Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/381d69-2c41-45a8-90d4-6ae90b247592/1/5xClaWILRxQ9pmgQgDpxFofceH8.roa
File:                     5xClaWILRxQ9pmgQgDpxFofceH8.roa (raw, json)
Hash identifier:          0hzSh03q17++GvtE8vccd8KDVakALRAiOVzqJZfOXdk=
Subject key identifier:   E7:10:A5:69:62:0B:47:14:3D:A6:68:10:80:3A:71:16:87:DC:78:7F
Certificate issuer:       /CN=22fb528aba018f142f4444cccc9723736cd4e4b6
Certificate serial:       018CC94D9F9AB81B92C3431F68EFD4DB0EE5
Authority key identifier: 22:FB:52:8A:BA:01:8F:14:2F:44:44:CC:CC:97:23:73:6C:D4:E4:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IvtSiroBjxQvRETMzJcjc2zU5LY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/381d69-2c41-45a8-90d4-6ae90b247592/1/5xClaWILRxQ9pmgQgDpxFofceH8.roa
Signing time:             Tue 02 Jan 2024 08:32:36 +0000
ROA not before:           Tue 02 Jan 2024 08:32:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205718
IP address blocks:        77.83.144.0/22 maxlen: 22
                          2a09:fcc0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/381d69-2c41-45a8-90d4-6ae90b247592/1/IvtSiroBjxQvRETMzJcjc2zU5LY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/381d69-2c41-45a8-90d4-6ae90b247592/1/IvtSiroBjxQvRETMzJcjc2zU5LY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IvtSiroBjxQvRETMzJcjc2zU5LY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:9f:9a:b8:1b:92:c3:43:1f:68:ef:d4:db:0e:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22fb528aba018f142f4444cccc9723736cd4e4b6
        Validity
            Not Before: Jan  2 08:32:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e710a569620b47143da66810803a711687dc787f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:58:4e:af:fa:bd:4a:07:b7:ee:87:d5:61:c6:
                    56:fe:82:c6:90:85:c2:6c:4a:ff:fe:7b:a1:72:9b:
                    59:a0:57:a0:57:05:c1:a0:b5:56:77:34:84:46:aa:
                    a1:4a:62:1c:9e:d9:b8:6a:74:aa:3b:09:95:ee:80:
                    b1:4b:0d:6b:33:d1:1d:9d:87:89:5c:0f:53:2b:b9:
                    ac:8d:e4:ee:dd:35:0b:7e:96:6f:d5:1a:c8:f6:89:
                    e9:d0:1d:ca:19:59:85:af:20:0c:38:c5:37:ce:91:
                    6b:49:94:0f:c2:ee:39:cd:18:a4:0e:f3:18:80:2d:
                    14:0c:77:6f:00:b4:51:fe:70:54:8b:92:2a:ed:11:
                    34:ef:e1:45:23:70:b4:c8:ea:3f:7a:88:1b:2e:b5:
                    3a:c4:33:f2:f4:7b:3e:48:83:c2:60:06:e9:bb:ee:
                    29:a4:40:c6:6b:e2:9b:2c:33:38:04:63:c6:f7:07:
                    ab:de:8c:d3:de:d7:5c:42:af:57:07:25:60:f0:c9:
                    74:04:23:b3:dc:b1:86:47:44:ab:7a:26:b3:4f:e2:
                    38:75:a4:85:3d:5b:01:5f:eb:0c:ef:03:ff:1a:5d:
                    38:01:ec:2d:02:90:a8:53:fa:e2:c4:01:a6:7a:2d:
                    53:c1:05:d2:81:1d:f8:48:2e:79:a5:ae:02:49:9c:
                    6b:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:10:A5:69:62:0B:47:14:3D:A6:68:10:80:3A:71:16:87:DC:78:7F
            X509v3 Authority Key Identifier:
                keyid:22:FB:52:8A:BA:01:8F:14:2F:44:44:CC:CC:97:23:73:6C:D4:E4:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IvtSiroBjxQvRETMzJcjc2zU5LY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/381d69-2c41-45a8-90d4-6ae90b247592/1/5xClaWILRxQ9pmgQgDpxFofceH8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/381d69-2c41-45a8-90d4-6ae90b247592/1/IvtSiroBjxQvRETMzJcjc2zU5LY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.83.144.0/22
                IPv6:
                  2a09:fcc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         4e:a6:5e:4d:41:02:c4:23:06:75:a9:a6:0b:25:ba:e9:69:dc:
         c0:5d:5c:5f:85:d3:60:66:b5:3a:f9:e8:4d:4b:ea:a8:b8:ad:
         a9:bb:cc:e3:64:3c:ac:a6:84:20:86:e2:57:2a:b4:2c:66:91:
         6f:49:a3:86:58:61:a4:a3:35:1f:ab:3f:34:33:53:d1:cc:5d:
         07:cf:7e:91:dc:f8:a9:a3:f8:e2:44:c6:51:e9:2b:e1:6e:83:
         67:18:a0:a1:05:38:a5:4d:9f:41:4f:86:55:e7:58:dd:9c:00:
         31:a8:e5:69:2c:80:75:83:4e:6d:25:a8:83:82:d9:39:4a:0c:
         4d:c0:67:a5:18:3a:13:c8:02:82:39:aa:15:1b:b9:0e:98:c7:
         0e:ba:85:5a:a5:d9:68:79:51:ac:c2:7b:ea:39:af:21:76:f0:
         bb:52:03:65:4b:dd:a0:8d:64:f2:0b:f3:73:4c:f0:f5:47:b3:
         fa:f8:01:15:30:f2:f8:e7:4e:8f:38:04:6c:04:d4:74:d7:dd:
         d4:e0:9a:de:19:f1:00:37:3a:d1:23:94:df:fe:de:c7:2e:9f:
         49:9b:34:4d:11:07:7c:b4:2b:a9:c4:30:5d:3c:56:50:52:80:
         9c:3e:9f:42:be:13:2e:d0:03:58:e5:66:65:36:09:c3:bc:02:
         6e:26:3f:10
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJTZ+auBuSw0MfaO/U2w7lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyZmI1MjhhYmEwMThmMTQyZjQ0NDRjY2NjOTcyMzczNmNk
NGU0YjYwHhcNMjQwMTAyMDgzMjM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzEwYTU2OTYyMGI0NzE0M2RhNjY4MTA4MDNhNzExNjg3ZGM3ODdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjlhOr/q9Sge37ofVYcZW/oLGkIXC
bEr//nuhcptZoFegVwXBoLVWdzSERqqhSmIcntm4anSqOwmV7oCxSw1rM9EdnYeJ
XA9TK7msjeTu3TULfpZv1RrI9onp0B3KGVmFryAMOMU3zpFrSZQPwu45zRikDvMY
gC0UDHdvALRR/nBUi5Iq7RE07+FFI3C0yOo/eogbLrU6xDPy9Hs+SIPCYAbpu+4p
pEDGa+KbLDM4BGPG9wer3ozT3tdcQq9XByVg8Ml0BCOz3LGGR0SreiazT+I4daSF
PVsBX+sM7wP/Gl04AewtApCoU/rixAGmei1TwQXSgR34SC55pa4CSZxrjwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOcQpWliC0cUPaZoEIA6cRaH3Hh/MB8GA1UdIwQY
MBaAFCL7Uoq6AY8UL0REzMyXI3Ns1OS2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXZ0U2lyb0JqeFF2UkVUTXpKY2pjMnpVNUxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC8zODFkNjktMmM0MS00NWE4LTkwZDQt
NmFlOTBiMjQ3NTkyLzEvNXhDbGFXSUxSeFE5cG1nUWdEcHhGb2ZjZUg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC8zODFkNjktMmM0MS00NWE4LTkwZDQtNmFlOTBiMjQ3NTky
LzEvSXZ0U2lyb0JqeFF2UkVUTXpKY2pjMnpVNUxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCTVOQMA0E
AgACMAcDBQAqCfzAMA0GCSqGSIb3DQEBCwUAA4IBAQBOpl5NQQLEIwZ1qaYLJbrp
adzAXVxfhdNgZrU6+ehNS+qouK2pu8zjZDyspoQghuJXKrQsZpFvSaOGWGGkozUf
qz80M1PRzF0Hz36R3Pipo/jiRMZR6SvhboNnGKChBTilTZ9BT4ZV51jdnAAxqOVp
LIB1g05tJaiDgtk5SgxNwGelGDoTyAKCOaoVG7kOmMcOuoVapdloeVGswnvqOa8h
dvC7UgNlS92gjWTyC/NzTPD1R7P6+AEVMPL4506POARsBNR0193U4JreGfEANzrR
I5Tf/t7HLp9JmzRNEQd8tCupxDBdPFZQUoCcPp9CvhMu0ANY5WZlNgnDvAJuJj8Q
-----END CERTIFICATE-----