Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/cCRc520dfjr-UCliHhCpyDWQ08Q.roa
File:                     cCRc520dfjr-UCliHhCpyDWQ08Q.roa (raw, json)
Hash identifier:          brRpdpSjKlUDxhprIT7P98kOLaKgcvxrPG91OBdYFsA=
Subject key identifier:   70:24:5C:E7:6D:1D:7E:3A:FE:50:29:62:1E:10:A9:C8:35:90:D3:C4
Certificate issuer:       /CN=b9954499977278a75570b3403f4d3aa00b1b36e8
Certificate serial:       018CC64B971BA75F4C5B0A78AAB74C006CC3
Authority key identifier: B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/cCRc520dfjr-UCliHhCpyDWQ08Q.roa
Signing time:             Mon 01 Jan 2024 18:31:31 +0000
ROA not before:           Mon 01 Jan 2024 18:31:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207033
IP address blocks:        77.65.171.0/24 maxlen: 24
                          188.114.68.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 21:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:97:1b:a7:5f:4c:5b:0a:78:aa:b7:4c:00:6c:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9954499977278a75570b3403f4d3aa00b1b36e8
        Validity
            Not Before: Jan  1 18:31:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=70245ce76d1d7e3afe5029621e10a9c83590d3c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:3d:7f:4f:79:f0:81:e9:93:72:1b:57:73:a4:
                    69:bd:3f:c0:81:ed:97:9a:9e:d7:d8:b7:5e:3c:ed:
                    c4:ae:01:39:b6:aa:09:ce:74:bf:b6:6b:76:17:1d:
                    20:3b:4c:06:be:f9:11:e1:fc:c3:2a:f7:9c:a9:ed:
                    c1:6e:17:5d:3d:d2:42:63:85:28:35:7e:da:20:96:
                    75:43:68:d5:e7:c1:b3:5f:d7:e7:21:0b:24:ec:85:
                    bb:b5:16:aa:f3:01:b0:11:49:d6:7a:68:2d:fa:3c:
                    2c:b8:72:45:37:4a:5a:7b:ec:67:df:10:c6:0e:13:
                    d1:d8:74:2c:86:b4:87:9a:89:a0:cf:28:93:d5:25:
                    8d:a4:45:ff:6f:63:2c:1f:f7:44:d5:ac:13:80:db:
                    dc:7a:02:f0:55:77:0c:76:2e:bf:a5:05:df:a7:1b:
                    49:e2:d7:7d:9a:99:93:df:62:cb:9f:b2:d6:e4:d8:
                    dd:be:09:1b:63:43:37:40:50:4c:52:45:9a:9c:ea:
                    13:b5:1a:bc:fa:82:76:c9:3b:f8:67:96:6d:1c:70:
                    87:97:59:19:c5:42:fd:2a:9f:cf:14:0b:cd:ec:a5:
                    83:8c:a9:1a:c9:88:0c:74:05:c2:e5:ba:d5:5c:91:
                    27:99:2a:32:ed:be:82:3d:93:34:4d:80:01:bd:de:
                    f4:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:24:5C:E7:6D:1D:7E:3A:FE:50:29:62:1E:10:A9:C8:35:90:D3:C4
            X509v3 Authority Key Identifier:
                keyid:B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/cCRc520dfjr-UCliHhCpyDWQ08Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.65.171.0/24
                  188.114.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:b4:ea:0f:dd:8c:6e:ad:f5:be:a2:02:97:a4:65:78:17:6f:
         b4:b2:d6:dc:27:18:4b:d6:23:c1:25:ac:60:ff:52:6f:ae:90:
         ed:8f:8f:7c:b4:65:dd:3a:62:8f:09:9d:60:17:98:b2:cc:97:
         81:f1:c8:f4:eb:e7:5d:1d:0d:04:8a:2c:15:6c:59:ed:a2:89:
         bd:d2:79:42:8b:22:03:9b:a4:f8:ba:33:93:c2:2b:a6:a1:53:
         3d:8e:c9:c8:65:6d:ad:2a:fd:a2:ae:76:07:fa:f8:61:0d:a4:
         3d:65:60:39:ae:b2:fc:96:6c:a9:50:98:36:99:ce:b2:b8:09:
         f0:ea:46:bb:83:dd:0b:dd:bc:f2:24:ed:16:80:e5:2e:af:5e:
         0e:b5:af:86:b8:af:df:dc:bc:20:9a:ca:74:c4:08:39:ce:31:
         01:41:eb:53:e8:22:83:5c:8f:aa:4f:2b:e2:03:db:0a:3f:3d:
         3a:71:14:b2:64:35:3d:df:d7:93:c3:a5:80:3c:58:e9:2c:9b:
         72:1b:5d:c9:e0:d4:43:12:ac:77:83:d8:38:ed:67:d1:ef:90:
         fe:38:f8:47:db:47:46:9b:c6:5d:f2:7d:bd:5b:16:82:bc:fe:
         5d:a9:f7:01:79:c3:61:99:77:01:46:57:97:0f:4d:3b:11:e8:
         62:be:0f:d8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGS5cbp19MWwp4qrdMAGzDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5OTU0NDk5OTc3Mjc4YTc1NTcwYjM0MDNmNGQzYWEwMGIx
YjM2ZTgwHhcNMjQwMTAxMTgzMTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDI0NWNlNzZkMWQ3ZTNhZmU1MDI5NjIxZTEwYTljODM1OTBkM2M0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtz1/T3nwgemTchtXc6RpvT/Age2X
mp7X2LdePO3ErgE5tqoJznS/tmt2Fx0gO0wGvvkR4fzDKvecqe3BbhddPdJCY4Uo
NX7aIJZ1Q2jV58GzX9fnIQsk7IW7tRaq8wGwEUnWemgt+jwsuHJFN0pae+xn3xDG
DhPR2HQshrSHmomgzyiT1SWNpEX/b2MsH/dE1awTgNvcegLwVXcMdi6/pQXfpxtJ
4td9mpmT32LLn7LW5NjdvgkbY0M3QFBMUkWanOoTtRq8+oJ2yTv4Z5ZtHHCHl1kZ
xUL9Kp/PFAvN7KWDjKkayYgMdAXC5brVXJEnmSoy7b6CPZM0TYABvd70kwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHAkXOdtHX46/lApYh4Qqcg1kNPEMB8GA1UdIwQY
MBaAFLmVRJmXcninVXCzQD9NOqALGzboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAt
MDI0YjE2NTVjMjQ3LzEvY0NSYzUyMGRmanItVUNsaUhoQ3B5RFdRMDhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAtMDI0YjE2NTVjMjQ3
LzEvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATUGrAwQA
vHJEMA0GCSqGSIb3DQEBCwUAA4IBAQBHtOoP3YxurfW+ogKXpGV4F2+0stbcJxhL
1iPBJaxg/1JvrpDtj498tGXdOmKPCZ1gF5iyzJeB8cj06+ddHQ0EiiwVbFntoom9
0nlCiyIDm6T4ujOTwiumoVM9jsnIZW2tKv2irnYH+vhhDaQ9ZWA5rrL8lmypUJg2
mc6yuAnw6ka7g90L3bzyJO0WgOUur14Ota+GuK/f3Lwgmsp0xAg5zjEBQetT6CKD
XI+qTyviA9sKPz06cRSyZDU939eTw6WAPFjpLJtyG13J4NRDEqx3g9g47WfR75D+
OPhH20dGm8Zd8n29WxaCvP5dqfcBecNhmXcBRleXD007Eehivg/Y
-----END CERTIFICATE-----