Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/U4eUGvxJ-d1nAYhMyYwnXtPPoj8.roa
File:                     U4eUGvxJ-d1nAYhMyYwnXtPPoj8.roa (raw, json)
Hash identifier:          xlNGYdwoTqzbsKMURChTAM5Letn3FTBwY9H+20wqz5w=
Subject key identifier:   53:87:94:1A:FC:49:F9:DD:67:01:88:4C:C9:8C:27:5E:D3:CF:A2:3F
Certificate issuer:       /CN=19426325acb8ce609a686fa655b058968809b346
Certificate serial:       0192AE6E4C79A54E9081CE591C25FB7DA1B1
Authority key identifier: 19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/U4eUGvxJ-d1nAYhMyYwnXtPPoj8.roa
Signing time:             Mon 21 Oct 2024 09:35:17 +0000
ROA not before:           Mon 21 Oct 2024 09:35:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214648
IP address blocks:        77.47.248.0/22 maxlen: 24
                          77.47.252.0/22 maxlen: 24
                          195.178.128.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:ae:6e:4c:79:a5:4e:90:81:ce:59:1c:25:fb:7d:a1:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19426325acb8ce609a686fa655b058968809b346
        Validity
            Not Before: Oct 21 09:35:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5387941afc49f9dd6701884cc98c275ed3cfa23f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:1c:b4:63:e0:bf:be:44:b3:80:62:5f:91:0a:
                    d8:93:cc:10:aa:e9:9b:cd:1c:79:ce:01:ce:1b:dd:
                    f3:74:d7:04:f6:57:3d:d1:ef:2a:fc:0b:f4:4f:04:
                    29:bd:9a:1e:b4:ca:25:8c:6e:65:cc:14:99:d5:48:
                    6d:d1:68:82:9c:c2:4e:18:ec:fd:f4:1d:2b:ed:fc:
                    73:3b:b5:17:65:84:61:3c:9e:0d:6f:f2:eb:3e:95:
                    8d:a3:40:02:a6:18:67:49:e0:c2:9c:a7:ee:57:7c:
                    f2:52:dd:b6:3d:d4:47:48:94:9d:18:a0:7f:27:9f:
                    c5:14:12:a1:70:98:c8:a5:6f:3d:52:50:59:12:1d:
                    98:1b:8c:23:5a:bd:e4:cc:09:61:07:47:74:3f:2e:
                    21:03:94:24:b5:9c:c9:3e:0a:94:df:f5:8b:3b:7a:
                    8d:b6:7a:17:20:20:15:08:a5:d7:56:67:8e:b7:ef:
                    dc:37:98:d8:19:72:c6:4a:29:d4:fd:95:f8:0c:4a:
                    af:89:cc:ed:64:93:3f:d5:01:cc:47:67:eb:a3:15:
                    30:3f:2c:1e:f6:12:53:19:8f:26:da:df:94:04:bf:
                    3e:14:45:d9:05:9c:f9:ac:21:e4:64:78:e9:7f:76:
                    0d:75:04:d8:41:82:5b:90:6a:57:dd:24:cc:14:ce:
                    11:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:87:94:1A:FC:49:F9:DD:67:01:88:4C:C9:8C:27:5E:D3:CF:A2:3F
            X509v3 Authority Key Identifier:
                keyid:19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/U4eUGvxJ-d1nAYhMyYwnXtPPoj8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.47.248.0/21
                  195.178.128.0/22

    Signature Algorithm: sha256WithRSAEncryption
         40:6d:ef:46:3f:6c:0f:8c:7c:98:f7:a0:a7:13:b9:95:6a:34:
         ae:ba:e6:85:c8:00:df:55:57:90:9b:2b:21:d3:f3:65:d2:7e:
         d8:39:c2:e8:85:d8:ac:df:bb:60:2f:42:8c:a1:2b:ca:30:7e:
         3b:3d:9a:83:24:63:d6:5d:bc:a9:40:c0:14:8b:18:32:ac:a8:
         5b:20:0a:0e:95:82:dc:24:53:af:c0:f5:e9:2c:72:07:99:15:
         25:b7:56:5b:b6:f0:90:88:b8:09:f7:c9:09:b6:53:bc:f4:8d:
         5c:9a:ed:c7:52:8c:37:c1:77:bd:11:71:ef:77:90:6c:15:0c:
         1d:ae:ac:4b:96:c0:f4:e4:a6:72:f1:34:ef:f6:ef:31:3d:8b:
         69:12:e0:09:d6:82:03:43:d1:73:61:61:c1:3c:94:1c:5c:5e:
         d7:90:75:32:48:af:51:fa:90:16:ae:82:aa:df:bb:e5:18:f4:
         28:0d:b9:47:d9:c4:a9:57:3a:d1:6c:0a:d8:22:e6:4f:aa:2a:
         d8:69:2b:4e:c9:dd:ba:37:26:70:b8:c0:0d:85:a1:d9:b0:5c:
         d5:26:d9:f7:6d:11:4f:a0:11:85:5b:4d:d6:f3:96:b2:ff:5c:
         79:32:84:e1:fa:55:53:41:32:f6:37:b8:37:d3:7d:31:b2:37:
         c2:e7:68:2c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZKubkx5pU6Qgc5ZHCX7faGxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5NDI2MzI1YWNiOGNlNjA5YTY4NmZhNjU1YjA1ODk2ODgw
OWIzNDYwHhcNMjQxMDIxMDkzNTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Mzg3OTQxYWZjNDlmOWRkNjcwMTg4NGNjOThjMjc1ZWQzY2ZhMjNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1hy0Y+C/vkSzgGJfkQrYk8wQqumb
zRx5zgHOG93zdNcE9lc90e8q/Av0TwQpvZoetMoljG5lzBSZ1Uht0WiCnMJOGOz9
9B0r7fxzO7UXZYRhPJ4Nb/LrPpWNo0ACphhnSeDCnKfuV3zyUt22PdRHSJSdGKB/
J5/FFBKhcJjIpW89UlBZEh2YG4wjWr3kzAlhB0d0Py4hA5QktZzJPgqU3/WLO3qN
tnoXICAVCKXXVmeOt+/cN5jYGXLGSinU/ZX4DEqvicztZJM/1QHMR2froxUwPywe
9hJTGY8m2t+UBL8+FEXZBZz5rCHkZHjpf3YNdQTYQYJbkGpX3STMFM4RIwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFOHlBr8SfndZwGITMmMJ17Tz6I/MB8GA1UdIwQY
MBaAFBlCYyWsuM5gmmhvplWwWJaICbNGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQt
MDNmNGM3MTEzYzM0LzEvVTRlVUd2eEotZDFuQVloTXlZd25YdFBQb2o4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQtMDNmNGM3MTEzYzM0
LzEvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDTS/4AwQC
w7KAMA0GCSqGSIb3DQEBCwUAA4IBAQBAbe9GP2wPjHyY96CnE7mVajSuuuaFyADf
VVeQmysh0/Nl0n7YOcLohdis37tgL0KMoSvKMH47PZqDJGPWXbypQMAUixgyrKhb
IAoOlYLcJFOvwPXpLHIHmRUlt1ZbtvCQiLgJ98kJtlO89I1cmu3HUow3wXe9EXHv
d5BsFQwdrqxLlsD05KZy8TTv9u8xPYtpEuAJ1oIDQ9FzYWHBPJQcXF7XkHUySK9R
+pAWroKq37vlGPQoDblH2cSpVzrRbArYIuZPqirYaStOyd26NyZwuMANhaHZsFzV
Jtn3bRFPoBGFW03W85ay/1x5MoTh+lVTQTL2N7g3030xsjfC52gs
-----END CERTIFICATE-----