Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/krWQcS7n7RI8KN22AL7QJxqBAmc.roa
File:                     krWQcS7n7RI8KN22AL7QJxqBAmc.roa (raw, json)
Hash identifier:          iVjKvzX71DW/zLsg1IqhKN92iglH39Pfyg0X/Mi4GBY=
Subject key identifier:   92:B5:90:71:2E:E7:ED:12:3C:28:DD:B6:00:BE:D0:27:1A:81:02:67
Certificate issuer:       /CN=1b2c219f3c297b775880c3b651a2003f9be6de5e
Certificate serial:       0192419B49C70BDC71E281E723DB9F6FF87D
Authority key identifier: 1B:2C:21:9F:3C:29:7B:77:58:80:C3:B6:51:A2:00:3F:9B:E6:DE:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gywhnzwpe3dYgMO2UaIAP5vm3l4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/krWQcS7n7RI8KN22AL7QJxqBAmc.roa
Signing time:             Mon 30 Sep 2024 06:25:48 +0000
ROA not before:           Mon 30 Sep 2024 06:25:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216024
IP address blocks:        77.221.145.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/Gywhnzwpe3dYgMO2UaIAP5vm3l4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/Gywhnzwpe3dYgMO2UaIAP5vm3l4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gywhnzwpe3dYgMO2UaIAP5vm3l4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 06:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:41:9b:49:c7:0b:dc:71:e2:81:e7:23:db:9f:6f:f8:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b2c219f3c297b775880c3b651a2003f9be6de5e
        Validity
            Not Before: Sep 30 06:25:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=92b590712ee7ed123c28ddb600bed0271a810267
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:6d:b2:ef:65:36:82:cd:a7:78:ec:75:41:a4:
                    cb:51:ec:a9:ba:63:62:9b:7b:54:3e:30:3b:b6:12:
                    21:de:de:ea:f2:14:84:04:3f:ca:1b:43:00:34:87:
                    2b:47:ce:3a:41:03:85:1c:b8:a6:d3:7a:7c:18:54:
                    2f:e5:4e:c6:32:d6:b1:58:71:27:f2:ab:b7:00:25:
                    88:30:1a:fd:ca:53:28:16:10:f3:24:0b:2e:4b:8d:
                    cd:08:6c:00:91:89:19:e2:6d:f5:43:40:e7:ab:53:
                    54:1c:25:65:21:ea:34:a4:8a:70:9a:92:aa:5a:e4:
                    69:88:dd:56:51:fc:5c:ef:a6:2e:11:1d:a8:3f:3d:
                    aa:e4:75:d1:98:dd:a1:f6:cd:d9:e6:2d:66:8d:fa:
                    6e:b4:52:9e:c9:00:4d:32:4e:e0:54:0b:46:6d:5b:
                    f2:c1:40:fb:ab:43:f9:40:47:92:98:a2:6a:be:93:
                    12:53:5a:db:4a:54:75:12:24:c4:ef:8c:8e:73:ce:
                    9b:fa:db:ba:3f:15:68:88:9e:64:e1:94:92:a4:c6:
                    18:b4:34:62:9f:29:ae:17:e8:fa:28:9f:c6:9c:0f:
                    31:e5:ab:64:5b:dd:f5:34:07:25:29:93:76:54:ea:
                    44:35:27:db:3a:6e:15:90:8e:54:68:5a:5e:90:62:
                    d0:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:B5:90:71:2E:E7:ED:12:3C:28:DD:B6:00:BE:D0:27:1A:81:02:67
            X509v3 Authority Key Identifier:
                keyid:1B:2C:21:9F:3C:29:7B:77:58:80:C3:B6:51:A2:00:3F:9B:E6:DE:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gywhnzwpe3dYgMO2UaIAP5vm3l4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/krWQcS7n7RI8KN22AL7QJxqBAmc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/Gywhnzwpe3dYgMO2UaIAP5vm3l4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.221.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:86:6e:3f:98:d1:f5:3f:cf:30:63:6c:95:2f:94:95:fb:03:
         ec:95:d8:04:97:94:fe:16:31:13:e7:e3:0b:a3:9a:9c:54:91:
         b5:2f:d3:9d:e5:3a:86:a8:d0:fd:1c:01:00:68:b5:47:97:93:
         53:1f:06:8f:30:40:e9:4d:ed:84:72:63:30:fc:9c:83:18:40:
         60:39:8b:85:b9:1e:b8:e7:4e:e6:d9:60:99:5c:a6:70:8b:92:
         e0:a9:e7:08:0a:19:6f:d6:db:58:9d:37:4e:04:51:91:af:96:
         c7:e9:c9:0a:46:32:29:dc:e5:c9:5d:07:37:af:52:e0:18:8a:
         1a:11:c4:80:f9:c1:a2:00:4f:11:93:23:34:6d:f9:23:71:4d:
         33:ab:d0:f6:bc:f4:c1:d1:2b:b5:80:42:35:ba:a9:f2:18:5f:
         a6:e7:92:5f:c9:f5:2e:96:80:cb:5a:16:b3:6a:44:b1:66:56:
         50:d6:f1:5e:92:f0:d0:a7:0f:72:f7:1b:b8:21:c8:25:e2:09:
         27:53:2a:d3:e1:38:8f:c9:4f:84:d2:70:4c:65:33:c5:b3:71:
         7e:da:cd:92:55:d4:71:fb:36:84:e7:ef:ca:ef:01:3d:4a:d2:
         cd:12:40:21:79:ee:f9:8b:0f:a5:4a:88:b5:d6:a3:a3:ce:47:
         3f:b5:8c:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJBm0nHC9xx4oHnI9ufb/h9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMmMyMTlmM2MyOTdiNzc1ODgwYzNiNjUxYTIwMDNmOWJl
NmRlNWUwHhcNMjQwOTMwMDYyNTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmI1OTA3MTJlZTdlZDEyM2MyOGRkYjYwMGJlZDAyNzFhODEwMjY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx22y72U2gs2neOx1QaTLUeypumNi
m3tUPjA7thIh3t7q8hSEBD/KG0MANIcrR846QQOFHLim03p8GFQv5U7GMtaxWHEn
8qu3ACWIMBr9ylMoFhDzJAsuS43NCGwAkYkZ4m31Q0Dnq1NUHCVlIeo0pIpwmpKq
WuRpiN1WUfxc76YuER2oPz2q5HXRmN2h9s3Z5i1mjfputFKeyQBNMk7gVAtGbVvy
wUD7q0P5QEeSmKJqvpMSU1rbSlR1EiTE74yOc86b+tu6PxVoiJ5k4ZSSpMYYtDRi
nymuF+j6KJ/GnA8x5atkW931NAclKZN2VOpENSfbOm4VkI5UaFpekGLQ9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJK1kHEu5+0SPCjdtgC+0CcagQJnMB8GA1UdIwQY
MBaAFBssIZ88KXt3WIDDtlGiAD+b5t5eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3l3aG56d3BlM2RZZ01PMlVhSUFQNXZtM2w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi9iMTFhNDAtNDhlOS00ZTA2LWJmMTEt
OTJjODFmMjJlNzEyLzEva3JXUWNTN243Ukk4S04yMkFMN1FKeHFCQW1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi9iMTFhNDAtNDhlOS00ZTA2LWJmMTEtOTJjODFmMjJlNzEy
LzEvR3l3aG56d3BlM2RZZ01PMlVhSUFQNXZtM2w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATd2RMA0G
CSqGSIb3DQEBCwUAA4IBAQBghm4/mNH1P88wY2yVL5SV+wPsldgEl5T+FjET5+ML
o5qcVJG1L9Od5TqGqND9HAEAaLVHl5NTHwaPMEDpTe2EcmMw/JyDGEBgOYuFuR64
507m2WCZXKZwi5LgqecIChlv1ttYnTdOBFGRr5bH6ckKRjIp3OXJXQc3r1LgGIoa
EcSA+cGiAE8RkyM0bfkjcU0zq9D2vPTB0Su1gEI1uqnyGF+m55JfyfUuloDLWhaz
akSxZlZQ1vFekvDQpw9y9xu4Icgl4gknUyrT4TiPyU+E0nBMZTPFs3F+2s2SVdRx
+zaE5+/K7wE9StLNEkAhee75iw+lSoi11qOjzkc/tYx1
-----END CERTIFICATE-----