Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/f8314e-a3bc-45e9-a9f5-4c98d9a51405/1/RowHyzmbIUhwLNzP2aGdUq-bTxw.roa
File:                     RowHyzmbIUhwLNzP2aGdUq-bTxw.roa (raw, json)
Hash identifier:          BWNoFSha19ToKG1Hm+elPv4NQAdo5EC6p+W2DfujBas=
Subject key identifier:   46:8C:07:CB:39:9B:21:48:70:2C:DC:CF:D9:A1:9D:52:AF:9B:4F:1C
Certificate issuer:       /CN=c441738baab988b1d68693bb05e29bfbb4f0f671
Certificate serial:       019425213A0B03DA21EC02787D41322EA44A
Authority key identifier: C4:41:73:8B:AA:B9:88:B1:D6:86:93:BB:05:E2:9B:FB:B4:F0:F6:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xEFzi6q5iLHWhpO7BeKb-7Tw9nE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/f8314e-a3bc-45e9-a9f5-4c98d9a51405/1/RowHyzmbIUhwLNzP2aGdUq-bTxw.roa
Signing time:             Thu 02 Jan 2025 03:48:42 +0000
ROA not before:           Thu 02 Jan 2025 03:48:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202909
IP address blocks:        77.220.109.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/f8314e-a3bc-45e9-a9f5-4c98d9a51405/1/xEFzi6q5iLHWhpO7BeKb-7Tw9nE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/f8314e-a3bc-45e9-a9f5-4c98d9a51405/1/xEFzi6q5iLHWhpO7BeKb-7Tw9nE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xEFzi6q5iLHWhpO7BeKb-7Tw9nE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 21:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:3a:0b:03:da:21:ec:02:78:7d:41:32:2e:a4:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c441738baab988b1d68693bb05e29bfbb4f0f671
        Validity
            Not Before: Jan  2 03:48:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=468c07cb399b2148702cdccfd9a19d52af9b4f1c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:2a:a8:5e:d4:76:d7:c2:ac:ce:2b:5f:17:e7:
                    ce:5c:ee:0b:10:fc:87:6c:d0:a2:a7:61:66:d1:20:
                    63:31:a7:88:82:3c:22:34:6b:43:09:b1:c0:44:2b:
                    ca:d0:82:09:63:aa:71:44:08:2f:ec:09:27:fe:f8:
                    ff:e4:67:80:a8:32:41:0c:60:34:4a:5d:06:25:41:
                    49:6b:83:78:c5:ff:64:34:9c:8a:91:e2:3f:47:c0:
                    3c:47:ed:eb:3b:3f:e5:96:45:84:d2:87:db:e7:37:
                    a1:d2:d6:d0:e7:fd:c6:67:a3:92:69:1e:7d:14:9a:
                    d9:9e:d1:cd:c6:83:4a:0b:fe:3e:dd:f8:bf:20:b3:
                    6d:0e:81:ed:d2:b8:f5:92:b2:6f:65:47:33:34:f8:
                    3d:54:34:2b:18:ea:26:f8:f0:44:64:19:b2:cc:a4:
                    60:fb:26:2d:3b:60:72:6c:9a:08:b2:f8:22:e0:c1:
                    80:97:8f:eb:0d:0f:58:fc:6f:9e:c5:07:b7:50:0b:
                    f2:68:2a:6e:af:fe:0e:e4:72:30:e5:25:a2:5b:8c:
                    88:ce:35:20:ed:9b:b2:18:99:42:c8:40:14:49:af:
                    e4:75:20:d7:18:17:83:7b:93:a2:d1:d4:88:fa:59:
                    c6:7d:33:ba:f5:35:8c:63:a4:06:e1:80:27:33:40:
                    1a:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:8C:07:CB:39:9B:21:48:70:2C:DC:CF:D9:A1:9D:52:AF:9B:4F:1C
            X509v3 Authority Key Identifier:
                keyid:C4:41:73:8B:AA:B9:88:B1:D6:86:93:BB:05:E2:9B:FB:B4:F0:F6:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xEFzi6q5iLHWhpO7BeKb-7Tw9nE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/f8314e-a3bc-45e9-a9f5-4c98d9a51405/1/RowHyzmbIUhwLNzP2aGdUq-bTxw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/f8314e-a3bc-45e9-a9f5-4c98d9a51405/1/xEFzi6q5iLHWhpO7BeKb-7Tw9nE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.220.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b6:ac:ac:3a:3e:fe:22:b0:55:3f:bf:bf:9e:69:e8:52:03:f9:
         d4:4e:49:29:48:94:54:9e:28:e1:d1:a5:9f:f3:64:15:82:74:
         cc:8a:14:40:67:4b:7e:53:c9:7b:1d:5e:4a:62:ce:36:8e:95:
         49:86:4f:0c:fb:d5:18:c0:e6:23:0a:13:eb:96:b2:c0:d4:c8:
         c2:14:bf:c5:49:10:bb:fb:6c:a0:dd:52:43:b6:73:1b:72:c1:
         90:f4:6c:cc:d0:21:90:25:80:3b:2a:88:c5:25:ac:fb:1c:fd:
         8a:1e:38:0b:e2:fc:23:15:b5:0a:eb:44:3a:60:5c:8c:5a:7a:
         75:38:41:f1:81:b6:01:c9:a8:7b:e7:92:b6:bc:17:39:b2:be:
         f0:77:67:1a:23:e0:2d:93:ff:cf:45:42:0c:22:5f:68:ff:a9:
         09:c9:86:ce:4f:fc:09:8d:bd:a2:38:c5:d4:7b:2f:eb:04:fd:
         2e:ac:5a:7c:b3:7b:1d:6d:11:83:49:2d:cb:79:4f:a2:7b:e2:
         91:92:c4:f4:5b:18:da:43:f2:c8:11:57:11:a2:06:42:cb:74:
         31:cd:76:6d:12:10:ca:7c:42:ed:f9:ac:ab:d4:8f:fa:86:1a:
         01:23:c9:8a:ce:5a:cb:b9:ac:6a:7d:2d:88:d6:23:c4:5e:89:
         65:72:c2:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIToLA9oh7AJ4fUEyLqRKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0NDE3MzhiYWFiOTg4YjFkNjg2OTNiYjA1ZTI5YmZiYjRm
MGY2NzEwHhcNMjUwMTAyMDM0ODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjhjMDdjYjM5OWIyMTQ4NzAyY2RjY2ZkOWExOWQ1MmFmOWI0ZjFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyyqoXtR218KszitfF+fOXO4LEPyH
bNCip2Fm0SBjMaeIgjwiNGtDCbHARCvK0IIJY6pxRAgv7Akn/vj/5GeAqDJBDGA0
Sl0GJUFJa4N4xf9kNJyKkeI/R8A8R+3rOz/llkWE0ofb5zeh0tbQ5/3GZ6OSaR59
FJrZntHNxoNKC/4+3fi/ILNtDoHt0rj1krJvZUczNPg9VDQrGOom+PBEZBmyzKRg
+yYtO2BybJoIsvgi4MGAl4/rDQ9Y/G+exQe3UAvyaCpur/4O5HIw5SWiW4yIzjUg
7ZuyGJlCyEAUSa/kdSDXGBeDe5Oi0dSI+lnGfTO69TWMY6QG4YAnM0AaLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEaMB8s5myFIcCzcz9mhnVKvm08cMB8GA1UdIwQY
MBaAFMRBc4uquYix1oaTuwXim/u08PZxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveEVGemk2cTVpTEhXaHBPN0JlS2ItN1R3OW5FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My9mODMxNGUtYTNiYy00NWU5LWE5ZjUt
NGM5OGQ5YTUxNDA1LzEvUm93SHl6bWJJVWh3TE56UDJhR2RVcS1iVHh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My9mODMxNGUtYTNiYy00NWU5LWE5ZjUtNGM5OGQ5YTUxNDA1
LzEveEVGemk2cTVpTEhXaHBPN0JlS2ItN1R3OW5FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATdxtMA0G
CSqGSIb3DQEBCwUAA4IBAQC2rKw6Pv4isFU/v7+eaehSA/nUTkkpSJRUnijh0aWf
82QVgnTMihRAZ0t+U8l7HV5KYs42jpVJhk8M+9UYwOYjChPrlrLA1MjCFL/FSRC7
+2yg3VJDtnMbcsGQ9GzM0CGQJYA7KojFJaz7HP2KHjgL4vwjFbUK60Q6YFyMWnp1
OEHxgbYByah755K2vBc5sr7wd2caI+Atk//PRUIMIl9o/6kJyYbOT/wJjb2iOMXU
ey/rBP0urFp8s3sdbRGDSS3LeU+ie+KRksT0WxjaQ/LIEVcRogZCy3QxzXZtEhDK
fELt+ayr1I/6hhoBI8mKzlrLuaxqfS2I1iPEXollcsLc
-----END CERTIFICATE-----