Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/4b7ef8-8643-4dbb-92aa-0740115b5a52/1/X_N4VnP60GFFI0Knw_9N4AP1Q-o.roa
File:                     X_N4VnP60GFFI0Knw_9N4AP1Q-o.roa (raw, json)
Hash identifier:          CcoDH+RxoWYB868cvOomIsEsIBBTvFvaDeqm2Ww6V/0=
Subject key identifier:   5F:F3:78:56:73:FA:D0:61:45:23:42:A7:C3:FF:4D:E0:03:F5:43:EA
Certificate issuer:       /CN=e32bcd40c6774677d2c3702ef59edf49d0b36c6c
Certificate serial:       018CCA2B9016927BCEFB0A2739458661C507
Authority key identifier: E3:2B:CD:40:C6:77:46:77:D2:C3:70:2E:F5:9E:DF:49:D0:B3:6C:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4yvNQMZ3RnfSw3Au9Z7fSdCzbGw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/4b7ef8-8643-4dbb-92aa-0740115b5a52/1/X_N4VnP60GFFI0Knw_9N4AP1Q-o.roa
Signing time:             Tue 02 Jan 2024 12:35:01 +0000
ROA not before:           Tue 02 Jan 2024 12:35:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209752
IP address blocks:        77.69.248.0/24 maxlen: 24
                          2001:1a40:10::/64 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/4b7ef8-8643-4dbb-92aa-0740115b5a52/1/4yvNQMZ3RnfSw3Au9Z7fSdCzbGw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/4b7ef8-8643-4dbb-92aa-0740115b5a52/1/4yvNQMZ3RnfSw3Au9Z7fSdCzbGw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4yvNQMZ3RnfSw3Au9Z7fSdCzbGw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 04:02:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:90:16:92:7b:ce:fb:0a:27:39:45:86:61:c5:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e32bcd40c6774677d2c3702ef59edf49d0b36c6c
        Validity
            Not Before: Jan  2 12:35:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5ff3785673fad061452342a7c3ff4de003f543ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:ce:e0:7a:72:51:35:bd:9f:36:d7:40:74:24:
                    e5:0b:bc:9c:f3:6a:c2:c1:e1:8a:4b:5c:15:31:17:
                    db:6b:e6:44:94:89:c4:79:82:d3:c6:5e:2b:ce:44:
                    be:cf:03:22:68:e6:f1:78:88:cc:cf:75:21:d3:25:
                    b4:c3:74:54:95:52:81:9d:1a:87:90:75:5b:82:98:
                    5f:64:43:3e:f5:f2:0b:5e:fa:49:34:7d:e9:16:67:
                    9f:72:4f:1b:5b:b2:14:25:53:93:31:19:2d:06:10:
                    93:e3:d5:35:4d:d0:7d:b8:8b:70:64:68:14:07:06:
                    ca:c7:a2:47:9b:a6:52:b2:bd:a9:2a:70:36:c4:6f:
                    16:6b:c7:96:12:00:03:46:1c:1e:7e:35:9f:65:a0:
                    7c:e4:b2:db:cc:29:00:13:e7:51:ec:47:71:f6:89:
                    8b:97:c8:15:24:c3:3b:bb:93:4b:db:c4:2a:1d:13:
                    fa:84:6f:c9:03:d9:7e:25:0d:e6:e6:73:ce:2c:24:
                    3a:a1:cd:80:33:f7:2b:e5:89:f7:1e:0d:a8:36:42:
                    4d:4e:78:15:56:5d:b2:0b:3a:3c:f0:64:e0:c2:75:
                    ea:10:c9:1f:c5:98:5e:99:b3:38:85:a8:01:ef:06:
                    13:7b:4b:1a:75:98:17:3a:3d:49:44:78:9a:e7:cf:
                    3e:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:F3:78:56:73:FA:D0:61:45:23:42:A7:C3:FF:4D:E0:03:F5:43:EA
            X509v3 Authority Key Identifier:
                keyid:E3:2B:CD:40:C6:77:46:77:D2:C3:70:2E:F5:9E:DF:49:D0:B3:6C:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4yvNQMZ3RnfSw3Au9Z7fSdCzbGw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/4b7ef8-8643-4dbb-92aa-0740115b5a52/1/X_N4VnP60GFFI0Knw_9N4AP1Q-o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/4b7ef8-8643-4dbb-92aa-0740115b5a52/1/4yvNQMZ3RnfSw3Au9Z7fSdCzbGw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.69.248.0/24
                IPv6:
                  2001:1a40:10::/64

    Signature Algorithm: sha256WithRSAEncryption
         13:a4:40:49:ef:01:33:52:6a:7d:a8:b8:0d:70:78:21:aa:aa:
         a1:41:03:c9:35:bc:5d:3b:33:e0:0f:d6:38:b3:55:0c:a0:6a:
         27:b1:4c:b4:41:fc:30:21:28:b5:75:a2:9d:5f:16:e9:65:61:
         b0:e7:aa:da:4b:4b:e0:64:70:41:14:e2:d8:f5:7e:34:28:8b:
         f8:53:a6:c6:de:84:30:78:5e:fd:81:61:31:2d:64:18:20:fe:
         17:f6:7b:51:f2:ba:57:91:c6:2c:2f:54:f0:f5:78:3e:a9:6e:
         ee:87:1f:16:32:39:87:da:57:34:3f:ba:f6:6d:7f:9b:8f:55:
         ad:65:36:01:db:32:f5:74:48:73:a4:27:fc:f1:9f:bc:38:28:
         d3:e1:7d:90:a3:12:24:32:1d:8f:70:5e:c4:e8:ed:2e:08:54:
         1e:3b:78:d6:d6:0e:2d:ed:65:e3:36:75:81:b1:92:35:cf:3b:
         de:78:60:27:17:c1:5b:bf:6b:68:24:3d:a5:fb:ae:4d:1c:71:
         eb:e0:76:d3:e2:3f:47:2e:38:85:db:63:e1:19:9b:12:69:93:
         f5:b8:25:8a:cb:d3:d8:81:20:0f:cf:db:2d:e7:a4:ce:4f:62:
         cb:74:2e:46:68:32:e8:37:a4:73:31:55:b9:b1:00:4d:db:65:
         15:2e:c0:60
-----BEGIN CERTIFICATE-----
MIIFEDCCA/igAwIBAgISAYzKK5AWknvO+wonOUWGYcUHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzMmJjZDQwYzY3NzQ2NzdkMmMzNzAyZWY1OWVkZjQ5ZDBi
MzZjNmMwHhcNMjQwMTAyMTIzNTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmYzNzg1NjczZmFkMDYxNDUyMzQyYTdjM2ZmNGRlMDAzZjU0M2VhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl87genJRNb2fNtdAdCTlC7yc82rC
weGKS1wVMRfba+ZElInEeYLTxl4rzkS+zwMiaObxeIjMz3Uh0yW0w3RUlVKBnRqH
kHVbgphfZEM+9fILXvpJNH3pFmefck8bW7IUJVOTMRktBhCT49U1TdB9uItwZGgU
BwbKx6JHm6ZSsr2pKnA2xG8Wa8eWEgADRhwefjWfZaB85LLbzCkAE+dR7Edx9omL
l8gVJMM7u5NL28QqHRP6hG/JA9l+JQ3m5nPOLCQ6oc2AM/cr5Yn3Hg2oNkJNTngV
Vl2yCzo88GTgwnXqEMkfxZhembM4hagB7wYTe0sadZgXOj1JRHia588+TQIDAQAB
o4ICHDCCAhgwHQYDVR0OBBYEFF/zeFZz+tBhRSNCp8P/TeAD9UPqMB8GA1UdIwQY
MBaAFOMrzUDGd0Z30sNwLvWe30nQs2xsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHl2TlFNWjNSbmZTdzNBdTlaN2ZTZEN6Ykd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi80YjdlZjgtODY0My00ZGJiLTkyYWEt
MDc0MDExNWI1YTUyLzEvWF9ONFZuUDYwR0ZGSTBLbndfOU40QVAxUS1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi80YjdlZjgtODY0My00ZGJiLTkyYWEtMDc0MDExNWI1YTUy
LzEvNHl2TlFNWjNSbmZTdzNBdTlaN2ZTZEN6Ykd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDIGCCsGAQUFBwEHAQH/BCMwITAMBAIAATAGAwQATUX4MBEE
AgACMAsDCQAgARpAABAAADANBgkqhkiG9w0BAQsFAAOCAQEAE6RASe8BM1Jqfai4
DXB4IaqqoUEDyTW8XTsz4A/WOLNVDKBqJ7FMtEH8MCEotXWinV8W6WVhsOeq2ktL
4GRwQRTi2PV+NCiL+FOmxt6EMHhe/YFhMS1kGCD+F/Z7UfK6V5HGLC9U8PV4Pqlu
7ocfFjI5h9pXND+69m1/m49VrWU2Adsy9XRIc6Qn/PGfvDgo0+F9kKMSJDIdj3Be
xOjtLghUHjt41tYOLe1l4zZ1gbGSNc873nhgJxfBW79raCQ9pfuuTRxx6+B20+I/
Ry44hdtj4RmbEmmT9bglisvT2IEgD8/bLeekzk9iy3QuRmgy6DekczFVubEATdtl
FS7AYA==
-----END CERTIFICATE-----