Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/Du4uMuMClMnpHkm8zTrreuXhkvs.roa
File:                     Du4uMuMClMnpHkm8zTrreuXhkvs.roa (raw, json)
Hash identifier:          c2boyaZ447XJzDhhlXsr01desCyhQjjbfhrgUT/IWjo=
Subject key identifier:   0E:EE:2E:32:E3:02:94:C9:E9:1E:49:BC:CD:3A:EB:7A:E5:E1:92:FB
Certificate issuer:       /CN=d703642076d27e252fa90bf1a4296f8bcd9d0cf1
Certificate serial:       018CC94D9AEA79E4546DA363810940AABD56
Authority key identifier: D7:03:64:20:76:D2:7E:25:2F:A9:0B:F1:A4:29:6F:8B:CD:9D:0C:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1wNkIHbSfiUvqQvxpClvi82dDPE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/Du4uMuMClMnpHkm8zTrreuXhkvs.roa
Signing time:             Tue 02 Jan 2024 08:32:35 +0000
ROA not before:           Tue 02 Jan 2024 08:32:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212910
IP address blocks:        77.221.58.0/23 maxlen: 23
                          77.221.63.0/24 maxlen: 24
                          77.221.60.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/1wNkIHbSfiUvqQvxpClvi82dDPE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/1wNkIHbSfiUvqQvxpClvi82dDPE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1wNkIHbSfiUvqQvxpClvi82dDPE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 30 Jun 2024 05:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:9a:ea:79:e4:54:6d:a3:63:81:09:40:aa:bd:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d703642076d27e252fa90bf1a4296f8bcd9d0cf1
        Validity
            Not Before: Jan  2 08:32:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0eee2e32e30294c9e91e49bccd3aeb7ae5e192fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:41:2f:f1:53:2e:78:7d:df:04:5d:85:82:93:
                    87:27:52:e2:4b:0f:ce:f3:89:c8:55:09:2c:02:de:
                    bd:2b:2a:16:b1:ee:74:91:bb:06:2d:2a:26:7b:b8:
                    81:33:d0:68:a8:78:d7:16:63:2d:68:2b:19:bc:90:
                    f4:29:57:f8:b3:20:aa:c8:76:c1:e2:62:d0:f5:84:
                    c6:05:8a:34:9e:7a:63:ca:24:3f:75:53:98:c6:59:
                    05:26:45:88:e0:55:a7:21:2c:f9:a4:d7:18:7c:3d:
                    a3:8f:e3:1c:2d:a0:7b:f9:62:79:6f:ac:70:9d:10:
                    5f:fd:c3:29:20:a4:e0:99:e5:8d:82:f4:9e:30:f7:
                    ea:30:19:a9:63:0c:40:e8:93:eb:2e:42:1d:e5:61:
                    47:6c:85:1c:95:a6:54:ee:50:b4:53:76:5a:35:4b:
                    c3:f4:78:cd:b4:ea:8f:fd:c1:38:da:6d:6c:0e:bb:
                    c9:44:91:9d:00:0c:5f:fc:3d:b8:62:f7:63:77:12:
                    05:d9:7f:3f:d0:34:ca:3d:4e:f4:86:e7:17:f8:f2:
                    de:ed:9d:ff:e9:67:b2:ee:1b:21:31:c4:7e:c1:39:
                    76:64:f5:cf:b7:54:25:70:e2:2e:2f:e0:3e:87:33:
                    22:cc:7e:54:8c:d6:45:76:48:df:9d:af:59:93:c3:
                    26:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:EE:2E:32:E3:02:94:C9:E9:1E:49:BC:CD:3A:EB:7A:E5:E1:92:FB
            X509v3 Authority Key Identifier:
                keyid:D7:03:64:20:76:D2:7E:25:2F:A9:0B:F1:A4:29:6F:8B:CD:9D:0C:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1wNkIHbSfiUvqQvxpClvi82dDPE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/Du4uMuMClMnpHkm8zTrreuXhkvs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/1wNkIHbSfiUvqQvxpClvi82dDPE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.221.58.0-77.221.61.255
                  77.221.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:97:20:92:5b:80:10:8d:90:20:d3:b3:9c:7f:0c:4a:67:21:
         57:a2:45:fa:5b:59:d0:f6:d8:28:90:25:d2:3c:06:70:10:4f:
         13:98:dd:e5:0b:47:9c:fd:80:e8:ba:39:7d:71:ab:f9:3b:ad:
         fd:95:a3:f9:19:0f:8a:25:6c:98:65:d5:77:55:ab:42:7c:c1:
         86:c6:0f:b2:3f:9a:39:a2:e3:b1:70:55:88:a9:cd:ab:bb:a6:
         63:0f:1f:48:07:06:15:89:2e:51:2a:8f:16:93:f5:46:b2:03:
         f7:07:d6:b8:a8:16:51:c4:26:de:ca:ea:7a:92:e5:0b:c0:c1:
         cd:c1:cd:ed:eb:ba:fd:67:bd:70:e9:65:f7:95:d4:e2:1f:af:
         f7:66:09:fc:87:81:aa:e4:ab:ff:c2:e3:be:8e:24:79:b9:97:
         08:23:0f:75:74:aa:64:a0:69:8b:8b:32:62:14:09:7a:d7:60:
         84:cf:1d:2b:aa:56:d2:32:f5:8a:0e:30:a6:2d:c9:9b:f1:62:
         a0:0e:ae:a4:04:7a:03:02:b8:c4:3b:fe:8f:cb:ae:69:a8:96:
         d1:ab:17:8b:49:b1:e8:a4:fe:d5:27:89:b3:9e:7a:cb:33:0a:
         30:c0:fe:c9:0a:e6:5c:33:15:b7:d7:9d:c4:49:34:2c:d5:86:
         0f:1a:df:bf
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzJTZrqeeRUbaNjgQlAqr1WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3MDM2NDIwNzZkMjdlMjUyZmE5MGJmMWE0Mjk2ZjhiY2Q5
ZDBjZjEwHhcNMjQwMTAyMDgzMjM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZWVlMmUzMmUzMDI5NGM5ZTkxZTQ5YmNjZDNhZWI3YWU1ZTE5MmZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgEEv8VMueH3fBF2FgpOHJ1LiSw/O
84nIVQksAt69KyoWse50kbsGLSome7iBM9BoqHjXFmMtaCsZvJD0KVf4syCqyHbB
4mLQ9YTGBYo0nnpjyiQ/dVOYxlkFJkWI4FWnISz5pNcYfD2jj+McLaB7+WJ5b6xw
nRBf/cMpIKTgmeWNgvSeMPfqMBmpYwxA6JPrLkId5WFHbIUclaZU7lC0U3ZaNUvD
9HjNtOqP/cE42m1sDrvJRJGdAAxf/D24YvdjdxIF2X8/0DTKPU70hucX+PLe7Z3/
6Wey7hshMcR+wTl2ZPXPt1QlcOIuL+A+hzMizH5UjNZFdkjfna9Zk8MmSwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFA7uLjLjApTJ6R5JvM0663rl4ZL7MB8GA1UdIwQY
MBaAFNcDZCB20n4lL6kL8aQpb4vNnQzxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXdOa0lIYlNmaVV2cVF2eHBDbHZpODJkRFBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8zODEzNmMtZGI1MS00ZjcwLWFkOGIt
NjU0NTA1YTJkMDQ1LzEvRHU0dU11TUNsTW5wSGttOHpUcnJldVhoa3ZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8zODEzNmMtZGI1MS00ZjcwLWFkOGItNjU0NTA1YTJkMDQ1
LzEvMXdOa0lIYlNmaVV2cVF2eHBDbHZpODJkRFBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAFN3ToD
BAFN3TwDBABN3T8wDQYJKoZIhvcNAQELBQADggEBABWXIJJbgBCNkCDTs5x/DEpn
IVeiRfpbWdD22CiQJdI8BnAQTxOY3eULR5z9gOi6OX1xq/k7rf2Vo/kZD4olbJhl
1XdVq0J8wYbGD7I/mjmi47FwVYipzau7pmMPH0gHBhWJLlEqjxaT9UayA/cH1rio
FlHEJt7K6nqS5QvAwc3Bze3ruv1nvXDpZfeV1OIfr/dmCfyHgarkq//C476OJHm5
lwgjD3V0qmSgaYuLMmIUCXrXYITPHSuqVtIy9YoOMKYtyZvxYqAOrqQEegMCuMQ7
/o/LrmmoltGrF4tJseik/tUnibOeesszCjDA/skK5lwzFbfXncRJNCzVhg8a378=
-----END CERTIFICATE-----