Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/2b7f70-fad1-403c-b08e-2c3ea4b86e20/1/1wApstD8sZR180ieD5UhTSrSrGw.roa
File:                     1wApstD8sZR180ieD5UhTSrSrGw.roa (raw, json)
Hash identifier:          vXJa+bKwVdtRvbR+fPigRITiCPKbAqUm9HTIen0sR3I=
Subject key identifier:   D7:00:29:B2:D0:FC:B1:94:75:F3:48:9E:0F:95:21:4D:2A:D2:AC:6C
Certificate issuer:       /CN=1b1504baf82ef8eb0ae508af40b638e3660a5488
Certificate serial:       018CC349235F9145F91ABB2C25FB7D4436A7
Authority key identifier: 1B:15:04:BA:F8:2E:F8:EB:0A:E5:08:AF:40:B6:38:E3:66:0A:54:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GxUEuvgu-OsK5QivQLY442YKVIg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/2b7f70-fad1-403c-b08e-2c3ea4b86e20/1/1wApstD8sZR180ieD5UhTSrSrGw.roa
Signing time:             Mon 01 Jan 2024 04:29:59 +0000
ROA not before:           Mon 01 Jan 2024 04:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210459
IP address blocks:        77.81.177.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9d/2b7f70-fad1-403c-b08e-2c3ea4b86e20/1/GxUEuvgu-OsK5QivQLY442YKVIg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9d/2b7f70-fad1-403c-b08e-2c3ea4b86e20/1/GxUEuvgu-OsK5QivQLY442YKVIg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GxUEuvgu-OsK5QivQLY442YKVIg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:23:5f:91:45:f9:1a:bb:2c:25:fb:7d:44:36:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b1504baf82ef8eb0ae508af40b638e3660a5488
        Validity
            Not Before: Jan  1 04:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d70029b2d0fcb19475f3489e0f95214d2ad2ac6c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:75:74:ad:58:7d:0d:ed:7f:96:90:41:92:81:
                    1b:79:f9:8e:f7:97:ef:17:80:a0:32:e9:9f:f6:c3:
                    18:20:e9:3e:8d:f3:8d:ac:f8:80:34:52:c2:9e:e5:
                    b7:2b:66:ae:06:af:14:3a:c9:25:fc:c7:54:6d:33:
                    62:a1:20:bd:34:de:eb:ba:ca:cd:60:4c:26:30:b5:
                    10:b7:06:39:14:d4:3a:37:c1:cf:97:c4:40:b2:70:
                    58:4b:d4:f4:15:20:84:d2:78:24:4e:f0:2e:10:0a:
                    87:b8:bb:89:a1:65:bd:2e:97:0c:0a:13:51:be:a8:
                    e8:67:4c:75:9b:f1:b8:e9:70:1a:06:9f:5c:44:78:
                    a6:4f:78:da:75:d7:d3:43:23:d1:72:ba:87:a9:8a:
                    f1:39:b5:59:7a:27:c6:ce:02:16:fb:4d:9b:4e:b6:
                    ef:b8:f3:e3:42:74:54:ac:42:38:db:c1:70:4b:bf:
                    5a:fb:21:d1:96:46:78:20:19:87:48:3b:91:a1:2b:
                    99:73:50:49:4a:4c:fd:ad:64:95:dd:3c:a5:0a:72:
                    32:72:5c:b0:84:10:4d:ab:0d:c4:21:d1:21:0f:33:
                    07:c8:d5:a9:62:20:ab:57:bb:eb:b3:b2:fd:ca:3e:
                    ac:3d:ae:5a:be:cc:1d:a4:19:af:78:3f:a8:b6:0e:
                    93:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:00:29:B2:D0:FC:B1:94:75:F3:48:9E:0F:95:21:4D:2A:D2:AC:6C
            X509v3 Authority Key Identifier:
                keyid:1B:15:04:BA:F8:2E:F8:EB:0A:E5:08:AF:40:B6:38:E3:66:0A:54:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GxUEuvgu-OsK5QivQLY442YKVIg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/2b7f70-fad1-403c-b08e-2c3ea4b86e20/1/1wApstD8sZR180ieD5UhTSrSrGw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/2b7f70-fad1-403c-b08e-2c3ea4b86e20/1/GxUEuvgu-OsK5QivQLY442YKVIg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.81.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:e0:8a:2e:fb:ee:42:71:ae:93:f1:eb:38:14:d2:62:ab:23:
         a7:c0:9e:e9:e7:aa:91:95:a6:5b:4b:87:64:d8:09:8b:db:64:
         8f:50:ab:9b:63:45:f7:50:ac:2b:e3:1c:52:12:31:93:60:2f:
         09:a0:32:be:3e:d6:25:60:ff:b2:f2:08:00:d8:9e:3a:a2:80:
         47:29:2b:dd:69:6e:4b:e2:81:ba:fd:66:db:55:ab:80:5c:f8:
         48:ff:2d:4d:0e:43:ef:b5:bf:3e:c8:78:75:56:ba:17:91:f6:
         14:73:25:c2:e2:8c:28:69:5c:4d:90:ac:06:2c:27:74:78:7a:
         77:ee:0a:77:e4:94:a8:3d:82:eb:bc:fd:19:f6:2b:a8:9d:58:
         bb:4e:ac:ba:f9:59:55:54:66:86:f1:5c:08:3f:cf:c1:9f:c0:
         71:b3:a1:4e:cf:42:f0:f0:e2:c9:94:84:23:d7:ba:73:8f:27:
         46:ec:fc:9b:ef:18:bd:03:fc:aa:fb:f7:46:31:1c:ee:c9:ee:
         42:44:2b:84:8a:2f:53:10:59:3c:07:44:72:f7:0b:0c:17:77:
         65:79:4a:75:e9:92:32:11:4a:29:92:18:df:12:cb:9c:e6:94:
         23:b6:d0:55:6d:a3:bc:21:11:d6:54:c9:c5:6d:94:3a:26:87:
         d5:31:88:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSSNfkUX5GrssJft9RDanMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMTUwNGJhZjgyZWY4ZWIwYWU1MDhhZjQwYjYzOGUzNjYw
YTU0ODgwHhcNMjQwMTAxMDQyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzAwMjliMmQwZmNiMTk0NzVmMzQ4OWUwZjk1MjE0ZDJhZDJhYzZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgnV0rVh9De1/lpBBkoEbefmO95fv
F4CgMumf9sMYIOk+jfONrPiANFLCnuW3K2auBq8UOskl/MdUbTNioSC9NN7rusrN
YEwmMLUQtwY5FNQ6N8HPl8RAsnBYS9T0FSCE0ngkTvAuEAqHuLuJoWW9LpcMChNR
vqjoZ0x1m/G46XAaBp9cRHimT3jaddfTQyPRcrqHqYrxObVZeifGzgIW+02bTrbv
uPPjQnRUrEI428FwS79a+yHRlkZ4IBmHSDuRoSuZc1BJSkz9rWSV3TylCnIyclyw
hBBNqw3EIdEhDzMHyNWpYiCrV7vrs7L9yj6sPa5avswdpBmveD+otg6T4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNcAKbLQ/LGUdfNIng+VIU0q0qxsMB8GA1UdIwQY
MBaAFBsVBLr4LvjrCuUIr0C2OONmClSIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3hVRXV2Z3UtT3NLNVFpdlFMWTQ0MllLVklnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC8yYjdmNzAtZmFkMS00MDNjLWIwOGUt
MmMzZWE0Yjg2ZTIwLzEvMXdBcHN0RDhzWlIxODBpZUQ1VWhUU3JTckd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC8yYjdmNzAtZmFkMS00MDNjLWIwOGUtMmMzZWE0Yjg2ZTIw
LzEvR3hVRXV2Z3UtT3NLNVFpdlFMWTQ0MllLVklnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVGxMA0G
CSqGSIb3DQEBCwUAA4IBAQBX4Iou++5Cca6T8es4FNJiqyOnwJ7p56qRlaZbS4dk
2AmL22SPUKubY0X3UKwr4xxSEjGTYC8JoDK+PtYlYP+y8ggA2J46ooBHKSvdaW5L
4oG6/WbbVauAXPhI/y1NDkPvtb8+yHh1VroXkfYUcyXC4owoaVxNkKwGLCd0eHp3
7gp35JSoPYLrvP0Z9iuonVi7Tqy6+VlVVGaG8VwIP8/Bn8Bxs6FOz0Lw8OLJlIQj
17pzjydG7Pyb7xi9A/yq+/dGMRzuye5CRCuEii9TEFk8B0Ry9wsMF3dleUp16ZIy
EUopkhjfEsuc5pQjttBVbaO8IRHWVMnFbZQ6JofVMYjb
-----END CERTIFICATE-----