Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/sW_Pe5AiNGRK8YU3M9QNoMiFE0k.roa
File:                     sW_Pe5AiNGRK8YU3M9QNoMiFE0k.roa (raw, json)
Hash identifier:          OI9qX7YhyRhGAGILyJE9MQsxymJKu7dbedIOFUkDFak=
Subject key identifier:   B1:6F:CF:7B:90:22:34:64:4A:F1:85:37:33:D4:0D:A0:C8:85:13:49
Certificate issuer:       /CN=19426325acb8ce609a686fa655b058968809b346
Certificate serial:       0194258F895570D04607AAB37655AC12B351
Authority key identifier: 19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/sW_Pe5AiNGRK8YU3M9QNoMiFE0k.roa
Signing time:             Thu 02 Jan 2025 05:49:11 +0000
ROA not before:           Thu 02 Jan 2025 05:49:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208485
IP address blocks:        77.47.178.0/24 maxlen: 24
                          77.47.242.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 08:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:89:55:70:d0:46:07:aa:b3:76:55:ac:12:b3:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19426325acb8ce609a686fa655b058968809b346
        Validity
            Not Before: Jan  2 05:49:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b16fcf7b902234644af1853733d40da0c8851349
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:15:a5:ff:e3:3f:65:c9:31:bb:a6:ff:24:5b:
                    49:6a:ab:84:be:b3:36:5e:b1:cb:5e:26:e0:66:b8:
                    21:ec:27:0c:3f:8b:bf:56:ab:6e:63:7a:64:03:03:
                    21:1f:da:68:f9:fd:1f:ba:fb:89:34:61:02:cc:68:
                    78:fc:38:85:d2:ea:91:2d:a5:08:5e:49:f2:cb:12:
                    ef:e9:cd:14:8a:dd:48:84:1e:29:15:27:5d:a8:be:
                    d2:12:08:8f:62:df:cb:a1:da:6a:49:89:35:bc:26:
                    c8:4d:3c:62:b4:ed:4e:6a:c2:8c:10:15:5f:11:93:
                    43:f3:07:cc:b9:3f:58:fe:8d:81:d9:da:63:d6:09:
                    52:a4:4e:3e:31:c3:bd:b7:ca:88:02:48:8b:51:ad:
                    7c:c8:1a:c6:11:01:0c:21:2a:50:79:54:00:6e:b6:
                    81:9a:9e:6e:d5:07:c8:8e:a6:5e:a0:7c:07:76:e9:
                    62:63:c7:71:45:88:21:5b:d6:df:67:54:ba:6a:d6:
                    82:ee:05:b1:bf:76:b0:73:76:d4:ff:73:d3:8b:99:
                    00:91:d0:42:19:a0:9f:1a:aa:d9:51:b7:9e:85:72:
                    fc:ce:8a:ab:af:c1:91:f2:ee:a5:c4:a7:84:f2:c9:
                    11:3e:99:57:9e:12:03:52:65:7d:61:18:df:7e:6d:
                    1b:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:6F:CF:7B:90:22:34:64:4A:F1:85:37:33:D4:0D:A0:C8:85:13:49
            X509v3 Authority Key Identifier:
                keyid:19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/sW_Pe5AiNGRK8YU3M9QNoMiFE0k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.47.178.0/24
                  77.47.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:92:6f:cc:df:64:0d:aa:39:73:a6:f6:09:70:53:0e:d6:12:
         e1:84:f6:86:46:3d:79:c1:dc:37:b3:9f:e1:e3:12:bc:90:73:
         78:31:3e:b5:3a:04:74:65:4f:00:bd:94:7f:83:61:ea:a9:05:
         8c:26:76:8d:c8:5b:1d:c5:87:6a:b8:aa:22:d3:fa:38:97:2a:
         4d:9c:58:db:ab:b5:d0:d5:4e:7f:ac:44:93:2a:98:d8:e1:24:
         68:50:c6:58:bc:03:78:b3:2e:45:4c:4e:1e:1e:40:81:0c:2d:
         a0:c1:e7:01:29:b4:ec:9f:01:ec:9d:aa:70:0c:24:32:11:93:
         74:ec:75:96:d0:ae:e8:3f:73:37:ca:8f:00:61:30:50:b3:fd:
         ab:e8:ff:d1:4a:d7:d3:0a:75:96:c7:bf:31:8b:e5:57:c5:a4:
         2b:e0:ae:a5:bb:2f:7f:81:83:63:60:39:16:8f:13:7c:e6:a5:
         ca:92:0d:17:11:61:35:51:6d:48:e0:2d:34:5c:d4:4a:3c:18:
         32:fc:2a:29:fc:08:c9:4e:a5:33:84:a0:a5:8c:cc:ba:7f:99:
         39:c6:91:51:d3:39:fa:d3:6b:8c:da:1f:b8:58:48:1b:a7:19:
         8a:b3:6c:52:03:94:30:b4:40:e0:67:5e:19:2a:7f:0e:2d:25:
         a5:9e:16:41
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQlj4lVcNBGB6qzdlWsErNRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5NDI2MzI1YWNiOGNlNjA5YTY4NmZhNjU1YjA1ODk2ODgw
OWIzNDYwHhcNMjUwMTAyMDU0OTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTZmY2Y3YjkwMjIzNDY0NGFmMTg1MzczM2Q0MGRhMGM4ODUxMzQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqxWl/+M/Zckxu6b/JFtJaquEvrM2
XrHLXibgZrgh7CcMP4u/VqtuY3pkAwMhH9po+f0fuvuJNGECzGh4/DiF0uqRLaUI
XknyyxLv6c0Uit1IhB4pFSddqL7SEgiPYt/LodpqSYk1vCbITTxitO1OasKMEBVf
EZND8wfMuT9Y/o2B2dpj1glSpE4+McO9t8qIAkiLUa18yBrGEQEMISpQeVQAbraB
mp5u1QfIjqZeoHwHduliY8dxRYghW9bfZ1S6ataC7gWxv3awc3bU/3PTi5kAkdBC
GaCfGqrZUbeehXL8zoqrr8GR8u6lxKeE8skRPplXnhIDUmV9YRjffm0bYQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLFvz3uQIjRkSvGFNzPUDaDIhRNJMB8GA1UdIwQY
MBaAFBlCYyWsuM5gmmhvplWwWJaICbNGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQt
MDNmNGM3MTEzYzM0LzEvc1dfUGU1QWlOR1JLOFlVM005UU5vTWlGRTBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQtMDNmNGM3MTEzYzM0
LzEvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATS+yAwQA
TS/yMA0GCSqGSIb3DQEBCwUAA4IBAQAckm/M32QNqjlzpvYJcFMO1hLhhPaGRj15
wdw3s5/h4xK8kHN4MT61OgR0ZU8AvZR/g2HqqQWMJnaNyFsdxYdquKoi0/o4lypN
nFjbq7XQ1U5/rESTKpjY4SRoUMZYvAN4sy5FTE4eHkCBDC2gwecBKbTsnwHsnapw
DCQyEZN07HWW0K7oP3M3yo8AYTBQs/2r6P/RStfTCnWWx78xi+VXxaQr4K6luy9/
gYNjYDkWjxN85qXKkg0XEWE1UW1I4C00XNRKPBgy/Cop/AjJTqUzhKCljMy6f5k5
xpFR0zn602uM2h+4WEgbpxmKs2xSA5QwtEDgZ14ZKn8OLSWlnhZB
-----END CERTIFICATE-----