Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/yr6IzokNcR2NETLpuEQU_BnaAOM.roa
File:                     yr6IzokNcR2NETLpuEQU_BnaAOM.roa (raw, json)
Hash identifier:          zdcECvN+K0dIsRzTYDSVn/ibVLHYkuVHmSp3Q2xNicQ=
Subject key identifier:   CA:BE:88:CE:89:0D:71:1D:8D:11:32:E9:B8:44:14:FC:19:DA:00:E3
Certificate issuer:       /CN=d703642076d27e252fa90bf1a4296f8bcd9d0cf1
Certificate serial:       018CC94D988FC0FA29E3794A2BF631481ED8
Authority key identifier: D7:03:64:20:76:D2:7E:25:2F:A9:0B:F1:A4:29:6F:8B:CD:9D:0C:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1wNkIHbSfiUvqQvxpClvi82dDPE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/yr6IzokNcR2NETLpuEQU_BnaAOM.roa
Signing time:             Tue 02 Jan 2024 08:32:34 +0000
ROA not before:           Tue 02 Jan 2024 08:32:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12301
IP address blocks:        77.221.32.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/1wNkIHbSfiUvqQvxpClvi82dDPE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/1wNkIHbSfiUvqQvxpClvi82dDPE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1wNkIHbSfiUvqQvxpClvi82dDPE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Jun 2024 13:57:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:98:8f:c0:fa:29:e3:79:4a:2b:f6:31:48:1e:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d703642076d27e252fa90bf1a4296f8bcd9d0cf1
        Validity
            Not Before: Jan  2 08:32:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cabe88ce890d711d8d1132e9b84414fc19da00e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:8b:c1:f6:4f:f9:10:8e:71:47:89:fb:0c:17:
                    a2:53:b9:16:29:d7:02:d7:90:73:1c:d9:90:0a:11:
                    94:52:ba:bd:79:79:63:db:b5:5e:64:44:25:fe:cc:
                    aa:93:70:da:67:3c:bb:56:13:d8:c1:d1:3b:c2:07:
                    35:a8:54:65:ec:4b:f0:f3:db:b2:e8:6a:d0:f3:86:
                    c3:cc:1a:68:19:96:32:ed:21:a9:c0:90:b9:df:aa:
                    05:36:de:fd:75:fe:c1:15:b5:bb:56:1f:35:a9:8d:
                    86:aa:75:3a:09:ee:93:d9:32:f9:7d:28:7b:1e:ae:
                    c1:b9:49:c6:dc:ed:ee:41:cc:c9:f0:64:92:fe:32:
                    89:ff:3b:77:64:39:dd:1b:10:03:31:ed:c5:05:35:
                    3e:1b:ad:cc:c7:24:50:1d:d7:bd:b3:8a:28:77:42:
                    a1:bf:a4:f7:fa:8f:df:ec:6c:23:ee:00:02:95:c5:
                    83:bb:b1:1c:2e:1e:1a:7f:c2:c2:3a:02:c6:3a:d8:
                    ad:10:96:dd:47:8e:6c:d7:c8:6b:80:7b:1c:2d:6f:
                    cd:be:5d:c3:e9:a0:e7:0e:83:58:a6:3d:a1:c4:d5:
                    5c:9d:5a:e7:53:34:40:de:1d:cb:18:21:b4:79:39:
                    b0:a0:69:e4:ee:02:70:5e:b1:7b:ae:af:7f:7a:da:
                    21:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:BE:88:CE:89:0D:71:1D:8D:11:32:E9:B8:44:14:FC:19:DA:00:E3
            X509v3 Authority Key Identifier:
                keyid:D7:03:64:20:76:D2:7E:25:2F:A9:0B:F1:A4:29:6F:8B:CD:9D:0C:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1wNkIHbSfiUvqQvxpClvi82dDPE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/yr6IzokNcR2NETLpuEQU_BnaAOM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/1wNkIHbSfiUvqQvxpClvi82dDPE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.221.32.0/20

    Signature Algorithm: sha256WithRSAEncryption
         4e:f8:ee:2c:24:12:f4:6d:7e:b9:33:c4:c4:4b:ae:24:00:d7:
         08:59:49:c2:f7:07:4f:7d:d1:3d:1a:65:a0:48:74:42:bd:d1:
         68:32:d5:f3:ad:23:70:f0:17:9a:94:64:8b:b3:73:05:c8:2b:
         20:f2:2a:2c:47:ac:9b:29:8b:09:30:0a:9c:11:b2:76:e9:96:
         83:85:9f:7e:c4:f4:4c:67:97:fd:e9:90:42:5a:e8:06:bb:54:
         9d:32:a6:07:17:3e:73:cc:77:71:f3:96:27:1a:8c:3c:67:73:
         95:e8:7e:89:f4:d1:32:fa:ef:c9:a2:a5:f9:56:1f:dd:9f:1f:
         08:61:ba:48:c4:3c:ff:32:2a:4c:99:5f:77:48:91:c2:36:3a:
         3b:b6:12:a0:44:f7:aa:0c:38:cb:db:6f:c9:e5:6f:bf:96:ea:
         ab:e1:07:5b:84:bd:f5:ca:e1:96:92:41:66:3d:ea:5f:4a:ec:
         9e:02:37:21:bf:23:3e:a5:da:32:6d:af:2e:60:53:ea:9f:f0:
         47:98:22:33:e7:5b:82:ff:90:0a:dc:d0:5f:b2:56:9c:f4:cb:
         a1:34:64:5e:29:78:d0:2f:18:21:dc:b0:3a:ce:37:7e:0f:aa:
         14:be:a8:27:86:e3:ff:66:67:0b:34:87:9a:ab:3f:2c:3d:16:
         47:e3:4b:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTZiPwPop43lKK/YxSB7YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3MDM2NDIwNzZkMjdlMjUyZmE5MGJmMWE0Mjk2ZjhiY2Q5
ZDBjZjEwHhcNMjQwMTAyMDgzMjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWJlODhjZTg5MGQ3MTFkOGQxMTMyZTliODQ0MTRmYzE5ZGEwMGUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm4vB9k/5EI5xR4n7DBeiU7kWKdcC
15BzHNmQChGUUrq9eXlj27VeZEQl/syqk3DaZzy7VhPYwdE7wgc1qFRl7Evw89uy
6GrQ84bDzBpoGZYy7SGpwJC536oFNt79df7BFbW7Vh81qY2GqnU6Ce6T2TL5fSh7
Hq7BuUnG3O3uQczJ8GSS/jKJ/zt3ZDndGxADMe3FBTU+G63MxyRQHde9s4ood0Kh
v6T3+o/f7Gwj7gAClcWDu7EcLh4af8LCOgLGOtitEJbdR45s18hrgHscLW/Nvl3D
6aDnDoNYpj2hxNVcnVrnUzRA3h3LGCG0eTmwoGnk7gJwXrF7rq9/etohZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMq+iM6JDXEdjREy6bhEFPwZ2gDjMB8GA1UdIwQY
MBaAFNcDZCB20n4lL6kL8aQpb4vNnQzxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXdOa0lIYlNmaVV2cVF2eHBDbHZpODJkRFBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8zODEzNmMtZGI1MS00ZjcwLWFkOGIt
NjU0NTA1YTJkMDQ1LzEveXI2SXpva05jUjJORVRMcHVFUVVfQm5hQU9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8zODEzNmMtZGI1MS00ZjcwLWFkOGItNjU0NTA1YTJkMDQ1
LzEvMXdOa0lIYlNmaVV2cVF2eHBDbHZpODJkRFBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQETd0gMA0G
CSqGSIb3DQEBCwUAA4IBAQBO+O4sJBL0bX65M8TES64kANcIWUnC9wdPfdE9GmWg
SHRCvdFoMtXzrSNw8BealGSLs3MFyCsg8iosR6ybKYsJMAqcEbJ26ZaDhZ9+xPRM
Z5f96ZBCWugGu1SdMqYHFz5zzHdx85YnGow8Z3OV6H6J9NEy+u/JoqX5Vh/dnx8I
YbpIxDz/MipMmV93SJHCNjo7thKgRPeqDDjL22/J5W+/luqr4QdbhL31yuGWkkFm
PepfSuyeAjchvyM+pdoyba8uYFPqn/BHmCIz51uC/5AK3NBfslac9MuhNGReKXjQ
Lxgh3LA6zjd+D6oUvqgnhuP/ZmcLNIeaqz8sPRZH40sm
-----END CERTIFICATE-----