Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/849dfd-939d-4c5d-8eb6-f059670daf3d/1/G1CMU250DLNf-oup7Q0hOPQNrZw.roa
File:                     G1CMU250DLNf-oup7Q0hOPQNrZw.roa (raw, json)
Hash identifier:          0pwKFn2zlhCRBk1YacOr41wGcqVSw2Yno4Qxh/muNvo=
Subject key identifier:   1B:50:8C:53:6E:74:0C:B3:5F:FA:8B:A9:ED:0D:21:38:F4:0D:AD:9C
Certificate issuer:       /CN=f1333a6754c008edbbac5f32ebd019ea6473aea8
Certificate serial:       019420D5F0D4C3CE1C363DE39F8418823EC6
Authority key identifier: F1:33:3A:67:54:C0:08:ED:BB:AC:5F:32:EB:D0:19:EA:64:73:AE:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8TM6Z1TACO27rF8y69AZ6mRzrqg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/849dfd-939d-4c5d-8eb6-f059670daf3d/1/G1CMU250DLNf-oup7Q0hOPQNrZw.roa
Signing time:             Wed 01 Jan 2025 07:47:59 +0000
ROA not before:           Wed 01 Jan 2025 07:47:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42386
IP address blocks:        77.241.112.0/20 maxlen: 20
                          77.241.112.0/22 maxlen: 22
                          77.241.116.0/22 maxlen: 22
                          77.241.120.0/22 maxlen: 22
                          77.241.124.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/849dfd-939d-4c5d-8eb6-f059670daf3d/1/8TM6Z1TACO27rF8y69AZ6mRzrqg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/849dfd-939d-4c5d-8eb6-f059670daf3d/1/8TM6Z1TACO27rF8y69AZ6mRzrqg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8TM6Z1TACO27rF8y69AZ6mRzrqg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Mar 2025 14:41:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:f0:d4:c3:ce:1c:36:3d:e3:9f:84:18:82:3e:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1333a6754c008edbbac5f32ebd019ea6473aea8
        Validity
            Not Before: Jan  1 07:47:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1b508c536e740cb35ffa8ba9ed0d2138f40dad9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:96:cb:38:10:20:bd:a5:23:59:d5:fa:da:63:
                    39:30:ed:4f:3a:89:95:21:b2:c8:4e:21:b3:c0:0b:
                    20:ea:44:fe:ec:5f:e3:7a:c0:c2:04:c6:0c:54:03:
                    a8:6b:6a:06:de:78:4e:ad:20:f5:c7:8f:e6:79:43:
                    68:14:e5:74:91:b2:36:e8:40:f4:0e:d2:ea:6f:36:
                    a1:47:88:d8:c1:46:56:85:21:e4:a8:78:22:72:9a:
                    ac:cb:a0:74:02:52:ba:d6:66:47:35:b5:3c:3f:76:
                    4b:c0:1d:50:15:36:c5:00:d1:19:d7:4e:c0:b4:92:
                    34:bc:81:b0:fe:98:ca:a0:9c:08:c0:33:1a:c8:00:
                    0a:3d:93:6a:0b:24:4c:48:a1:01:da:5a:fe:ee:3a:
                    7e:f5:21:c8:7e:70:53:0f:68:67:a7:f6:4d:bb:65:
                    d1:8c:62:d7:b9:a0:e4:5e:a7:2a:32:39:71:aa:16:
                    fe:27:76:4b:43:a7:53:7b:7b:71:11:8f:0e:70:07:
                    a0:fb:e8:c2:9b:92:d9:f4:18:61:42:f7:75:10:29:
                    55:e6:a3:b7:54:cd:23:33:85:7a:9d:99:cd:3e:ce:
                    47:0b:1a:57:62:60:5a:b8:12:4c:19:6c:92:97:08:
                    47:9b:3b:90:60:c4:0c:d1:d9:cb:85:74:03:79:ea:
                    c9:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:50:8C:53:6E:74:0C:B3:5F:FA:8B:A9:ED:0D:21:38:F4:0D:AD:9C
            X509v3 Authority Key Identifier:
                keyid:F1:33:3A:67:54:C0:08:ED:BB:AC:5F:32:EB:D0:19:EA:64:73:AE:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8TM6Z1TACO27rF8y69AZ6mRzrqg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/849dfd-939d-4c5d-8eb6-f059670daf3d/1/G1CMU250DLNf-oup7Q0hOPQNrZw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/849dfd-939d-4c5d-8eb6-f059670daf3d/1/8TM6Z1TACO27rF8y69AZ6mRzrqg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.241.112.0/20

    Signature Algorithm: sha256WithRSAEncryption
         2a:69:e2:fc:c6:a4:cc:74:cb:5b:03:74:b2:b3:74:9d:ae:62:
         e9:b1:da:16:4d:ca:e4:bc:90:8b:f3:69:46:92:77:d0:ff:6f:
         5d:9e:b2:22:4d:c3:ee:e8:8f:07:4b:16:f3:0f:03:f0:c3:e8:
         a9:05:ec:23:39:71:8d:3f:9b:83:c5:93:ad:67:a0:2b:68:0a:
         8c:14:04:62:db:1a:d8:cc:fa:34:02:5f:ad:13:b5:c6:11:a6:
         60:e3:9b:27:9e:d4:a2:a6:51:88:8b:ef:af:30:74:97:45:18:
         b8:07:3c:0b:45:d5:82:e0:5d:09:4f:07:3c:cc:ca:e8:11:bd:
         7a:f7:52:5d:7f:f9:3c:1e:c4:5c:d8:f2:4d:66:06:d4:c7:fe:
         ba:f5:60:e9:1c:8c:d3:d4:dc:f1:25:d6:95:e3:8c:51:2d:97:
         34:55:86:de:de:62:1f:ea:9b:1e:4b:50:b3:5c:59:c4:8e:0d:
         d0:ca:38:c9:3a:8d:42:fd:b4:68:17:47:47:45:ca:a8:f4:26:
         63:6c:d9:c8:3f:64:d2:d4:a0:ac:6d:d0:7b:d9:ff:8f:ee:22:
         a6:d4:c5:bd:70:c3:2c:20:79:10:ca:a1:a9:2b:04:47:5b:f3:
         ed:18:d1:14:48:44:e8:88:64:02:3f:df:ca:06:7a:d3:e6:7c:
         02:77:87:91
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1fDUw84cNj3jn4QYgj7GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMzMzYTY3NTRjMDA4ZWRiYmFjNWYzMmViZDAxOWVhNjQ3
M2FlYTgwHhcNMjUwMTAxMDc0NzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjUwOGM1MzZlNzQwY2IzNWZmYThiYTllZDBkMjEzOGY0MGRhZDljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArZbLOBAgvaUjWdX62mM5MO1POomV
IbLITiGzwAsg6kT+7F/jesDCBMYMVAOoa2oG3nhOrSD1x4/meUNoFOV0kbI26ED0
DtLqbzahR4jYwUZWhSHkqHgicpqsy6B0AlK61mZHNbU8P3ZLwB1QFTbFANEZ107A
tJI0vIGw/pjKoJwIwDMayAAKPZNqCyRMSKEB2lr+7jp+9SHIfnBTD2hnp/ZNu2XR
jGLXuaDkXqcqMjlxqhb+J3ZLQ6dTe3txEY8OcAeg++jCm5LZ9BhhQvd1EClV5qO3
VM0jM4V6nZnNPs5HCxpXYmBauBJMGWySlwhHmzuQYMQM0dnLhXQDeerJTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBtQjFNudAyzX/qLqe0NITj0Da2cMB8GA1UdIwQY
MBaAFPEzOmdUwAjtu6xfMuvQGepkc66oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFRNNloxVEFDTzI3ckY4eTY5QVo2bVJ6cnFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS84NDlkZmQtOTM5ZC00YzVkLThlYjYt
ZjA1OTY3MGRhZjNkLzEvRzFDTVUyNTBETE5mLW91cDdRMGhPUFFOclp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS84NDlkZmQtOTM5ZC00YzVkLThlYjYtZjA1OTY3MGRhZjNk
LzEvOFRNNloxVEFDTzI3ckY4eTY5QVo2bVJ6cnFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQETfFwMA0G
CSqGSIb3DQEBCwUAA4IBAQAqaeL8xqTMdMtbA3Sys3SdrmLpsdoWTcrkvJCL82lG
knfQ/29dnrIiTcPu6I8HSxbzDwPww+ipBewjOXGNP5uDxZOtZ6AraAqMFARi2xrY
zPo0Al+tE7XGEaZg45snntSiplGIi++vMHSXRRi4BzwLRdWC4F0JTwc8zMroEb16
91Jdf/k8HsRc2PJNZgbUx/669WDpHIzT1NzxJdaV44xRLZc0VYbe3mIf6pseS1Cz
XFnEjg3QyjjJOo1C/bRoF0dHRcqo9CZjbNnIP2TS1KCsbdB72f+P7iKm1MW9cMMs
IHkQyqGpKwRHW/PtGNEUSEToiGQCP9/KBnrT5nwCd4eR
-----END CERTIFICATE-----