Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/7eb4e8-bcb1-49ef-b944-53a5af765343/1/pioCYTKf35gV6uI5PXGLjtShlC4.roa
File:                     pioCYTKf35gV6uI5PXGLjtShlC4.roa (raw, json)
Hash identifier:          q8SYsiaGi9cjbdgzZ/hhJkCEXZgxfSYp9PXvbqUYj/Q=
Subject key identifier:   A6:2A:02:61:32:9F:DF:98:15:EA:E2:39:3D:71:8B:8E:D4:A1:94:2E
Certificate issuer:       /CN=cbd41cc121e0cb60a3a98dbf72ba4dbd63eebe9f
Certificate serial:       018CC2DB21BE0511CCACC2F0AF13DC716EEF
Authority key identifier: CB:D4:1C:C1:21:E0:CB:60:A3:A9:8D:BF:72:BA:4D:BD:63:EE:BE:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/y9QcwSHgy2CjqY2_crpNvWPuvp8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/7eb4e8-bcb1-49ef-b944-53a5af765343/1/pioCYTKf35gV6uI5PXGLjtShlC4.roa
Signing time:             Mon 01 Jan 2024 02:29:50 +0000
ROA not before:           Mon 01 Jan 2024 02:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48728
IP address blocks:        213.178.136.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/7eb4e8-bcb1-49ef-b944-53a5af765343/1/y9QcwSHgy2CjqY2_crpNvWPuvp8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/7eb4e8-bcb1-49ef-b944-53a5af765343/1/y9QcwSHgy2CjqY2_crpNvWPuvp8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/y9QcwSHgy2CjqY2_crpNvWPuvp8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 13:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:21:be:05:11:cc:ac:c2:f0:af:13:dc:71:6e:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cbd41cc121e0cb60a3a98dbf72ba4dbd63eebe9f
        Validity
            Not Before: Jan  1 02:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a62a0261329fdf9815eae2393d718b8ed4a1942e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:49:7e:6c:62:70:7a:e3:4a:77:5a:6e:82:6c:
                    0f:b1:c2:d8:bb:0a:8b:9f:04:3d:b2:fc:0c:26:3f:
                    64:34:c2:3e:10:53:e5:d1:c4:5a:74:c7:fd:0e:3b:
                    0c:f0:55:8d:1a:7a:de:54:21:ae:0c:2b:66:4e:e0:
                    df:d9:2a:fe:cc:8a:28:ab:83:f4:7b:db:6c:84:dd:
                    aa:9a:81:56:1f:98:d8:c3:d8:0c:de:82:89:8b:f9:
                    08:b9:99:ed:a0:0f:b1:14:54:47:22:01:d7:09:89:
                    59:94:30:8b:3d:62:eb:82:67:09:96:c8:06:31:f5:
                    45:04:37:b5:43:76:d0:a7:f9:e8:00:0e:91:e3:f0:
                    6f:7c:17:7d:08:05:e5:ac:f5:1e:c3:55:d6:91:09:
                    4a:b6:34:16:12:18:68:c5:8f:54:97:df:b0:9e:62:
                    44:66:7b:34:2f:7c:39:87:7f:42:db:33:ce:df:58:
                    7b:1d:0b:5f:f1:0c:81:ea:e9:79:78:05:76:98:56:
                    8c:a2:55:5e:3e:15:92:7b:50:1d:34:62:91:32:8b:
                    a4:35:d8:b3:b9:94:0b:85:6e:79:4e:5d:c7:30:b5:
                    ab:73:7f:c4:7e:09:ac:c2:73:d0:72:aa:9e:e8:f5:
                    cd:98:7c:ee:e9:05:2e:6c:02:61:c1:ca:1e:7b:06:
                    2a:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:2A:02:61:32:9F:DF:98:15:EA:E2:39:3D:71:8B:8E:D4:A1:94:2E
            X509v3 Authority Key Identifier:
                keyid:CB:D4:1C:C1:21:E0:CB:60:A3:A9:8D:BF:72:BA:4D:BD:63:EE:BE:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y9QcwSHgy2CjqY2_crpNvWPuvp8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/7eb4e8-bcb1-49ef-b944-53a5af765343/1/pioCYTKf35gV6uI5PXGLjtShlC4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/7eb4e8-bcb1-49ef-b944-53a5af765343/1/y9QcwSHgy2CjqY2_crpNvWPuvp8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.178.136.0/22

    Signature Algorithm: sha256WithRSAEncryption
         38:9f:69:7a:6f:fe:a8:29:76:38:70:74:62:86:3f:84:50:6a:
         1b:aa:23:b7:fb:2c:e2:0d:98:5f:9c:86:9d:23:de:61:a2:dc:
         13:8a:ed:e1:8f:8b:35:5a:60:83:57:bc:78:b6:86:7d:49:25:
         ea:f4:e3:5c:3d:85:6b:e4:e7:b7:d1:98:d0:08:05:29:4f:76:
         24:d7:5b:95:45:03:22:b7:cf:01:ba:d1:94:54:f9:00:02:ee:
         a0:cb:0f:0f:38:1e:7f:3a:90:b7:11:b0:7f:e1:d1:e5:90:2c:
         b6:09:d7:e2:fa:7b:a9:fe:82:83:46:29:6b:84:22:f2:ae:d3:
         2f:88:d7:d3:46:64:4c:6e:07:3a:f8:59:6d:99:f8:a2:ab:e2:
         ca:f7:4d:b8:04:d9:cb:c7:b2:4c:d0:24:d3:10:db:97:13:47:
         89:61:d9:f4:cb:0c:3b:ca:f4:1a:7f:b4:f0:9d:16:b7:c3:66:
         43:c0:ec:5d:3c:e7:a0:79:ee:ef:c0:44:79:76:30:4a:2c:20:
         90:04:cd:83:fb:2b:b5:d6:51:ce:71:bc:77:4b:7f:6a:fd:05:
         d1:39:e9:ee:68:70:c6:4c:f1:9b:d3:1d:d9:9a:c0:3e:3d:29:
         f5:dc:8a:37:c8:52:55:a9:25:86:3f:17:e0:9a:ff:bc:16:97:
         da:da:fa:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2yG+BRHMrMLwrxPccW7vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiZDQxY2MxMjFlMGNiNjBhM2E5OGRiZjcyYmE0ZGJkNjNl
ZWJlOWYwHhcNMjQwMTAxMDIyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjJhMDI2MTMyOWZkZjk4MTVlYWUyMzkzZDcxOGI4ZWQ0YTE5NDJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt0l+bGJweuNKd1pugmwPscLYuwqL
nwQ9svwMJj9kNMI+EFPl0cRadMf9DjsM8FWNGnreVCGuDCtmTuDf2Sr+zIooq4P0
e9tshN2qmoFWH5jYw9gM3oKJi/kIuZntoA+xFFRHIgHXCYlZlDCLPWLrgmcJlsgG
MfVFBDe1Q3bQp/noAA6R4/BvfBd9CAXlrPUew1XWkQlKtjQWEhhoxY9Ul9+wnmJE
Zns0L3w5h39C2zPO31h7HQtf8QyB6ul5eAV2mFaMolVePhWSe1AdNGKRMoukNdiz
uZQLhW55Tl3HMLWrc3/EfgmswnPQcqqe6PXNmHzu6QUubAJhwcoeewYq8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKYqAmEyn9+YFeriOT1xi47UoZQuMB8GA1UdIwQY
MBaAFMvUHMEh4Mtgo6mNv3K6Tb1j7r6fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveTlRY3dTSGd5MkNqcVkyX2NycE52V1B1dnA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny83ZWI0ZTgtYmNiMS00OWVmLWI5NDQt
NTNhNWFmNzY1MzQzLzEvcGlvQ1lUS2YzNWdWNnVJNVBYR0xqdFNobEM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny83ZWI0ZTgtYmNiMS00OWVmLWI5NDQtNTNhNWFmNzY1MzQz
LzEveTlRY3dTSGd5MkNqcVkyX2NycE52V1B1dnA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1bKIMA0G
CSqGSIb3DQEBCwUAA4IBAQA4n2l6b/6oKXY4cHRihj+EUGobqiO3+yziDZhfnIad
I95hotwTiu3hj4s1WmCDV7x4toZ9SSXq9ONcPYVr5Oe30ZjQCAUpT3Yk11uVRQMi
t88ButGUVPkAAu6gyw8POB5/OpC3EbB/4dHlkCy2Cdfi+nup/oKDRilrhCLyrtMv
iNfTRmRMbgc6+Fltmfiiq+LK9024BNnLx7JM0CTTENuXE0eJYdn0yww7yvQaf7Tw
nRa3w2ZDwOxdPOegee7vwER5djBKLCCQBM2D+yu11lHOcbx3S39q/QXROenuaHDG
TPGb0x3ZmsA+PSn13Io3yFJVqSWGPxfgmv+8Fpfa2vpR
-----END CERTIFICATE-----