6:f6:8a:e9:55:ff:3b:fe:ec:d2:a0:32:eb:f1:2a:
         52:e0:87:1c:fb:5c:e4:28:9b:a2:b3:e4:ed:23:a7:be:80:f0:
         7b:fa:f5:6f:84:2b:d0:7a:12:0e:98:15:0a:b4:36:32:8b:14:
         10:71:bf:c3:bf:3b:6e:ff:23:88:56:3c:69:97:df:2b:3f:5c:
         b4:2e:38:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbSHasNXYcMARwO7ZCSn4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1MDRlNjQxZTU1YTQ4YWVlMDE0MWUyYzBkMjYyMjcxMDJj
YWE2ZDQwHhcNMjQwMTAxMDAyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWM3NjNjYzBmZDU2YjEyYjQ0YzIwODhhZjBkZWZkMGNkNzVhM2E4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp8JUGNAlzYRnGeh00ZKu2tPFUgXc
O9OWgRJyDOrbVZ5U/KRh2nRTLPEesz6eClIH1UdG3HP7vFPb122XXuVHRIsQfVf7
YU5CGHQoeEL2urC7MEndxwz+bMiUZSa/OF8d8goKzFfoi7f+a0F27MWNLEr6jbvX
3u54AyuOmIObL3V6z4nt9dnZp5vDaysIX3OiuxGudP4eIPoGtLLet4m7c6kDkH4w
4ARaqtx15iuYp9QRkjbKQKsLy3YaljS9RQZtA5cvghm6e3zefKYnZ7t9NbJ224u1
DxVZNK1SK3xeaRNHsBw9ZFo00VLVegK0z+RVNFvPPwSyocTI69CcvOxFwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD7HY8wP1WsStEwgiK8N79DNdaOoMB8GA1UdIwQY
MBaAFNUE5kHlWkiu4BQeLA0mInECyqbUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVFUbVFlVmFTSzdnRkI0c0RTWWljUUxLcHRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS9mMDFmMzUtMmNjYS00ZTVhLTgyOGEt
NmJmZmNiN2MwZjBhLzEvUHNkanpBX1ZheEswVENDSXJ3M3YwTTExbzZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS9mMDFmMzUtMmNjYS00ZTVhLTgyOGEtNmJmZmNiN2MwZjBh
LzEvMVFUbVFlVmFTSzdnRkI0c0RTWWljUUxLcHRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCTeicMA0G
CSqGSIb3DQEBCwUAA4IBAQDgNleWR9B5g4ihm1AHyz6nYFTEwlE4OzbGivfbkRWS
NDPrSW5s3CalbZfQ6Wkxt7sBn+F0oaG2dg8D6AYbk/FhxC1UUbd+AmhkYNGJnUmg
s28XQEibpo2+QEiaqOaLy5TQCYPXiNk0EcC2IHv2+QNvSa52BYV91TAOANQBkmk/
HYSrCs6rzTmt4BdqPryOb08kizIKkwJqNrt7wk5cprcQ7VLDqZCYsSt3ECHl0SkJ
Tu+BateEHAfW9orpVf87/uzSoDLr8SpS4Icc+1zkKJuis+TtI6e+gPB7+vVvhCvQ
ehIOmBUKtDYyixQQcb/Dvztu/yOIVjxpl98rP1y0LjhB
-----END CERTIFICATE-----