Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/367d39-8be4-4ecb-9bb6-ffd91b425a00/1/spf9rkzIK93BzpJL2faxPt2qXzQ.roa
File:                     spf9rkzIK93BzpJL2faxPt2qXzQ.roa (raw, json)
Hash identifier:          ID6MtyOszlHoGKndNYnvG+gRdbpO2CaE82SLJTUlWio=
Subject key identifier:   B2:97:FD:AE:4C:C8:2B:DD:C1:CE:92:4B:D9:F6:B1:3E:DD:AA:5F:34
Certificate issuer:       /CN=6c1b77bc4edd8a4b8374476a7347719b676b755e
Certificate serial:       018CC8DF713748189BC5158024658F79EBB3
Authority key identifier: 6C:1B:77:BC:4E:DD:8A:4B:83:74:47:6A:73:47:71:9B:67:6B:75:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bBt3vE7dikuDdEdqc0dxm2drdV4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/367d39-8be4-4ecb-9bb6-ffd91b425a00/1/spf9rkzIK93BzpJL2faxPt2qXzQ.roa
Signing time:             Tue 02 Jan 2024 06:32:15 +0000
ROA not before:           Tue 02 Jan 2024 06:32:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29802
IP address blocks:        77.83.103.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/367d39-8be4-4ecb-9bb6-ffd91b425a00/1/bBt3vE7dikuDdEdqc0dxm2drdV4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/367d39-8be4-4ecb-9bb6-ffd91b425a00/1/bBt3vE7dikuDdEdqc0dxm2drdV4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bBt3vE7dikuDdEdqc0dxm2drdV4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 May 2024 03:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:71:37:48:18:9b:c5:15:80:24:65:8f:79:eb:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c1b77bc4edd8a4b8374476a7347719b676b755e
        Validity
            Not Before: Jan  2 06:32:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b297fdae4cc82bddc1ce924bd9f6b13eddaa5f34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:a9:b1:2e:31:2c:79:32:c5:cc:51:26:a2:90:
                    af:2b:b7:61:97:08:87:7f:cc:fb:10:39:49:94:10:
                    a8:0a:3a:c4:92:d2:1f:46:90:7f:02:3c:41:91:82:
                    d3:59:37:71:9d:ef:6e:af:2b:9c:80:93:1b:a5:a3:
                    4e:c0:5a:49:9b:80:31:1f:96:6d:66:bb:d8:11:71:
                    b2:d5:7e:97:7e:19:e9:80:28:d9:cd:4a:5d:ed:3c:
                    53:ea:1e:55:40:00:30:1b:5d:ef:89:5f:b0:97:6a:
                    29:c0:de:d6:b2:f7:55:2e:4b:28:c3:c3:fa:d1:2b:
                    9c:1c:6b:ab:94:6a:f5:5c:17:36:c4:d6:ca:cc:5d:
                    0d:43:ae:b5:e3:f8:af:91:73:31:c8:6b:68:98:1a:
                    0a:2a:95:76:f0:19:4e:75:8c:24:1a:55:14:76:e7:
                    e5:91:a4:1f:3b:a6:35:2a:1d:c9:54:b6:70:e3:f2:
                    5d:78:cf:d8:89:d5:86:74:2c:58:8f:4c:91:8e:f1:
                    8f:40:42:74:84:cb:dd:b9:ab:36:eb:82:1f:de:b7:
                    6a:38:d9:48:9f:13:5d:82:1d:9d:3d:0a:c5:ad:d3:
                    6f:cc:01:07:49:3b:fd:ff:41:6e:39:da:59:4a:e9:
                    1e:e3:84:a5:d7:94:40:be:58:30:8d:12:b9:37:6c:
                    68:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:97:FD:AE:4C:C8:2B:DD:C1:CE:92:4B:D9:F6:B1:3E:DD:AA:5F:34
            X509v3 Authority Key Identifier:
                keyid:6C:1B:77:BC:4E:DD:8A:4B:83:74:47:6A:73:47:71:9B:67:6B:75:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bBt3vE7dikuDdEdqc0dxm2drdV4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/367d39-8be4-4ecb-9bb6-ffd91b425a00/1/spf9rkzIK93BzpJL2faxPt2qXzQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/367d39-8be4-4ecb-9bb6-ffd91b425a00/1/bBt3vE7dikuDdEdqc0dxm2drdV4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.83.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c9:ad:50:07:55:72:bf:f2:25:e0:a7:04:89:2c:9a:14:e9:48:
         cb:ea:eb:df:88:bd:4a:74:9b:50:8d:6a:e5:3a:cc:93:a5:9a:
         24:99:fe:97:34:8c:1e:94:08:ba:57:5a:98:22:db:22:94:cf:
         1f:25:37:0a:57:58:de:6a:43:2e:2e:a8:44:58:5f:14:dc:b6:
         8a:6d:8b:b7:f1:86:a3:f1:1a:cd:59:ad:a7:9b:bd:3f:23:45:
         1a:21:28:93:0d:e7:85:15:f6:dd:53:23:4a:dd:c5:33:e7:58:
         74:f0:93:06:7a:4d:4a:d1:e7:df:96:b1:76:77:51:c0:d3:12:
         39:20:c4:9a:77:fb:52:3d:cc:c4:f9:74:d8:b1:3f:5a:9f:18:
         a8:7f:60:50:45:d2:57:ea:3c:78:f1:33:e5:1f:2f:7a:d5:c1:
         96:53:04:8e:72:7e:b3:b1:db:44:30:f2:0e:d7:77:7b:65:7c:
         56:cf:cb:6b:dc:24:d9:46:2d:50:f0:f0:56:0a:11:8f:f8:cb:
         bd:9a:cf:08:b4:88:90:49:a9:f3:a0:1a:c3:68:47:cc:e9:bb:
         e2:b6:41:bc:d0:ba:cd:a7:5f:77:62:de:8b:e9:4b:9f:fb:3d:
         e7:e3:33:d7:df:bb:6b:b5:1a:0e:f5:ff:e7:d7:70:21:af:3b:
         19:d3:fb:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI33E3SBibxRWAJGWPeeuzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjMWI3N2JjNGVkZDhhNGI4Mzc0NDc2YTczNDc3MTliNjc2
Yjc1NWUwHhcNMjQwMTAyMDYzMjE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjk3ZmRhZTRjYzgyYmRkYzFjZTkyNGJkOWY2YjEzZWRkYWE1ZjM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw6mxLjEseTLFzFEmopCvK7dhlwiH
f8z7EDlJlBCoCjrEktIfRpB/AjxBkYLTWTdxne9uryucgJMbpaNOwFpJm4AxH5Zt
ZrvYEXGy1X6XfhnpgCjZzUpd7TxT6h5VQAAwG13viV+wl2opwN7WsvdVLksow8P6
0SucHGurlGr1XBc2xNbKzF0NQ6614/ivkXMxyGtomBoKKpV28BlOdYwkGlUUdufl
kaQfO6Y1Kh3JVLZw4/JdeM/YidWGdCxYj0yRjvGPQEJ0hMvduas264If3rdqONlI
nxNdgh2dPQrFrdNvzAEHSTv9/0FuOdpZSuke44Sl15RAvlgwjRK5N2xoAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLKX/a5MyCvdwc6SS9n2sT7dql80MB8GA1UdIwQY
MBaAFGwbd7xO3YpLg3RHanNHcZtna3VeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYkJ0M3ZFN2Rpa3VEZEVkcWMwZHhtMmRyZFY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8zNjdkMzktOGJlNC00ZWNiLTliYjYt
ZmZkOTFiNDI1YTAwLzEvc3BmOXJreklLOTNCenBKTDJmYXhQdDJxWHpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8zNjdkMzktOGJlNC00ZWNiLTliYjYtZmZkOTFiNDI1YTAw
LzEvYkJ0M3ZFN2Rpa3VEZEVkcWMwZHhtMmRyZFY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVNnMA0G
CSqGSIb3DQEBCwUAA4IBAQDJrVAHVXK/8iXgpwSJLJoU6UjL6uvfiL1KdJtQjWrl
OsyTpZokmf6XNIwelAi6V1qYItsilM8fJTcKV1jeakMuLqhEWF8U3LaKbYu38Yaj
8RrNWa2nm70/I0UaISiTDeeFFfbdUyNK3cUz51h08JMGek1K0efflrF2d1HA0xI5
IMSad/tSPczE+XTYsT9anxiof2BQRdJX6jx48TPlHy961cGWUwSOcn6zsdtEMPIO
13d7ZXxWz8tr3CTZRi1Q8PBWChGP+Mu9ms8ItIiQSanzoBrDaEfM6bvitkG80LrN
p193Yt6L6Uuf+z3n4zPX37trtRoO9f/n13AhrzsZ0/u+
-----END CERTIFICATE-----