Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/fe59a1-2a56-4694-b4c7-d80b3c1f9d73/1/Wgf1kmS4_JtkaVkr1HurHD40lv8.roa
File:                     Wgf1kmS4_JtkaVkr1HurHD40lv8.roa (raw, json)
Hash identifier:          WIt9C2Eq4hg+1LihOaK6fb+M/tR9GIgCaz5Hgz+0omY=
Subject key identifier:   5A:07:F5:92:64:B8:FC:9B:64:69:59:2B:D4:7B:AB:1C:3E:34:96:FF
Certificate issuer:       /CN=8e045bfecd2bbe24d33f5309db47c8aa77a3b10c
Certificate serial:       018CC8DEC37A4823753778A33EFE4369BE05
Authority key identifier: 8E:04:5B:FE:CD:2B:BE:24:D3:3F:53:09:DB:47:C8:AA:77:A3:B1:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jgRb_s0rviTTP1MJ20fIqnejsQw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/fe59a1-2a56-4694-b4c7-d80b3c1f9d73/1/Wgf1kmS4_JtkaVkr1HurHD40lv8.roa
Signing time:             Tue 02 Jan 2024 06:31:31 +0000
ROA not before:           Tue 02 Jan 2024 06:31:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12447
IP address blocks:        77.75.24.0/21 maxlen: 24
                          185.132.96.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/fe59a1-2a56-4694-b4c7-d80b3c1f9d73/1/jgRb_s0rviTTP1MJ20fIqnejsQw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/fe59a1-2a56-4694-b4c7-d80b3c1f9d73/1/jgRb_s0rviTTP1MJ20fIqnejsQw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jgRb_s0rviTTP1MJ20fIqnejsQw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:c3:7a:48:23:75:37:78:a3:3e:fe:43:69:be:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e045bfecd2bbe24d33f5309db47c8aa77a3b10c
        Validity
            Not Before: Jan  2 06:31:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5a07f59264b8fc9b6469592bd47bab1c3e3496ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:4e:1d:02:95:a3:1a:e3:03:0e:24:49:34:26:
                    2f:3d:2e:67:66:6f:09:23:a2:03:d8:ee:e1:26:c5:
                    1c:95:58:80:5a:ca:22:71:16:8c:13:1e:61:aa:46:
                    d6:b6:92:02:14:1f:cb:97:81:21:00:10:84:37:72:
                    f2:b6:21:f9:e2:42:e1:2c:95:92:fb:3c:e4:6e:01:
                    13:e3:91:03:bd:ee:27:b6:37:09:b1:07:6f:41:a0:
                    fb:0d:bb:8b:a6:9a:81:47:cb:2b:15:d2:09:54:0f:
                    03:a1:66:14:9c:47:04:f4:9d:93:3e:a0:97:a5:e1:
                    72:26:ba:aa:67:22:47:84:2b:d0:e3:3b:e8:4c:eb:
                    0e:e2:d0:c2:91:98:42:7f:0d:04:37:02:b2:7c:ed:
                    22:63:72:8b:7b:3d:90:9d:ce:cf:fc:c0:39:13:b7:
                    53:6a:9d:ac:ee:4f:b1:cb:df:d1:c0:ec:c6:53:ca:
                    5c:7a:1f:57:9f:2e:a8:bc:23:ec:fc:e4:77:aa:b8:
                    ff:88:f4:a5:f2:c1:8f:14:5a:97:bc:d5:5d:08:2b:
                    d2:d1:de:63:9e:de:a2:cb:6d:34:55:a5:61:ce:aa:
                    64:05:68:38:5c:06:a0:41:c5:f1:e2:49:93:6e:c7:
                    10:8b:8e:80:f2:d2:14:5e:9b:5c:06:36:96:c4:ef:
                    f1:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:07:F5:92:64:B8:FC:9B:64:69:59:2B:D4:7B:AB:1C:3E:34:96:FF
            X509v3 Authority Key Identifier:
                keyid:8E:04:5B:FE:CD:2B:BE:24:D3:3F:53:09:DB:47:C8:AA:77:A3:B1:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jgRb_s0rviTTP1MJ20fIqnejsQw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/fe59a1-2a56-4694-b4c7-d80b3c1f9d73/1/Wgf1kmS4_JtkaVkr1HurHD40lv8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/fe59a1-2a56-4694-b4c7-d80b3c1f9d73/1/jgRb_s0rviTTP1MJ20fIqnejsQw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.75.24.0/21
                  185.132.96.0/22

    Signature Algorithm: sha256WithRSAEncryption
         49:d7:df:41:11:a5:71:8e:85:aa:ec:6d:be:b9:7e:08:82:68:
         85:22:9e:8c:df:83:7b:ae:fa:cb:65:c7:e3:b2:f1:15:0e:89:
         6f:d8:7c:78:66:26:27:5f:52:00:45:01:6a:9b:93:ae:28:87:
         a9:a6:d0:ee:69:5a:ba:fc:2a:b3:bb:19:08:83:65:32:0f:6c:
         25:6f:5e:df:0b:a9:a2:28:38:19:b5:99:d6:ab:4c:6f:20:fe:
         8a:77:0a:d4:8d:28:af:66:7e:43:18:74:8c:93:64:25:eb:74:
         be:ac:c9:26:17:8e:cb:b7:48:43:d5:4e:e6:35:81:6d:b6:09:
         96:b2:18:a1:d9:49:ea:0d:45:1c:6e:b7:77:67:be:a2:8d:3f:
         3d:18:0c:b5:b2:b9:8f:5b:7f:77:24:6d:54:07:02:53:ef:8d:
         df:2f:75:cd:67:89:12:51:55:a8:b4:59:76:cc:bb:67:68:0f:
         32:6a:75:62:2b:b4:83:24:27:70:ef:19:ab:db:b2:73:9f:b0:
         44:96:9b:0b:e1:78:78:ee:8b:00:8a:4f:59:61:03:74:66:59:
         8e:ec:57:2b:c7:cc:6a:1c:f2:31:d8:eb:ad:4d:c1:ee:b4:fc:
         0d:59:ec:60:a6:8d:9f:90:90:cf:fe:62:0b:f9:4c:6f:22:62:
         cd:64:4a:0d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzI3sN6SCN1N3ijPv5Dab4FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlMDQ1YmZlY2QyYmJlMjRkMzNmNTMwOWRiNDdjOGFhNzdh
M2IxMGMwHhcNMjQwMTAyMDYzMTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTA3ZjU5MjY0YjhmYzliNjQ2OTU5MmJkNDdiYWIxYzNlMzQ5NmZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh04dApWjGuMDDiRJNCYvPS5nZm8J
I6ID2O7hJsUclViAWsoicRaMEx5hqkbWtpICFB/Ll4EhABCEN3LytiH54kLhLJWS
+zzkbgET45EDve4ntjcJsQdvQaD7DbuLppqBR8srFdIJVA8DoWYUnEcE9J2TPqCX
peFyJrqqZyJHhCvQ4zvoTOsO4tDCkZhCfw0ENwKyfO0iY3KLez2Qnc7P/MA5E7dT
ap2s7k+xy9/RwOzGU8pceh9Xny6ovCPs/OR3qrj/iPSl8sGPFFqXvNVdCCvS0d5j
nt6iy200VaVhzqpkBWg4XAagQcXx4kmTbscQi46A8tIUXptcBjaWxO/x8wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFoH9ZJkuPybZGlZK9R7qxw+NJb/MB8GA1UdIwQY
MBaAFI4EW/7NK74k0z9TCdtHyKp3o7EMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamdSYl9zMHJ2aVRUUDFNSjIwZklxbmVqc1F3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9mZTU5YTEtMmE1Ni00Njk0LWI0Yzct
ZDgwYjNjMWY5ZDczLzEvV2dmMWttUzRfSnRrYVZrcjFIdXJIRDQwbHY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9mZTU5YTEtMmE1Ni00Njk0LWI0YzctZDgwYjNjMWY5ZDcz
LzEvamdSYl9zMHJ2aVRUUDFNSjIwZklxbmVqc1F3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDTUsYAwQC
uYRgMA0GCSqGSIb3DQEBCwUAA4IBAQBJ199BEaVxjoWq7G2+uX4IgmiFIp6M34N7
rvrLZcfjsvEVDolv2Hx4ZiYnX1IARQFqm5OuKIepptDuaVq6/CqzuxkIg2UyD2wl
b17fC6miKDgZtZnWq0xvIP6KdwrUjSivZn5DGHSMk2Ql63S+rMkmF47Lt0hD1U7m
NYFttgmWshih2UnqDUUcbrd3Z76ijT89GAy1srmPW393JG1UBwJT743fL3XNZ4kS
UVWotFl2zLtnaA8yanViK7SDJCdw7xmr27Jzn7BElpsL4Xh47osAik9ZYQN0ZlmO
7Fcrx8xqHPIx2OutTcHutPwNWexgpo2fkJDP/mIL+UxvImLNZEoN
-----END CERTIFICATE-----