Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/xMz8c3OlJtzmuGjOjCEg8m7iC5M.roa
File:                     xMz8c3OlJtzmuGjOjCEg8m7iC5M.roa (raw, json)
Hash identifier:          ByWCMSgslz/dvTnITqF4pEa+PUvVPd+OMQ1cz0A+ON8=
Subject key identifier:   C4:CC:FC:73:73:A5:26:DC:E6:B8:68:CE:8C:21:20:F2:6E:E2:0B:93
Certificate issuer:       /CN=3e1f32d0cfa7a86d30e7e11a73ebbd0b24dbf41f
Certificate serial:       018F33414C5F436393646D24B0B105D6B3B1
Authority key identifier: 3E:1F:32:D0:CF:A7:A8:6D:30:E7:E1:1A:73:EB:BD:0B:24:DB:F4:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ph8y0M-nqG0w5-Eac-u9CyTb9B8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/xMz8c3OlJtzmuGjOjCEg8m7iC5M.roa
Signing time:             Wed 01 May 2024 08:24:28 +0000
ROA not before:           Wed 01 May 2024 08:24:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     46475
IP address blocks:        77.223.214.0/23 maxlen: 24
                          77.223.214.0/24 maxlen: 24
                          77.223.215.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/Ph8y0M-nqG0w5-Eac-u9CyTb9B8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/Ph8y0M-nqG0w5-Eac-u9CyTb9B8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ph8y0M-nqG0w5-Eac-u9CyTb9B8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 19:51:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:33:41:4c:5f:43:63:93:64:6d:24:b0:b1:05:d6:b3:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e1f32d0cfa7a86d30e7e11a73ebbd0b24dbf41f
        Validity
            Not Before: May  1 08:24:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c4ccfc7373a526dce6b868ce8c2120f26ee20b93
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:df:02:5b:a2:9c:20:51:b6:e4:2e:fa:a0:21:
                    03:24:95:4f:d1:46:2f:c7:68:59:c5:3e:f7:a6:60:
                    0d:92:c9:a2:6c:cb:e9:8f:de:5c:dc:95:79:62:89:
                    cf:c2:d5:5f:c3:a9:1f:bb:e6:1d:fa:84:bd:97:c5:
                    05:2f:e5:a7:87:ee:cd:23:e8:e7:8f:1b:bb:44:13:
                    ab:be:d5:3f:e4:5e:63:b9:52:15:59:f3:0f:17:d0:
                    dd:a8:cd:1e:b8:f0:a5:6d:07:73:a3:d1:b1:9e:9a:
                    bc:4f:c4:77:df:b0:c2:5c:17:44:3e:d9:56:01:00:
                    e6:44:ed:06:3a:29:44:ce:19:00:95:59:f9:d5:95:
                    5e:b4:fc:f1:4b:d8:48:ec:77:7d:40:2a:67:ad:d1:
                    27:2f:52:97:86:64:4c:ba:17:16:43:6b:d1:44:3c:
                    ed:d6:59:61:c8:d1:3a:dc:7e:e9:32:74:33:be:d2:
                    e5:69:47:a8:dc:ef:47:7d:3c:4a:2a:4b:de:a2:85:
                    42:27:20:e0:86:65:cc:50:06:37:49:9c:b8:dc:5e:
                    70:4e:df:5f:72:c6:a5:59:ee:3b:b5:bd:b5:b4:1e:
                    7b:23:9f:e6:18:6d:d6:3f:57:98:13:61:8d:19:ff:
                    0f:e0:9f:fd:84:6c:12:f4:6a:80:88:b1:af:db:90:
                    b0:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:CC:FC:73:73:A5:26:DC:E6:B8:68:CE:8C:21:20:F2:6E:E2:0B:93
            X509v3 Authority Key Identifier:
                keyid:3E:1F:32:D0:CF:A7:A8:6D:30:E7:E1:1A:73:EB:BD:0B:24:DB:F4:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ph8y0M-nqG0w5-Eac-u9CyTb9B8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/xMz8c3OlJtzmuGjOjCEg8m7iC5M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/Ph8y0M-nqG0w5-Eac-u9CyTb9B8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.223.214.0/23

    Signature Algorithm: sha256WithRSAEncryption
         be:2a:ba:80:0c:4a:23:33:09:29:84:5c:d4:e2:6b:19:92:62:
         f1:c9:bb:9f:bd:3f:3d:c1:d7:4f:ba:29:ab:cc:73:df:3d:fe:
         a0:65:7b:01:ac:6a:5b:4f:36:0c:cb:05:23:75:54:28:bc:f1:
         11:d7:50:03:5b:f3:2a:dd:63:93:23:f2:0b:6a:04:05:d1:21:
         6f:2d:9e:ea:3d:a1:eb:22:1d:c7:1b:a1:99:72:fd:fa:93:c5:
         86:25:cf:6e:91:a1:c6:fa:27:5d:d1:9d:9a:6a:db:c3:17:ee:
         68:dc:43:8c:da:e8:b8:e6:8f:80:74:0c:d1:56:be:bd:eb:9a:
         a4:dd:bc:1f:22:a8:e3:d7:21:8a:7d:93:9f:63:1a:7b:ea:d8:
         35:23:78:fc:c2:1a:31:09:c4:2c:ca:36:66:5e:7e:45:57:33:
         86:98:93:1b:a3:4c:1d:ac:8d:ce:2b:f6:35:7e:ec:cc:dd:69:
         8d:25:d5:6c:1f:b4:98:87:d9:9f:34:1d:c5:61:b2:6f:19:a4:
         03:4c:5f:13:51:ac:9e:e3:de:96:11:3c:25:be:bb:43:14:41:
         d6:ca:c0:f3:0a:eb:46:ad:e9:4b:1b:5d:de:94:e1:aa:11:01:
         dd:fa:93:14:0a:23:6e:65:e1:93:1c:42:98:f4:35:33:47:65:
         d0:22:37:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8zQUxfQ2OTZG0ksLEF1rOxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlMWYzMmQwY2ZhN2E4NmQzMGU3ZTExYTczZWJiZDBiMjRk
YmY0MWYwHhcNMjQwNTAxMDgyNDI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGNjZmM3MzczYTUyNmRjZTZiODY4Y2U4YzIxMjBmMjZlZTIwYjkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqN8CW6KcIFG25C76oCEDJJVP0UYv
x2hZxT73pmANksmibMvpj95c3JV5YonPwtVfw6kfu+Yd+oS9l8UFL+Wnh+7NI+jn
jxu7RBOrvtU/5F5juVIVWfMPF9DdqM0euPClbQdzo9Gxnpq8T8R337DCXBdEPtlW
AQDmRO0GOilEzhkAlVn51ZVetPzxS9hI7Hd9QCpnrdEnL1KXhmRMuhcWQ2vRRDzt
1llhyNE63H7pMnQzvtLlaUeo3O9HfTxKKkveooVCJyDghmXMUAY3SZy43F5wTt9f
csalWe47tb21tB57I5/mGG3WP1eYE2GNGf8P4J/9hGwS9GqAiLGv25CwaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMTM/HNzpSbc5rhozowhIPJu4guTMB8GA1UdIwQY
MBaAFD4fMtDPp6htMOfhGnPrvQsk2/QfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGg4eTBNLW5xRzB3NS1FYWMtdTlDeVRiOUI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS81ZjA0OGItMmRmMy00MTQwLTlmNGUt
NjA2OGMwNGQxYmUwLzEveE16OGMzT2xKdHptdUdqT2pDRWc4bTdpQzVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS81ZjA0OGItMmRmMy00MTQwLTlmNGUtNjA2OGMwNGQxYmUw
LzEvUGg4eTBNLW5xRzB3NS1FYWMtdTlDeVRiOUI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBTd/WMA0G
CSqGSIb3DQEBCwUAA4IBAQC+KrqADEojMwkphFzU4msZkmLxybufvT89wddPuimr
zHPfPf6gZXsBrGpbTzYMywUjdVQovPER11ADW/Mq3WOTI/ILagQF0SFvLZ7qPaHr
Ih3HG6GZcv36k8WGJc9ukaHG+idd0Z2aatvDF+5o3EOM2ui45o+AdAzRVr6965qk
3bwfIqjj1yGKfZOfYxp76tg1I3j8whoxCcQsyjZmXn5FVzOGmJMbo0wdrI3OK/Y1
fuzM3WmNJdVsH7SYh9mfNB3FYbJvGaQDTF8TUaye496WETwlvrtDFEHWysDzCutG
relLG13elOGqEQHd+pMUCiNuZeGTHEKY9DUzR2XQIjeN
-----END CERTIFICATE-----