Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/9c6e07-693f-46ce-8646-d7abcd0ef64a/1/rw64T_L1uG6I-v5eRM4pV9XHYt0.roa
File:                     rw64T_L1uG6I-v5eRM4pV9XHYt0.roa (raw, json)
Hash identifier:          8qTFPjXjWSe6tof1Vp9X6T++pi9HpOpqVbicw6R2miw=
Subject key identifier:   AF:0E:B8:4F:F2:F5:B8:6E:88:FA:FE:5E:44:CE:29:57:D5:C7:62:DD
Certificate issuer:       /CN=8a5a3417fbe25c2e467c18485c181a7776f96ff4
Certificate serial:       018E8AB953C40AC188AB1649338EF36FB0AF
Authority key identifier: 8A:5A:34:17:FB:E2:5C:2E:46:7C:18:48:5C:18:1A:77:76:F9:6F:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ilo0F_viXC5GfBhIXBgad3b5b_Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/9c6e07-693f-46ce-8646-d7abcd0ef64a/1/rw64T_L1uG6I-v5eRM4pV9XHYt0.roa
Signing time:             Fri 29 Mar 2024 14:59:45 +0000
ROA not before:           Fri 29 Mar 2024 14:59:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     400909
IP address blocks:        77.93.150.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/9c6e07-693f-46ce-8646-d7abcd0ef64a/1/ilo0F_viXC5GfBhIXBgad3b5b_Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/9c6e07-693f-46ce-8646-d7abcd0ef64a/1/ilo0F_viXC5GfBhIXBgad3b5b_Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ilo0F_viXC5GfBhIXBgad3b5b_Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:8a:b9:53:c4:0a:c1:88:ab:16:49:33:8e:f3:6f:b0:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a5a3417fbe25c2e467c18485c181a7776f96ff4
        Validity
            Not Before: Mar 29 14:59:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=af0eb84ff2f5b86e88fafe5e44ce2957d5c762dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:d8:e4:48:86:67:9f:e7:ec:72:8a:a5:f4:3a:
                    6b:65:2e:d0:cd:df:79:b2:db:25:37:ff:e4:8d:94:
                    17:eb:4d:41:c7:5e:13:30:67:61:2c:18:7e:4c:ad:
                    26:ec:77:37:c5:26:1d:42:9a:0d:42:0d:9a:b2:4e:
                    26:eb:05:84:a6:ce:00:d6:5a:38:4f:a3:15:26:9e:
                    c1:d1:cc:b9:e9:65:f3:f3:1e:83:1e:21:68:5d:ed:
                    95:73:53:c3:ab:d2:46:28:bc:95:07:3f:62:c8:84:
                    18:a2:cd:ed:f6:30:59:85:78:14:7a:f6:0e:bc:73:
                    63:d6:c2:5e:d4:20:f0:1a:e9:5c:ea:26:b8:aa:23:
                    16:b8:a7:ce:56:9b:87:66:5b:89:89:25:a3:7d:67:
                    d0:20:1e:32:80:f1:4c:2e:e3:04:6b:e6:74:af:84:
                    20:00:a4:14:ab:3b:0a:1c:d8:43:5b:47:79:03:e7:
                    92:8b:03:56:8a:92:84:61:88:68:09:72:ee:16:c4:
                    40:39:2b:51:71:be:5b:33:6a:a9:e8:d2:19:0c:70:
                    11:6c:47:8e:cb:65:25:e4:1a:26:3a:3b:61:d1:45:
                    37:1d:4a:16:b7:6f:1d:a1:7e:63:3a:d9:8b:5f:2d:
                    89:54:1f:63:8e:6b:f1:78:d5:fd:fc:08:45:27:98:
                    f2:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:0E:B8:4F:F2:F5:B8:6E:88:FA:FE:5E:44:CE:29:57:D5:C7:62:DD
            X509v3 Authority Key Identifier:
                keyid:8A:5A:34:17:FB:E2:5C:2E:46:7C:18:48:5C:18:1A:77:76:F9:6F:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ilo0F_viXC5GfBhIXBgad3b5b_Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/9c6e07-693f-46ce-8646-d7abcd0ef64a/1/rw64T_L1uG6I-v5eRM4pV9XHYt0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/9c6e07-693f-46ce-8646-d7abcd0ef64a/1/ilo0F_viXC5GfBhIXBgad3b5b_Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.93.150.0/23

    Signature Algorithm: sha256WithRSAEncryption
         03:94:68:88:e8:95:bd:ff:27:38:d9:7d:a9:c1:f4:97:87:e6:
         1b:c8:d9:ac:81:63:92:b1:75:5a:42:c7:bd:3d:15:ea:b7:82:
         87:33:6f:41:50:8a:05:e3:60:4f:a6:00:fc:23:da:c1:6c:45:
         03:43:8e:64:1d:72:74:27:f9:e5:4d:4a:74:6c:83:20:c9:92:
         a7:ef:7e:b4:aa:19:cf:3a:ec:9d:40:0a:eb:2b:32:0f:b0:87:
         99:37:54:63:b6:1e:10:ca:72:48:94:21:91:0d:89:4c:61:7c:
         a2:38:9f:70:b5:66:0a:c3:a8:4b:8a:02:e4:6b:90:a0:36:bd:
         e5:41:75:b5:cb:4d:28:e1:57:37:ab:63:44:5c:ae:53:fe:6f:
         12:e6:c0:4e:13:36:1a:84:ec:1b:0e:22:ab:ec:b4:40:65:b8:
         02:71:f7:77:d4:bc:45:ab:4a:f2:a3:dd:6e:b9:98:68:68:ff:
         0e:ae:65:a5:d2:ce:e6:b4:34:88:84:fe:1f:71:dd:7c:b8:2b:
         5c:37:a4:d9:fe:06:f0:cd:cd:44:bc:7c:64:51:80:93:9a:37:
         19:cb:d8:71:4b:dd:01:d2:dd:7b:c8:95:46:f6:5d:6c:7f:ce:
         28:af:05:5d:d3:77:e7:4b:fd:e1:45:8c:74:01:23:c7:13:95:
         e1:b1:e5:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6KuVPECsGIqxZJM47zb7CvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhNWEzNDE3ZmJlMjVjMmU0NjdjMTg0ODVjMTgxYTc3NzZm
OTZmZjQwHhcNMjQwMzI5MTQ1OTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjBlYjg0ZmYyZjViODZlODhmYWZlNWU0NGNlMjk1N2Q1Yzc2MmRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl9jkSIZnn+fscoql9DprZS7Qzd95
stslN//kjZQX601Bx14TMGdhLBh+TK0m7Hc3xSYdQpoNQg2ask4m6wWEps4A1lo4
T6MVJp7B0cy56WXz8x6DHiFoXe2Vc1PDq9JGKLyVBz9iyIQYos3t9jBZhXgUevYO
vHNj1sJe1CDwGulc6ia4qiMWuKfOVpuHZluJiSWjfWfQIB4ygPFMLuMEa+Z0r4Qg
AKQUqzsKHNhDW0d5A+eSiwNWipKEYYhoCXLuFsRAOStRcb5bM2qp6NIZDHARbEeO
y2Ul5BomOjth0UU3HUoWt28doX5jOtmLXy2JVB9jjmvxeNX9/AhFJ5jy2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK8OuE/y9bhuiPr+XkTOKVfVx2LdMB8GA1UdIwQY
MBaAFIpaNBf74lwuRnwYSFwYGnd2+W/0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWxvMEZfdmlYQzVHZkJoSVhCZ2FkM2I1Yl9RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC85YzZlMDctNjkzZi00NmNlLTg2NDYt
ZDdhYmNkMGVmNjRhLzEvcnc2NFRfTDF1RzZJLXY1ZVJNNHBWOVhIWXQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC85YzZlMDctNjkzZi00NmNlLTg2NDYtZDdhYmNkMGVmNjRh
LzEvaWxvMEZfdmlYQzVHZkJoSVhCZ2FkM2I1Yl9RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBTV2WMA0G
CSqGSIb3DQEBCwUAA4IBAQADlGiI6JW9/yc42X2pwfSXh+YbyNmsgWOSsXVaQse9
PRXqt4KHM29BUIoF42BPpgD8I9rBbEUDQ45kHXJ0J/nlTUp0bIMgyZKn7360qhnP
OuydQArrKzIPsIeZN1Rjth4QynJIlCGRDYlMYXyiOJ9wtWYKw6hLigLka5CgNr3l
QXW1y00o4Vc3q2NEXK5T/m8S5sBOEzYahOwbDiKr7LRAZbgCcfd31LxFq0ryo91u
uZhoaP8OrmWl0s7mtDSIhP4fcd18uCtcN6TZ/gbwzc1EvHxkUYCTmjcZy9hxS90B
0t17yJVG9l1sf84orwVd03fnS/3hRYx0ASPHE5XhseV2
-----END CERTIFICATE-----