Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/6c2736-ab02-4897-9568-77f6e94e3dcc/1/07kw2MzDV5dpbfYC0MA4AILk1XE.roa
File:                     07kw2MzDV5dpbfYC0MA4AILk1XE.roa (raw, json)
Hash identifier:          tg8LJDbeLYQBkgtHitpgNGT/W91ZoJCC9459dV5/7ek=
Subject key identifier:   D3:B9:30:D8:CC:C3:57:97:69:6D:F6:02:D0:C0:38:00:82:E4:D5:71
Certificate issuer:       /CN=77f8e7fbd4ab69507fb1fe3579af343a56639086
Certificate serial:       019423D7CCF3A9C6F1C5EA4EF7752C5A35B0
Authority key identifier: 77:F8:E7:FB:D4:AB:69:50:7F:B1:FE:35:79:AF:34:3A:56:63:90:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d_jn-9SraVB_sf41ea80OlZjkIY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/6c2736-ab02-4897-9568-77f6e94e3dcc/1/07kw2MzDV5dpbfYC0MA4AILk1XE.roa
Signing time:             Wed 01 Jan 2025 21:48:52 +0000
ROA not before:           Wed 01 Jan 2025 21:48:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41327
IP address blocks:        5.152.144.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/6c2736-ab02-4897-9568-77f6e94e3dcc/1/d_jn-9SraVB_sf41ea80OlZjkIY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/6c2736-ab02-4897-9568-77f6e94e3dcc/1/d_jn-9SraVB_sf41ea80OlZjkIY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d_jn-9SraVB_sf41ea80OlZjkIY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 08:01:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:cc:f3:a9:c6:f1:c5:ea:4e:f7:75:2c:5a:35:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77f8e7fbd4ab69507fb1fe3579af343a56639086
        Validity
            Not Before: Jan  1 21:48:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d3b930d8ccc35797696df602d0c0380082e4d571
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:4c:ee:d9:ad:3e:ad:37:8c:8e:09:7e:ea:ef:
                    4a:38:08:5f:c7:5f:89:3f:eb:d2:15:47:f2:ad:62:
                    76:7a:b3:11:e5:b9:22:ef:92:e5:f3:13:58:5f:69:
                    e5:02:47:7f:e5:de:cd:a3:3d:b5:bb:8b:97:bc:3f:
                    21:bc:c9:b7:50:8d:19:e9:ac:97:2b:da:b4:c6:4a:
                    46:e6:bf:48:5b:6a:e9:4b:1b:d0:d2:42:a3:f1:48:
                    58:3c:1e:fd:47:68:17:a2:25:72:ab:2e:7d:37:c7:
                    31:82:a6:cf:d5:cb:7a:06:61:2e:bb:e9:34:03:a4:
                    f9:5f:5c:44:93:8e:8f:83:9f:0a:7b:bc:32:f1:c3:
                    dd:7f:2a:75:c4:0c:72:f7:3f:56:fa:2f:de:d2:6e:
                    32:0c:90:e4:45:99:cd:e7:b0:c9:33:a5:b2:3d:60:
                    b7:44:81:77:65:1c:72:98:8f:cf:a7:e0:96:84:3d:
                    d1:7e:42:e6:e5:05:11:66:50:b7:d0:8f:58:d0:d3:
                    3c:94:da:00:f8:7d:22:a7:5e:24:c4:d2:96:98:f4:
                    09:26:21:7e:54:1b:10:9e:ff:84:08:62:c8:2c:1d:
                    46:44:b4:b2:2e:ad:08:35:d4:ce:48:14:14:60:78:
                    af:d9:94:d4:34:a5:2e:6e:22:20:db:eb:3c:2b:5c:
                    4f:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:B9:30:D8:CC:C3:57:97:69:6D:F6:02:D0:C0:38:00:82:E4:D5:71
            X509v3 Authority Key Identifier:
                keyid:77:F8:E7:FB:D4:AB:69:50:7F:B1:FE:35:79:AF:34:3A:56:63:90:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d_jn-9SraVB_sf41ea80OlZjkIY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/6c2736-ab02-4897-9568-77f6e94e3dcc/1/07kw2MzDV5dpbfYC0MA4AILk1XE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/6c2736-ab02-4897-9568-77f6e94e3dcc/1/d_jn-9SraVB_sf41ea80OlZjkIY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.152.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:c0:45:1e:77:13:40:bb:fe:2e:82:e7:1f:09:86:84:0f:ce:
         ba:60:c8:1c:fa:cc:2d:31:9e:07:55:7f:f7:24:c9:c7:28:b5:
         5c:f3:e9:df:b9:2f:23:f2:9f:4e:f5:c3:cd:8a:c4:a1:c9:33:
         1a:89:0b:f6:22:c2:7a:1c:1c:1c:29:7c:22:5a:f2:a0:22:fc:
         47:af:21:0c:c6:d1:98:28:fc:ff:ef:ae:ee:c7:2e:da:2e:a4:
         8d:2b:82:e9:d1:f1:91:a1:96:14:59:88:d8:23:09:a9:a9:9f:
         f9:b3:aa:00:ba:b5:29:d3:e6:f7:3f:1e:64:74:d2:c2:cd:57:
         57:68:10:fe:13:57:cb:51:ee:23:e6:8a:bc:c9:58:be:03:45:
         33:ca:77:03:65:c2:42:86:12:47:78:4d:78:08:b7:89:06:49:
         a2:85:76:f7:26:87:8e:9e:fa:30:1f:a1:90:67:57:fb:28:74:
         0f:59:12:f7:30:f9:33:3c:39:5e:78:ae:40:e2:f4:4a:a9:1b:
         85:1c:32:94:90:a3:1d:96:db:bb:a5:51:ef:93:07:ea:6b:6c:
         f6:57:f8:81:71:57:64:44:d4:a0:6f:aa:78:97:59:a1:3f:2c:
         70:07:08:e9:76:bc:81:bc:ea:b7:5a:8f:82:30:5b:d3:f2:0d:
         b7:e3:15:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj18zzqcbxxepO93UsWjWwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3ZjhlN2ZiZDRhYjY5NTA3ZmIxZmUzNTc5YWYzNDNhNTY2
MzkwODYwHhcNMjUwMTAxMjE0ODUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2I5MzBkOGNjYzM1Nzk3Njk2ZGY2MDJkMGMwMzgwMDgyZTRkNTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmUzu2a0+rTeMjgl+6u9KOAhfx1+J
P+vSFUfyrWJ2erMR5bki75Ll8xNYX2nlAkd/5d7Noz21u4uXvD8hvMm3UI0Z6ayX
K9q0xkpG5r9IW2rpSxvQ0kKj8UhYPB79R2gXoiVyqy59N8cxgqbP1ct6BmEuu+k0
A6T5X1xEk46Pg58Ke7wy8cPdfyp1xAxy9z9W+i/e0m4yDJDkRZnN57DJM6WyPWC3
RIF3ZRxymI/Pp+CWhD3RfkLm5QURZlC30I9Y0NM8lNoA+H0ip14kxNKWmPQJJiF+
VBsQnv+ECGLILB1GRLSyLq0INdTOSBQUYHiv2ZTUNKUubiIg2+s8K1xPCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNO5MNjMw1eXaW32AtDAOACC5NVxMB8GA1UdIwQY
MBaAFHf45/vUq2lQf7H+NXmvNDpWY5CGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZF9qbi05U3JhVkJfc2Y0MWVhODBPbFpqa0lZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC82YzI3MzYtYWIwMi00ODk3LTk1Njgt
NzdmNmU5NGUzZGNjLzEvMDdrdzJNekRWNWRwYmZZQzBNQTRBSUxrMVhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC82YzI3MzYtYWIwMi00ODk3LTk1NjgtNzdmNmU5NGUzZGNj
LzEvZF9qbi05U3JhVkJfc2Y0MWVhODBPbFpqa0lZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABZiQMA0G
CSqGSIb3DQEBCwUAA4IBAQBzwEUedxNAu/4ugucfCYaED866YMgc+swtMZ4HVX/3
JMnHKLVc8+nfuS8j8p9O9cPNisShyTMaiQv2IsJ6HBwcKXwiWvKgIvxHryEMxtGY
KPz/767uxy7aLqSNK4Lp0fGRoZYUWYjYIwmpqZ/5s6oAurUp0+b3Px5kdNLCzVdX
aBD+E1fLUe4j5oq8yVi+A0UzyncDZcJChhJHeE14CLeJBkmihXb3JoeOnvowH6GQ
Z1f7KHQPWRL3MPkzPDleeK5A4vRKqRuFHDKUkKMdltu7pVHvkwfqa2z2V/iBcVdk
RNSgb6p4l1mhPyxwBwjpdryBvOq3Wo+CMFvT8g234xVJ
-----END CERTIFICATE-----