Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/cKVkknJPAIk8alE1ewz9n9F_Cro.roa
File:                     cKVkknJPAIk8alE1ewz9n9F_Cro.roa (raw, json)
Hash identifier:          89bpkreBP8I+Dvtz78KmzGyoqngiNKlMkxhHJoIoY/A=
Subject key identifier:   70:A5:64:92:72:4F:00:89:3C:6A:51:35:7B:0C:FD:9F:D1:7F:0A:BA
Certificate issuer:       /CN=19426325acb8ce609a686fa655b058968809b346
Certificate serial:       0194258F82E0A3E1B63D965B2F6008195A9B
Authority key identifier: 19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/cKVkknJPAIk8alE1ewz9n9F_Cro.roa
Signing time:             Thu 02 Jan 2025 05:49:09 +0000
ROA not before:           Thu 02 Jan 2025 05:49:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6939
IP address blocks:        77.47.144.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 13:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:82:e0:a3:e1:b6:3d:96:5b:2f:60:08:19:5a:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19426325acb8ce609a686fa655b058968809b346
        Validity
            Not Before: Jan  2 05:49:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=70a56492724f00893c6a51357b0cfd9fd17f0aba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:ff:78:47:2e:30:0f:0b:4a:2b:01:9b:2d:eb:
                    0f:a8:37:ab:24:e5:c2:47:ff:af:bd:4a:1d:99:40:
                    2f:d4:5a:5e:63:23:7f:4b:b7:66:ae:d9:ff:b1:27:
                    f9:95:15:49:44:1e:87:8a:87:ef:a8:c7:91:6b:3c:
                    6d:6e:3e:73:0a:2d:28:fc:5b:fc:b2:f7:01:ee:d3:
                    a9:87:d7:10:7d:59:6e:88:e9:04:2e:f8:65:bc:8e:
                    f9:41:26:4d:e6:69:f0:b1:26:22:91:45:cf:7b:04:
                    2c:8a:6b:c9:72:66:02:d8:e9:75:e6:b7:36:3a:46:
                    3d:ec:59:fc:b3:76:01:28:1f:aa:5f:3c:74:65:22:
                    4f:7e:b3:0a:a4:46:ce:ce:9d:48:64:c1:2b:5e:43:
                    2f:ee:e1:a7:9e:b0:cf:49:fa:4c:e7:0a:42:68:9d:
                    09:c1:e1:3b:89:fe:75:fc:f1:fb:8f:a9:57:d1:3e:
                    43:d0:65:55:f8:c4:be:a8:60:3f:03:4b:90:d7:74:
                    1c:37:ab:0f:d3:b0:f0:8b:2d:fa:b8:c4:7f:a0:d8:
                    37:ab:17:91:2b:25:cf:dd:1a:94:90:95:65:d3:14:
                    4d:6d:2b:a8:5d:a6:3b:fd:c0:42:fd:cc:98:d6:c8:
                    d2:30:19:5d:43:db:d5:d2:4d:4a:90:2c:e1:32:04:
                    75:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:A5:64:92:72:4F:00:89:3C:6A:51:35:7B:0C:FD:9F:D1:7F:0A:BA
            X509v3 Authority Key Identifier:
                keyid:19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/cKVkknJPAIk8alE1ewz9n9F_Cro.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.47.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4e:eb:e6:2b:02:fb:ba:bf:6a:30:f2:35:c3:c1:c9:af:49:69:
         b5:17:9d:b2:7a:bd:2f:da:09:10:60:05:49:b1:1c:f6:c9:e6:
         e1:aa:b3:a7:0d:99:60:05:d6:c4:85:24:0a:27:a5:93:2f:12:
         84:cc:b8:64:a6:64:1a:90:b7:92:a9:25:54:fd:72:3d:1e:eb:
         43:06:2d:43:25:96:69:fb:e4:c4:85:d6:2a:d3:53:5e:48:7d:
         00:94:49:b5:de:85:2a:23:5d:ab:9d:24:15:3c:55:92:14:17:
         37:37:6e:b0:5f:f5:60:8d:25:77:5d:c8:32:f5:c4:d0:37:09:
         12:44:25:59:e0:9e:4a:5c:c6:ec:83:a8:59:5d:4e:a1:07:c8:
         87:72:cb:7f:db:0e:88:23:ac:b3:5c:e1:84:e3:b8:93:e1:37:
         d1:a9:66:07:49:4c:c6:a7:ec:64:5b:64:e4:09:b1:3f:a3:80:
         5e:77:f8:74:92:c5:80:2a:60:0b:fb:c0:e8:de:5c:f2:00:3e:
         ca:4f:9e:1e:f4:8a:b3:74:c0:c5:dc:4d:5e:d8:3f:89:eb:0a:
         6a:d1:b3:3a:0c:d3:d1:04:36:52:84:f1:91:3d:4a:7d:b2:38:
         1f:a0:f4:df:cf:69:6f:82:26:b3:6b:7f:35:c1:d7:57:cc:32:
         3f:50:87:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj4Lgo+G2PZZbL2AIGVqbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5NDI2MzI1YWNiOGNlNjA5YTY4NmZhNjU1YjA1ODk2ODgw
OWIzNDYwHhcNMjUwMTAyMDU0OTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGE1NjQ5MjcyNGYwMDg5M2M2YTUxMzU3YjBjZmQ5ZmQxN2YwYWJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiv94Ry4wDwtKKwGbLesPqDerJOXC
R/+vvUodmUAv1FpeYyN/S7dmrtn/sSf5lRVJRB6HiofvqMeRazxtbj5zCi0o/Fv8
svcB7tOph9cQfVluiOkELvhlvI75QSZN5mnwsSYikUXPewQsimvJcmYC2Ol15rc2
OkY97Fn8s3YBKB+qXzx0ZSJPfrMKpEbOzp1IZMErXkMv7uGnnrDPSfpM5wpCaJ0J
weE7if51/PH7j6lX0T5D0GVV+MS+qGA/A0uQ13QcN6sP07Dwiy36uMR/oNg3qxeR
KyXP3RqUkJVl0xRNbSuoXaY7/cBC/cyY1sjSMBldQ9vV0k1KkCzhMgR1ZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHClZJJyTwCJPGpRNXsM/Z/Rfwq6MB8GA1UdIwQY
MBaAFBlCYyWsuM5gmmhvplWwWJaICbNGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQt
MDNmNGM3MTEzYzM0LzEvY0tWa2tuSlBBSWs4YWxFMWV3ejluOUZfQ3JvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQtMDNmNGM3MTEzYzM0
LzEvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCTS+QMA0G
CSqGSIb3DQEBCwUAA4IBAQBO6+YrAvu6v2ow8jXDwcmvSWm1F52yer0v2gkQYAVJ
sRz2yebhqrOnDZlgBdbEhSQKJ6WTLxKEzLhkpmQakLeSqSVU/XI9HutDBi1DJZZp
++TEhdYq01NeSH0AlEm13oUqI12rnSQVPFWSFBc3N26wX/VgjSV3Xcgy9cTQNwkS
RCVZ4J5KXMbsg6hZXU6hB8iHcst/2w6II6yzXOGE47iT4TfRqWYHSUzGp+xkW2Tk
CbE/o4Bed/h0ksWAKmAL+8Do3lzyAD7KT54e9IqzdMDF3E1e2D+J6wpq0bM6DNPR
BDZShPGRPUp9sjgfoPTfz2lvgiaza381wddXzDI/UIew
-----END CERTIFICATE-----