Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/dfa4a8-38b0-461b-a082-843e262dd8dc/1/dwg63BIs70UrJw-Aax3sA8BXybY.roa
File:                     dwg63BIs70UrJw-Aax3sA8BXybY.roa (raw, json)
Hash identifier:          5QGHb3BFkyoA0+FZCtvQU8D70IR4N2YKdw4R2aOSeJQ=
Subject key identifier:   77:08:3A:DC:12:2C:EF:45:2B:27:0F:80:6B:1D:EC:03:C0:57:C9:B6
Certificate issuer:       /CN=5cf56321eb7ea3ee45cded028668420e37fa2fac
Certificate serial:       019425FC767A7558ED40E149EBFD7A0D8C84
Authority key identifier: 5C:F5:63:21:EB:7E:A3:EE:45:CD:ED:02:86:68:42:0E:37:FA:2F:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XPVjIet-o-5Fze0ChmhCDjf6L6w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/dfa4a8-38b0-461b-a082-843e262dd8dc/1/dwg63BIs70UrJw-Aax3sA8BXybY.roa
Signing time:             Thu 02 Jan 2025 07:48:09 +0000
ROA not before:           Thu 02 Jan 2025 07:48:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199938
IP address blocks:        194.76.122.0/23 maxlen: 24
                          2001:678:e28::/48 maxlen: 56
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/dfa4a8-38b0-461b-a082-843e262dd8dc/1/XPVjIet-o-5Fze0ChmhCDjf6L6w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/dfa4a8-38b0-461b-a082-843e262dd8dc/1/XPVjIet-o-5Fze0ChmhCDjf6L6w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XPVjIet-o-5Fze0ChmhCDjf6L6w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 21:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:76:7a:75:58:ed:40:e1:49:eb:fd:7a:0d:8c:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5cf56321eb7ea3ee45cded028668420e37fa2fac
        Validity
            Not Before: Jan  2 07:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=77083adc122cef452b270f806b1dec03c057c9b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:63:0f:8d:01:2e:d3:03:3a:45:8b:0f:94:6e:
                    e7:c2:79:6a:1d:35:6e:ca:ee:1d:e7:b8:25:1a:b0:
                    2b:25:2f:2c:66:5d:8d:4d:47:23:fd:f8:e4:c5:fd:
                    10:95:22:dc:e9:01:0f:73:e1:9a:f4:76:3e:d1:f9:
                    99:20:1a:91:0d:c9:44:f6:0a:39:9e:97:9f:26:ee:
                    76:72:ba:2c:5f:a0:0f:6d:5e:ca:f8:fb:41:01:66:
                    3c:08:31:9d:49:2c:cd:1d:ca:c6:46:43:78:6b:59:
                    5c:ce:2f:83:44:b6:4e:d0:0e:54:24:43:c5:7b:e6:
                    1c:bf:fd:11:30:72:a7:81:72:97:4c:b3:a1:bc:1c:
                    36:84:a2:f8:98:45:c1:e1:f9:b2:68:8e:0b:47:ee:
                    90:93:4b:c3:bd:1f:05:4f:29:6b:65:d1:63:8f:c9:
                    2b:25:5b:f8:d2:2a:bf:ab:d4:82:c3:a1:7b:c9:17:
                    16:e8:b8:8e:d1:e4:5b:d8:82:89:b4:1a:83:6f:02:
                    8d:0f:ee:4c:df:b6:db:8c:69:35:45:51:f1:05:70:
                    13:54:c6:2b:46:d4:b6:87:de:35:35:7d:2f:df:97:
                    9a:a9:9e:2c:40:42:42:89:b6:f6:9b:80:ba:4e:1c:
                    84:0e:6c:67:58:8a:8e:42:a4:5a:7f:cb:e2:82:90:
                    86:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:08:3A:DC:12:2C:EF:45:2B:27:0F:80:6B:1D:EC:03:C0:57:C9:B6
            X509v3 Authority Key Identifier:
                keyid:5C:F5:63:21:EB:7E:A3:EE:45:CD:ED:02:86:68:42:0E:37:FA:2F:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XPVjIet-o-5Fze0ChmhCDjf6L6w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/dfa4a8-38b0-461b-a082-843e262dd8dc/1/dwg63BIs70UrJw-Aax3sA8BXybY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/dfa4a8-38b0-461b-a082-843e262dd8dc/1/XPVjIet-o-5Fze0ChmhCDjf6L6w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.76.122.0/23
                IPv6:
                  2001:678:e28::/48

    Signature Algorithm: sha256WithRSAEncryption
         3e:17:ce:bc:a6:4e:4a:6d:3b:86:6f:60:2c:b3:ea:5b:3c:bc:
         fb:92:2c:e9:80:95:55:2f:c4:1f:b4:e5:19:60:f8:0a:df:84:
         2c:b2:40:6f:66:f1:86:a7:af:1b:a3:21:41:4e:4b:6b:1d:ca:
         7e:3e:85:34:26:75:b5:b2:3c:ee:83:eb:98:48:97:ec:f1:3d:
         c0:0f:fb:13:d2:7d:c4:ff:a8:41:09:4e:7a:d8:17:dd:3d:47:
         bb:5a:36:da:c0:fa:f5:e9:b9:40:87:bc:e4:3b:29:51:99:2c:
         2f:f9:06:e3:f0:88:dc:8f:6e:e0:24:51:e8:ca:ef:d6:dd:3c:
         34:dd:2a:e9:27:b2:f1:b1:ca:92:94:76:cc:09:cb:62:d3:95:
         66:ec:d5:93:35:a6:91:57:29:9c:17:65:0a:7a:f0:e7:8d:a4:
         5b:ef:03:c4:1f:b2:f9:ed:ff:dd:99:f0:00:b3:ec:a3:a0:61:
         8c:30:7c:6d:a9:da:79:38:e8:d8:2a:7f:36:71:19:5b:5d:36:
         4f:0b:95:69:97:06:aa:88:bc:e0:32:1d:79:32:55:09:c2:ab:
         4f:59:86:30:a4:4a:7d:37:ea:ef:71:0d:cb:d7:42:92:73:d5:
         83:67:09:d2:a6:47:b7:06:f5:d6:19:f8:f3:fa:66:cb:f3:65:
         3e:50:0c:44
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQl/HZ6dVjtQOFJ6/16DYyEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjZjU2MzIxZWI3ZWEzZWU0NWNkZWQwMjg2Njg0MjBlMzdm
YTJmYWMwHhcNMjUwMTAyMDc0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzA4M2FkYzEyMmNlZjQ1MmIyNzBmODA2YjFkZWMwM2MwNTdjOWI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApGMPjQEu0wM6RYsPlG7nwnlqHTVu
yu4d57glGrArJS8sZl2NTUcj/fjkxf0QlSLc6QEPc+Ga9HY+0fmZIBqRDclE9go5
npefJu52crosX6APbV7K+PtBAWY8CDGdSSzNHcrGRkN4a1lczi+DRLZO0A5UJEPF
e+Ycv/0RMHKngXKXTLOhvBw2hKL4mEXB4fmyaI4LR+6Qk0vDvR8FTylrZdFjj8kr
JVv40iq/q9SCw6F7yRcW6LiO0eRb2IKJtBqDbwKND+5M37bbjGk1RVHxBXATVMYr
RtS2h941NX0v35eaqZ4sQEJCibb2m4C6ThyEDmxnWIqOQqRaf8vigpCGwQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFHcIOtwSLO9FKycPgGsd7APAV8m2MB8GA1UdIwQY
MBaAFFz1YyHrfqPuRc3tAoZoQg43+i+sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFBWaklldC1vLTVGemUwQ2htaENEamY2TDZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC9kZmE0YTgtMzhiMC00NjFiLWEwODIt
ODQzZTI2MmRkOGRjLzEvZHdnNjNCSXM3MFVySnctQWF4M3NBOEJYeWJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC9kZmE0YTgtMzhiMC00NjFiLWEwODItODQzZTI2MmRkOGRj
LzEvWFBWaklldC1vLTVGemUwQ2htaENEamY2TDZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBwkx6MA8E
AgACMAkDBwAgAQZ4DigwDQYJKoZIhvcNAQELBQADggEBAD4XzrymTkptO4ZvYCyz
6ls8vPuSLOmAlVUvxB+05Rlg+ArfhCyyQG9m8YanrxujIUFOS2sdyn4+hTQmdbWy
PO6D65hIl+zxPcAP+xPSfcT/qEEJTnrYF909R7taNtrA+vXpuUCHvOQ7KVGZLC/5
BuPwiNyPbuAkUejK79bdPDTdKuknsvGxypKUdswJy2LTlWbs1ZM1ppFXKZwXZQp6
8OeNpFvvA8Qfsvnt/92Z8ACz7KOgYYwwfG2p2nk46NgqfzZxGVtdNk8LlWmXBqqI
vOAyHXkyVQnCq09ZhjCkSn036u9xDcvXQpJz1YNnCdKmR7cG9dYZ+PP6ZsvzZT5Q
DEQ=
-----END CERTIFICATE-----