Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/kp_0sHt6InjalqT_LsH5YPxZDMk.roa
File:                     kp_0sHt6InjalqT_LsH5YPxZDMk.roa (raw, json)
Hash identifier:          DoLSGQmmRq3de+yz4/Z77bgDxK5/OZjz0m45l6WXtRY=
Subject key identifier:   92:9F:F4:B0:7B:7A:22:78:DA:96:A4:FF:2E:C1:F9:60:FC:59:0C:C9
Certificate issuer:       /CN=d703642076d27e252fa90bf1a4296f8bcd9d0cf1
Certificate serial:       018CC94D99929BF1B016D1733DB770728509
Authority key identifier: D7:03:64:20:76:D2:7E:25:2F:A9:0B:F1:A4:29:6F:8B:CD:9D:0C:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1wNkIHbSfiUvqQvxpClvi82dDPE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/kp_0sHt6InjalqT_LsH5YPxZDMk.roa
Signing time:             Tue 02 Jan 2024 08:32:35 +0000
ROA not before:           Tue 02 Jan 2024 08:32:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62214
IP address blocks:        77.221.48.0/24 maxlen: 24
                          2a10:4941:30::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/1wNkIHbSfiUvqQvxpClvi82dDPE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/1wNkIHbSfiUvqQvxpClvi82dDPE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1wNkIHbSfiUvqQvxpClvi82dDPE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 14:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:99:92:9b:f1:b0:16:d1:73:3d:b7:70:72:85:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d703642076d27e252fa90bf1a4296f8bcd9d0cf1
        Validity
            Not Before: Jan  2 08:32:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=929ff4b07b7a2278da96a4ff2ec1f960fc590cc9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:d7:27:a7:74:6e:b1:e9:59:2b:d6:32:11:90:
                    c7:8a:93:9c:e4:77:46:d7:a7:c8:1a:8a:2d:94:1b:
                    2a:59:03:e4:bc:aa:be:31:97:9f:fc:b6:a1:9c:67:
                    b5:9c:f2:b6:32:8f:a2:24:a1:25:7b:40:f9:56:7c:
                    c3:ba:c5:25:11:c9:ce:e4:d6:42:02:fc:0e:cf:1d:
                    f3:c6:2a:13:ee:1b:f5:0f:93:1d:87:4d:c5:7e:d7:
                    fd:4a:bf:ee:6c:a7:49:81:f9:67:61:6c:40:c7:cc:
                    8a:78:0f:1d:9d:14:25:c3:0a:90:29:8f:5f:6b:f7:
                    1b:74:3a:e9:f9:7c:19:ad:63:4d:54:18:f1:69:4d:
                    b3:b0:96:a5:89:ba:09:05:5d:c2:4d:7e:02:c2:46:
                    c2:4d:7a:7a:56:20:cb:d2:75:10:e6:ba:ee:49:67:
                    dd:c2:e6:b0:e5:75:5f:a5:40:4a:6d:6e:e0:30:2a:
                    a9:04:30:ee:15:67:e9:91:6b:03:26:e1:08:b0:f7:
                    6a:9e:17:ef:12:f3:ad:41:32:50:0c:c9:b1:9c:68:
                    67:3d:68:0d:ad:d6:50:54:f4:9c:ad:f1:d9:47:06:
                    22:db:dc:f7:2b:18:ca:ed:99:8f:bc:ec:a0:ef:a3:
                    bb:d4:9b:04:4c:a6:dd:a8:69:44:70:eb:2b:8b:34:
                    69:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:9F:F4:B0:7B:7A:22:78:DA:96:A4:FF:2E:C1:F9:60:FC:59:0C:C9
            X509v3 Authority Key Identifier:
                keyid:D7:03:64:20:76:D2:7E:25:2F:A9:0B:F1:A4:29:6F:8B:CD:9D:0C:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1wNkIHbSfiUvqQvxpClvi82dDPE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/kp_0sHt6InjalqT_LsH5YPxZDMk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/1wNkIHbSfiUvqQvxpClvi82dDPE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.221.48.0/24
                IPv6:
                  2a10:4941:30::/44

    Signature Algorithm: sha256WithRSAEncryption
         06:8d:6f:ba:85:93:7a:aa:d3:6b:a7:31:5f:33:a3:f3:a1:2d:
         53:5a:f1:95:00:f7:53:52:3a:af:25:5f:c3:8e:fc:c0:a8:6a:
         0b:03:b7:ad:d7:27:c4:dd:20:3e:ff:27:cf:99:0f:5a:e0:c1:
         c8:7c:bb:ed:ae:7c:4d:de:5f:d1:54:27:a1:9a:87:12:e4:70:
         ca:68:54:9d:4b:06:ec:f8:6a:45:b1:f6:dd:71:69:e7:83:1b:
         bb:b7:fe:b7:b1:32:98:a1:d3:27:1d:d0:15:de:7e:4a:c1:fa:
         1c:b0:07:02:26:4d:ba:4f:c3:cf:62:dd:f4:8a:66:90:1f:a5:
         dd:48:2a:be:ce:70:9b:40:b8:73:28:46:c5:98:09:a2:8c:21:
         44:30:a6:99:d2:3d:dd:e3:9f:bd:79:d0:5a:da:4e:37:26:84:
         57:35:d3:5b:20:02:5f:4c:2e:2f:ba:08:84:df:3e:54:97:44:
         2c:97:e3:65:41:2d:e7:1e:fb:d7:b6:cf:c0:73:eb:d8:b3:d1:
         21:c3:f4:bb:7d:9e:af:96:e4:76:3d:34:6d:5a:b4:53:90:06:
         1b:a8:ed:39:e6:a1:a9:51:65:7b:55:19:12:fc:91:17:f3:de:
         3c:81:90:01:55:72:b6:7a:7f:a5:c6:16:22:09:02:ba:8b:27:
         af:16:d8:23
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzJTZmSm/GwFtFzPbdwcoUJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3MDM2NDIwNzZkMjdlMjUyZmE5MGJmMWE0Mjk2ZjhiY2Q5
ZDBjZjEwHhcNMjQwMTAyMDgzMjM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjlmZjRiMDdiN2EyMjc4ZGE5NmE0ZmYyZWMxZjk2MGZjNTkwY2M5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgtcnp3RuselZK9YyEZDHipOc5HdG
16fIGootlBsqWQPkvKq+MZef/LahnGe1nPK2Mo+iJKEle0D5VnzDusUlEcnO5NZC
AvwOzx3zxioT7hv1D5Mdh03Fftf9Sr/ubKdJgflnYWxAx8yKeA8dnRQlwwqQKY9f
a/cbdDrp+XwZrWNNVBjxaU2zsJaliboJBV3CTX4CwkbCTXp6ViDL0nUQ5rruSWfd
wuaw5XVfpUBKbW7gMCqpBDDuFWfpkWsDJuEIsPdqnhfvEvOtQTJQDMmxnGhnPWgN
rdZQVPScrfHZRwYi29z3KxjK7ZmPvOyg76O71JsETKbdqGlEcOsrizRpPwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJKf9LB7eiJ42pak/y7B+WD8WQzJMB8GA1UdIwQY
MBaAFNcDZCB20n4lL6kL8aQpb4vNnQzxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXdOa0lIYlNmaVV2cVF2eHBDbHZpODJkRFBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8zODEzNmMtZGI1MS00ZjcwLWFkOGIt
NjU0NTA1YTJkMDQ1LzEva3BfMHNIdDZJbmphbHFUX0xzSDVZUHhaRE1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8zODEzNmMtZGI1MS00ZjcwLWFkOGItNjU0NTA1YTJkMDQ1
LzEvMXdOa0lIYlNmaVV2cVF2eHBDbHZpODJkRFBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQATd0wMA8E
AgACMAkDBwQqEElBADAwDQYJKoZIhvcNAQELBQADggEBAAaNb7qFk3qq02unMV8z
o/OhLVNa8ZUA91NSOq8lX8OO/MCoagsDt63XJ8TdID7/J8+ZD1rgwch8u+2ufE3e
X9FUJ6GahxLkcMpoVJ1LBuz4akWx9t1xaeeDG7u3/rexMpih0ycd0BXefkrB+hyw
BwImTbpPw89i3fSKZpAfpd1IKr7OcJtAuHMoRsWYCaKMIUQwppnSPd3jn7150Fra
TjcmhFc101sgAl9MLi+6CITfPlSXRCyX42VBLece+9e2z8Bz69iz0SHD9Lt9nq+W
5HY9NG1atFOQBhuo7TnmoalRZXtVGRL8kRfz3jyBkAFVcrZ6f6XGFiIJArqLJ68W
2CM=
-----END CERTIFICATE-----