Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/sWkqkErGhu-1VCad71Sn0OqpwZA.roa
File:                     sWkqkErGhu-1VCad71Sn0OqpwZA.roa (raw, json)
Hash identifier:          HbVH/GboYWRycU/FuB9rGlfl5+DHY9yORl0PbLGqa5g=
Subject key identifier:   B1:69:2A:90:4A:C6:86:EF:B5:54:26:9D:EF:54:A7:D0:EA:A9:C1:90
Certificate issuer:       /CN=d703642076d27e252fa90bf1a4296f8bcd9d0cf1
Certificate serial:       018CC94D99687F90D28751AD6A7E21E771B9
Authority key identifier: D7:03:64:20:76:D2:7E:25:2F:A9:0B:F1:A4:29:6F:8B:CD:9D:0C:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1wNkIHbSfiUvqQvxpClvi82dDPE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/sWkqkErGhu-1VCad71Sn0OqpwZA.roa
Signing time:             Tue 02 Jan 2024 08:32:35 +0000
ROA not before:           Tue 02 Jan 2024 08:32:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39679
IP address blocks:        77.221.49.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/1wNkIHbSfiUvqQvxpClvi82dDPE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/1wNkIHbSfiUvqQvxpClvi82dDPE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1wNkIHbSfiUvqQvxpClvi82dDPE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 30 Jun 2024 05:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:99:68:7f:90:d2:87:51:ad:6a:7e:21:e7:71:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d703642076d27e252fa90bf1a4296f8bcd9d0cf1
        Validity
            Not Before: Jan  2 08:32:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b1692a904ac686efb554269def54a7d0eaa9c190
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:31:f6:84:d2:d5:93:f8:6e:53:3b:34:bf:95:
                    1b:97:8b:2b:58:8b:f4:a6:fb:70:17:0d:81:6e:ef:
                    bd:2f:39:62:a6:65:d3:4e:1d:28:b5:c7:8a:c9:88:
                    8b:86:00:73:b3:63:7e:f8:fd:c4:04:be:57:02:74:
                    7b:d8:40:9d:6d:9a:d5:d2:06:f6:93:3b:30:f0:8f:
                    27:bd:91:c4:ff:36:d0:b5:89:e2:22:67:71:75:64:
                    70:08:22:78:9d:b2:2a:c3:6c:f2:1c:73:c1:08:dc:
                    6e:d7:ec:dc:b3:bd:84:ad:c5:a2:b2:d4:eb:11:46:
                    48:5b:e5:f0:7e:6a:f3:f4:91:85:8f:8f:87:13:92:
                    21:08:47:11:d4:49:b7:22:ad:ce:7f:a3:8d:7c:b6:
                    5e:10:de:92:ce:34:aa:f4:77:02:61:f5:aa:03:e3:
                    ab:79:24:25:1e:1e:b6:7a:57:f7:2f:ae:46:18:e7:
                    72:ec:9d:ab:ec:99:e5:24:8a:86:73:3b:60:00:30:
                    59:03:8c:d3:16:8e:07:31:c9:aa:d4:5b:13:28:1d:
                    1f:a6:de:aa:66:8d:ea:37:ac:0c:90:f0:2e:43:47:
                    92:c9:1c:a0:31:3e:62:e7:35:e0:64:38:63:1e:40:
                    f1:b7:32:3f:13:1a:de:37:b8:8f:d3:18:3d:5e:9f:
                    70:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:69:2A:90:4A:C6:86:EF:B5:54:26:9D:EF:54:A7:D0:EA:A9:C1:90
            X509v3 Authority Key Identifier:
                keyid:D7:03:64:20:76:D2:7E:25:2F:A9:0B:F1:A4:29:6F:8B:CD:9D:0C:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1wNkIHbSfiUvqQvxpClvi82dDPE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/sWkqkErGhu-1VCad71Sn0OqpwZA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/1wNkIHbSfiUvqQvxpClvi82dDPE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.221.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:d9:9d:70:6e:d6:7b:7e:3b:86:ec:da:ad:cd:44:3a:f1:34:
         4e:c8:2d:cd:ff:0a:1d:53:43:59:62:9e:2c:ce:55:ad:ed:b2:
         40:3f:9e:4b:5d:22:b2:fc:fc:a8:17:14:c0:fa:e3:4e:33:87:
         23:67:bd:4a:a0:ae:25:23:ed:5e:58:07:8c:b2:4d:a5:44:ae:
         a1:48:50:53:28:06:52:71:2b:c1:c9:3c:88:87:29:8a:db:f5:
         74:9d:23:d2:ff:fd:8e:ea:ef:be:e5:27:3a:f3:23:e3:37:e3:
         4a:5b:15:b8:d0:1b:5e:f5:4c:d6:49:62:61:8f:51:1e:b2:71:
         a0:68:18:8c:3c:04:fb:cd:5f:53:97:ed:30:ec:e0:a1:b2:8c:
         ba:e6:3d:d5:9d:60:fa:fa:6f:02:f0:ad:44:7c:51:de:5a:b5:
         e5:54:74:36:91:43:38:00:59:7f:c3:1b:29:34:ee:8b:26:68:
         8a:91:57:08:27:13:c8:5b:db:d8:3d:0e:30:95:bf:0d:c4:89:
         c3:b6:a0:8b:70:28:02:0d:93:4d:3d:17:66:0e:67:31:08:d3:
         0c:5f:e4:ca:fb:2d:f2:af:75:b7:cb:20:04:94:83:0c:90:3c:
         22:07:db:c9:11:86:47:95:b4:46:a2:ef:39:85:41:13:0f:59:
         fe:04:87:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTZlof5DSh1Gtan4h53G5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3MDM2NDIwNzZkMjdlMjUyZmE5MGJmMWE0Mjk2ZjhiY2Q5
ZDBjZjEwHhcNMjQwMTAyMDgzMjM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTY5MmE5MDRhYzY4NmVmYjU1NDI2OWRlZjU0YTdkMGVhYTljMTkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkTH2hNLVk/huUzs0v5Ubl4srWIv0
pvtwFw2Bbu+9LzlipmXTTh0otceKyYiLhgBzs2N++P3EBL5XAnR72ECdbZrV0gb2
kzsw8I8nvZHE/zbQtYniImdxdWRwCCJ4nbIqw2zyHHPBCNxu1+zcs72ErcWistTr
EUZIW+Xwfmrz9JGFj4+HE5IhCEcR1Em3Iq3Of6ONfLZeEN6SzjSq9HcCYfWqA+Or
eSQlHh62elf3L65GGOdy7J2r7JnlJIqGcztgADBZA4zTFo4HMcmq1FsTKB0fpt6q
Zo3qN6wMkPAuQ0eSyRygMT5i5zXgZDhjHkDxtzI/ExreN7iP0xg9Xp9w0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLFpKpBKxobvtVQmne9Up9DqqcGQMB8GA1UdIwQY
MBaAFNcDZCB20n4lL6kL8aQpb4vNnQzxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXdOa0lIYlNmaVV2cVF2eHBDbHZpODJkRFBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8zODEzNmMtZGI1MS00ZjcwLWFkOGIt
NjU0NTA1YTJkMDQ1LzEvc1drcWtFckdodS0xVkNhZDcxU24wT3Fwd1pBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8zODEzNmMtZGI1MS00ZjcwLWFkOGItNjU0NTA1YTJkMDQ1
LzEvMXdOa0lIYlNmaVV2cVF2eHBDbHZpODJkRFBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATd0xMA0G
CSqGSIb3DQEBCwUAA4IBAQAD2Z1wbtZ7fjuG7NqtzUQ68TROyC3N/wodU0NZYp4s
zlWt7bJAP55LXSKy/PyoFxTA+uNOM4cjZ71KoK4lI+1eWAeMsk2lRK6hSFBTKAZS
cSvByTyIhymK2/V0nSPS//2O6u++5Sc68yPjN+NKWxW40Bte9UzWSWJhj1EesnGg
aBiMPAT7zV9Tl+0w7OChsoy65j3VnWD6+m8C8K1EfFHeWrXlVHQ2kUM4AFl/wxsp
NO6LJmiKkVcIJxPIW9vYPQ4wlb8NxInDtqCLcCgCDZNNPRdmDmcxCNMMX+TK+y3y
r3W3yyAElIMMkDwiB9vJEYZHlbRGou85hUETD1n+BIdK
-----END CERTIFICATE-----