Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/Wt0W4Y4EMtH63XOhiraP5FrCfeQ.roa
File:                     Wt0W4Y4EMtH63XOhiraP5FrCfeQ.roa (raw, json)
Hash identifier:          awp5YSUsKUC2sRVk1/ID92fCeGikHk7+o2IBvIiJTZI=
Subject key identifier:   5A:DD:16:E1:8E:04:32:D1:FA:DD:73:A1:8A:B6:8F:E4:5A:C2:7D:E4
Certificate issuer:       /CN=d703642076d27e252fa90bf1a4296f8bcd9d0cf1
Certificate serial:       018CC94D98C430A7B3E0A5B0B08E94AD98FC
Authority key identifier: D7:03:64:20:76:D2:7E:25:2F:A9:0B:F1:A4:29:6F:8B:CD:9D:0C:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1wNkIHbSfiUvqQvxpClvi82dDPE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/Wt0W4Y4EMtH63XOhiraP5FrCfeQ.roa
Signing time:             Tue 02 Jan 2024 08:32:34 +0000
ROA not before:           Tue 02 Jan 2024 08:32:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30836
IP address blocks:        77.221.58.0/23 maxlen: 23
                          77.221.60.0/23 maxlen: 23
                          77.221.63.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/1wNkIHbSfiUvqQvxpClvi82dDPE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/1wNkIHbSfiUvqQvxpClvi82dDPE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1wNkIHbSfiUvqQvxpClvi82dDPE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 19 Jun 2024 07:33:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:98:c4:30:a7:b3:e0:a5:b0:b0:8e:94:ad:98:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d703642076d27e252fa90bf1a4296f8bcd9d0cf1
        Validity
            Not Before: Jan  2 08:32:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5add16e18e0432d1fadd73a18ab68fe45ac27de4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:4f:6e:15:b6:fb:b4:ce:b2:69:d4:6d:f7:24:
                    2e:de:7d:5b:e0:8f:98:52:5e:db:07:4e:c2:9a:7d:
                    9d:0c:b3:63:7f:4e:6b:8b:82:a2:53:f3:99:5c:b4:
                    7d:d4:17:cd:68:fa:06:47:a2:37:5a:a6:fa:22:56:
                    7f:cf:f5:2b:d9:49:b2:e0:f5:63:a7:e0:10:d5:0b:
                    37:64:4f:80:24:2d:da:f8:59:5a:14:e1:53:56:c1:
                    c8:4d:08:b1:35:60:59:12:15:03:68:12:75:63:7d:
                    e4:84:6b:aa:b9:17:b7:5a:cd:8e:24:84:70:32:bb:
                    2a:77:e2:72:2a:a4:58:fc:25:50:3b:ce:35:13:a3:
                    b1:5a:03:e5:c6:3c:58:14:ff:ff:29:68:56:51:c3:
                    92:7f:44:c1:b7:b9:5c:b9:be:58:e8:92:bf:48:4b:
                    ea:ee:5c:a1:7f:c7:81:1e:52:5b:b7:56:78:f7:e2:
                    5f:22:46:2c:ea:f6:a4:66:cf:48:c9:1f:56:6e:16:
                    73:2b:f7:c6:50:2a:47:d1:85:5c:47:19:e4:94:84:
                    0f:14:9f:34:c4:eb:43:86:3f:dd:2e:0a:dd:9e:d8:
                    d7:f1:59:ce:d5:ea:ba:f6:d1:38:d2:d1:de:db:1f:
                    f1:d1:ef:0d:6b:ac:ae:00:04:55:d6:a1:97:34:e6:
                    07:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:DD:16:E1:8E:04:32:D1:FA:DD:73:A1:8A:B6:8F:E4:5A:C2:7D:E4
            X509v3 Authority Key Identifier:
                keyid:D7:03:64:20:76:D2:7E:25:2F:A9:0B:F1:A4:29:6F:8B:CD:9D:0C:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1wNkIHbSfiUvqQvxpClvi82dDPE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/Wt0W4Y4EMtH63XOhiraP5FrCfeQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/1wNkIHbSfiUvqQvxpClvi82dDPE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.221.58.0-77.221.61.255
                  77.221.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:50:6f:5e:92:bb:0b:e6:bc:54:f2:5d:d2:a1:7d:60:88:96:
         38:cb:a3:87:72:5d:cc:fb:57:48:38:66:44:cf:86:0b:52:74:
         49:35:92:c8:22:12:f6:a3:17:9e:db:fd:ab:19:66:a6:53:e8:
         63:e3:9d:8b:39:21:af:b2:ea:a4:0a:be:7a:3f:92:54:cd:c5:
         db:80:64:34:fc:c1:c5:c1:89:98:2f:5e:31:c9:8e:c1:49:d6:
         8b:de:f9:9f:e5:50:76:5a:96:71:f3:49:88:cb:80:10:f7:b3:
         01:d7:10:56:67:e9:43:0b:ee:d7:49:d1:d7:cc:4b:d5:9f:4a:
         b4:b4:46:6d:f8:dd:05:b2:fe:b8:c3:ad:82:72:2a:4e:9a:2e:
         51:76:57:09:3f:17:6c:1b:59:61:6c:97:96:f4:7b:1b:0e:21:
         15:c6:ce:fe:4a:d4:43:f2:ac:25:07:25:9b:a7:cd:55:bb:1c:
         0d:0f:bb:0e:58:77:44:54:03:b2:f5:08:d1:a0:69:8e:57:11:
         1a:c2:a1:c1:4f:6f:64:31:ec:4b:c1:f1:fe:0a:d0:15:65:c1:
         19:9b:24:28:f8:de:4f:4c:d5:ed:2c:1c:78:5c:70:5c:25:ff:
         89:9b:a9:78:ee:ca:3c:85:cd:08:9a:69:c8:9a:7d:c2:8c:0d:
         4a:6f:c8:7a
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzJTZjEMKez4KWwsI6UrZj8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3MDM2NDIwNzZkMjdlMjUyZmE5MGJmMWE0Mjk2ZjhiY2Q5
ZDBjZjEwHhcNMjQwMTAyMDgzMjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YWRkMTZlMThlMDQzMmQxZmFkZDczYTE4YWI2OGZlNDVhYzI3ZGU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjk9uFbb7tM6yadRt9yQu3n1b4I+Y
Ul7bB07Cmn2dDLNjf05ri4KiU/OZXLR91BfNaPoGR6I3Wqb6IlZ/z/Ur2Umy4PVj
p+AQ1Qs3ZE+AJC3a+FlaFOFTVsHITQixNWBZEhUDaBJ1Y33khGuquRe3Ws2OJIRw
Mrsqd+JyKqRY/CVQO841E6OxWgPlxjxYFP//KWhWUcOSf0TBt7lcub5Y6JK/SEvq
7lyhf8eBHlJbt1Z49+JfIkYs6vakZs9IyR9WbhZzK/fGUCpH0YVcRxnklIQPFJ80
xOtDhj/dLgrdntjX8VnO1eq69tE40tHe2x/x0e8Na6yuAARV1qGXNOYHqQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFFrdFuGOBDLR+t1zoYq2j+Rawn3kMB8GA1UdIwQY
MBaAFNcDZCB20n4lL6kL8aQpb4vNnQzxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXdOa0lIYlNmaVV2cVF2eHBDbHZpODJkRFBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8zODEzNmMtZGI1MS00ZjcwLWFkOGIt
NjU0NTA1YTJkMDQ1LzEvV3QwVzRZNEVNdEg2M1hPaGlyYVA1RnJDZmVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8zODEzNmMtZGI1MS00ZjcwLWFkOGItNjU0NTA1YTJkMDQ1
LzEvMXdOa0lIYlNmaVV2cVF2eHBDbHZpODJkRFBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAFN3ToD
BAFN3TwDBABN3T8wDQYJKoZIhvcNAQELBQADggEBAKJQb16SuwvmvFTyXdKhfWCI
ljjLo4dyXcz7V0g4ZkTPhgtSdEk1ksgiEvajF57b/asZZqZT6GPjnYs5Ia+y6qQK
vno/klTNxduAZDT8wcXBiZgvXjHJjsFJ1ove+Z/lUHZalnHzSYjLgBD3swHXEFZn
6UML7tdJ0dfMS9WfSrS0Rm343QWy/rjDrYJyKk6aLlF2Vwk/F2wbWWFsl5b0exsO
IRXGzv5K1EPyrCUHJZunzVW7HA0Puw5Yd0RUA7L1CNGgaY5XERrCocFPb2Qx7EvB
8f4K0BVlwRmbJCj43k9M1e0sHHhccFwl/4mbqXjuyjyFzQiaaciafcKMDUpvyHo=
-----END CERTIFICATE-----