Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/pZyyFGTUuGcxi_-pctskUw0GEaE.roa
File:                     pZyyFGTUuGcxi_-pctskUw0GEaE.roa (raw, json)
Hash identifier:          JtgJcv4lqaSqrDEz+ygMFfhBO7L2XzM9bV96/N5AIsI=
Subject key identifier:   A5:9C:B2:14:64:D4:B8:67:31:8B:FF:A9:72:DB:24:53:0D:06:11:A1
Certificate issuer:       /CN=19426325acb8ce609a686fa655b058968809b346
Certificate serial:       018F72AFF77660FFA2ADDA17091DDD2EDD5F
Authority key identifier: 19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/pZyyFGTUuGcxi_-pctskUw0GEaE.roa
Signing time:             Mon 13 May 2024 16:01:25 +0000
ROA not before:           Mon 13 May 2024 16:01:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3320
IP address blocks:        77.47.152.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 09:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:72:af:f7:76:60:ff:a2:ad:da:17:09:1d:dd:2e:dd:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19426325acb8ce609a686fa655b058968809b346
        Validity
            Not Before: May 13 16:01:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a59cb21464d4b867318bffa972db24530d0611a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:75:e5:3e:b4:c4:a0:c4:ae:08:51:6e:a3:2c:
                    93:c4:98:f1:f6:f5:cc:82:31:dd:4c:4d:50:8e:28:
                    b8:7a:28:ce:7a:e2:e9:ef:d7:e3:cb:76:bb:d0:73:
                    93:78:dd:22:d5:5e:8c:11:87:5f:de:11:dc:b6:fc:
                    e1:a4:ee:cb:f6:87:a3:f2:bd:e6:93:c3:87:d9:43:
                    6c:9f:47:1a:b4:1d:62:bd:c2:8d:ad:03:14:f8:fe:
                    fa:07:1e:a3:74:39:d2:20:27:22:02:5c:e3:c6:fd:
                    8e:5b:d8:a7:bc:65:38:fb:c0:01:9b:45:90:04:5a:
                    e2:ee:d6:1a:03:ec:aa:07:e7:fc:da:dd:da:45:5e:
                    f9:00:dc:ce:f8:9b:b6:26:46:43:59:85:c4:14:dd:
                    32:04:b8:fa:8b:fd:44:ba:7e:ee:6f:97:32:2d:34:
                    32:c0:b8:11:ba:63:c3:4d:e2:11:58:ee:71:93:6b:
                    1b:f0:71:ae:57:11:60:b5:0b:74:9c:f4:fb:06:91:
                    ca:fd:6a:a6:35:ca:62:7d:be:66:8c:3e:9d:49:ff:
                    a7:16:40:ac:8a:3b:fe:c0:d2:e7:4d:44:ca:95:0e:
                    23:9d:c7:c3:77:62:bc:a5:90:e6:a0:3d:e3:09:24:
                    b0:a7:f6:29:a2:a2:e4:b4:bc:67:b7:77:81:c5:5a:
                    49:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:9C:B2:14:64:D4:B8:67:31:8B:FF:A9:72:DB:24:53:0D:06:11:A1
            X509v3 Authority Key Identifier:
                keyid:19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/pZyyFGTUuGcxi_-pctskUw0GEaE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.47.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         22:c9:98:45:37:98:c5:bb:a1:2e:a0:d9:db:7f:07:97:1a:c1:
         70:0c:80:a1:30:ba:6c:e6:60:b2:39:9e:71:dd:88:70:d3:a8:
         ce:3c:6d:c4:4d:3b:c2:24:f2:f8:e5:53:97:73:ef:1b:40:83:
         b9:24:8f:bd:06:92:e9:96:e2:18:ac:f5:02:3c:3b:95:81:23:
         3c:ad:2e:60:e0:67:46:28:02:1d:9f:a7:a2:a2:65:8e:78:98:
         36:5a:38:f6:fc:90:f0:03:27:a4:88:33:e1:6e:3e:8a:3c:0e:
         fc:1a:50:e1:f2:d2:0d:61:73:55:70:32:38:0b:42:87:30:52:
         97:94:12:79:ee:e8:4b:65:99:5f:39:5f:41:d0:d8:77:b3:59:
         37:42:02:c9:1b:94:e1:05:bb:a8:2c:b3:04:db:86:c4:5d:3f:
         6b:c5:a7:15:eb:9d:c6:89:b7:ea:0f:f9:ae:2d:b7:ad:be:70:
         bf:72:17:e7:a2:53:7b:7f:ee:b9:23:34:25:b8:91:6d:9f:8c:
         29:05:08:d7:7f:32:47:e6:94:4b:6f:26:36:bf:48:59:28:84:
         4f:81:8c:b0:74:46:3d:fe:5f:10:27:c7:26:f1:1d:49:14:a0:
         0a:92:ad:01:04:42:75:15:a6:45:29:0f:9c:d8:d3:02:76:da:
         cb:33:e4:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9yr/d2YP+irdoXCR3dLt1fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5NDI2MzI1YWNiOGNlNjA5YTY4NmZhNjU1YjA1ODk2ODgw
OWIzNDYwHhcNMjQwNTEzMTYwMTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTljYjIxNDY0ZDRiODY3MzE4YmZmYTk3MmRiMjQ1MzBkMDYxMWExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlnXlPrTEoMSuCFFuoyyTxJjx9vXM
gjHdTE1Qjii4eijOeuLp79fjy3a70HOTeN0i1V6MEYdf3hHctvzhpO7L9oej8r3m
k8OH2UNsn0catB1ivcKNrQMU+P76Bx6jdDnSICciAlzjxv2OW9invGU4+8ABm0WQ
BFri7tYaA+yqB+f82t3aRV75ANzO+Ju2JkZDWYXEFN0yBLj6i/1Eun7ub5cyLTQy
wLgRumPDTeIRWO5xk2sb8HGuVxFgtQt0nPT7BpHK/WqmNcpifb5mjD6dSf+nFkCs
ijv+wNLnTUTKlQ4jncfDd2K8pZDmoD3jCSSwp/YpoqLktLxnt3eBxVpJ/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKWcshRk1LhnMYv/qXLbJFMNBhGhMB8GA1UdIwQY
MBaAFBlCYyWsuM5gmmhvplWwWJaICbNGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQt
MDNmNGM3MTEzYzM0LzEvcFp5eUZHVFV1R2N4aV8tcGN0c2tVdzBHRWFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQtMDNmNGM3MTEzYzM0
LzEvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCTS+YMA0G
CSqGSIb3DQEBCwUAA4IBAQAiyZhFN5jFu6EuoNnbfweXGsFwDIChMLps5mCyOZ5x
3Yhw06jOPG3ETTvCJPL45VOXc+8bQIO5JI+9BpLpluIYrPUCPDuVgSM8rS5g4GdG
KAIdn6eiomWOeJg2Wjj2/JDwAyekiDPhbj6KPA78GlDh8tINYXNVcDI4C0KHMFKX
lBJ57uhLZZlfOV9B0Nh3s1k3QgLJG5ThBbuoLLME24bEXT9rxacV653GibfqD/mu
LbetvnC/chfnolN7f+65IzQluJFtn4wpBQjXfzJH5pRLbyY2v0hZKIRPgYywdEY9
/l8QJ8cm8R1JFKAKkq0BBEJ1FaZFKQ+c2NMCdtrLM+R4
-----END CERTIFICATE-----