Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/eio5EAd4MYSA5CT4hr3Gz6NqqPM.roa
File:                     eio5EAd4MYSA5CT4hr3Gz6NqqPM.roa (raw, json)
Hash identifier:          cT/uhqB/5NWLwlMvUungXVVN9Eg5HVcCgjEm8lBu03A=
Subject key identifier:   7A:2A:39:10:07:78:31:84:80:E4:24:F8:86:BD:C6:CF:A3:6A:A8:F3
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       018D2CD19E973F9A8D51781AC593080501F2
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/eio5EAd4MYSA5CT4hr3Gz6NqqPM.roa
Signing time:             Sun 21 Jan 2024 16:19:11 +0000
ROA not before:           Sun 21 Jan 2024 16:19:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215693
IP address blocks:        77.83.39.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:2c:d1:9e:97:3f:9a:8d:51:78:1a:c5:93:08:05:01:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Jan 21 16:19:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7a2a39100778318480e424f886bdc6cfa36aa8f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:9f:8a:61:3d:dc:37:c1:e7:77:4b:ac:1a:85:
                    90:75:1e:3a:70:b8:11:83:e3:b5:30:56:00:56:8a:
                    91:25:15:87:5b:2a:8e:9b:75:16:59:33:3b:00:0c:
                    a4:3a:df:04:c8:07:25:6b:b8:68:19:14:d3:06:88:
                    49:b2:96:59:8a:b4:30:ff:d1:e2:a5:a5:1a:45:51:
                    e2:df:46:e9:ce:57:be:17:6a:45:5d:84:d5:75:b2:
                    25:a4:10:2f:83:c2:11:c9:da:01:26:58:8a:ae:1b:
                    d5:1a:37:74:31:99:29:46:c1:b7:de:91:88:7d:3a:
                    cc:58:9c:a4:bf:08:66:59:50:21:ac:1b:d7:76:cb:
                    bf:e4:7b:c1:ed:a5:b6:3d:36:08:8e:c0:e4:64:ad:
                    2d:50:99:30:ce:a1:17:14:a2:8e:2d:2c:1a:f9:32:
                    83:74:a6:b1:14:da:4d:15:02:84:eb:ab:27:a8:02:
                    32:1e:00:23:ca:25:01:ea:43:bf:44:b6:24:71:9a:
                    7b:0b:54:6a:a6:0a:5c:67:20:8e:d6:f7:a8:67:57:
                    87:ff:9c:17:00:bf:d8:d4:04:fa:9c:11:68:bf:0c:
                    ed:bd:06:6d:f1:8a:ef:14:75:3e:af:5d:3a:6e:be:
                    5e:dd:51:be:d3:65:51:64:6e:20:f9:eb:b4:4f:40:
                    00:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:2A:39:10:07:78:31:84:80:E4:24:F8:86:BD:C6:CF:A3:6A:A8:F3
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/eio5EAd4MYSA5CT4hr3Gz6NqqPM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.83.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:ac:b6:53:cb:de:36:be:db:07:82:c1:5e:3b:cf:7f:83:e8:
         b5:da:71:22:13:71:87:a1:43:2f:c6:58:b4:56:cb:8b:8e:e4:
         a6:4b:4a:79:e0:ce:21:d4:6a:05:a9:e5:e8:68:23:b3:1a:b8:
         71:b7:8a:4a:77:be:15:f8:36:79:8a:76:85:10:a7:5a:d0:c5:
         64:2f:8a:91:83:41:bf:5f:53:f7:d8:a1:f0:da:a6:e1:63:ca:
         fb:9d:48:b7:2f:31:bf:ad:34:5f:63:24:d8:9e:0a:f0:3d:2b:
         5b:49:29:45:d9:94:e3:11:3d:26:df:28:c4:71:f2:83:0f:4b:
         c7:16:56:4f:4d:3b:98:c2:87:4c:65:7d:ce:c5:98:f0:e6:ed:
         42:bc:af:6c:65:3b:cd:ce:33:1e:3e:d4:20:50:f8:61:0e:bb:
         78:dc:be:fa:b4:09:06:86:7d:06:ad:0d:27:38:29:7c:f0:aa:
         2b:fb:85:1f:df:ff:0d:28:e1:14:b3:b1:9e:a1:b7:82:27:84:
         75:76:5b:18:b3:22:ea:58:5a:52:ff:a2:4f:fb:23:d6:d4:76:
         23:f5:53:41:4b:49:68:e1:f0:2e:41:77:d9:02:d2:93:37:6f:
         4a:5c:1b:c9:16:f2:b1:6b:68:cc:a3:7c:20:87:62:ab:7e:1d:
         03:52:1d:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0s0Z6XP5qNUXgaxZMIBQHyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjQwMTIxMTYxOTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTJhMzkxMDA3NzgzMTg0ODBlNDI0Zjg4NmJkYzZjZmEzNmFhOGYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgJ+KYT3cN8Hnd0usGoWQdR46cLgR
g+O1MFYAVoqRJRWHWyqOm3UWWTM7AAykOt8EyAcla7hoGRTTBohJspZZirQw/9Hi
paUaRVHi30bpzle+F2pFXYTVdbIlpBAvg8IRydoBJliKrhvVGjd0MZkpRsG33pGI
fTrMWJykvwhmWVAhrBvXdsu/5HvB7aW2PTYIjsDkZK0tUJkwzqEXFKKOLSwa+TKD
dKaxFNpNFQKE66snqAIyHgAjyiUB6kO/RLYkcZp7C1RqpgpcZyCO1veoZ1eH/5wX
AL/Y1AT6nBFovwztvQZt8YrvFHU+r106br5e3VG+02VRZG4g+eu0T0AAZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHoqORAHeDGEgOQk+Ia9xs+jaqjzMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvZWlvNUVBZDRNWVNBNUNUNGhyM0d6Nk5xcVBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVMnMA0G
CSqGSIb3DQEBCwUAA4IBAQCrrLZTy942vtsHgsFeO89/g+i12nEiE3GHoUMvxli0
VsuLjuSmS0p54M4h1GoFqeXoaCOzGrhxt4pKd74V+DZ5inaFEKda0MVkL4qRg0G/
X1P32KHw2qbhY8r7nUi3LzG/rTRfYyTYngrwPStbSSlF2ZTjET0m3yjEcfKDD0vH
FlZPTTuYwodMZX3OxZjw5u1CvK9sZTvNzjMePtQgUPhhDrt43L76tAkGhn0GrQ0n
OCl88Kor+4Uf3/8NKOEUs7GeobeCJ4R1dlsYsyLqWFpS/6JP+yPW1HYj9VNBS0lo
4fAuQXfZAtKTN29KXBvJFvKxa2jMo3wgh2Krfh0DUh2U
-----END CERTIFICATE-----