Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/b51a85-f99f-423f-9fae-dd294c378f6c/1/KMDP10NxaT8o4lwcHnOHGen99vs.roa
File:                     KMDP10NxaT8o4lwcHnOHGen99vs.roa (raw, json)
Hash identifier:          v3FvtwwIb1ZedqTC/nSXTymHOOf6l/r5ulGnI0RTWGE=
Subject key identifier:   28:C0:CF:D7:43:71:69:3F:28:E2:5C:1C:1E:73:87:19:E9:FD:F6:FB
Certificate issuer:       /CN=d8c60a0d2d70a9337d0bda56d1ad596ac1f69cda
Certificate serial:       018CC56EE04A02C037513951AF836F588B29
Authority key identifier: D8:C6:0A:0D:2D:70:A9:33:7D:0B:DA:56:D1:AD:59:6A:C1:F6:9C:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2MYKDS1wqTN9C9pW0a1ZasH2nNo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/b51a85-f99f-423f-9fae-dd294c378f6c/1/KMDP10NxaT8o4lwcHnOHGen99vs.roa
Signing time:             Mon 01 Jan 2024 14:30:27 +0000
ROA not before:           Mon 01 Jan 2024 14:30:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211826
IP address blocks:        77.74.229.0/24 maxlen: 24
                          109.105.198.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/b51a85-f99f-423f-9fae-dd294c378f6c/1/2MYKDS1wqTN9C9pW0a1ZasH2nNo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/b51a85-f99f-423f-9fae-dd294c378f6c/1/2MYKDS1wqTN9C9pW0a1ZasH2nNo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2MYKDS1wqTN9C9pW0a1ZasH2nNo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:e0:4a:02:c0:37:51:39:51:af:83:6f:58:8b:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8c60a0d2d70a9337d0bda56d1ad596ac1f69cda
        Validity
            Not Before: Jan  1 14:30:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=28c0cfd74371693f28e25c1c1e738719e9fdf6fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:cb:87:8a:c4:21:03:c4:b0:67:43:75:d7:48:
                    2b:78:80:2b:6e:ad:17:7b:3f:25:36:01:82:d8:95:
                    42:93:35:fc:68:ca:0c:bc:b2:b7:13:c2:b7:66:27:
                    9c:03:85:24:f1:a1:85:65:f2:9d:e5:c3:b7:48:61:
                    22:6d:75:f9:95:b0:ee:1c:67:f4:4c:00:88:14:17:
                    e6:b7:87:32:eb:8d:39:e7:0a:b9:40:6a:b2:45:ec:
                    af:96:2c:da:f3:5b:73:1f:d3:7c:1f:9a:1f:85:24:
                    53:f7:7c:42:06:c1:ff:aa:91:c7:e7:0b:51:20:d0:
                    22:4f:0b:dc:22:0d:bf:a6:6d:ed:b5:8e:d1:88:23:
                    a5:3e:ff:71:1e:8d:8a:3e:d4:b0:02:37:50:d9:c9:
                    53:9d:21:13:d4:a0:1a:d5:2e:cc:cf:ce:fc:8d:97:
                    9d:83:48:79:92:5f:da:ec:bd:92:a8:9d:45:9f:7a:
                    eb:e1:e6:b8:30:b8:7e:6b:ce:b2:33:9d:92:f7:e3:
                    05:f8:e7:e7:43:93:ce:d5:73:e8:92:2f:33:88:7b:
                    b3:03:6d:d0:ce:22:ae:f1:f5:e4:bf:fe:16:1b:ff:
                    9e:1a:21:8a:fa:a6:a5:2f:f9:7a:0e:a8:f9:4f:ce:
                    28:03:ec:52:e2:70:73:04:49:28:51:10:4d:10:87:
                    c5:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:C0:CF:D7:43:71:69:3F:28:E2:5C:1C:1E:73:87:19:E9:FD:F6:FB
            X509v3 Authority Key Identifier:
                keyid:D8:C6:0A:0D:2D:70:A9:33:7D:0B:DA:56:D1:AD:59:6A:C1:F6:9C:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2MYKDS1wqTN9C9pW0a1ZasH2nNo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/b51a85-f99f-423f-9fae-dd294c378f6c/1/KMDP10NxaT8o4lwcHnOHGen99vs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/b51a85-f99f-423f-9fae-dd294c378f6c/1/2MYKDS1wqTN9C9pW0a1ZasH2nNo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.74.229.0/24
                  109.105.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:1a:e0:81:13:f5:86:41:06:f6:83:10:86:2c:7d:0a:dc:a5:
         e2:61:75:b7:f2:8d:dd:87:4f:dc:33:07:a6:50:97:b6:49:82:
         64:4c:dc:4c:4b:7e:5b:5e:4c:3c:e1:6c:2a:ef:1a:c7:ea:9b:
         09:65:fb:dd:c6:a9:ae:9c:94:d9:40:57:fc:45:2b:14:82:d4:
         11:0b:9a:c2:66:c8:a1:a2:80:be:44:f7:db:6e:2b:06:e8:a5:
         32:1f:ab:5c:ae:40:25:ae:d6:7d:95:6e:08:c0:1e:aa:16:84:
         6e:d8:a4:56:70:59:13:d0:c4:2e:87:42:2e:90:60:b5:5b:f6:
         60:11:8b:1d:2f:5c:e7:4b:79:96:02:f0:a6:42:1f:9d:60:7a:
         73:b7:02:3e:f9:69:41:31:c5:ef:1d:f0:c3:5f:ca:18:40:49:
         7d:82:fa:09:28:ec:7e:2a:38:3e:bd:21:85:73:af:55:4b:3a:
         b6:a3:55:fa:97:61:ae:1b:ec:a1:6a:05:56:50:c3:5d:63:4d:
         25:61:a6:5e:03:9b:72:4b:9d:27:f2:fd:41:ae:7c:9e:e2:c0:
         9f:73:90:24:a1:26:7b:dc:44:12:ba:b5:b9:9a:12:f7:77:4f:
         e3:af:ef:1c:c4:be:6e:85:55:cf:2a:11:37:e3:79:23:1d:73:
         fd:a4:f1:3e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFbuBKAsA3UTlRr4NvWIspMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4YzYwYTBkMmQ3MGE5MzM3ZDBiZGE1NmQxYWQ1OTZhYzFm
NjljZGEwHhcNMjQwMTAxMTQzMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGMwY2ZkNzQzNzE2OTNmMjhlMjVjMWMxZTczODcxOWU5ZmRmNmZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjMuHisQhA8SwZ0N110greIArbq0X
ez8lNgGC2JVCkzX8aMoMvLK3E8K3ZiecA4Uk8aGFZfKd5cO3SGEibXX5lbDuHGf0
TACIFBfmt4cy64055wq5QGqyReyvliza81tzH9N8H5ofhSRT93xCBsH/qpHH5wtR
INAiTwvcIg2/pm3ttY7RiCOlPv9xHo2KPtSwAjdQ2clTnSET1KAa1S7Mz878jZed
g0h5kl/a7L2SqJ1Fn3rr4ea4MLh+a86yM52S9+MF+OfnQ5PO1XPoki8ziHuzA23Q
ziKu8fXkv/4WG/+eGiGK+qalL/l6Dqj5T84oA+xS4nBzBEkoURBNEIfFIQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCjAz9dDcWk/KOJcHB5zhxnp/fb7MB8GA1UdIwQY
MBaAFNjGCg0tcKkzfQvaVtGtWWrB9pzaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMk1ZS0RTMXdxVE45QzlwVzBhMVphc0gybk5vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC9iNTFhODUtZjk5Zi00MjNmLTlmYWUt
ZGQyOTRjMzc4ZjZjLzEvS01EUDEwTnhhVDhvNGx3Y0huT0hHZW45OXZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC9iNTFhODUtZjk5Zi00MjNmLTlmYWUtZGQyOTRjMzc4ZjZj
LzEvMk1ZS0RTMXdxVE45QzlwVzBhMVphc0gybk5vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATUrlAwQA
bWnGMA0GCSqGSIb3DQEBCwUAA4IBAQBQGuCBE/WGQQb2gxCGLH0K3KXiYXW38o3d
h0/cMwemUJe2SYJkTNxMS35bXkw84Wwq7xrH6psJZfvdxqmunJTZQFf8RSsUgtQR
C5rCZsihooC+RPfbbisG6KUyH6tcrkAlrtZ9lW4IwB6qFoRu2KRWcFkT0MQuh0Iu
kGC1W/ZgEYsdL1znS3mWAvCmQh+dYHpztwI++WlBMcXvHfDDX8oYQEl9gvoJKOx+
Kjg+vSGFc69VSzq2o1X6l2GuG+yhagVWUMNdY00lYaZeA5tyS50n8v1Brnye4sCf
c5AkoSZ73EQSurW5mhL3d0/jr+8cxL5uhVXPKhE343kjHXP9pPE+
-----END CERTIFICATE-----