Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/806917-af6b-4e1e-8773-9ad035474114/1/b23Ppzc40t1gh2jcC0tEEtTjq-Y.roa
File:                     b23Ppzc40t1gh2jcC0tEEtTjq-Y.roa (raw, json)
Hash identifier:          PLO31FJDvhLM1rCGRuVKcX7pZ7U9Xsy2KrFDiy0XrKY=
Subject key identifier:   6F:6D:CF:A7:37:38:D2:DD:60:87:68:DC:0B:4B:44:12:D4:E3:AB:E6
Certificate issuer:       /CN=5271438e23ce925e66c259981221b5b683a2f08f
Certificate serial:       019427487B0C53FD93F291AA5E4CF470EFBB
Authority key identifier: 52:71:43:8E:23:CE:92:5E:66:C2:59:98:12:21:B5:B6:83:A2:F0:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UnFDjiPOkl5mwlmYEiG1toOi8I8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/806917-af6b-4e1e-8773-9ad035474114/1/b23Ppzc40t1gh2jcC0tEEtTjq-Y.roa
Signing time:             Thu 02 Jan 2025 13:50:49 +0000
ROA not before:           Thu 02 Jan 2025 13:50:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41940
IP address blocks:        194.60.77.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/806917-af6b-4e1e-8773-9ad035474114/1/UnFDjiPOkl5mwlmYEiG1toOi8I8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/806917-af6b-4e1e-8773-9ad035474114/1/UnFDjiPOkl5mwlmYEiG1toOi8I8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UnFDjiPOkl5mwlmYEiG1toOi8I8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 10:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:7b:0c:53:fd:93:f2:91:aa:5e:4c:f4:70:ef:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5271438e23ce925e66c259981221b5b683a2f08f
        Validity
            Not Before: Jan  2 13:50:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6f6dcfa73738d2dd608768dc0b4b4412d4e3abe6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:a9:c0:ef:0a:21:2f:04:7f:fa:00:fc:b1:f6:
                    1a:d7:85:dc:7a:a7:f5:ad:08:34:85:e0:a0:e0:d1:
                    22:8e:d8:27:cb:42:5a:09:2a:49:6d:c0:b9:73:3f:
                    22:13:79:fb:eb:a5:01:e5:22:5c:fe:1d:ea:e4:b5:
                    fb:07:65:00:66:89:b8:fc:90:37:0d:e4:f7:bb:7d:
                    e0:d3:89:db:5f:45:4a:93:be:cc:53:d1:99:bc:2b:
                    57:b8:bf:bb:61:e7:b9:8e:45:20:46:a7:33:8b:e3:
                    18:49:d4:13:8c:3c:f0:c9:63:db:94:ee:03:d0:51:
                    6a:74:64:39:6f:12:9b:68:91:b9:04:0f:35:b2:b1:
                    49:8d:0f:e6:02:22:5c:23:fa:cd:b7:70:bf:10:d0:
                    4f:d8:47:52:a1:d1:ea:38:7b:60:68:ce:f8:90:34:
                    0b:b1:f0:7e:6a:ac:a2:8e:0d:eb:3a:fb:b4:d4:e6:
                    10:69:7d:c3:b1:14:d8:fd:70:87:bb:3a:95:70:f8:
                    f2:50:ae:a4:a7:57:a7:70:91:ac:43:d2:eb:32:24:
                    50:f7:27:f2:ed:e3:ab:d8:a8:ef:ad:5d:65:48:89:
                    a4:74:bb:09:5d:fd:ca:6f:93:06:69:ca:2a:b7:6f:
                    2f:d1:a5:5e:a3:04:8f:5a:93:49:f4:f6:f7:df:d5:
                    a3:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:6D:CF:A7:37:38:D2:DD:60:87:68:DC:0B:4B:44:12:D4:E3:AB:E6
            X509v3 Authority Key Identifier:
                keyid:52:71:43:8E:23:CE:92:5E:66:C2:59:98:12:21:B5:B6:83:A2:F0:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UnFDjiPOkl5mwlmYEiG1toOi8I8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/806917-af6b-4e1e-8773-9ad035474114/1/b23Ppzc40t1gh2jcC0tEEtTjq-Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/806917-af6b-4e1e-8773-9ad035474114/1/UnFDjiPOkl5mwlmYEiG1toOi8I8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.60.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:68:82:b4:59:ec:ac:a9:56:e4:df:a9:25:c7:50:13:3d:bf:
         8d:08:22:b7:42:36:b1:4e:76:a1:bc:67:72:8f:f5:aa:b7:2c:
         ab:77:2e:f1:18:e4:db:81:7c:ac:5e:48:d4:c6:de:48:70:a6:
         1f:10:a4:c2:69:b7:36:89:a2:c9:e4:22:b4:af:3e:e1:dd:0c:
         49:a7:39:40:cb:2b:e7:ab:1c:f3:b8:c1:c0:33:c1:ab:a7:80:
         be:35:0b:e2:76:e4:8d:9c:54:87:cb:7b:28:c5:97:29:91:88:
         1d:03:57:87:22:cf:3c:2c:d8:52:28:84:d5:23:02:14:a5:64:
         de:ca:10:b4:67:0a:fa:18:84:80:ce:cf:70:79:5d:7a:7f:98:
         c8:5d:82:ba:89:fb:96:8c:8c:c4:5f:06:e4:b0:fd:50:03:01:
         79:83:81:21:50:bd:c7:43:94:8b:f7:54:3f:1f:bd:a7:17:ce:
         87:ea:b0:00:7d:77:1e:8b:a4:0b:05:b3:92:0b:00:06:02:fc:
         47:d7:b5:48:80:af:c8:d5:93:47:95:e6:76:c8:21:9a:80:69:
         cb:42:51:33:16:54:c6:fe:86:29:fd:a2:d0:50:07:ab:12:06:
         c1:01:f8:1c:ef:93:ed:c7:1f:e3:80:9e:c1:a9:7a:9d:a3:a5:
         66:39:c1:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSHsMU/2T8pGqXkz0cO+7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyNzE0MzhlMjNjZTkyNWU2NmMyNTk5ODEyMjFiNWI2ODNh
MmYwOGYwHhcNMjUwMTAyMTM1MDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjZkY2ZhNzM3MzhkMmRkNjA4NzY4ZGMwYjRiNDQxMmQ0ZTNhYmU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuKnA7wohLwR/+gD8sfYa14Xceqf1
rQg0heCg4NEijtgny0JaCSpJbcC5cz8iE3n766UB5SJc/h3q5LX7B2UAZom4/JA3
DeT3u33g04nbX0VKk77MU9GZvCtXuL+7Yee5jkUgRqczi+MYSdQTjDzwyWPblO4D
0FFqdGQ5bxKbaJG5BA81srFJjQ/mAiJcI/rNt3C/ENBP2EdSodHqOHtgaM74kDQL
sfB+aqyijg3rOvu01OYQaX3DsRTY/XCHuzqVcPjyUK6kp1encJGsQ9LrMiRQ9yfy
7eOr2KjvrV1lSImkdLsJXf3Kb5MGacoqt28v0aVeowSPWpNJ9Pb339WjwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG9tz6c3ONLdYIdo3AtLRBLU46vmMB8GA1UdIwQY
MBaAFFJxQ44jzpJeZsJZmBIhtbaDovCPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVW5GRGppUE9rbDVtd2xtWUVpRzF0b09pOEk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC84MDY5MTctYWY2Yi00ZTFlLTg3NzMt
OWFkMDM1NDc0MTE0LzEvYjIzUHB6YzQwdDFnaDJqY0MwdEVFdFRqcS1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC84MDY5MTctYWY2Yi00ZTFlLTg3NzMtOWFkMDM1NDc0MTE0
LzEvVW5GRGppUE9rbDVtd2xtWUVpRzF0b09pOEk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjxNMA0G
CSqGSIb3DQEBCwUAA4IBAQBiaIK0WeysqVbk36klx1ATPb+NCCK3QjaxTnahvGdy
j/Wqtyyrdy7xGOTbgXysXkjUxt5IcKYfEKTCabc2iaLJ5CK0rz7h3QxJpzlAyyvn
qxzzuMHAM8Grp4C+NQviduSNnFSHy3soxZcpkYgdA1eHIs88LNhSKITVIwIUpWTe
yhC0Zwr6GISAzs9weV16f5jIXYK6ifuWjIzEXwbksP1QAwF5g4EhUL3HQ5SL91Q/
H72nF86H6rAAfXcei6QLBbOSCwAGAvxH17VIgK/I1ZNHleZ2yCGagGnLQlEzFlTG
/oYp/aLQUAerEgbBAfgc75Ptxx/jgJ7BqXqdo6VmOcFX
-----END CERTIFICATE-----