Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/9a6655-1d2c-45cb-ada1-f46b46d53800/1/j77W7juu_udlAp_uk3EXdGK1T-Q.roa
File:                     j77W7juu_udlAp_uk3EXdGK1T-Q.roa (raw, json)
Hash identifier:          ju7O0nxzOIgVHnbNI9A8CUh4fglre7FoxzDzsK0HRwU=
Subject key identifier:   8F:BE:D6:EE:3B:AE:FE:E7:65:02:9F:EE:93:71:17:74:62:B5:4F:E4
Certificate issuer:       /CN=0765f6f5f7936db8351a0a393cf069a518e57445
Certificate serial:       018CCA99FFE1CE1958F79D8F7E3D7713E7CF
Authority key identifier: 07:65:F6:F5:F7:93:6D:B8:35:1A:0A:39:3C:F0:69:A5:18:E5:74:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B2X29feTbbg1Ggo5PPBppRjldEU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/9a6655-1d2c-45cb-ada1-f46b46d53800/1/j77W7juu_udlAp_uk3EXdGK1T-Q.roa
Signing time:             Tue 02 Jan 2024 14:35:39 +0000
ROA not before:           Tue 02 Jan 2024 14:35:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39700
IP address blocks:        193.33.180.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/9a6655-1d2c-45cb-ada1-f46b46d53800/1/B2X29feTbbg1Ggo5PPBppRjldEU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/9a6655-1d2c-45cb-ada1-f46b46d53800/1/B2X29feTbbg1Ggo5PPBppRjldEU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B2X29feTbbg1Ggo5PPBppRjldEU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 16:02:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:ff:e1:ce:19:58:f7:9d:8f:7e:3d:77:13:e7:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0765f6f5f7936db8351a0a393cf069a518e57445
        Validity
            Not Before: Jan  2 14:35:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8fbed6ee3baefee765029fee9371177462b54fe4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:de:9e:aa:93:e7:24:1d:7e:b3:f2:1d:16:e6:
                    ee:43:d1:9c:21:b7:44:17:83:7b:89:18:f2:1b:63:
                    a5:bf:58:19:91:72:47:01:ef:e5:f3:e5:88:3b:e0:
                    53:4a:6c:1f:88:28:f5:1a:d8:72:47:c4:6b:ea:40:
                    2b:29:58:0d:46:e8:27:48:49:04:7f:9e:73:21:5b:
                    79:b0:a3:66:e4:0a:83:fa:e1:95:e9:0a:37:32:9a:
                    35:09:3f:ea:97:5c:77:d4:59:a9:8d:19:a3:0f:41:
                    ba:fa:4d:39:bb:e6:b6:4d:74:e2:71:14:e2:e4:9b:
                    be:23:b9:3c:45:af:d0:09:2f:86:c6:73:62:74:43:
                    bb:a2:37:98:12:20:16:79:35:0c:35:cc:57:20:22:
                    a1:1f:6e:4f:73:9f:af:b5:9c:52:f0:aa:ea:f5:12:
                    7d:a9:8b:85:95:6f:1a:44:65:e1:37:a6:27:e6:53:
                    8a:aa:13:fe:7f:a9:c8:f0:1c:a1:02:d2:ad:75:89:
                    fb:91:b7:b6:1d:ef:69:81:3a:8d:c5:37:e5:2c:cf:
                    5b:07:12:be:b7:86:d1:da:58:e4:1a:1e:35:11:06:
                    dc:3c:58:3d:0e:0e:94:19:77:40:82:d3:03:5c:28:
                    32:0f:53:11:1d:bf:08:14:6b:ff:85:db:bf:7b:15:
                    1f:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:BE:D6:EE:3B:AE:FE:E7:65:02:9F:EE:93:71:17:74:62:B5:4F:E4
            X509v3 Authority Key Identifier:
                keyid:07:65:F6:F5:F7:93:6D:B8:35:1A:0A:39:3C:F0:69:A5:18:E5:74:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B2X29feTbbg1Ggo5PPBppRjldEU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/9a6655-1d2c-45cb-ada1-f46b46d53800/1/j77W7juu_udlAp_uk3EXdGK1T-Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/9a6655-1d2c-45cb-ada1-f46b46d53800/1/B2X29feTbbg1Ggo5PPBppRjldEU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.33.180.0/23

    Signature Algorithm: sha256WithRSAEncryption
         23:42:15:a2:ae:19:7d:ef:dd:e5:e6:08:8b:7c:3e:1e:d2:cb:
         2c:a3:86:ef:4e:43:f7:84:a8:31:54:41:f3:fa:c9:35:a9:a6:
         54:a5:30:bf:7b:d5:11:1f:b2:c8:b5:ad:2a:8f:a8:cf:39:56:
         15:72:4f:ff:a5:c5:b9:8b:77:a8:35:69:3b:71:48:52:0a:fd:
         65:84:1e:94:3b:23:27:6d:55:38:1c:fd:6b:04:a7:aa:3e:92:
         5a:2a:70:3b:7a:04:34:fd:18:53:a3:77:c4:be:79:f9:91:d0:
         fc:44:bf:50:8a:39:ab:8b:30:1c:7c:78:e3:1f:f1:bc:30:33:
         22:95:1d:62:42:f8:a5:c9:b8:ad:f7:40:6c:6c:b8:fb:9b:a8:
         ec:e0:0a:1b:f2:da:13:da:ab:fe:fa:28:38:ba:1e:65:f0:26:
         b0:ea:79:44:a3:98:b3:0c:e1:31:a6:9b:e3:9d:71:64:25:97:
         11:11:ee:64:a3:82:e6:4f:f5:69:86:c4:a9:be:ca:1a:ec:d9:
         c6:c9:70:6a:c1:79:8a:d4:86:91:cb:7e:33:ce:30:f7:72:ef:
         14:5a:ad:78:ff:a1:42:5d:98:b7:91:c7:dd:69:13:4f:67:12:
         04:f9:eb:43:5d:cc:52:fb:42:db:8f:c8:7f:7a:c2:53:b0:e9:
         58:31:e7:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKmf/hzhlY952Pfj13E+fPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3NjVmNmY1Zjc5MzZkYjgzNTFhMGEzOTNjZjA2OWE1MThl
NTc0NDUwHhcNMjQwMTAyMTQzNTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmJlZDZlZTNiYWVmZWU3NjUwMjlmZWU5MzcxMTc3NDYyYjU0ZmU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl96eqpPnJB1+s/IdFubuQ9GcIbdE
F4N7iRjyG2Olv1gZkXJHAe/l8+WIO+BTSmwfiCj1GthyR8Rr6kArKVgNRugnSEkE
f55zIVt5sKNm5AqD+uGV6Qo3Mpo1CT/ql1x31FmpjRmjD0G6+k05u+a2TXTicRTi
5Ju+I7k8Ra/QCS+GxnNidEO7ojeYEiAWeTUMNcxXICKhH25Pc5+vtZxS8Krq9RJ9
qYuFlW8aRGXhN6Yn5lOKqhP+f6nI8ByhAtKtdYn7kbe2He9pgTqNxTflLM9bBxK+
t4bR2ljkGh41EQbcPFg9Dg6UGXdAgtMDXCgyD1MRHb8IFGv/hdu/exUffwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI++1u47rv7nZQKf7pNxF3RitU/kMB8GA1UdIwQY
MBaAFAdl9vX3k224NRoKOTzwaaUY5XRFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQjJYMjlmZVRiYmcxR2dvNVBQQnBwUmpsZEVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy85YTY2NTUtMWQyYy00NWNiLWFkYTEt
ZjQ2YjQ2ZDUzODAwLzEvajc3VzdqdXVfdWRsQXBfdWszRVhkR0sxVC1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy85YTY2NTUtMWQyYy00NWNiLWFkYTEtZjQ2YjQ2ZDUzODAw
LzEvQjJYMjlmZVRiYmcxR2dvNVBQQnBwUmpsZEVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwSG0MA0G
CSqGSIb3DQEBCwUAA4IBAQAjQhWirhl9793l5giLfD4e0ssso4bvTkP3hKgxVEHz
+sk1qaZUpTC/e9URH7LIta0qj6jPOVYVck//pcW5i3eoNWk7cUhSCv1lhB6UOyMn
bVU4HP1rBKeqPpJaKnA7egQ0/RhTo3fEvnn5kdD8RL9QijmrizAcfHjjH/G8MDMi
lR1iQvilybit90BsbLj7m6js4Aob8toT2qv++ig4uh5l8Caw6nlEo5izDOExppvj
nXFkJZcREe5ko4LmT/VphsSpvsoa7NnGyXBqwXmK1IaRy34zzjD3cu8UWq14/6FC
XZi3kcfdaRNPZxIE+etDXcxS+0Lbj8h/esJTsOlYMecg
-----END CERTIFICATE-----