Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/5pK3xn3RCSbk28U7jV8jcGcESU4.roa
File:                     5pK3xn3RCSbk28U7jV8jcGcESU4.roa (raw, json)
Hash identifier:          h44wKcfskSFru8PL9R92s4SZAdR+vmjR3VnoWV+IDTQ=
Subject key identifier:   E6:92:B7:C6:7D:D1:09:26:E4:DB:C5:3B:8D:5F:23:70:67:04:49:4E
Certificate issuer:       /CN=abc8dbe52083ad335c9f1fde6016ec8b49293140
Certificate serial:       018CC50107BD66DB0B5CB4EDC66C449141B7
Authority key identifier: AB:C8:DB:E5:20:83:AD:33:5C:9F:1F:DE:60:16:EC:8B:49:29:31:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q8jb5SCDrTNcnx_eYBbsi0kpMUA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/5pK3xn3RCSbk28U7jV8jcGcESU4.roa
Signing time:             Mon 01 Jan 2024 12:30:28 +0000
ROA not before:           Mon 01 Jan 2024 12:30:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21011
IP address blocks:        77.88.222.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/q8jb5SCDrTNcnx_eYBbsi0kpMUA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/q8jb5SCDrTNcnx_eYBbsi0kpMUA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q8jb5SCDrTNcnx_eYBbsi0kpMUA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:07:bd:66:db:0b:5c:b4:ed:c6:6c:44:91:41:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=abc8dbe52083ad335c9f1fde6016ec8b49293140
        Validity
            Not Before: Jan  1 12:30:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e692b7c67dd10926e4dbc53b8d5f23706704494e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:e0:f8:d0:ba:5f:64:ed:a3:99:da:33:c7:c7:
                    d7:c8:04:fd:16:0b:a0:b1:9c:f0:2f:6a:5d:c9:24:
                    b2:75:9d:de:93:a5:8c:58:9c:ee:1d:3c:e1:47:e9:
                    7b:35:2e:6a:62:63:7d:e5:a5:7e:5b:29:72:9b:d2:
                    a9:82:6e:78:37:98:86:5a:09:c8:db:b5:08:fd:54:
                    df:78:d3:8d:0d:60:4e:09:18:96:91:af:3c:69:55:
                    a8:24:67:2f:da:66:37:6d:7b:d8:91:66:43:8d:0e:
                    ab:92:3c:98:16:fc:a8:11:f2:28:01:09:19:e0:4e:
                    65:08:eb:5f:a7:2e:48:4d:9d:08:25:56:f7:8d:cd:
                    c5:b3:22:2d:20:dc:dc:3f:88:07:0c:57:d7:43:69:
                    2a:7f:d7:64:f3:8a:54:6f:ac:21:5b:8b:c5:15:34:
                    67:8d:be:2b:90:b0:35:fa:d8:00:eb:58:5c:5e:47:
                    b8:31:1e:62:47:89:78:af:4d:56:57:ab:ae:0f:3e:
                    cc:e3:5a:85:48:3e:05:c0:cd:7c:37:46:2f:2b:55:
                    19:14:cf:54:69:93:eb:25:09:72:a3:3c:81:8d:69:
                    0a:c2:70:c6:0e:a5:85:47:12:c1:37:67:d0:87:c2:
                    51:ab:25:1e:43:9a:30:26:ab:d7:d4:b7:59:5c:01:
                    0f:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:92:B7:C6:7D:D1:09:26:E4:DB:C5:3B:8D:5F:23:70:67:04:49:4E
            X509v3 Authority Key Identifier:
                keyid:AB:C8:DB:E5:20:83:AD:33:5C:9F:1F:DE:60:16:EC:8B:49:29:31:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q8jb5SCDrTNcnx_eYBbsi0kpMUA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/5pK3xn3RCSbk28U7jV8jcGcESU4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/q8jb5SCDrTNcnx_eYBbsi0kpMUA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.88.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:ab:69:15:34:3f:70:1e:67:09:28:4e:13:62:e7:b7:83:8d:
         9d:a8:46:bf:40:0a:bc:36:2e:db:01:a2:7a:78:f2:8d:d1:e6:
         b4:fa:0f:af:ab:0d:f6:e0:6b:6e:c1:7a:fe:2d:5f:b4:1e:2a:
         dc:4c:72:5d:d4:8d:92:f8:7e:68:81:3b:89:42:a0:2c:f3:51:
         57:02:5e:28:ba:0f:f8:8a:7c:b7:07:cb:2c:fa:47:42:55:99:
         ab:b1:71:91:e3:e2:9e:57:65:32:64:88:36:fd:41:c1:ae:f0:
         2b:4a:9a:7c:e9:35:af:08:14:5d:10:bf:d5:ae:7a:f7:a0:2e:
         3d:ac:04:b1:f2:a1:4b:e3:0e:1e:88:2e:f5:25:3a:9d:e4:28:
         69:ab:95:dc:79:9a:83:e1:fb:93:3f:ba:2c:56:58:a7:8d:e7:
         22:1d:ec:96:85:85:ca:35:91:e6:5d:10:d7:60:74:e1:ee:31:
         91:03:17:7d:63:cd:a9:20:3a:47:70:5e:9c:a6:20:99:e4:38:
         37:8a:f6:c2:99:af:6f:e0:1b:4d:89:5d:6c:ad:ee:f2:46:af:
         9f:7c:83:ca:6d:79:d4:51:c8:b7:c1:2f:d1:fe:a2:fc:3f:f0:
         39:a4:5f:cb:15:7e:14:ef:4e:22:85:6a:33:1a:cb:99:76:3a:
         10:53:2c:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAQe9ZtsLXLTtxmxEkUG3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiYzhkYmU1MjA4M2FkMzM1YzlmMWZkZTYwMTZlYzhiNDky
OTMxNDAwHhcNMjQwMTAxMTIzMDI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjkyYjdjNjdkZDEwOTI2ZTRkYmM1M2I4ZDVmMjM3MDY3MDQ0OTRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj+D40LpfZO2jmdozx8fXyAT9Fgug
sZzwL2pdySSydZ3ek6WMWJzuHTzhR+l7NS5qYmN95aV+Wylym9Kpgm54N5iGWgnI
27UI/VTfeNONDWBOCRiWka88aVWoJGcv2mY3bXvYkWZDjQ6rkjyYFvyoEfIoAQkZ
4E5lCOtfpy5ITZ0IJVb3jc3FsyItINzcP4gHDFfXQ2kqf9dk84pUb6whW4vFFTRn
jb4rkLA1+tgA61hcXke4MR5iR4l4r01WV6uuDz7M41qFSD4FwM18N0YvK1UZFM9U
aZPrJQlyozyBjWkKwnDGDqWFRxLBN2fQh8JRqyUeQ5owJqvX1LdZXAEPHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOaSt8Z90Qkm5NvFO41fI3BnBElOMB8GA1UdIwQY
MBaAFKvI2+Ugg60zXJ8f3mAW7ItJKTFAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcThqYjVTQ0RyVE5jbnhfZVlCYnNpMGtwTVVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS9jZTZjY2ItMjVjZi00OTE3LWIzY2Qt
MzA1NmFmOWEzMzVlLzEvNXBLM3huM1JDU2JrMjhVN2pWOGpjR2NFU1U0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS9jZTZjY2ItMjVjZi00OTE3LWIzY2QtMzA1NmFmOWEzMzVl
LzEvcThqYjVTQ0RyVE5jbnhfZVlCYnNpMGtwTVVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVjeMA0G
CSqGSIb3DQEBCwUAA4IBAQAlq2kVND9wHmcJKE4TYue3g42dqEa/QAq8Ni7bAaJ6
ePKN0ea0+g+vqw324GtuwXr+LV+0HircTHJd1I2S+H5ogTuJQqAs81FXAl4oug/4
iny3B8ss+kdCVZmrsXGR4+KeV2UyZIg2/UHBrvArSpp86TWvCBRdEL/Vrnr3oC49
rASx8qFL4w4eiC71JTqd5Chpq5XceZqD4fuTP7osVlinjeciHeyWhYXKNZHmXRDX
YHTh7jGRAxd9Y82pIDpHcF6cpiCZ5Dg3ivbCma9v4BtNiV1sre7yRq+ffIPKbXnU
Uci3wS/R/qL8P/A5pF/LFX4U704ihWozGsuZdjoQUyxy
-----END CERTIFICATE-----