Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/6e2cbf-7056-4419-b51c-62b1da261329/1/KzjuDcAG1spTjgwprmz0htgXoUQ.roa
File:                     KzjuDcAG1spTjgwprmz0htgXoUQ.roa (raw, json)
Hash identifier:          //YbDUZK0VEB87ilMEvu0OIADezqKmr30CfQCaLCMJI=
Subject key identifier:   2B:38:EE:0D:C0:06:D6:CA:53:8E:0C:29:AE:6C:F4:86:D8:17:A1:44
Certificate issuer:       /CN=478c7fc6b211e271f7483f721d45f238dd7de5c4
Certificate serial:       018CC64B70A6B44E06FDEA3D9050DEA00413
Authority key identifier: 47:8C:7F:C6:B2:11:E2:71:F7:48:3F:72:1D:45:F2:38:DD:7D:E5:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/R4x_xrIR4nH3SD9yHUXyON195cQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/6e2cbf-7056-4419-b51c-62b1da261329/1/KzjuDcAG1spTjgwprmz0htgXoUQ.roa
Signing time:             Mon 01 Jan 2024 18:31:21 +0000
ROA not before:           Mon 01 Jan 2024 18:31:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202423
IP address blocks:        77.220.205.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/6e2cbf-7056-4419-b51c-62b1da261329/1/R4x_xrIR4nH3SD9yHUXyON195cQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/6e2cbf-7056-4419-b51c-62b1da261329/1/R4x_xrIR4nH3SD9yHUXyON195cQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/R4x_xrIR4nH3SD9yHUXyON195cQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:70:a6:b4:4e:06:fd:ea:3d:90:50:de:a0:04:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=478c7fc6b211e271f7483f721d45f238dd7de5c4
        Validity
            Not Before: Jan  1 18:31:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2b38ee0dc006d6ca538e0c29ae6cf486d817a144
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:82:ff:2a:65:97:8b:a5:d1:83:8c:8c:6c:ac:
                    1f:20:97:99:e0:e1:90:4d:3d:06:f2:a6:1c:e1:a5:
                    63:2a:85:bc:1c:4d:63:a2:60:72:ed:69:f3:42:d0:
                    d4:88:64:35:5c:cf:1b:d7:3a:01:53:c1:a5:f4:bb:
                    84:73:5a:7a:b0:79:9b:d5:62:81:01:88:86:9f:a5:
                    21:bf:3e:17:b4:57:56:4f:8e:3d:52:4c:ec:62:61:
                    68:b1:fc:14:d2:d5:b3:17:48:b8:77:9c:47:9a:0d:
                    3f:6c:20:03:6d:1c:77:3a:cd:ea:7a:d5:94:8b:95:
                    5b:f9:db:93:3a:ac:80:9a:5f:5c:00:51:08:35:9a:
                    94:28:9e:65:29:ec:23:3e:96:d1:f9:65:85:b1:3d:
                    29:e5:a7:f3:e6:23:15:c2:69:0d:12:71:ce:f3:43:
                    3e:02:14:45:6d:f0:94:cd:9b:6c:43:e1:c6:bb:f4:
                    3a:ec:61:57:f6:eb:7c:7e:81:f7:bb:e4:1a:48:25:
                    07:69:bc:37:cf:83:4a:b6:64:b8:d8:c9:27:91:80:
                    96:50:25:f5:eb:69:65:95:a9:7b:7c:7b:51:1b:e0:
                    ea:cf:91:00:d6:87:fa:e3:bb:86:ca:37:67:f8:81:
                    a9:1c:8e:14:6d:a2:1c:86:72:ad:a5:7c:36:79:42:
                    9c:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:38:EE:0D:C0:06:D6:CA:53:8E:0C:29:AE:6C:F4:86:D8:17:A1:44
            X509v3 Authority Key Identifier:
                keyid:47:8C:7F:C6:B2:11:E2:71:F7:48:3F:72:1D:45:F2:38:DD:7D:E5:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R4x_xrIR4nH3SD9yHUXyON195cQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/6e2cbf-7056-4419-b51c-62b1da261329/1/KzjuDcAG1spTjgwprmz0htgXoUQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/6e2cbf-7056-4419-b51c-62b1da261329/1/R4x_xrIR4nH3SD9yHUXyON195cQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.220.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:6a:c4:95:ef:8f:63:0c:fd:99:33:df:ff:a5:ed:b5:64:86:
         b0:63:49:0f:82:d9:44:18:f8:ad:5c:c9:20:45:c7:e7:2f:09:
         ce:94:f2:48:4b:30:83:df:c6:49:5e:fc:1c:c2:c7:31:97:42:
         d6:fa:69:15:4b:3a:1a:1c:ea:12:22:39:a7:36:d2:4b:2d:b5:
         1e:61:38:93:46:93:91:a8:8d:eb:fa:a8:bc:a2:ce:c4:60:7e:
         1c:34:2a:68:ac:af:24:59:8f:94:dd:ec:b9:74:5b:a7:d9:b4:
         7b:49:a8:4d:ff:f2:74:be:85:6f:76:b3:35:4f:a6:47:b9:f7:
         a7:45:23:1b:55:bb:e3:19:78:c8:39:fd:23:0e:2e:d0:46:f7:
         ca:fd:65:d1:e8:ce:1f:6e:b8:7b:8b:27:b1:f9:52:26:81:83:
         26:05:c1:d9:ee:71:74:02:f4:a3:8f:49:9e:b8:6e:18:b2:55:
         52:a7:55:81:50:5f:fa:b0:4f:69:3a:7d:4d:27:49:96:cb:a4:
         4a:c0:aa:69:33:a6:22:25:64:93:c2:76:df:e4:c0:e1:62:08:
         a0:ab:cf:7f:a8:66:d2:bf:e7:ee:b0:34:5b:f4:f5:d4:49:97:
         3f:91:eb:08:c6:bc:5e:c9:41:db:cf:8d:71:a8:7c:74:9f:e9:
         88:48:31:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS3CmtE4G/eo9kFDeoAQTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3OGM3ZmM2YjIxMWUyNzFmNzQ4M2Y3MjFkNDVmMjM4ZGQ3
ZGU1YzQwHhcNMjQwMTAxMTgzMTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjM4ZWUwZGMwMDZkNmNhNTM4ZTBjMjlhZTZjZjQ4NmQ4MTdhMTQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlYL/KmWXi6XRg4yMbKwfIJeZ4OGQ
TT0G8qYc4aVjKoW8HE1jomBy7WnzQtDUiGQ1XM8b1zoBU8Gl9LuEc1p6sHmb1WKB
AYiGn6Uhvz4XtFdWT449UkzsYmFosfwU0tWzF0i4d5xHmg0/bCADbRx3Os3qetWU
i5Vb+duTOqyAml9cAFEINZqUKJ5lKewjPpbR+WWFsT0p5afz5iMVwmkNEnHO80M+
AhRFbfCUzZtsQ+HGu/Q67GFX9ut8foH3u+QaSCUHabw3z4NKtmS42MknkYCWUCX1
62lllal7fHtRG+Dqz5EA1of647uGyjdn+IGpHI4UbaIchnKtpXw2eUKcXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCs47g3ABtbKU44MKa5s9IbYF6FEMB8GA1UdIwQY
MBaAFEeMf8ayEeJx90g/ch1F8jjdfeXEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUjR4X3hySVI0bkgzU0Q5eUhVWHlPTjE5NWNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS82ZTJjYmYtNzA1Ni00NDE5LWI1MWMt
NjJiMWRhMjYxMzI5LzEvS3pqdURjQUcxc3BUamd3cHJtejBodGdYb1VRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS82ZTJjYmYtNzA1Ni00NDE5LWI1MWMtNjJiMWRhMjYxMzI5
LzEvUjR4X3hySVI0bkgzU0Q5eUhVWHlPTjE5NWNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATdzNMA0G
CSqGSIb3DQEBCwUAA4IBAQAeasSV749jDP2ZM9//pe21ZIawY0kPgtlEGPitXMkg
RcfnLwnOlPJISzCD38ZJXvwcwscxl0LW+mkVSzoaHOoSIjmnNtJLLbUeYTiTRpOR
qI3r+qi8os7EYH4cNCporK8kWY+U3ey5dFun2bR7SahN//J0voVvdrM1T6ZHufen
RSMbVbvjGXjIOf0jDi7QRvfK/WXR6M4fbrh7iyex+VImgYMmBcHZ7nF0AvSjj0me
uG4YslVSp1WBUF/6sE9pOn1NJ0mWy6RKwKppM6YiJWSTwnbf5MDhYgigq89/qGbS
v+fusDRb9PXUSZc/kesIxrxeyUHbz41xqHx0n+mISDHH
-----END CERTIFICATE-----