Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/DrK0JORootkLvkawO3hU-2dhNPw.roa
File:                     DrK0JORootkLvkawO3hU-2dhNPw.roa (raw, json)
Hash identifier:          qOK2IqpwjcfLinxgZXoDtNFSOtaJZ+VsgYgL86aFEeI=
Subject key identifier:   0E:B2:B4:24:E4:68:A2:D9:0B:BE:46:B0:3B:78:54:FB:67:61:34:FC
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       018CC7944A27591978ED87E076E3AE02C9CF
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/DrK0JORootkLvkawO3hU-2dhNPw.roa
Signing time:             Tue 02 Jan 2024 00:30:33 +0000
ROA not before:           Tue 02 Jan 2024 00:30:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204890
IP address blocks:        77.67.36.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:4a:27:59:19:78:ed:87:e0:76:e3:ae:02:c9:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Jan  2 00:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0eb2b424e468a2d90bbe46b03b7854fb676134fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:90:77:d5:a8:6f:70:cd:4d:47:f4:f6:ef:ae:
                    9d:2f:cb:5d:7c:d4:f2:53:42:69:f7:f1:42:98:e4:
                    ac:45:54:18:03:77:8c:55:e1:8e:52:11:09:2f:35:
                    30:77:ab:82:6a:1b:17:1e:8f:40:17:ed:a9:ed:03:
                    c1:3d:c5:64:3c:ed:39:23:05:17:f4:45:b6:0d:b5:
                    25:32:97:22:c1:c7:53:45:e3:0c:ce:0f:c2:b5:2d:
                    01:d3:2a:33:c7:bc:cd:c8:c1:eb:9b:df:2a:0e:4d:
                    77:d5:2a:ac:6e:1e:fd:0b:06:2a:58:f1:ea:45:c1:
                    39:44:05:35:51:3f:08:09:f8:67:f0:fb:ba:b8:e3:
                    a8:92:2d:23:fa:64:8c:33:b0:58:ef:10:74:54:71:
                    6b:9d:41:2d:44:bd:c0:98:83:76:15:6d:18:9f:6b:
                    3f:4e:3d:54:00:49:69:dc:bc:bb:8a:a2:57:44:30:
                    b5:1b:00:10:10:51:f6:b7:30:89:0b:5e:b0:5a:35:
                    ac:ba:1d:19:13:63:0b:41:dc:bb:f5:dc:e9:d2:05:
                    2a:52:3a:8e:76:82:fd:99:db:67:7e:45:ec:87:fb:
                    bd:93:10:e1:12:fc:7c:dc:15:ab:35:4a:23:aa:81:
                    fe:f7:35:91:1f:60:8a:28:54:36:fe:47:84:bc:6e:
                    91:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:B2:B4:24:E4:68:A2:D9:0B:BE:46:B0:3B:78:54:FB:67:61:34:FC
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/DrK0JORootkLvkawO3hU-2dhNPw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.67.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:03:21:9d:8d:83:88:b0:7f:e2:01:2b:ab:df:18:88:d4:1e:
         e1:10:53:d5:bb:3a:0c:57:1f:c6:58:73:c6:31:17:52:7b:fe:
         8c:85:98:df:6f:06:67:bb:d2:52:b8:6f:79:38:eb:7d:bf:f1:
         86:5b:0b:ca:37:e5:0a:f1:c4:60:1d:6c:85:0e:59:46:7f:ee:
         cb:b5:38:53:50:b0:5c:71:ef:b0:cb:44:5d:ce:9a:da:4f:cb:
         93:5f:d1:19:0e:4d:ea:b5:2e:6e:34:51:97:00:c7:dd:e7:bd:
         21:0c:f7:e3:b0:10:52:44:cd:e0:35:36:44:00:1f:fe:54:c9:
         cc:ea:bb:63:c8:a6:8a:3d:64:c8:1b:e6:f4:b1:f7:d8:d4:a6:
         dd:dc:11:d0:d1:56:e0:c4:f8:2b:b5:5e:1f:37:5e:cf:9c:5c:
         67:14:8c:3f:80:78:85:5d:69:d8:14:6f:49:c3:12:1c:18:df:
         a3:e0:e2:54:50:4b:16:84:8e:2c:1c:89:60:73:16:94:3b:0a:
         44:c6:eb:3c:38:1e:5f:d6:aa:11:d1:fb:f4:c0:9b:6e:e1:a1:
         a9:d6:53:c3:80:9e:66:31:26:56:2e:b0:81:67:07:f5:53:7a:
         3a:7c:5c:7f:41:fe:ad:fe:43:7f:6a:b2:15:e0:95:8f:d1:08:
         07:49:6b:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlEonWRl47YfgduOuAsnPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjQwMTAyMDAzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZWIyYjQyNGU0NjhhMmQ5MGJiZTQ2YjAzYjc4NTRmYjY3NjEzNGZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArJB31ahvcM1NR/T2766dL8tdfNTy
U0Jp9/FCmOSsRVQYA3eMVeGOUhEJLzUwd6uCahsXHo9AF+2p7QPBPcVkPO05IwUX
9EW2DbUlMpciwcdTReMMzg/CtS0B0yozx7zNyMHrm98qDk131Sqsbh79CwYqWPHq
RcE5RAU1UT8ICfhn8Pu6uOOoki0j+mSMM7BY7xB0VHFrnUEtRL3AmIN2FW0Yn2s/
Tj1UAElp3Ly7iqJXRDC1GwAQEFH2tzCJC16wWjWsuh0ZE2MLQdy79dzp0gUqUjqO
doL9mdtnfkXsh/u9kxDhEvx83BWrNUojqoH+9zWRH2CKKFQ2/keEvG6R3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA6ytCTkaKLZC75GsDt4VPtnYTT8MB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvRHJLMEpPUm9vdGtMdmthd08zaFUtMmRoTlB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATUMkMA0G
CSqGSIb3DQEBCwUAA4IBAQAoAyGdjYOIsH/iASur3xiI1B7hEFPVuzoMVx/GWHPG
MRdSe/6MhZjfbwZnu9JSuG95OOt9v/GGWwvKN+UK8cRgHWyFDllGf+7LtThTULBc
ce+wy0RdzpraT8uTX9EZDk3qtS5uNFGXAMfd570hDPfjsBBSRM3gNTZEAB/+VMnM
6rtjyKaKPWTIG+b0sffY1Kbd3BHQ0VbgxPgrtV4fN17PnFxnFIw/gHiFXWnYFG9J
wxIcGN+j4OJUUEsWhI4sHIlgcxaUOwpExus8OB5f1qoR0fv0wJtu4aGp1lPDgJ5m
MSZWLrCBZwf1U3o6fFx/Qf6t/kN/arIV4JWP0QgHSWuu
-----END CERTIFICATE-----