Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/twBne0Wy9kTa2SmYsnz_llqcRYw.roa
File:                     twBne0Wy9kTa2SmYsnz_llqcRYw.roa (raw, json)
Hash identifier:          +e9YogwCwr0UvmzverHVlCfnI54wLIlzUBmkHmHk+PA=
Subject key identifier:   B7:00:67:7B:45:B2:F6:44:DA:D9:29:98:B2:7C:FF:96:5A:9C:45:8C
Certificate issuer:       /CN=2c3963ba2aae5abd38a6eed09da985611f1b5021
Certificate serial:       01906D9CEBB210FFC8E03D28647FF9C1CF01
Authority key identifier: 2C:39:63:BA:2A:AE:5A:BD:38:A6:EE:D0:9D:A9:85:61:1F:1B:50:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LDljuiquWr04pu7QnamFYR8bUCE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/twBne0Wy9kTa2SmYsnz_llqcRYw.roa
Signing time:             Mon 01 Jul 2024 09:25:18 +0000
ROA not before:           Mon 01 Jul 2024 09:25:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204782
IP address blocks:        77.242.228.0/24 maxlen: 24
                          77.242.236.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/LDljuiquWr04pu7QnamFYR8bUCE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/LDljuiquWr04pu7QnamFYR8bUCE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LDljuiquWr04pu7QnamFYR8bUCE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:6d:9c:eb:b2:10:ff:c8:e0:3d:28:64:7f:f9:c1:cf:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c3963ba2aae5abd38a6eed09da985611f1b5021
        Validity
            Not Before: Jul  1 09:25:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b700677b45b2f644dad92998b27cff965a9c458c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:15:ff:9f:d2:f7:00:57:c8:6d:5f:36:86:02:
                    da:cf:78:98:02:7e:c3:d1:47:3f:30:c2:21:b1:c3:
                    d4:a1:6c:02:9a:65:2d:6b:f4:9b:52:dd:b1:e4:9a:
                    82:ea:57:99:0a:59:51:f8:c1:3d:98:72:d4:cc:02:
                    2c:96:85:02:cc:5e:67:75:d4:1f:13:76:a7:91:71:
                    75:2c:e5:63:0c:93:9b:84:4a:a6:60:d3:b7:76:a3:
                    d3:7c:19:5d:a9:06:81:1b:9f:9d:00:2f:98:39:00:
                    a7:d6:96:e7:16:01:36:9f:d3:f9:e9:84:9b:29:1e:
                    f6:95:0f:da:ff:90:79:bd:1d:d6:f8:fb:da:e3:b6:
                    e7:70:e1:a3:84:0d:16:fd:02:3c:0f:e5:45:f8:74:
                    65:db:e5:c9:4a:67:a5:4e:83:e4:9e:bb:02:d2:17:
                    5f:59:6b:01:5c:a0:79:42:fa:6b:66:a8:74:33:38:
                    58:fa:60:5d:49:44:f5:c3:82:e0:8b:b9:c2:21:01:
                    32:48:3f:a5:cb:26:be:13:e7:c1:c4:30:ab:f2:d7:
                    b7:98:62:10:8f:6c:82:9c:e1:d8:c4:d8:58:06:86:
                    10:0e:75:b6:d8:1e:45:7e:68:7a:ea:e6:e9:2e:8d:
                    71:50:66:46:aa:06:77:8c:e6:8b:aa:1d:ec:e5:29:
                    94:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:00:67:7B:45:B2:F6:44:DA:D9:29:98:B2:7C:FF:96:5A:9C:45:8C
            X509v3 Authority Key Identifier:
                keyid:2C:39:63:BA:2A:AE:5A:BD:38:A6:EE:D0:9D:A9:85:61:1F:1B:50:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LDljuiquWr04pu7QnamFYR8bUCE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/twBne0Wy9kTa2SmYsnz_llqcRYw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/LDljuiquWr04pu7QnamFYR8bUCE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.242.228.0/24
                  77.242.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4f:2a:26:ba:c1:41:a7:5a:0d:b7:83:6f:6e:47:21:cf:f1:45:
         56:6b:f6:59:21:ee:8e:e8:70:9c:46:f0:84:4c:2a:20:40:81:
         1b:4d:f5:3d:3e:e2:30:4c:b3:fa:58:ac:60:c7:38:19:6e:26:
         ef:78:a4:d7:55:fc:01:40:21:2c:43:cd:93:ba:c9:93:ff:7e:
         41:73:fd:4e:5d:41:25:c9:6c:7b:19:30:1b:32:31:c4:6f:c4:
         52:0c:b4:e1:f1:69:ae:34:a9:14:ee:8c:09:64:f7:9e:00:0a:
         87:7b:3b:98:80:ce:ae:3f:e1:02:68:c8:c4:8c:25:f2:f0:0f:
         bf:8b:98:d3:1a:39:e8:dd:46:bb:06:0b:c7:d0:5f:33:b1:8f:
         c1:b1:bd:de:7c:38:a6:ee:df:3a:e8:e2:c1:d4:c6:57:84:40:
         27:05:37:42:c1:e7:3a:4d:3c:1d:f6:d9:70:75:96:1b:b1:87:
         04:e4:07:7e:b2:b8:1d:87:3e:55:5a:77:e2:2f:12:25:19:1b:
         5a:93:f3:06:68:46:87:bb:e8:c8:82:5a:30:5d:dd:8a:e1:3c:
         23:72:b3:1e:31:8f:92:d1:42:8d:40:8e:9a:5c:80:16:d1:b6:
         05:c8:98:15:4b:e8:26:aa:36:29:87:89:1a:69:d2:6c:7f:f1:
         f0:75:1b:25
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZBtnOuyEP/I4D0oZH/5wc8BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjMzk2M2JhMmFhZTVhYmQzOGE2ZWVkMDlkYTk4NTYxMWYx
YjUwMjEwHhcNMjQwNzAxMDkyNTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzAwNjc3YjQ1YjJmNjQ0ZGFkOTI5OThiMjdjZmY5NjVhOWM0NThjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqhX/n9L3AFfIbV82hgLaz3iYAn7D
0Uc/MMIhscPUoWwCmmUta/SbUt2x5JqC6leZCllR+ME9mHLUzAIsloUCzF5nddQf
E3ankXF1LOVjDJObhEqmYNO3dqPTfBldqQaBG5+dAC+YOQCn1pbnFgE2n9P56YSb
KR72lQ/a/5B5vR3W+Pva47bncOGjhA0W/QI8D+VF+HRl2+XJSmelToPknrsC0hdf
WWsBXKB5QvprZqh0MzhY+mBdSUT1w4Lgi7nCIQEySD+lyya+E+fBxDCr8te3mGIQ
j2yCnOHYxNhYBoYQDnW22B5Ffmh66ubpLo1xUGZGqgZ3jOaLqh3s5SmUjQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLcAZ3tFsvZE2tkpmLJ8/5ZanEWMMB8GA1UdIwQY
MBaAFCw5Y7oqrlq9OKbu0J2phWEfG1AhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTERsanVpcXVXcjA0cHU3UW5hbUZZUjhiVUNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8zODFlY2MtOWQ3NS00MWJhLTg1ZjYt
MTc2OTNlN2VhNjdhLzEvdHdCbmUwV3k5a1RhMlNtWXNuel9sbHFjUll3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8zODFlY2MtOWQ3NS00MWJhLTg1ZjYtMTc2OTNlN2VhNjdh
LzEvTERsanVpcXVXcjA0cHU3UW5hbUZZUjhiVUNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATfLkAwQC
TfLsMA0GCSqGSIb3DQEBCwUAA4IBAQBPKia6wUGnWg23g29uRyHP8UVWa/ZZIe6O
6HCcRvCETCogQIEbTfU9PuIwTLP6WKxgxzgZbibveKTXVfwBQCEsQ82TusmT/35B
c/1OXUElyWx7GTAbMjHEb8RSDLTh8WmuNKkU7owJZPeeAAqHezuYgM6uP+ECaMjE
jCXy8A+/i5jTGjno3Ua7BgvH0F8zsY/Bsb3efDim7t866OLB1MZXhEAnBTdCwec6
TTwd9tlwdZYbsYcE5Ad+srgdhz5VWnfiLxIlGRtak/MGaEaHu+jIglowXd2K4Twj
crMeMY+S0UKNQI6aXIAW0bYFyJgVS+gmqjYph4kaadJsf/HwdRsl
-----END CERTIFICATE-----