Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/1UBCfK5Pj_VoWPI8U5QYAx9pfFU.roa
File:                     1UBCfK5Pj_VoWPI8U5QYAx9pfFU.roa (raw, json)
Hash identifier:          /NNcL8Pc2pxPqVql9Hr3TjPuYsyy+lsnvRBow9ziJMs=
Subject key identifier:   D5:40:42:7C:AE:4F:8F:F5:68:58:F2:3C:53:94:18:03:1F:69:7C:55
Certificate issuer:       /CN=b9954499977278a75570b3403f4d3aa00b1b36e8
Certificate serial:       018CC64B9E4FE771862B45C5B2F50D14F649
Authority key identifier: B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/1UBCfK5Pj_VoWPI8U5QYAx9pfFU.roa
Signing time:             Mon 01 Jan 2024 18:31:33 +0000
ROA not before:           Mon 01 Jan 2024 18:31:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212163
IP address blocks:        77.65.156.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 21:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:9e:4f:e7:71:86:2b:45:c5:b2:f5:0d:14:f6:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9954499977278a75570b3403f4d3aa00b1b36e8
        Validity
            Not Before: Jan  1 18:31:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d540427cae4f8ff56858f23c539418031f697c55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:40:20:09:a6:1e:e5:4b:f3:fb:a3:5e:fc:01:
                    f5:91:a1:57:0b:c3:12:f7:88:07:2d:71:e4:2d:67:
                    ba:29:c7:f9:79:60:c7:d0:2a:c9:68:48:fb:58:4c:
                    b5:9a:ab:04:31:15:38:b7:05:db:0a:45:24:b3:b2:
                    97:1d:1f:35:d4:a2:ee:ca:7a:9e:65:25:c1:52:5a:
                    f6:a0:7b:f0:cb:5e:99:ba:6f:f5:07:f6:c9:fd:d6:
                    19:4d:48:1b:bb:e9:33:31:4e:54:48:ab:bc:74:3c:
                    10:80:dc:58:54:79:28:64:a9:bc:49:e4:ea:7c:11:
                    4a:ee:a5:2e:d5:cd:53:04:de:5e:62:9c:f6:6a:32:
                    9c:99:be:82:0b:11:c8:9e:74:dd:63:b6:8e:13:1a:
                    a2:72:4a:8f:2b:d6:72:55:e1:b6:4a:7a:37:56:fe:
                    74:c0:57:74:a6:cb:17:53:e4:27:22:f5:a4:c8:63:
                    03:eb:4a:65:5d:27:c6:94:d8:aa:fa:5f:df:18:de:
                    db:c2:e9:19:e2:41:23:37:f2:9c:27:42:15:3c:87:
                    77:10:32:1d:a3:f2:dc:31:f8:c8:eb:26:ad:56:6a:
                    b6:a4:3a:9e:02:37:11:6e:92:f2:95:d8:90:eb:5f:
                    45:45:1d:f2:7b:25:d0:b8:6d:f4:08:fa:61:79:48:
                    c5:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:40:42:7C:AE:4F:8F:F5:68:58:F2:3C:53:94:18:03:1F:69:7C:55
            X509v3 Authority Key Identifier:
                keyid:B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/1UBCfK5Pj_VoWPI8U5QYAx9pfFU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.65.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         81:ed:82:39:80:e9:88:b9:5e:73:27:80:2f:e3:b5:f7:10:d1:
         cd:d4:e9:6e:08:d3:af:ee:f8:3d:46:be:70:fc:1e:7f:db:7b:
         93:4b:74:2e:0a:a1:44:9a:7b:4f:94:8b:ee:88:b4:6c:19:c5:
         b7:4c:e9:7b:ba:64:5b:dd:e2:5e:7a:df:7b:22:7a:5f:4a:21:
         36:11:ba:8d:1c:2e:7b:36:51:af:2e:7c:ad:9e:fb:1e:4c:b2:
         41:48:fc:6b:e9:c7:4f:ad:c6:13:0f:c2:1a:91:bc:f5:b3:20:
         4b:21:db:54:d9:4b:06:91:51:83:36:71:af:1a:f3:03:f5:87:
         38:d4:5c:0b:35:e1:d3:a1:3d:db:87:33:65:ae:08:27:f6:29:
         b4:e1:b5:ee:e1:1a:2c:41:2b:d2:78:57:cf:56:ed:58:53:f8:
         18:51:4f:01:50:5c:d4:84:f8:e9:43:9f:46:b5:5e:60:eb:02:
         a4:0e:3e:20:aa:a8:20:3c:d4:f9:8b:5b:47:0b:e9:bd:80:0b:
         a4:69:63:28:22:a7:f5:19:64:64:2c:e3:93:3d:5e:45:6b:c0:
         d9:37:fc:c6:26:73:d9:dc:54:ca:82:60:ca:58:82:80:f8:6a:
         e7:11:46:9a:1f:f5:15:e6:3d:aa:f1:a2:6e:0b:99:50:a3:09:
         6a:8c:78:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS55P53GGK0XFsvUNFPZJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5OTU0NDk5OTc3Mjc4YTc1NTcwYjM0MDNmNGQzYWEwMGIx
YjM2ZTgwHhcNMjQwMTAxMTgzMTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTQwNDI3Y2FlNGY4ZmY1Njg1OGYyM2M1Mzk0MTgwMzFmNjk3YzU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt0AgCaYe5Uvz+6Ne/AH1kaFXC8MS
94gHLXHkLWe6Kcf5eWDH0CrJaEj7WEy1mqsEMRU4twXbCkUks7KXHR811KLuynqe
ZSXBUlr2oHvwy16Zum/1B/bJ/dYZTUgbu+kzMU5USKu8dDwQgNxYVHkoZKm8SeTq
fBFK7qUu1c1TBN5eYpz2ajKcmb6CCxHInnTdY7aOExqickqPK9ZyVeG2Sno3Vv50
wFd0pssXU+QnIvWkyGMD60plXSfGlNiq+l/fGN7bwukZ4kEjN/KcJ0IVPId3EDId
o/LcMfjI6yatVmq2pDqeAjcRbpLyldiQ619FRR3yeyXQuG30CPpheUjFVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNVAQnyuT4/1aFjyPFOUGAMfaXxVMB8GA1UdIwQY
MBaAFLmVRJmXcninVXCzQD9NOqALGzboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAt
MDI0YjE2NTVjMjQ3LzEvMVVCQ2ZLNVBqX1ZvV1BJOFU1UVlBeDlwZkZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAtMDI0YjE2NTVjMjQ3
LzEvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCTUGcMA0G
CSqGSIb3DQEBCwUAA4IBAQCB7YI5gOmIuV5zJ4Av47X3ENHN1OluCNOv7vg9Rr5w
/B5/23uTS3QuCqFEmntPlIvuiLRsGcW3TOl7umRb3eJeet97InpfSiE2EbqNHC57
NlGvLnytnvseTLJBSPxr6cdPrcYTD8Iakbz1syBLIdtU2UsGkVGDNnGvGvMD9Yc4
1FwLNeHToT3bhzNlrggn9im04bXu4RosQSvSeFfPVu1YU/gYUU8BUFzUhPjpQ59G
tV5g6wKkDj4gqqggPNT5i1tHC+m9gAukaWMoIqf1GWRkLOOTPV5Fa8DZN/zGJnPZ
3FTKgmDKWIKA+GrnEUaaH/UV5j2q8aJuC5lQowlqjHit
-----END CERTIFICATE-----