Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/b51a85-f99f-423f-9fae-dd294c378f6c/1/Xwy_yscJpEkFgTMOYEjNNfgBEsI.roa
File:                     Xwy_yscJpEkFgTMOYEjNNfgBEsI.roa (raw, json)
Hash identifier:          R9KueGsn1sIHIZgri6R9+yLygjYbotauj05eItndx3w=
Subject key identifier:   5F:0C:BF:CA:C7:09:A4:49:05:81:33:0E:60:48:CD:35:F8:01:12:C2
Certificate issuer:       /CN=d8c60a0d2d70a9337d0bda56d1ad596ac1f69cda
Certificate serial:       018CC56EDC58A9A9F5AE551001FAF185F678
Authority key identifier: D8:C6:0A:0D:2D:70:A9:33:7D:0B:DA:56:D1:AD:59:6A:C1:F6:9C:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2MYKDS1wqTN9C9pW0a1ZasH2nNo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/b51a85-f99f-423f-9fae-dd294c378f6c/1/Xwy_yscJpEkFgTMOYEjNNfgBEsI.roa
Signing time:             Mon 01 Jan 2024 14:30:26 +0000
ROA not before:           Mon 01 Jan 2024 14:30:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        77.74.230.0/24 maxlen: 24
                          109.105.195.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/b51a85-f99f-423f-9fae-dd294c378f6c/1/2MYKDS1wqTN9C9pW0a1ZasH2nNo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/b51a85-f99f-423f-9fae-dd294c378f6c/1/2MYKDS1wqTN9C9pW0a1ZasH2nNo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2MYKDS1wqTN9C9pW0a1ZasH2nNo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 16:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:dc:58:a9:a9:f5:ae:55:10:01:fa:f1:85:f6:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8c60a0d2d70a9337d0bda56d1ad596ac1f69cda
        Validity
            Not Before: Jan  1 14:30:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5f0cbfcac709a4490581330e6048cd35f80112c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:cb:86:04:d6:b3:54:44:5d:90:09:da:0d:d2:
                    cc:9e:63:6e:0e:a7:2d:ff:37:c3:00:69:a2:37:cf:
                    d0:36:b5:1d:25:66:fa:0a:ca:89:38:4b:4b:7a:01:
                    e7:50:1a:1e:97:f1:11:48:6a:d1:3c:ec:6d:db:dd:
                    59:29:64:9f:d9:77:82:01:18:2b:6c:8c:4b:bf:e0:
                    a2:a2:98:07:72:de:61:e2:e9:b7:41:a0:7d:56:79:
                    cf:ae:29:e7:70:6c:49:31:ed:f9:0e:c5:5f:92:1a:
                    4d:fc:55:84:2a:34:24:a9:d8:9b:4c:cd:d6:44:4b:
                    2f:6e:7b:59:83:fe:4d:e0:46:81:49:e5:24:54:dc:
                    c3:b2:6b:b9:a2:b2:af:02:c7:42:b5:d2:04:4d:b7:
                    a3:47:5d:06:25:6b:a2:16:03:cb:90:79:51:78:42:
                    45:b2:66:93:ef:fd:2a:ba:85:83:b4:78:84:92:17:
                    30:f2:e7:b3:30:da:e6:1c:2e:95:b4:63:33:43:19:
                    08:52:40:eb:8e:b8:d8:7c:3e:ed:cf:53:6a:33:ad:
                    ec:16:0d:d4:8e:20:d0:6d:50:13:3e:34:de:ab:e6:
                    c2:6a:7f:4a:17:0e:63:5c:e7:eb:67:43:d6:8f:03:
                    7d:7e:05:8e:15:d1:06:41:01:92:29:df:72:da:19:
                    d3:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:0C:BF:CA:C7:09:A4:49:05:81:33:0E:60:48:CD:35:F8:01:12:C2
            X509v3 Authority Key Identifier:
                keyid:D8:C6:0A:0D:2D:70:A9:33:7D:0B:DA:56:D1:AD:59:6A:C1:F6:9C:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2MYKDS1wqTN9C9pW0a1ZasH2nNo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/b51a85-f99f-423f-9fae-dd294c378f6c/1/Xwy_yscJpEkFgTMOYEjNNfgBEsI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/b51a85-f99f-423f-9fae-dd294c378f6c/1/2MYKDS1wqTN9C9pW0a1ZasH2nNo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.74.230.0/24
                  109.105.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:f7:97:7a:45:a9:fe:4a:f9:5c:f2:b6:97:6c:10:f8:4f:6f:
         f1:41:b3:93:0f:ed:d6:c6:21:cf:d9:c9:61:36:b8:65:f6:a2:
         1d:8d:f6:ca:e9:e9:94:c0:61:a2:32:f6:fd:56:70:8b:85:8e:
         bf:6c:db:72:bb:dd:9d:91:16:14:fa:ea:b1:e1:34:ba:57:6f:
         b8:be:71:47:10:ed:bf:38:ed:1d:03:11:5e:21:01:7b:c6:30:
         38:8f:61:c9:90:21:85:90:d1:43:23:b0:27:68:58:b0:8d:f9:
         37:cf:c2:35:a5:fd:23:84:74:c9:d9:60:25:cc:5f:5b:71:a6:
         8f:31:31:ac:2c:5c:a4:d7:65:f7:19:b7:b5:5f:80:a6:f7:f2:
         f2:5b:6f:0e:61:04:9e:ef:1e:cb:a4:e3:5e:c7:9c:92:48:ce:
         27:24:a4:f3:ed:47:76:88:ea:50:8b:c2:a2:83:8d:00:e9:22:
         89:ad:7d:3e:94:65:fe:28:85:21:28:c2:f7:e5:6b:2f:fd:c1:
         8a:bd:c0:b8:d1:d0:18:02:5e:1f:1d:05:38:20:ff:3d:20:e2:
         6f:05:5a:2a:2e:84:18:02:3c:8f:69:b3:6a:e0:20:2d:eb:d6:
         13:67:45:24:64:91:f5:69:db:1e:c6:e6:c0:1c:2d:87:aa:6d:
         f5:89:8d:06
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFbtxYqan1rlUQAfrxhfZ4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4YzYwYTBkMmQ3MGE5MzM3ZDBiZGE1NmQxYWQ1OTZhYzFm
NjljZGEwHhcNMjQwMTAxMTQzMDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjBjYmZjYWM3MDlhNDQ5MDU4MTMzMGU2MDQ4Y2QzNWY4MDExMmMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvsuGBNazVERdkAnaDdLMnmNuDqct
/zfDAGmiN8/QNrUdJWb6CsqJOEtLegHnUBoel/ERSGrRPOxt291ZKWSf2XeCARgr
bIxLv+CiopgHct5h4um3QaB9VnnPrinncGxJMe35DsVfkhpN/FWEKjQkqdibTM3W
REsvbntZg/5N4EaBSeUkVNzDsmu5orKvAsdCtdIETbejR10GJWuiFgPLkHlReEJF
smaT7/0quoWDtHiEkhcw8uezMNrmHC6VtGMzQxkIUkDrjrjYfD7tz1NqM63sFg3U
jiDQbVATPjTeq+bCan9KFw5jXOfrZ0PWjwN9fgWOFdEGQQGSKd9y2hnT9wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFF8Mv8rHCaRJBYEzDmBIzTX4ARLCMB8GA1UdIwQY
MBaAFNjGCg0tcKkzfQvaVtGtWWrB9pzaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMk1ZS0RTMXdxVE45QzlwVzBhMVphc0gybk5vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC9iNTFhODUtZjk5Zi00MjNmLTlmYWUt
ZGQyOTRjMzc4ZjZjLzEvWHd5X3lzY0pwRWtGZ1RNT1lFak5OZmdCRXNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC9iNTFhODUtZjk5Zi00MjNmLTlmYWUtZGQyOTRjMzc4ZjZj
LzEvMk1ZS0RTMXdxVE45QzlwVzBhMVphc0gybk5vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATUrmAwQA
bWnDMA0GCSqGSIb3DQEBCwUAA4IBAQAn95d6Ran+Svlc8raXbBD4T2/xQbOTD+3W
xiHP2clhNrhl9qIdjfbK6emUwGGiMvb9VnCLhY6/bNtyu92dkRYU+uqx4TS6V2+4
vnFHEO2/OO0dAxFeIQF7xjA4j2HJkCGFkNFDI7AnaFiwjfk3z8I1pf0jhHTJ2WAl
zF9bcaaPMTGsLFyk12X3Gbe1X4Cm9/LyW28OYQSe7x7LpONex5ySSM4nJKTz7Ud2
iOpQi8Kig40A6SKJrX0+lGX+KIUhKML35Wsv/cGKvcC40dAYAl4fHQU4IP89IOJv
BVoqLoQYAjyPabNq4CAt69YTZ0UkZJH1adsexubAHC2Hqm31iY0G
-----END CERTIFICATE-----