Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/ikkLHj8L2gbMUX3D4taYH4bLq_k.roa
File:                     ikkLHj8L2gbMUX3D4taYH4bLq_k.roa (raw, json)
Hash identifier:          H50XZ4z2D599HF8sTbfTiJpRuYbZmd0jgsQgZY7w/J4=
Subject key identifier:   8A:49:0B:1E:3F:0B:DA:06:CC:51:7D:C3:E2:D6:98:1F:86:CB:AB:F9
Certificate issuer:       /CN=d703642076d27e252fa90bf1a4296f8bcd9d0cf1
Certificate serial:       0194228D6BF0F005275E31C71E4F8FF10FAC
Authority key identifier: D7:03:64:20:76:D2:7E:25:2F:A9:0B:F1:A4:29:6F:8B:CD:9D:0C:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1wNkIHbSfiUvqQvxpClvi82dDPE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/ikkLHj8L2gbMUX3D4taYH4bLq_k.roa
Signing time:             Wed 01 Jan 2025 15:48:01 +0000
ROA not before:           Wed 01 Jan 2025 15:48:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62214
IP address blocks:        77.221.48.0/24 maxlen: 24
                          2a10:4941:30::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/1wNkIHbSfiUvqQvxpClvi82dDPE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/1wNkIHbSfiUvqQvxpClvi82dDPE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1wNkIHbSfiUvqQvxpClvi82dDPE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:6b:f0:f0:05:27:5e:31:c7:1e:4f:8f:f1:0f:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d703642076d27e252fa90bf1a4296f8bcd9d0cf1
        Validity
            Not Before: Jan  1 15:48:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8a490b1e3f0bda06cc517dc3e2d6981f86cbabf9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:34:03:17:a1:3f:0b:29:a8:ea:74:43:2e:08:
                    fc:fe:2c:45:8a:7e:fe:1c:44:ff:f4:9d:ef:52:e2:
                    05:c9:2d:93:4d:9a:c1:16:e4:4e:ed:f7:21:10:e0:
                    31:e5:ca:75:46:f2:19:55:d5:05:34:31:b7:31:f1:
                    46:f4:41:d3:7e:7e:ca:80:18:1d:17:86:49:b3:cc:
                    b2:e2:c4:bd:0c:24:0d:a5:55:9a:1a:bc:46:83:11:
                    1a:fa:c9:a7:71:7c:94:6d:f4:e5:64:21:46:18:1a:
                    39:53:80:84:7d:55:72:58:44:d2:82:93:f2:d6:52:
                    cd:61:e9:75:bc:7e:96:09:c8:c5:05:55:e6:5d:85:
                    02:9a:fc:7b:d9:2b:09:5e:a0:6c:6c:12:15:ac:5e:
                    d4:77:fd:0c:84:45:0b:ed:9e:24:89:29:46:13:42:
                    38:e4:69:c9:94:82:10:24:67:8e:5e:e0:45:58:2d:
                    c8:ee:cd:80:81:db:81:03:5f:c1:8b:ac:05:73:b6:
                    45:d3:5f:23:8b:1b:ac:80:08:24:c8:72:37:61:5f:
                    27:bc:f1:4b:ea:c9:a8:5d:b3:ed:2d:10:8c:97:34:
                    c2:67:68:a1:c3:68:0c:fc:83:50:be:e8:c8:57:81:
                    b6:c5:32:a2:9d:2d:6c:e4:52:58:ba:76:30:f3:a6:
                    ea:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:49:0B:1E:3F:0B:DA:06:CC:51:7D:C3:E2:D6:98:1F:86:CB:AB:F9
            X509v3 Authority Key Identifier:
                keyid:D7:03:64:20:76:D2:7E:25:2F:A9:0B:F1:A4:29:6F:8B:CD:9D:0C:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1wNkIHbSfiUvqQvxpClvi82dDPE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/ikkLHj8L2gbMUX3D4taYH4bLq_k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/1wNkIHbSfiUvqQvxpClvi82dDPE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.221.48.0/24
                IPv6:
                  2a10:4941:30::/44

    Signature Algorithm: sha256WithRSAEncryption
         6d:43:d6:b1:4b:fc:3c:af:af:ec:d4:e9:48:b1:46:da:c7:5e:
         4e:4d:58:6c:64:92:0b:d8:18:ec:f4:e0:bf:67:76:85:c9:29:
         dd:31:c7:07:7a:8c:14:71:48:93:5e:5c:9e:de:1a:ba:c2:dd:
         b3:f1:85:6e:88:e3:4c:1c:80:9b:27:c3:56:17:0d:45:6c:46:
         eb:41:ed:a1:2f:81:3c:5a:78:bb:7b:0d:e4:96:62:6f:30:81:
         e0:87:d1:6b:95:46:cf:17:42:56:33:d6:28:d4:7f:08:f0:f1:
         ed:dc:53:c3:3f:e9:76:37:21:b5:a5:8e:77:23:08:40:90:c4:
         f6:6a:56:66:91:49:6c:d5:b1:dd:68:a0:1a:06:0c:71:14:19:
         07:50:91:8d:4b:2b:43:7b:da:ba:14:c1:e4:d6:b2:55:dc:f7:
         65:d2:36:26:3c:52:86:85:7a:14:4b:b1:72:6e:4f:73:46:70:
         30:17:46:04:ca:f7:44:71:a3:13:76:1e:ec:a2:c8:7a:d5:8d:
         fa:e4:74:e3:47:06:33:cb:c5:20:cc:b8:b6:66:b5:2d:c3:e4:
         57:88:67:9c:60:db:14:ad:05:07:03:1f:64:c7:f1:e7:e7:99:
         be:5f:44:a0:41:78:ad:00:90:c8:b8:88:06:07:c2:ae:ca:b2:
         d2:9d:3d:93
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQijWvw8AUnXjHHHk+P8Q+sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3MDM2NDIwNzZkMjdlMjUyZmE5MGJmMWE0Mjk2ZjhiY2Q5
ZDBjZjEwHhcNMjUwMTAxMTU0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTQ5MGIxZTNmMGJkYTA2Y2M1MTdkYzNlMmQ2OTgxZjg2Y2JhYmY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAujQDF6E/Cymo6nRDLgj8/ixFin7+
HET/9J3vUuIFyS2TTZrBFuRO7fchEOAx5cp1RvIZVdUFNDG3MfFG9EHTfn7KgBgd
F4ZJs8yy4sS9DCQNpVWaGrxGgxEa+smncXyUbfTlZCFGGBo5U4CEfVVyWETSgpPy
1lLNYel1vH6WCcjFBVXmXYUCmvx72SsJXqBsbBIVrF7Ud/0MhEUL7Z4kiSlGE0I4
5GnJlIIQJGeOXuBFWC3I7s2AgduBA1/Bi6wFc7ZF018jixusgAgkyHI3YV8nvPFL
6smoXbPtLRCMlzTCZ2ihw2gM/INQvujIV4G2xTKinS1s5FJYunYw86bqVQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIpJCx4/C9oGzFF9w+LWmB+Gy6v5MB8GA1UdIwQY
MBaAFNcDZCB20n4lL6kL8aQpb4vNnQzxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXdOa0lIYlNmaVV2cVF2eHBDbHZpODJkRFBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8zODEzNmMtZGI1MS00ZjcwLWFkOGIt
NjU0NTA1YTJkMDQ1LzEvaWtrTEhqOEwyZ2JNVVgzRDR0YVlINGJMcV9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8zODEzNmMtZGI1MS00ZjcwLWFkOGItNjU0NTA1YTJkMDQ1
LzEvMXdOa0lIYlNmaVV2cVF2eHBDbHZpODJkRFBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQATd0wMA8E
AgACMAkDBwQqEElBADAwDQYJKoZIhvcNAQELBQADggEBAG1D1rFL/Dyvr+zU6Uix
RtrHXk5NWGxkkgvYGOz04L9ndoXJKd0xxwd6jBRxSJNeXJ7eGrrC3bPxhW6I40wc
gJsnw1YXDUVsRutB7aEvgTxaeLt7DeSWYm8wgeCH0WuVRs8XQlYz1ijUfwjw8e3c
U8M/6XY3IbWljncjCECQxPZqVmaRSWzVsd1ooBoGDHEUGQdQkY1LK0N72roUweTW
slXc92XSNiY8UoaFehRLsXJuT3NGcDAXRgTK90RxoxN2HuyiyHrVjfrkdONHBjPL
xSDMuLZmtS3D5FeIZ5xg2xStBQcDH2TH8efnmb5fRKBBeK0AkMi4iAYHwq7KstKd
PZM=
-----END CERTIFICATE-----