Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2c/c3a85d-9d0b-4562-9238-46ee0cd7fcba/1/bBPorV1mKX0yg_cdC-147t_7S2E.roa
File:                     bBPorV1mKX0yg_cdC-147t_7S2E.roa (raw, json)
Hash identifier:          ta+/duigf7pt1pLCHqrv+MVYylLj2OafsD6grYmL/qY=
Subject key identifier:   6C:13:E8:AD:5D:66:29:7D:32:83:F7:1D:0B:ED:78:EE:DF:FB:4B:61
Certificate issuer:       /CN=4eca105ce4af6c21cd429e992d06ea7d06d8a56d
Certificate serial:       018CC348EE5AD85ED77B9A7F0F219A75370D
Authority key identifier: 4E:CA:10:5C:E4:AF:6C:21:CD:42:9E:99:2D:06:EA:7D:06:D8:A5:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TsoQXOSvbCHNQp6ZLQbqfQbYpW0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2c/c3a85d-9d0b-4562-9238-46ee0cd7fcba/1/bBPorV1mKX0yg_cdC-147t_7S2E.roa
Signing time:             Mon 01 Jan 2024 04:29:45 +0000
ROA not before:           Mon 01 Jan 2024 04:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202243
IP address blocks:        77.74.204.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2c/c3a85d-9d0b-4562-9238-46ee0cd7fcba/1/TsoQXOSvbCHNQp6ZLQbqfQbYpW0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2c/c3a85d-9d0b-4562-9238-46ee0cd7fcba/1/TsoQXOSvbCHNQp6ZLQbqfQbYpW0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TsoQXOSvbCHNQp6ZLQbqfQbYpW0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:ee:5a:d8:5e:d7:7b:9a:7f:0f:21:9a:75:37:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4eca105ce4af6c21cd429e992d06ea7d06d8a56d
        Validity
            Not Before: Jan  1 04:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6c13e8ad5d66297d3283f71d0bed78eedffb4b61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:37:cb:8d:10:ee:92:84:ab:b9:f3:2b:a8:86:
                    29:74:a1:b1:21:87:f8:3b:16:1b:0d:88:ac:99:c0:
                    1b:8a:ed:13:25:e0:74:0b:ae:de:75:a7:6a:46:82:
                    5d:38:8d:99:47:47:63:4f:3d:84:80:6e:60:7f:1c:
                    de:a7:24:46:4f:59:09:c5:d8:60:58:3f:17:58:c9:
                    11:f2:2e:44:58:24:11:07:55:e9:da:7c:04:eb:67:
                    f2:16:9e:ff:ff:38:c4:21:0b:de:98:b2:5c:69:37:
                    26:13:63:c3:0e:bb:c7:73:d4:bc:51:f8:08:48:12:
                    c7:33:99:0c:d9:68:da:0d:08:c1:3c:a1:48:86:7b:
                    2e:e1:d6:ff:5d:6f:f1:dc:3f:54:e6:97:32:09:98:
                    43:fe:9d:de:96:94:23:94:09:81:64:36:a3:9d:6c:
                    6b:c1:83:eb:aa:02:2e:d8:e9:5b:5d:70:a0:49:bb:
                    c2:fb:96:84:fc:20:b3:c9:d8:dd:9a:5e:76:78:18:
                    49:66:74:22:5c:99:37:40:1e:70:ba:6c:a0:08:f5:
                    77:5d:61:48:57:cd:4d:25:10:79:52:8b:6b:42:ad:
                    cb:58:d4:36:ee:9a:71:f2:3c:4d:ba:69:63:a5:7c:
                    9a:94:88:6d:20:d7:1d:6a:a8:d3:f2:5d:99:84:0a:
                    d1:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:13:E8:AD:5D:66:29:7D:32:83:F7:1D:0B:ED:78:EE:DF:FB:4B:61
            X509v3 Authority Key Identifier:
                keyid:4E:CA:10:5C:E4:AF:6C:21:CD:42:9E:99:2D:06:EA:7D:06:D8:A5:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TsoQXOSvbCHNQp6ZLQbqfQbYpW0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/c3a85d-9d0b-4562-9238-46ee0cd7fcba/1/bBPorV1mKX0yg_cdC-147t_7S2E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/c3a85d-9d0b-4562-9238-46ee0cd7fcba/1/TsoQXOSvbCHNQp6ZLQbqfQbYpW0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.74.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         02:5d:9d:59:26:df:74:1c:cf:a6:65:d9:16:c8:e3:7d:77:41:
         93:da:86:b3:ca:a6:53:ce:74:b4:b0:05:ce:f0:cf:90:7f:aa:
         9d:54:53:e1:07:f6:a1:e2:04:8d:53:ea:a4:3d:8e:2b:3d:d3:
         bc:31:7a:aa:ac:88:fd:e8:49:05:e7:ba:fc:f2:45:67:28:bd:
         a0:06:d0:80:e4:90:47:c3:ab:ca:85:cb:b8:9f:b2:b0:1e:f0:
         2a:96:bd:ae:1e:7b:d9:59:2a:a7:29:ba:92:13:9b:80:05:4b:
         31:d2:01:ac:7f:38:4c:d6:35:0c:b3:1c:57:ab:f2:29:95:1c:
         dd:92:af:2c:26:c1:2a:eb:9b:2f:59:c8:e9:42:db:44:c2:f0:
         67:9d:fd:ea:02:36:c1:68:95:cb:22:e6:17:05:a8:27:a2:ed:
         50:21:67:aa:22:dd:85:e3:5b:b1:91:5b:6d:e1:a2:78:a2:4b:
         1e:2c:da:7b:72:e1:e6:9b:72:7a:a3:67:d4:c0:d9:5d:4e:3e:
         b8:0e:84:bf:d6:ea:60:ac:9a:d3:fc:f0:27:79:ae:ac:ad:8b:
         4b:b0:d1:a5:cb:14:75:08:f6:cb:3f:bf:27:24:04:22:93:27:
         13:99:c1:64:b7:1e:9c:64:2a:a4:de:d8:5e:76:3d:bf:b0:84:
         c1:81:24:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSO5a2F7Xe5p/DyGadTcNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlY2ExMDVjZTRhZjZjMjFjZDQyOWU5OTJkMDZlYTdkMDZk
OGE1NmQwHhcNMjQwMTAxMDQyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzEzZThhZDVkNjYyOTdkMzI4M2Y3MWQwYmVkNzhlZWRmZmI0YjYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkjfLjRDukoSrufMrqIYpdKGxIYf4
OxYbDYismcAbiu0TJeB0C67edadqRoJdOI2ZR0djTz2EgG5gfxzepyRGT1kJxdhg
WD8XWMkR8i5EWCQRB1Xp2nwE62fyFp7//zjEIQvemLJcaTcmE2PDDrvHc9S8UfgI
SBLHM5kM2WjaDQjBPKFIhnsu4db/XW/x3D9U5pcyCZhD/p3elpQjlAmBZDajnWxr
wYPrqgIu2OlbXXCgSbvC+5aE/CCzydjdml52eBhJZnQiXJk3QB5wumygCPV3XWFI
V81NJRB5UotrQq3LWNQ27ppx8jxNumljpXyalIhtINcdaqjT8l2ZhArRuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGwT6K1dZil9MoP3HQvteO7f+0thMB8GA1UdIwQY
MBaAFE7KEFzkr2whzUKemS0G6n0G2KVtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHNvUVhPU3ZiQ0hOUXA2WkxRYnFmUWJZcFcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYy9jM2E4NWQtOWQwYi00NTYyLTkyMzgt
NDZlZTBjZDdmY2JhLzEvYkJQb3JWMW1LWDB5Z19jZEMtMTQ3dF83UzJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYy9jM2E4NWQtOWQwYi00NTYyLTkyMzgtNDZlZTBjZDdmY2Jh
LzEvVHNvUVhPU3ZiQ0hOUXA2WkxRYnFmUWJZcFcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCTUrMMA0G
CSqGSIb3DQEBCwUAA4IBAQACXZ1ZJt90HM+mZdkWyON9d0GT2oazyqZTznS0sAXO
8M+Qf6qdVFPhB/ah4gSNU+qkPY4rPdO8MXqqrIj96EkF57r88kVnKL2gBtCA5JBH
w6vKhcu4n7KwHvAqlr2uHnvZWSqnKbqSE5uABUsx0gGsfzhM1jUMsxxXq/IplRzd
kq8sJsEq65svWcjpQttEwvBnnf3qAjbBaJXLIuYXBagnou1QIWeqIt2F41uxkVtt
4aJ4okseLNp7cuHmm3J6o2fUwNldTj64DoS/1upgrJrT/PAnea6srYtLsNGlyxR1
CPbLP78nJAQikycTmcFktx6cZCqk3thedj2/sITBgSTR
-----END CERTIFICATE-----