Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/81f75a-5f21-4898-963f-bda99ab13d99/1/WEF3dHGWAn9og_hCPcmwAnwYytU.roa
File:                     WEF3dHGWAn9og_hCPcmwAnwYytU.roa (raw, json)
Hash identifier:          j8i+Fy+c1XJOd4cadNEH5z/X3oEtrVKbIFK4GNJ7ctY=
Subject key identifier:   58:41:77:74:71:96:02:7F:68:83:F8:42:3D:C9:B0:02:7C:18:CA:D5
Certificate issuer:       /CN=ddfdc5e293e9e7d71a96e61c3dbf68585d4f8305
Certificate serial:       018D5EC65435E6C377E57F166C3E291013F8
Authority key identifier: DD:FD:C5:E2:93:E9:E7:D7:1A:96:E6:1C:3D:BF:68:58:5D:4F:83:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3f3F4pPp59caluYcPb9oWF1PgwU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/81f75a-5f21-4898-963f-bda99ab13d99/1/WEF3dHGWAn9og_hCPcmwAnwYytU.roa
Signing time:             Wed 31 Jan 2024 09:07:52 +0000
ROA not before:           Wed 31 Jan 2024 09:07:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20668
IP address blocks:        77.247.194.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/81f75a-5f21-4898-963f-bda99ab13d99/1/3f3F4pPp59caluYcPb9oWF1PgwU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/81f75a-5f21-4898-963f-bda99ab13d99/1/3f3F4pPp59caluYcPb9oWF1PgwU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3f3F4pPp59caluYcPb9oWF1PgwU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 24 May 2024 07:02:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:5e:c6:54:35:e6:c3:77:e5:7f:16:6c:3e:29:10:13:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ddfdc5e293e9e7d71a96e61c3dbf68585d4f8305
        Validity
            Not Before: Jan 31 09:07:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=584177747196027f6883f8423dc9b0027c18cad5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:fa:e6:18:61:7d:af:88:38:38:5c:65:a3:36:
                    3b:eb:75:fd:41:94:a3:6b:c1:41:d4:5f:02:d4:b3:
                    0b:85:3c:0b:27:c7:e2:30:5c:4a:4f:b2:1a:4e:9d:
                    e6:2f:17:fc:d7:79:52:66:47:52:22:a8:5a:96:be:
                    86:f7:0a:96:9a:a0:fd:f8:b7:6d:ec:02:18:ea:14:
                    5d:56:d9:1a:bc:f8:90:91:9c:34:2e:ea:0f:b6:98:
                    5e:3e:fa:94:4e:84:4f:a5:58:75:e0:83:84:6b:77:
                    cb:f1:a1:0e:dd:0d:49:a5:27:70:6b:f1:2c:7c:55:
                    60:5b:d5:ea:1e:b5:d7:b9:fb:e7:57:1f:f3:d8:18:
                    6e:79:65:48:0e:86:46:da:d8:62:76:ba:bb:1a:d2:
                    0d:be:06:e6:f6:2d:24:a2:58:76:0a:a1:3c:99:0c:
                    6b:cd:f8:d7:05:ff:10:f1:06:3a:2b:36:dc:01:f2:
                    5b:d7:fc:64:5c:39:2c:29:52:e3:cc:da:81:57:01:
                    66:dd:fd:20:8d:45:ac:83:97:07:c1:f1:5e:93:8f:
                    71:a3:13:2a:ad:4f:3d:94:91:61:a5:fe:65:4d:71:
                    d2:b0:7d:23:b7:a9:19:74:20:b7:e1:ba:4c:df:81:
                    fe:98:e5:e4:ca:4d:40:d0:cb:8b:47:78:44:0a:44:
                    56:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:41:77:74:71:96:02:7F:68:83:F8:42:3D:C9:B0:02:7C:18:CA:D5
            X509v3 Authority Key Identifier:
                keyid:DD:FD:C5:E2:93:E9:E7:D7:1A:96:E6:1C:3D:BF:68:58:5D:4F:83:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f3F4pPp59caluYcPb9oWF1PgwU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/81f75a-5f21-4898-963f-bda99ab13d99/1/WEF3dHGWAn9og_hCPcmwAnwYytU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/81f75a-5f21-4898-963f-bda99ab13d99/1/3f3F4pPp59caluYcPb9oWF1PgwU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.247.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:4f:c7:c5:3e:e6:81:f3:88:bd:dc:50:6e:ab:cf:1f:0d:62:
         42:ce:86:fd:36:82:3e:eb:e0:c0:06:c3:65:07:81:1c:a2:2c:
         da:a7:32:96:e9:2d:8b:77:73:46:97:38:5b:01:45:19:36:60:
         46:8c:7b:03:77:8c:1c:4d:72:ac:63:fe:fd:2f:3e:71:02:59:
         b2:35:ae:89:4b:56:66:3f:5b:b7:22:05:31:5e:2d:74:70:b0:
         76:82:b0:4b:b9:f5:d8:de:60:97:51:c7:7f:11:69:54:9f:40:
         bb:59:7f:2d:4f:34:dc:fa:ee:9c:e2:3a:8f:fd:07:b5:86:0c:
         b5:66:29:d5:a1:f9:39:92:2d:75:fc:32:ec:3c:c4:37:95:66:
         14:39:fc:02:3b:6a:fe:18:7e:14:02:32:7a:e8:64:8e:8b:43:
         a4:04:0f:b3:a4:f1:40:5f:e3:14:e9:44:29:b7:cb:7f:4b:8f:
         4b:b0:28:86:37:c3:0f:0e:37:94:a5:b5:fe:6c:7b:76:06:e3:
         3e:b2:1a:d9:2e:23:5d:c8:aa:aa:d1:8d:0b:88:0f:1e:f7:63:
         5d:45:60:34:30:bc:17:53:c7:59:d1:52:9e:d1:76:68:bd:c4:
         c7:02:02:24:22:28:c2:b8:ed:82:58:98:43:fe:7f:8a:01:01:
         78:72:bb:9f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1exlQ15sN35X8WbD4pEBP4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkZmRjNWUyOTNlOWU3ZDcxYTk2ZTYxYzNkYmY2ODU4NWQ0
ZjgzMDUwHhcNMjQwMTMxMDkwNzUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODQxNzc3NDcxOTYwMjdmNjg4M2Y4NDIzZGM5YjAwMjdjMThjYWQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArfrmGGF9r4g4OFxlozY763X9QZSj
a8FB1F8C1LMLhTwLJ8fiMFxKT7IaTp3mLxf813lSZkdSIqhalr6G9wqWmqD9+Ldt
7AIY6hRdVtkavPiQkZw0LuoPtphePvqUToRPpVh14IOEa3fL8aEO3Q1JpSdwa/Es
fFVgW9XqHrXXufvnVx/z2BhueWVIDoZG2thidrq7GtINvgbm9i0kolh2CqE8mQxr
zfjXBf8Q8QY6KzbcAfJb1/xkXDksKVLjzNqBVwFm3f0gjUWsg5cHwfFek49xoxMq
rU89lJFhpf5lTXHSsH0jt6kZdCC34bpM34H+mOXkyk1A0MuLR3hECkRWRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFhBd3RxlgJ/aIP4Qj3JsAJ8GMrVMB8GA1UdIwQY
MBaAFN39xeKT6efXGpbmHD2/aFhdT4MFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2YzRjRwUHA1OWNhbHVZY1BiOW9XRjFQZ3dVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC84MWY3NWEtNWYyMS00ODk4LTk2M2Yt
YmRhOTlhYjEzZDk5LzEvV0VGM2RIR1dBbjlvZ19oQ1BjbXdBbndZeXRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC84MWY3NWEtNWYyMS00ODk4LTk2M2YtYmRhOTlhYjEzZDk5
LzEvM2YzRjRwUHA1OWNhbHVZY1BiOW9XRjFQZ3dVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATffCMA0G
CSqGSIb3DQEBCwUAA4IBAQBpT8fFPuaB84i93FBuq88fDWJCzob9NoI+6+DABsNl
B4EcoizapzKW6S2Ld3NGlzhbAUUZNmBGjHsDd4wcTXKsY/79Lz5xAlmyNa6JS1Zm
P1u3IgUxXi10cLB2grBLufXY3mCXUcd/EWlUn0C7WX8tTzTc+u6c4jqP/Qe1hgy1
ZinVofk5ki11/DLsPMQ3lWYUOfwCO2r+GH4UAjJ66GSOi0OkBA+zpPFAX+MU6UQp
t8t/S49LsCiGN8MPDjeUpbX+bHt2BuM+shrZLiNdyKqq0Y0LiA8e92NdRWA0MLwX
U8dZ0VKe0XZovcTHAgIkIijCuO2CWJhD/n+KAQF4cruf
-----END CERTIFICATE-----