Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/aa7bf6-6525-4394-80ba-bd40dfae7886/1/0_rsDpozI4g5wPFKDmzbwq9bb1k.roa
File:                     0_rsDpozI4g5wPFKDmzbwq9bb1k.roa (raw, json)
Hash identifier:          7DcbeCiF69zZXzwKjiTUr+RmXx7bcAENnZcFTHZwzHM=
Subject key identifier:   D3:FA:EC:0E:9A:33:23:88:39:C0:F1:4A:0E:6C:DB:C2:AF:5B:6F:59
Certificate issuer:       /CN=c4b7a3386723ba8a2ea482c7b68031a54122ac4f
Certificate serial:       01942746C2E66B756D9C6C10B515C0AEB866
Authority key identifier: C4:B7:A3:38:67:23:BA:8A:2E:A4:82:C7:B6:80:31:A5:41:22:AC:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xLejOGcjuooupILHtoAxpUEirE8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/aa7bf6-6525-4394-80ba-bd40dfae7886/1/0_rsDpozI4g5wPFKDmzbwq9bb1k.roa
Signing time:             Thu 02 Jan 2025 13:48:56 +0000
ROA not before:           Thu 02 Jan 2025 13:48:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215487
IP address blocks:        77.83.59.0/24 maxlen: 24
                          2a14:340::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/aa7bf6-6525-4394-80ba-bd40dfae7886/1/xLejOGcjuooupILHtoAxpUEirE8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/aa7bf6-6525-4394-80ba-bd40dfae7886/1/xLejOGcjuooupILHtoAxpUEirE8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xLejOGcjuooupILHtoAxpUEirE8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:46:c2:e6:6b:75:6d:9c:6c:10:b5:15:c0:ae:b8:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4b7a3386723ba8a2ea482c7b68031a54122ac4f
        Validity
            Not Before: Jan  2 13:48:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d3faec0e9a33238839c0f14a0e6cdbc2af5b6f59
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:45:f9:45:c7:6b:42:fb:66:4a:74:04:5f:59:
                    9b:0c:85:55:38:85:d7:eb:b8:ff:80:92:6b:61:a1:
                    1b:49:79:22:b0:ac:36:29:6e:32:2d:cf:94:96:04:
                    1b:b7:5f:b7:9d:0b:4d:b1:c3:95:af:1f:72:3f:76:
                    77:2d:d4:46:59:fb:25:fe:90:46:e9:db:69:e8:eb:
                    65:68:be:86:a5:52:1c:2c:b4:59:58:8a:99:a2:ed:
                    ab:85:cd:bd:06:9a:2f:83:11:8a:7b:10:17:99:4c:
                    5f:1b:02:19:05:61:88:22:32:2a:b0:3e:59:a9:60:
                    7f:ae:3f:77:75:67:12:18:75:35:dd:36:a6:c0:0a:
                    7d:5b:4c:71:41:07:25:e7:05:b9:8c:91:5f:ac:3d:
                    55:9f:d8:62:4d:19:c9:e9:28:63:3d:31:21:1f:d0:
                    4e:fd:1a:39:52:6d:59:79:60:3b:65:e8:6c:ea:6f:
                    c2:c3:b0:94:99:63:07:aa:a1:85:31:6f:38:76:b6:
                    d1:ba:b8:8e:de:f9:fa:65:0a:ca:ea:11:a8:c6:52:
                    f5:3c:6b:3a:95:90:b0:00:cb:20:62:e9:2e:36:23:
                    a3:9a:3a:c4:3a:d2:85:db:af:f2:78:08:08:f6:6f:
                    ee:8e:5c:09:c2:06:5c:ca:d4:cc:48:87:f0:cf:d1:
                    dc:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:FA:EC:0E:9A:33:23:88:39:C0:F1:4A:0E:6C:DB:C2:AF:5B:6F:59
            X509v3 Authority Key Identifier:
                keyid:C4:B7:A3:38:67:23:BA:8A:2E:A4:82:C7:B6:80:31:A5:41:22:AC:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xLejOGcjuooupILHtoAxpUEirE8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/aa7bf6-6525-4394-80ba-bd40dfae7886/1/0_rsDpozI4g5wPFKDmzbwq9bb1k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/aa7bf6-6525-4394-80ba-bd40dfae7886/1/xLejOGcjuooupILHtoAxpUEirE8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.83.59.0/24
                IPv6:
                  2a14:340::/29

    Signature Algorithm: sha256WithRSAEncryption
         02:aa:c3:8e:34:2d:5e:15:9f:0e:59:ee:06:71:09:58:04:7b:
         88:33:57:7a:db:bd:ce:cb:0b:ee:e0:1f:ea:11:e5:65:6d:39:
         74:2c:a4:6c:bc:3f:75:6c:65:86:e0:33:5a:ce:95:60:77:0d:
         ba:77:2b:16:8f:fc:b3:7f:15:b2:3f:9b:ed:b9:84:ee:f0:8b:
         5b:0b:57:6c:48:76:9e:98:00:b2:e5:41:a8:91:31:5d:cb:ef:
         15:f5:12:75:fc:ca:58:d9:40:a8:ba:81:45:64:6d:e6:03:39:
         db:ac:35:86:29:41:e8:f2:23:c5:71:d1:bb:76:2c:70:58:18:
         13:06:2a:ee:2c:1d:ca:04:0a:7d:c8:3e:2c:80:60:b7:83:b7:
         15:9b:85:15:0b:7d:0e:cf:4b:59:fd:95:bf:47:37:28:c4:b2:
         d9:2b:65:91:ac:a0:59:3c:f6:ad:70:18:55:29:47:91:34:f1:
         46:07:5b:ff:80:05:9e:77:e0:96:27:49:ad:2b:8a:1d:28:61:
         90:36:1d:fa:e8:97:3a:95:74:78:7c:6f:e4:ed:8f:e8:7a:37:
         03:45:ed:c8:3d:a1:45:66:58:61:aa:a4:1b:da:d0:91:29:a7:
         cb:28:1e:10:39:41:90:70:16:92:9a:69:bb:79:7c:95:93:ba:
         28:c4:d3:4b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQnRsLma3VtnGwQtRXArrhmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0YjdhMzM4NjcyM2JhOGEyZWE0ODJjN2I2ODAzMWE1NDEy
MmFjNGYwHhcNMjUwMTAyMTM0ODU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2ZhZWMwZTlhMzMyMzg4MzljMGYxNGEwZTZjZGJjMmFmNWI2ZjU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvEX5RcdrQvtmSnQEX1mbDIVVOIXX
67j/gJJrYaEbSXkisKw2KW4yLc+UlgQbt1+3nQtNscOVrx9yP3Z3LdRGWfsl/pBG
6dtp6OtlaL6GpVIcLLRZWIqZou2rhc29BpovgxGKexAXmUxfGwIZBWGIIjIqsD5Z
qWB/rj93dWcSGHU13TamwAp9W0xxQQcl5wW5jJFfrD1Vn9hiTRnJ6ShjPTEhH9BO
/Ro5Um1ZeWA7Zehs6m/Cw7CUmWMHqqGFMW84drbRuriO3vn6ZQrK6hGoxlL1PGs6
lZCwAMsgYukuNiOjmjrEOtKF26/yeAgI9m/ujlwJwgZcytTMSIfwz9Hc9wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNP67A6aMyOIOcDxSg5s28KvW29ZMB8GA1UdIwQY
MBaAFMS3ozhnI7qKLqSCx7aAMaVBIqxPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveExlak9HY2p1b291cElMSHRvQXhwVUVpckU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS9hYTdiZjYtNjUyNS00Mzk0LTgwYmEt
YmQ0MGRmYWU3ODg2LzEvMF9yc0Rwb3pJNGc1d1BGS0RtemJ3cTliYjFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS9hYTdiZjYtNjUyNS00Mzk0LTgwYmEtYmQ0MGRmYWU3ODg2
LzEveExlak9HY2p1b291cElMSHRvQXhwVUVpckU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQATVM7MA0E
AgACMAcDBQMqFANAMA0GCSqGSIb3DQEBCwUAA4IBAQACqsOONC1eFZ8OWe4GcQlY
BHuIM1d6273Oywvu4B/qEeVlbTl0LKRsvD91bGWG4DNazpVgdw26dysWj/yzfxWy
P5vtuYTu8ItbC1dsSHaemACy5UGokTFdy+8V9RJ1/MpY2UCouoFFZG3mAznbrDWG
KUHo8iPFcdG7dixwWBgTBiruLB3KBAp9yD4sgGC3g7cVm4UVC30Oz0tZ/ZW/Rzco
xLLZK2WRrKBZPPatcBhVKUeRNPFGB1v/gAWed+CWJ0mtK4odKGGQNh366Jc6lXR4
fG/k7Y/oejcDRe3IPaFFZlhhqqQb2tCRKafLKB4QOUGQcBaSmmm7eXyVk7ooxNNL
-----END CERTIFICATE-----