Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b97849-2af5-4c3e-8f0e-4dd3853a2241/1/1-7Pca8BflNXHnRE5tquO5WPOWsQ.roa
File:                     1-7Pca8BflNXHnRE5tquO5WPOWsQ.roa (raw, json)
Hash identifier:          OLX9SclkMAdwoNxBfpLKWDWPM/kMni5pwd5w16pwo+s=
Subject key identifier:   FB:B3:DC:6B:C0:5F:94:D5:C7:9D:11:39:B6:AB:8E:E5:63:CE:5A:C4
Certificate issuer:       /CN=77480527d0b35caf95b37502c4c6f9e3e81fd8a3
Certificate serial:       018CC4245BAD3B05D3148D777157AF0AF483
Authority key identifier: 77:48:05:27:D0:B3:5C:AF:95:B3:75:02:C4:C6:F9:E3:E8:1F:D8:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d0gFJ9CzXK-Vs3UCxMb54-gf2KM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b97849-2af5-4c3e-8f0e-4dd3853a2241/1/1-7Pca8BflNXHnRE5tquO5WPOWsQ.roa
Signing time:             Mon 01 Jan 2024 08:29:26 +0000
ROA not before:           Mon 01 Jan 2024 08:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39135
IP address blocks:        77.238.64.0/19 maxlen: 19
                          185.73.56.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b97849-2af5-4c3e-8f0e-4dd3853a2241/1/d0gFJ9CzXK-Vs3UCxMb54-gf2KM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b97849-2af5-4c3e-8f0e-4dd3853a2241/1/d0gFJ9CzXK-Vs3UCxMb54-gf2KM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d0gFJ9CzXK-Vs3UCxMb54-gf2KM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 19:01:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:5b:ad:3b:05:d3:14:8d:77:71:57:af:0a:f4:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77480527d0b35caf95b37502c4c6f9e3e81fd8a3
        Validity
            Not Before: Jan  1 08:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fbb3dc6bc05f94d5c79d1139b6ab8ee563ce5ac4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:64:b2:2e:ff:a2:af:af:ce:2c:5f:7c:de:00:
                    e0:02:58:41:eb:e6:2d:8a:67:92:97:32:72:2e:37:
                    3b:5d:e0:0d:66:3c:01:b1:c8:b1:73:a6:28:ef:54:
                    16:b9:18:91:94:a5:2d:6c:21:40:7b:f9:48:fb:7e:
                    89:eb:40:ca:3e:98:dc:d4:2e:41:65:c9:f2:54:90:
                    dc:3e:3b:45:1b:6f:5f:dd:a4:79:8a:5f:48:f6:b5:
                    6c:09:3e:87:8a:3e:57:be:f0:81:07:d8:1a:1b:40:
                    81:cf:5e:c7:d4:d3:eb:7a:cf:c2:a8:9f:d8:c4:f6:
                    65:f3:a8:b0:0c:13:81:aa:04:f7:a9:9c:27:b8:31:
                    6a:ec:30:b7:a9:f0:39:f2:96:67:c5:d1:99:c2:ce:
                    bd:94:d1:95:b0:64:d8:c2:11:f4:72:ff:e1:44:c9:
                    ef:ff:1d:f7:e0:40:cb:d3:80:2a:c2:b3:69:95:09:
                    5d:79:db:dc:88:bf:80:d6:80:82:97:7d:15:c6:3b:
                    d3:7e:19:b0:a8:06:af:7b:7e:11:da:10:2e:37:25:
                    6e:1b:f3:e3:25:da:7e:d8:62:25:0c:80:68:b4:65:
                    dc:14:6d:4e:cf:62:87:e0:a9:cc:2a:8f:dc:df:52:
                    41:84:b9:21:c0:bf:8c:ec:1b:98:d0:4c:ab:4e:5e:
                    39:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:B3:DC:6B:C0:5F:94:D5:C7:9D:11:39:B6:AB:8E:E5:63:CE:5A:C4
            X509v3 Authority Key Identifier:
                keyid:77:48:05:27:D0:B3:5C:AF:95:B3:75:02:C4:C6:F9:E3:E8:1F:D8:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0gFJ9CzXK-Vs3UCxMb54-gf2KM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b97849-2af5-4c3e-8f0e-4dd3853a2241/1/1-7Pca8BflNXHnRE5tquO5WPOWsQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b97849-2af5-4c3e-8f0e-4dd3853a2241/1/d0gFJ9CzXK-Vs3UCxMb54-gf2KM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.238.64.0/19
                  185.73.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         73:55:cf:c2:dc:e6:e9:1b:a2:79:5c:00:7d:12:66:42:47:e5:
         d0:ca:fe:cb:38:0b:01:a5:07:19:9f:a9:3e:b1:e6:c2:6b:1d:
         91:43:55:9b:d5:f9:00:ae:0f:f3:37:57:ec:b1:e8:8b:2f:e9:
         04:80:f9:98:bf:44:2e:02:f0:1e:04:80:a9:de:aa:6a:c3:64:
         1b:58:25:6d:9f:ba:e6:be:f4:4d:a7:55:80:4b:79:3f:a9:41:
         13:da:e5:01:8f:6f:22:63:18:93:a6:fa:99:09:50:76:d2:83:
         af:6a:e0:70:ad:57:cb:6f:9f:9d:3e:e8:85:03:3d:fa:a5:52:
         b0:9b:ba:31:e1:03:f0:53:fa:d1:0d:81:71:dc:05:22:67:f1:
         52:85:ed:c7:92:ec:2d:3d:bd:2a:51:74:ab:54:b7:b1:a8:aa:
         cc:23:64:2f:eb:50:f2:5f:da:22:43:8d:cc:04:20:5b:9b:fe:
         8d:a2:35:4e:b3:b3:cb:2e:db:ad:55:a5:1a:d0:bc:17:95:9b:
         96:a1:89:72:09:88:82:07:80:62:b7:2b:e7:58:73:b5:41:85:
         81:d9:9c:bb:6a:c9:9e:2f:84:01:f0:3f:58:42:1a:69:98:9b:
         d3:86:e0:55:38:04:bf:7b:f1:a7:db:86:30:fa:41:fc:e3:3f:
         2e:c9:df:d8
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAYzEJFutOwXTFI13cVevCvSDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3NDgwNTI3ZDBiMzVjYWY5NWIzNzUwMmM0YzZmOWUzZTgx
ZmQ4YTMwHhcNMjQwMTAxMDgyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYmIzZGM2YmMwNWY5NGQ1Yzc5ZDExMzliNmFiOGVlNTYzY2U1YWM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg2SyLv+ir6/OLF983gDgAlhB6+Yt
imeSlzJyLjc7XeANZjwBscixc6Yo71QWuRiRlKUtbCFAe/lI+36J60DKPpjc1C5B
ZcnyVJDcPjtFG29f3aR5il9I9rVsCT6Hij5XvvCBB9gaG0CBz17H1NPres/CqJ/Y
xPZl86iwDBOBqgT3qZwnuDFq7DC3qfA58pZnxdGZws69lNGVsGTYwhH0cv/hRMnv
/x334EDL04AqwrNplQldedvciL+A1oCCl30VxjvTfhmwqAave34R2hAuNyVuG/Pj
Jdp+2GIlDIBotGXcFG1Oz2KH4KnMKo/c31JBhLkhwL+M7BuY0EyrTl45ewIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFPuz3GvAX5TVx50RObarjuVjzlrEMB8GA1UdIwQY
MBaAFHdIBSfQs1yvlbN1AsTG+ePoH9ijMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZDBnRko5Q3pYSy1WczNVQ3hNYjU0LWdmMktNLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iOTc4NDktMmFmNS00YzNlLThmMGUt
NGRkMzg1M2EyMjQxLzEvMS03UGNhOEJmbE5YSG5SRTV0cXVPNVdQT1dzUS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMTEvYjk3ODQ5LTJhZjUtNGMzZS04ZjBlLTRkZDM4NTNhMjI0
MS8xL2QwZ0ZKOUN6WEstVnMzVUN4TWI1NC1nZjJLTS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEBU3uQAME
ArlJODANBgkqhkiG9w0BAQsFAAOCAQEAc1XPwtzm6RuieVwAfRJmQkfl0Mr+yzgL
AaUHGZ+pPrHmwmsdkUNVm9X5AK4P8zdX7LHoiy/pBID5mL9ELgLwHgSAqd6qasNk
G1glbZ+65r70TadVgEt5P6lBE9rlAY9vImMYk6b6mQlQdtKDr2rgcK1Xy2+fnT7o
hQM9+qVSsJu6MeED8FP60Q2BcdwFImfxUoXtx5LsLT29KlF0q1S3saiqzCNkL+tQ
8l/aIkONzAQgW5v+jaI1TrOzyy7brVWlGtC8F5WblqGJcgmIggeAYrcr51hztUGF
gdmcu2rJni+EAfA/WEIaaZib04bgVTgEv3vxp9uGMPpB/OM/Lsnf2A==
-----END CERTIFICATE-----