Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/7276f3-c88e-4819-9e59-6084cfc6e4c4/1/JUs8ADU10PF2qPtBzd3JaQkpyck.roa
File:                     JUs8ADU10PF2qPtBzd3JaQkpyck.roa (raw, json)
Hash identifier:          p0r0gdgY+93/NRccjEU9onc2SjmgWFh7IwtBEc5xb3M=
Subject key identifier:   25:4B:3C:00:35:35:D0:F1:76:A8:FB:41:CD:DD:C9:69:09:29:C9:C9
Certificate issuer:       /CN=77eda8f726a69b504de994943b0a5f2308c2a96b
Certificate serial:       018CC348C40461AB9856775C40BBF66543BE
Authority key identifier: 77:ED:A8:F7:26:A6:9B:50:4D:E9:94:94:3B:0A:5F:23:08:C2:A9:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d-2o9yamm1BN6ZSUOwpfIwjCqWs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/7276f3-c88e-4819-9e59-6084cfc6e4c4/1/JUs8ADU10PF2qPtBzd3JaQkpyck.roa
Signing time:             Mon 01 Jan 2024 04:29:35 +0000
ROA not before:           Mon 01 Jan 2024 04:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51964
IP address blocks:        185.84.217.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/7276f3-c88e-4819-9e59-6084cfc6e4c4/1/d-2o9yamm1BN6ZSUOwpfIwjCqWs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/7276f3-c88e-4819-9e59-6084cfc6e4c4/1/d-2o9yamm1BN6ZSUOwpfIwjCqWs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d-2o9yamm1BN6ZSUOwpfIwjCqWs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 01:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:c4:04:61:ab:98:56:77:5c:40:bb:f6:65:43:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77eda8f726a69b504de994943b0a5f2308c2a96b
        Validity
            Not Before: Jan  1 04:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=254b3c003535d0f176a8fb41cdddc9690929c9c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:ad:0c:7f:f6:0e:37:a7:ea:88:04:32:00:4b:
                    d4:01:4a:ff:92:92:d7:58:f2:0e:44:3d:70:6e:f9:
                    62:24:f7:cb:47:95:53:e7:4d:1f:14:a7:83:f0:99:
                    aa:a1:15:c3:b7:15:a1:2d:ff:2f:f2:94:56:71:11:
                    22:b4:a2:19:ef:e7:3b:89:f6:96:07:95:7b:ff:a0:
                    f6:58:8e:68:f1:38:de:d8:24:1a:8c:01:be:81:a1:
                    d3:6a:29:49:6f:e6:3f:df:7a:ed:5b:15:31:dd:7e:
                    65:4c:a2:63:fc:4a:a2:c9:6d:fd:f0:3d:69:16:c8:
                    0e:5a:f9:ec:81:a5:90:d0:71:b9:12:0e:f2:d5:a9:
                    c4:8a:85:ed:db:37:15:50:48:6c:ac:4a:b7:91:d0:
                    cd:1a:63:47:92:04:38:59:ff:a6:63:69:25:d3:4f:
                    11:4d:c0:18:cf:13:cf:1d:73:20:21:d4:46:45:ec:
                    7f:9c:bb:3a:40:93:dd:e1:bf:51:b6:b3:e3:f9:76:
                    ad:91:5e:17:96:75:6e:eb:92:87:da:d0:db:64:14:
                    27:8b:61:75:75:4a:04:6e:9d:ff:7b:b0:e4:ac:7a:
                    37:d8:45:88:56:55:df:1e:03:2d:34:5f:b9:f9:bb:
                    75:10:18:73:36:c5:28:fc:5c:d4:67:13:8f:56:4f:
                    91:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:4B:3C:00:35:35:D0:F1:76:A8:FB:41:CD:DD:C9:69:09:29:C9:C9
            X509v3 Authority Key Identifier:
                keyid:77:ED:A8:F7:26:A6:9B:50:4D:E9:94:94:3B:0A:5F:23:08:C2:A9:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d-2o9yamm1BN6ZSUOwpfIwjCqWs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/7276f3-c88e-4819-9e59-6084cfc6e4c4/1/JUs8ADU10PF2qPtBzd3JaQkpyck.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/7276f3-c88e-4819-9e59-6084cfc6e4c4/1/d-2o9yamm1BN6ZSUOwpfIwjCqWs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.84.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:af:c1:b3:f7:f3:b6:1a:53:bc:45:54:72:97:ae:b5:5e:8b:
         a7:e6:a8:14:99:3d:eb:03:60:68:c8:d4:b7:be:59:e1:03:bf:
         46:eb:e0:11:7f:f6:cf:a1:6d:1d:59:5f:e5:14:99:4f:17:bd:
         92:e1:df:f0:6d:86:6f:c2:71:4a:46:79:d6:d7:9c:18:97:10:
         a8:e4:c4:02:89:a4:ef:c7:32:00:58:83:81:46:57:0d:49:d4:
         c7:c8:18:fb:05:17:82:f8:0e:37:b5:86:c7:2d:0b:f8:fe:fa:
         b6:4b:d7:71:7f:e1:b7:cd:a7:09:39:0d:58:6a:d5:45:93:c1:
         b9:75:91:25:47:51:fb:18:e8:d4:84:48:e5:3e:4a:5d:ac:c7:
         fe:58:d4:a3:80:99:64:da:79:6e:63:44:3f:68:a9:3c:5d:bb:
         fc:57:f4:af:86:99:78:9f:7a:9f:c0:8e:8d:c6:7a:81:4b:17:
         4b:df:b9:51:4d:4f:ee:90:53:4e:1a:c1:70:ac:1c:ac:70:cf:
         24:0b:15:75:fb:50:3c:bf:56:12:bc:f0:34:3e:f6:00:4e:6e:
         ed:98:31:ab:4d:c6:be:ed:28:f4:69:9f:ed:01:e9:e2:84:76:
         fd:1a:5d:5a:5d:0f:b8:95:81:fd:fb:b6:87:55:38:62:ce:e8:
         d0:5f:52:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSMQEYauYVndcQLv2ZUO+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3ZWRhOGY3MjZhNjliNTA0ZGU5OTQ5NDNiMGE1ZjIzMDhj
MmE5NmIwHhcNMjQwMTAxMDQyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTRiM2MwMDM1MzVkMGYxNzZhOGZiNDFjZGRkYzk2OTA5MjljOWM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh60Mf/YON6fqiAQyAEvUAUr/kpLX
WPIORD1wbvliJPfLR5VT500fFKeD8JmqoRXDtxWhLf8v8pRWcREitKIZ7+c7ifaW
B5V7/6D2WI5o8Tje2CQajAG+gaHTailJb+Y/33rtWxUx3X5lTKJj/EqiyW398D1p
FsgOWvnsgaWQ0HG5Eg7y1anEioXt2zcVUEhsrEq3kdDNGmNHkgQ4Wf+mY2kl008R
TcAYzxPPHXMgIdRGRex/nLs6QJPd4b9RtrPj+XatkV4XlnVu65KH2tDbZBQni2F1
dUoEbp3/e7DkrHo32EWIVlXfHgMtNF+5+bt1EBhzNsUo/FzUZxOPVk+RiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCVLPAA1NdDxdqj7Qc3dyWkJKcnJMB8GA1UdIwQY
MBaAFHftqPcmpptQTemUlDsKXyMIwqlrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZC0ybzl5YW1tMUJONlpTVU93cGZJd2pDcVdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi83Mjc2ZjMtYzg4ZS00ODE5LTllNTkt
NjA4NGNmYzZlNGM0LzEvSlVzOEFEVTEwUEYycVB0QnpkM0phUWtweWNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi83Mjc2ZjMtYzg4ZS00ODE5LTllNTktNjA4NGNmYzZlNGM0
LzEvZC0ybzl5YW1tMUJONlpTVU93cGZJd2pDcVdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVTZMA0G
CSqGSIb3DQEBCwUAA4IBAQB+r8Gz9/O2GlO8RVRyl661Xoun5qgUmT3rA2BoyNS3
vlnhA79G6+ARf/bPoW0dWV/lFJlPF72S4d/wbYZvwnFKRnnW15wYlxCo5MQCiaTv
xzIAWIOBRlcNSdTHyBj7BReC+A43tYbHLQv4/vq2S9dxf+G3zacJOQ1YatVFk8G5
dZElR1H7GOjUhEjlPkpdrMf+WNSjgJlk2nluY0Q/aKk8Xbv8V/Svhpl4n3qfwI6N
xnqBSxdL37lRTU/ukFNOGsFwrByscM8kCxV1+1A8v1YSvPA0PvYATm7tmDGrTca+
7Sj0aZ/tAenihHb9Gl1aXQ+4lYH9+7aHVThizujQX1KG
-----END CERTIFICATE-----