Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/CWiuXgvwvgZXI4sNEej-rA_itMk.roa
File:                     CWiuXgvwvgZXI4sNEej-rA_itMk.roa (raw, json)
Hash identifier:          9CCaXuN6Cb/fa/GweQdLy/jSJcLbU0T3iUE6aN/P65g=
Subject key identifier:   09:68:AE:5E:0B:F0:BE:06:57:23:8B:0D:11:E8:FE:AC:0F:E2:B4:C9
Certificate issuer:       /CN=4104a40821c4176cc42e255ef6c1727473c3f00a
Certificate serial:       018CC56F010C8914D9A53E8580F077D509E0
Authority key identifier: 41:04:A4:08:21:C4:17:6C:C4:2E:25:5E:F6:C1:72:74:73:C3:F0:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/CWiuXgvwvgZXI4sNEej-rA_itMk.roa
Signing time:             Mon 01 Jan 2024 14:30:35 +0000
ROA not before:           Mon 01 Jan 2024 14:30:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43723
IP address blocks:        82.119.77.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6f:01:0c:89:14:d9:a5:3e:85:80:f0:77:d5:09:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4104a40821c4176cc42e255ef6c1727473c3f00a
        Validity
            Not Before: Jan  1 14:30:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0968ae5e0bf0be0657238b0d11e8feac0fe2b4c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:e4:73:ea:3b:f0:60:76:2f:30:9b:d9:cc:54:
                    ef:5b:bc:ff:c9:48:a7:e1:b4:2a:dd:12:5f:cf:3f:
                    b2:9b:c9:7e:2b:b7:64:9b:83:e5:e1:e8:2e:6d:dd:
                    a2:2c:f0:04:a5:49:cd:78:2f:aa:c1:30:2f:6b:53:
                    90:1b:60:01:e4:71:0b:9a:2b:fe:0b:de:a0:dc:1d:
                    e6:db:7d:d5:ca:9b:7a:5b:86:92:7e:57:62:e7:00:
                    1b:16:24:4f:e8:75:6d:8d:8c:12:93:3c:ad:7b:7b:
                    04:ca:57:f9:ac:25:f0:f0:80:df:bb:83:08:97:14:
                    a8:a9:7d:e3:98:08:0a:49:f3:75:17:b2:d2:2a:af:
                    40:99:d7:d2:c1:7f:b8:d2:97:c0:28:87:d9:e2:7b:
                    ff:0a:0d:89:a3:84:1b:d7:61:24:f1:c8:62:22:2c:
                    41:19:14:b7:60:a3:39:80:8c:4a:68:0b:e4:aa:8c:
                    00:70:2d:f6:00:b1:3a:f2:05:70:03:c2:95:fd:04:
                    4f:34:fa:af:a2:b0:60:fd:53:3c:74:b4:18:e8:66:
                    3a:ae:2a:f2:21:1e:38:d2:5b:28:e4:97:6b:7e:b9:
                    dc:47:eb:5f:1c:d7:43:d6:eb:84:fe:9b:15:90:38:
                    7f:c1:3a:3c:19:92:98:a4:25:5c:90:d6:57:70:4c:
                    66:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:68:AE:5E:0B:F0:BE:06:57:23:8B:0D:11:E8:FE:AC:0F:E2:B4:C9
            X509v3 Authority Key Identifier:
                keyid:41:04:A4:08:21:C4:17:6C:C4:2E:25:5E:F6:C1:72:74:73:C3:F0:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/CWiuXgvwvgZXI4sNEej-rA_itMk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.119.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:a1:d6:0f:84:d9:ee:ec:a9:14:3c:79:11:31:12:f6:6f:cb:
         59:54:51:a6:b6:46:24:e4:f4:8e:b3:55:10:1e:8d:a3:f9:88:
         09:bd:89:0a:e3:b1:cf:11:da:0f:df:0e:69:ad:60:62:9c:d1:
         5b:1d:ef:3c:f3:60:c9:9a:81:12:3a:eb:6d:18:cc:08:8b:bd:
         11:8d:ad:18:4e:c5:e6:d8:3d:aa:6c:a6:21:6e:9f:f1:68:61:
         c3:55:40:e0:7f:5a:49:82:1a:06:cd:88:dd:cb:79:de:01:66:
         76:0a:3a:bd:db:74:24:18:ce:61:02:df:8c:29:19:47:2f:98:
         a1:3f:58:fc:d3:f9:88:fb:2c:3a:18:0b:64:8a:6c:7c:12:43:
         fb:02:a9:76:c2:08:a1:7d:77:2b:64:da:ef:24:d8:c9:a6:eb:
         38:11:71:2e:3a:51:a6:04:4b:f0:9b:c0:16:e4:2f:88:2a:84:
         f2:af:7b:84:e6:9a:1f:c8:fb:7a:00:aa:70:2c:96:92:2b:ea:
         9d:26:12:f1:55:07:6a:5f:cf:ee:da:4a:ff:9b:56:07:3c:ee:
         35:c2:2a:66:54:32:18:dc:5d:88:f2:75:42:17:09:4b:52:d6:
         bb:a9:7e:86:ca:c4:f7:f8:57:67:a6:f4:8c:5f:dc:35:bd:21:
         bb:7b:37:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbwEMiRTZpT6FgPB31QngMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxMDRhNDA4MjFjNDE3NmNjNDJlMjU1ZWY2YzE3Mjc0NzNj
M2YwMGEwHhcNMjQwMTAxMTQzMDM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTY4YWU1ZTBiZjBiZTA2NTcyMzhiMGQxMWU4ZmVhYzBmZTJiNGM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzORz6jvwYHYvMJvZzFTvW7z/yUin
4bQq3RJfzz+ym8l+K7dkm4Pl4egubd2iLPAEpUnNeC+qwTAva1OQG2AB5HELmiv+
C96g3B3m233Vypt6W4aSfldi5wAbFiRP6HVtjYwSkzyte3sEylf5rCXw8IDfu4MI
lxSoqX3jmAgKSfN1F7LSKq9AmdfSwX+40pfAKIfZ4nv/Cg2Jo4Qb12Ek8chiIixB
GRS3YKM5gIxKaAvkqowAcC32ALE68gVwA8KV/QRPNPqvorBg/VM8dLQY6GY6riry
IR440lso5JdrfrncR+tfHNdD1uuE/psVkDh/wTo8GZKYpCVckNZXcExmKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAlorl4L8L4GVyOLDRHo/qwP4rTJMB8GA1UdIwQY
MBaAFEEEpAghxBdsxC4lXvbBcnRzw/AKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVFTa0NDSEVGMnpFTGlWZTlzRnlkSFBEOEFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS85Njk5NjItMTJkMy00MWIyLWFiNDMt
YjI3ZDZlMjc4ZTE4LzEvQ1dpdVhndnd2Z1pYSTRzTkVlai1yQV9pdE1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS85Njk5NjItMTJkMy00MWIyLWFiNDMtYjI3ZDZlMjc4ZTE4
LzEvUVFTa0NDSEVGMnpFTGlWZTlzRnlkSFBEOEFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUndNMA0G
CSqGSIb3DQEBCwUAA4IBAQB3odYPhNnu7KkUPHkRMRL2b8tZVFGmtkYk5PSOs1UQ
Ho2j+YgJvYkK47HPEdoP3w5prWBinNFbHe8882DJmoESOuttGMwIi70Rja0YTsXm
2D2qbKYhbp/xaGHDVUDgf1pJghoGzYjdy3neAWZ2Cjq923QkGM5hAt+MKRlHL5ih
P1j80/mI+yw6GAtkimx8EkP7Aql2wgihfXcrZNrvJNjJpus4EXEuOlGmBEvwm8AW
5C+IKoTyr3uE5pofyPt6AKpwLJaSK+qdJhLxVQdqX8/u2kr/m1YHPO41wipmVDIY
3F2I8nVCFwlLUta7qX6GysT3+FdnpvSMX9w1vSG7ezeG
-----END CERTIFICATE-----