Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/c3988e-8654-4311-8292-426039788919/1/pwc0HJt50lXMqhq3V6lEDOPpy_I.roa
File:                     pwc0HJt50lXMqhq3V6lEDOPpy_I.roa (raw, json)
Hash identifier:          3o5gd6QuAGxP4X/B56P6LCeXI4Wnx0IcGs6GjDHET+g=
Subject key identifier:   A7:07:34:1C:9B:79:D2:55:CC:AA:1A:B7:57:A9:44:0C:E3:E9:CB:F2
Certificate issuer:       /CN=20a7fcbe59314c372b68f232223828b1e33a03ec
Certificate serial:       018CC64B2F6005CD8CC1F0EA770690F8D92F
Authority key identifier: 20:A7:FC:BE:59:31:4C:37:2B:68:F2:32:22:38:28:B1:E3:3A:03:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IKf8vlkxTDcraPIyIjgoseM6A-w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/c3988e-8654-4311-8292-426039788919/1/pwc0HJt50lXMqhq3V6lEDOPpy_I.roa
Signing time:             Mon 01 Jan 2024 18:31:05 +0000
ROA not before:           Mon 01 Jan 2024 18:31:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199739
IP address blocks:        81.22.33.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/c3988e-8654-4311-8292-426039788919/1/IKf8vlkxTDcraPIyIjgoseM6A-w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/c3988e-8654-4311-8292-426039788919/1/IKf8vlkxTDcraPIyIjgoseM6A-w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IKf8vlkxTDcraPIyIjgoseM6A-w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:02:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:2f:60:05:cd:8c:c1:f0:ea:77:06:90:f8:d9:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20a7fcbe59314c372b68f232223828b1e33a03ec
        Validity
            Not Before: Jan  1 18:31:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a707341c9b79d255ccaa1ab757a9440ce3e9cbf2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:a9:31:bb:e1:a2:29:f0:de:e4:63:4c:89:17:
                    06:23:84:fa:3f:b4:66:3f:69:6e:e6:74:ea:29:b1:
                    76:c2:a6:04:25:23:8b:ca:ad:ff:8f:7d:77:9d:6c:
                    e7:40:2e:71:7c:63:f1:93:84:6d:0f:ba:c0:b6:f6:
                    32:6d:24:c3:24:52:a1:e2:2d:c8:90:8e:b3:80:56:
                    36:1a:e9:a8:2d:1f:41:b6:23:41:07:9a:60:df:64:
                    8e:9f:21:1c:17:41:c3:69:38:81:a1:8d:2d:00:a8:
                    f0:11:74:8b:77:d1:fa:5d:54:4c:83:a0:58:7f:66:
                    fc:87:cc:f3:70:fb:31:7c:42:2f:85:a3:36:51:20:
                    23:a3:be:0c:7a:5c:77:8b:86:5c:4d:d8:bf:54:e3:
                    23:20:bd:90:c4:fb:53:f4:36:94:fe:0c:be:a2:8e:
                    31:1d:fa:04:c5:6e:8b:aa:30:ff:9e:6c:de:75:84:
                    6f:7c:34:7b:5c:e4:9f:cd:44:51:87:68:76:fe:7e:
                    4a:c9:21:d3:f5:83:36:76:b1:a4:a8:d6:02:5c:bf:
                    f3:ad:d7:4d:04:75:a3:7c:71:20:f0:fa:75:d7:5b:
                    cc:cc:74:cc:1d:52:fe:59:ca:55:9d:e9:b4:3d:3b:
                    0c:90:43:d9:61:29:11:57:9e:29:1a:02:14:3a:34:
                    84:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:07:34:1C:9B:79:D2:55:CC:AA:1A:B7:57:A9:44:0C:E3:E9:CB:F2
            X509v3 Authority Key Identifier:
                keyid:20:A7:FC:BE:59:31:4C:37:2B:68:F2:32:22:38:28:B1:E3:3A:03:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IKf8vlkxTDcraPIyIjgoseM6A-w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/c3988e-8654-4311-8292-426039788919/1/pwc0HJt50lXMqhq3V6lEDOPpy_I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/c3988e-8654-4311-8292-426039788919/1/IKf8vlkxTDcraPIyIjgoseM6A-w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.22.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:96:63:ef:6f:53:15:ad:f1:c1:33:11:de:dc:04:be:d8:65:
         79:cd:08:7f:a1:c1:3e:a5:6b:30:8b:bb:43:d9:5b:a0:ec:93:
         12:54:85:49:b2:d0:04:f7:bb:78:7d:50:2d:dd:5a:e8:e1:85:
         b7:31:6c:19:1e:b2:ad:fb:11:c8:e0:0b:11:b2:43:90:68:ff:
         a7:c1:99:b9:26:83:13:f2:f3:6f:51:d3:51:a5:c3:9e:55:a2:
         d4:cb:a8:51:60:b2:d2:6b:64:0a:f0:da:6c:2e:a1:8d:7e:71:
         65:b1:61:d2:61:6c:75:96:d3:5b:26:f4:b3:e0:d5:6b:32:93:
         28:2f:4d:0d:17:47:d0:ad:10:77:3a:48:2f:e7:02:b8:bc:ed:
         11:5c:cf:f8:6b:0a:c4:d2:d7:08:93:f7:1e:9c:b8:f5:bd:b6:
         ff:da:e2:74:9c:67:68:0c:11:5f:e1:92:dc:69:9a:cf:78:ba:
         d2:79:11:62:eb:98:90:c3:cc:d1:16:c6:b1:29:16:0c:f4:42:
         80:2a:42:66:6f:a0:b4:2d:ed:93:06:b4:92:75:cd:cf:9f:ad:
         12:4d:c1:af:71:dd:14:0e:ee:7f:98:1f:c7:43:df:42:db:b4:
         7d:f8:11:fa:84:80:59:3f:00:06:e2:a7:b4:6b:96:7d:71:c3:
         46:85:63:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSy9gBc2MwfDqdwaQ+NkvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwYTdmY2JlNTkzMTRjMzcyYjY4ZjIzMjIyMzgyOGIxZTMz
YTAzZWMwHhcNMjQwMTAxMTgzMTA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzA3MzQxYzliNzlkMjU1Y2NhYTFhYjc1N2E5NDQwY2UzZTljYmYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoqkxu+GiKfDe5GNMiRcGI4T6P7Rm
P2lu5nTqKbF2wqYEJSOLyq3/j313nWznQC5xfGPxk4RtD7rAtvYybSTDJFKh4i3I
kI6zgFY2GumoLR9BtiNBB5pg32SOnyEcF0HDaTiBoY0tAKjwEXSLd9H6XVRMg6BY
f2b8h8zzcPsxfEIvhaM2USAjo74Melx3i4ZcTdi/VOMjIL2QxPtT9DaU/gy+oo4x
HfoExW6LqjD/nmzedYRvfDR7XOSfzURRh2h2/n5KySHT9YM2drGkqNYCXL/zrddN
BHWjfHEg8Pp111vMzHTMHVL+WcpVnem0PTsMkEPZYSkRV54pGgIUOjSEjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKcHNBybedJVzKoat1epRAzj6cvyMB8GA1UdIwQY
MBaAFCCn/L5ZMUw3K2jyMiI4KLHjOgPsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUtmOHZsa3hURGNyYVBJeUlqZ29zZU02QS13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi9jMzk4OGUtODY1NC00MzExLTgyOTIt
NDI2MDM5Nzg4OTE5LzEvcHdjMEhKdDUwbFhNcWhxM1Y2bEVET1BweV9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi9jMzk4OGUtODY1NC00MzExLTgyOTItNDI2MDM5Nzg4OTE5
LzEvSUtmOHZsa3hURGNyYVBJeUlqZ29zZU02QS13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAURYhMA0G
CSqGSIb3DQEBCwUAA4IBAQBqlmPvb1MVrfHBMxHe3AS+2GV5zQh/ocE+pWswi7tD
2Vug7JMSVIVJstAE97t4fVAt3Vro4YW3MWwZHrKt+xHI4AsRskOQaP+nwZm5JoMT
8vNvUdNRpcOeVaLUy6hRYLLSa2QK8NpsLqGNfnFlsWHSYWx1ltNbJvSz4NVrMpMo
L00NF0fQrRB3Okgv5wK4vO0RXM/4awrE0tcIk/cenLj1vbb/2uJ0nGdoDBFf4ZLc
aZrPeLrSeRFi65iQw8zRFsaxKRYM9EKAKkJmb6C0Le2TBrSSdc3Pn60STcGvcd0U
Du5/mB/HQ99C27R9+BH6hIBZPwAG4qe0a5Z9ccNGhWNF
-----END CERTIFICATE-----