Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/dc4420-4062-4778-9358-0af2e541646c/1/OutjT0tfDG3D4Z419UN077RX0s4.roa
File:                     OutjT0tfDG3D4Z419UN077RX0s4.roa (raw, json)
Hash identifier:          MtR6gwYg/VeRmJlPHAfWQj6+WaOkz76BoJM8IZlY9Qk=
Subject key identifier:   3A:EB:63:4F:4B:5F:0C:6D:C3:E1:9E:35:F5:43:74:EF:B4:57:D2:CE
Certificate issuer:       /CN=72bbd2fa18319639e25ffbf4bdbfa008660158ae
Certificate serial:       018CC94ABC21869CECA2DC5C09C1018C6D55
Authority key identifier: 72:BB:D2:FA:18:31:96:39:E2:5F:FB:F4:BD:BF:A0:08:66:01:58:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/crvS-hgxljniX_v0vb-gCGYBWK4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/dc4420-4062-4778-9358-0af2e541646c/1/OutjT0tfDG3D4Z419UN077RX0s4.roa
Signing time:             Tue 02 Jan 2024 08:29:27 +0000
ROA not before:           Tue 02 Jan 2024 08:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        77.236.103.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/dc4420-4062-4778-9358-0af2e541646c/1/crvS-hgxljniX_v0vb-gCGYBWK4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/dc4420-4062-4778-9358-0af2e541646c/1/crvS-hgxljniX_v0vb-gCGYBWK4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/crvS-hgxljniX_v0vb-gCGYBWK4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 02:01:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4a:bc:21:86:9c:ec:a2:dc:5c:09:c1:01:8c:6d:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72bbd2fa18319639e25ffbf4bdbfa008660158ae
        Validity
            Not Before: Jan  2 08:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3aeb634f4b5f0c6dc3e19e35f54374efb457d2ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:1c:09:70:06:54:0c:57:f7:50:f5:33:23:cb:
                    9a:0b:c2:30:79:08:20:ea:31:ee:62:2c:51:2f:27:
                    fe:56:ad:64:2a:a8:b8:0e:d6:bc:ab:1b:f5:f3:11:
                    49:c6:cd:8f:6d:6c:df:39:5e:ac:58:da:3a:6e:19:
                    2e:6b:29:32:a5:bd:b5:f7:ab:15:f9:a3:1d:ee:45:
                    e4:67:78:69:ad:a0:b1:2d:28:e6:f7:d3:69:4b:c5:
                    c7:1c:bd:7c:b1:4c:72:7f:33:5d:40:fd:50:dc:63:
                    d5:35:23:33:19:ad:95:79:6e:11:11:e0:df:fd:fe:
                    19:ec:b9:54:a8:82:7b:a0:cc:3a:c5:36:b4:3b:b0:
                    e3:67:44:eb:c1:6a:36:35:7b:07:2a:45:dd:c3:eb:
                    41:1b:d6:25:45:9a:ee:8d:0e:08:f2:1b:7f:20:f2:
                    93:d1:76:77:26:7c:9f:87:f8:19:78:66:53:b1:6f:
                    dc:fe:76:36:cb:d7:ec:5c:3b:97:df:b7:54:79:50:
                    46:d8:33:85:a1:b7:74:0b:59:79:42:ca:4c:71:de:
                    65:3e:92:6f:06:50:11:67:c5:9f:8c:1c:a1:d6:66:
                    1c:b2:9f:ca:6c:48:4b:90:5b:3d:13:01:26:30:d2:
                    d1:4a:d9:bd:86:c1:ec:c2:61:da:a5:57:f7:7d:15:
                    b4:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:EB:63:4F:4B:5F:0C:6D:C3:E1:9E:35:F5:43:74:EF:B4:57:D2:CE
            X509v3 Authority Key Identifier:
                keyid:72:BB:D2:FA:18:31:96:39:E2:5F:FB:F4:BD:BF:A0:08:66:01:58:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/crvS-hgxljniX_v0vb-gCGYBWK4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/dc4420-4062-4778-9358-0af2e541646c/1/OutjT0tfDG3D4Z419UN077RX0s4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/dc4420-4062-4778-9358-0af2e541646c/1/crvS-hgxljniX_v0vb-gCGYBWK4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.236.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:b2:d8:53:08:e5:22:ea:58:f6:04:42:f2:54:ea:1b:4a:08:
         d2:6c:51:6e:11:0a:c1:4e:1d:41:0a:f4:93:2d:b2:65:bd:75:
         06:54:4a:da:06:89:88:9d:cc:6a:60:13:5f:b4:5d:e8:4b:c5:
         b2:a6:7d:52:d3:af:cd:c7:1d:5d:60:00:c4:aa:d7:d6:bd:3c:
         ff:49:61:4e:ff:26:3a:5f:c7:84:56:ef:34:22:99:2c:4e:e4:
         58:0e:20:63:f8:f0:11:9b:ae:6a:97:c9:5b:ab:12:14:0f:f6:
         03:e6:36:f2:4e:fc:79:5c:df:6e:09:ae:e2:e2:d6:b1:29:23:
         b0:2e:c4:5e:63:e7:f4:04:62:87:01:76:35:33:eb:f4:bc:4e:
         04:94:3d:cc:8c:22:e2:a7:ef:cc:25:5a:0f:9c:ad:5b:92:3f:
         38:10:67:63:af:4c:5e:4a:d3:4a:01:82:9b:a4:78:f4:b5:3f:
         3b:fe:39:0f:82:3b:43:b7:af:bb:9b:41:13:60:a0:3a:48:6e:
         a4:49:59:40:31:ff:cc:96:26:81:ab:dc:2c:fa:08:6d:77:3a:
         ef:ef:24:25:46:b3:a8:02:99:5e:2c:9d:73:5e:56:ee:f2:5a:
         25:47:0f:a8:ae:f6:d6:6e:15:5e:66:90:b6:3f:93:05:9c:c6:
         0c:7d:71:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJSrwhhpzsotxcCcEBjG1VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYmJkMmZhMTgzMTk2MzllMjVmZmJmNGJkYmZhMDA4NjYw
MTU4YWUwHhcNMjQwMTAyMDgyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYWViNjM0ZjRiNWYwYzZkYzNlMTllMzVmNTQzNzRlZmI0NTdkMmNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArhwJcAZUDFf3UPUzI8uaC8IweQgg
6jHuYixRLyf+Vq1kKqi4Dta8qxv18xFJxs2PbWzfOV6sWNo6bhkuaykypb2196sV
+aMd7kXkZ3hpraCxLSjm99NpS8XHHL18sUxyfzNdQP1Q3GPVNSMzGa2VeW4REeDf
/f4Z7LlUqIJ7oMw6xTa0O7DjZ0TrwWo2NXsHKkXdw+tBG9YlRZrujQ4I8ht/IPKT
0XZ3Jnyfh/gZeGZTsW/c/nY2y9fsXDuX37dUeVBG2DOFobd0C1l5QspMcd5lPpJv
BlARZ8WfjByh1mYcsp/KbEhLkFs9EwEmMNLRStm9hsHswmHapVf3fRW0SQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDrrY09LXwxtw+GeNfVDdO+0V9LOMB8GA1UdIwQY
MBaAFHK70voYMZY54l/79L2/oAhmAViuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3J2Uy1oZ3hsam5pWF92MHZiLWdDR1lCV0s0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi9kYzQ0MjAtNDA2Mi00Nzc4LTkzNTgt
MGFmMmU1NDE2NDZjLzEvT3V0alQwdGZERzNENFo0MTlVTjA3N1JYMHM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi9kYzQ0MjAtNDA2Mi00Nzc4LTkzNTgtMGFmMmU1NDE2NDZj
LzEvY3J2Uy1oZ3hsam5pWF92MHZiLWdDR1lCV0s0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATexnMA0G
CSqGSIb3DQEBCwUAA4IBAQAssthTCOUi6lj2BELyVOobSgjSbFFuEQrBTh1BCvST
LbJlvXUGVEraBomIncxqYBNftF3oS8Wypn1S06/Nxx1dYADEqtfWvTz/SWFO/yY6
X8eEVu80IpksTuRYDiBj+PARm65ql8lbqxIUD/YD5jbyTvx5XN9uCa7i4taxKSOw
LsReY+f0BGKHAXY1M+v0vE4ElD3MjCLip+/MJVoPnK1bkj84EGdjr0xeStNKAYKb
pHj0tT87/jkPgjtDt6+7m0ETYKA6SG6kSVlAMf/MliaBq9ws+ghtdzrv7yQlRrOo
ApleLJ1zXlbu8lolRw+orvbWbhVeZpC2P5MFnMYMfXF/
-----END CERTIFICATE-----