Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/dd55e8-febd-49d0-a5a7-1cf15b2ba7be/1/NLYVBbHiEY9BvvzOpd2N4xTrVwU.roa
File:                     NLYVBbHiEY9BvvzOpd2N4xTrVwU.roa (raw, json)
Hash identifier:          IeLzMrweCd5wbzTb8jzBm4ALfW1Y15QzW5jIOJXZhxE=
Subject key identifier:   34:B6:15:05:B1:E2:11:8F:41:BE:FC:CE:A5:DD:8D:E3:14:EB:57:05
Certificate issuer:       /CN=ac7cc334f51d2b6eb4e27d6d56b9bce3e85560cc
Certificate serial:       019072748A7C7D66033415DBAABCBDFB0665
Authority key identifier: AC:7C:C3:34:F5:1D:2B:6E:B4:E2:7D:6D:56:B9:BC:E3:E8:55:60:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rHzDNPUdK2604n1tVrm84-hVYMw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/dd55e8-febd-49d0-a5a7-1cf15b2ba7be/1/NLYVBbHiEY9BvvzOpd2N4xTrVwU.roa
Signing time:             Tue 02 Jul 2024 07:59:18 +0000
ROA not before:           Tue 02 Jul 2024 07:59:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47254
IP address blocks:        77.95.140.0/24 maxlen: 24
                          217.19.152.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/dd55e8-febd-49d0-a5a7-1cf15b2ba7be/1/rHzDNPUdK2604n1tVrm84-hVYMw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/dd55e8-febd-49d0-a5a7-1cf15b2ba7be/1/rHzDNPUdK2604n1tVrm84-hVYMw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rHzDNPUdK2604n1tVrm84-hVYMw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 Nov 2024 23:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:72:74:8a:7c:7d:66:03:34:15:db:aa:bc:bd:fb:06:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ac7cc334f51d2b6eb4e27d6d56b9bce3e85560cc
        Validity
            Not Before: Jul  2 07:59:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=34b61505b1e2118f41befccea5dd8de314eb5705
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:95:65:75:4a:fa:f1:07:d9:f0:f0:bf:00:82:
                    c0:60:cf:eb:bd:52:3d:d1:51:80:f7:91:d0:78:a3:
                    f1:0c:2f:99:ac:45:bf:2f:8d:8a:db:d9:ff:b9:5a:
                    0d:44:57:95:b3:3a:2e:44:7f:88:5d:a0:bf:52:8f:
                    23:f6:e3:16:7d:76:5c:fd:1a:f1:6f:fd:68:5e:ae:
                    67:69:21:4d:63:82:bb:7f:f7:93:d2:22:88:55:e2:
                    3c:e4:c1:32:73:1b:f3:d5:6a:7c:7e:7c:ef:65:68:
                    ab:12:30:72:df:1f:aa:e7:f0:bf:6c:d1:96:fa:5d:
                    93:6e:64:3f:71:e8:31:e5:00:3a:0c:47:17:97:80:
                    01:87:d1:7b:da:a3:6f:ba:d4:af:dc:47:f7:8c:99:
                    2b:20:99:5f:30:08:2b:b3:66:1f:c6:1f:54:93:60:
                    bd:3a:83:39:67:5a:d6:7b:0e:cc:b0:66:79:01:a6:
                    10:53:2a:42:17:8a:9f:fc:bf:ab:99:d6:f2:4c:bc:
                    3d:e6:58:8a:3e:ad:42:94:63:c8:37:a5:50:d2:a7:
                    80:81:f3:8c:91:ca:1c:1a:3b:f9:9a:86:8e:c1:bb:
                    0e:84:aa:cb:d6:6f:8d:dd:fb:3e:e1:a9:7f:26:cf:
                    82:9e:fe:74:23:ff:a5:67:2b:c6:ce:31:49:2c:29:
                    9e:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:B6:15:05:B1:E2:11:8F:41:BE:FC:CE:A5:DD:8D:E3:14:EB:57:05
            X509v3 Authority Key Identifier:
                keyid:AC:7C:C3:34:F5:1D:2B:6E:B4:E2:7D:6D:56:B9:BC:E3:E8:55:60:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rHzDNPUdK2604n1tVrm84-hVYMw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/dd55e8-febd-49d0-a5a7-1cf15b2ba7be/1/NLYVBbHiEY9BvvzOpd2N4xTrVwU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/dd55e8-febd-49d0-a5a7-1cf15b2ba7be/1/rHzDNPUdK2604n1tVrm84-hVYMw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.95.140.0/24
                  217.19.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:68:5b:3b:1e:1f:d4:99:02:31:0f:e2:e6:00:1d:b5:10:03:
         4f:84:8b:27:d8:15:9f:cd:c0:c1:4a:49:9f:79:24:ff:a8:68:
         ac:78:ac:9d:44:e8:41:45:77:ad:60:c0:c2:1e:09:50:c7:b1:
         95:fb:33:6e:b4:03:06:cb:8f:85:74:2a:90:3d:f9:4a:ec:a6:
         e6:cf:82:48:bd:cf:b0:e3:92:a2:36:80:4b:e8:01:c7:75:7d:
         60:40:91:8f:1a:90:fd:6c:32:f8:5b:b9:ee:38:3b:20:1c:c4:
         3c:be:48:47:ca:bb:7a:17:b4:b1:c5:b7:e2:f3:0a:7c:dc:1c:
         04:20:15:8a:a7:9d:e9:88:c9:45:83:95:9d:c6:43:3b:2b:ae:
         61:a4:97:26:72:48:e6:bb:37:da:68:c5:09:66:df:c5:bb:0a:
         a9:34:26:98:e5:47:8c:59:fa:9c:32:7c:0b:ac:d2:f1:1a:66:
         62:dd:30:6e:66:9f:dd:c6:57:cd:61:2a:62:2a:cc:50:84:42:
         09:43:f1:2c:51:2e:c5:28:2d:47:88:05:7a:7b:3a:95:47:8c:
         19:55:2b:67:57:fa:5d:89:66:f6:3b:8f:6d:35:c3:c7:9e:ca:
         71:f9:2b:34:ab:bd:08:9b:5f:99:38:d6:00:40:79:14:b8:36:
         fd:47:89:00
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZBydIp8fWYDNBXbqry9+wZlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjN2NjMzM0ZjUxZDJiNmViNGUyN2Q2ZDU2YjliY2UzZTg1
NTYwY2MwHhcNMjQwNzAyMDc1OTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGI2MTUwNWIxZTIxMThmNDFiZWZjY2VhNWRkOGRlMzE0ZWI1NzA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoZVldUr68QfZ8PC/AILAYM/rvVI9
0VGA95HQeKPxDC+ZrEW/L42K29n/uVoNRFeVszouRH+IXaC/Uo8j9uMWfXZc/Rrx
b/1oXq5naSFNY4K7f/eT0iKIVeI85MEycxvz1Wp8fnzvZWirEjBy3x+q5/C/bNGW
+l2TbmQ/cegx5QA6DEcXl4ABh9F72qNvutSv3Ef3jJkrIJlfMAgrs2Yfxh9Uk2C9
OoM5Z1rWew7MsGZ5AaYQUypCF4qf/L+rmdbyTLw95liKPq1ClGPIN6VQ0qeAgfOM
kcocGjv5moaOwbsOhKrL1m+N3fs+4al/Js+Cnv50I/+lZyvGzjFJLCmeiQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDS2FQWx4hGPQb78zqXdjeMU61cFMB8GA1UdIwQY
MBaAFKx8wzT1HStutOJ9bVa5vOPoVWDMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvckh6RE5QVWRLMjYwNG4xdFZybTg0LWhWWU13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS9kZDU1ZTgtZmViZC00OWQwLWE1YTct
MWNmMTViMmJhN2JlLzEvTkxZVkJiSGlFWTlCdnZ6T3BkMk40eFRyVndVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS9kZDU1ZTgtZmViZC00OWQwLWE1YTctMWNmMTViMmJhN2Jl
LzEvckh6RE5QVWRLMjYwNG4xdFZybTg0LWhWWU13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATV+MAwQA
2ROYMA0GCSqGSIb3DQEBCwUAA4IBAQCBaFs7Hh/UmQIxD+LmAB21EANPhIsn2BWf
zcDBSkmfeST/qGiseKydROhBRXetYMDCHglQx7GV+zNutAMGy4+FdCqQPflK7Kbm
z4JIvc+w45KiNoBL6AHHdX1gQJGPGpD9bDL4W7nuODsgHMQ8vkhHyrt6F7Sxxbfi
8wp83BwEIBWKp53piMlFg5WdxkM7K65hpJcmckjmuzfaaMUJZt/FuwqpNCaY5UeM
WfqcMnwLrNLxGmZi3TBuZp/dxlfNYSpiKsxQhEIJQ/EsUS7FKC1HiAV6ezqVR4wZ
VStnV/pdiWb2O49tNcPHnspx+Ss0q70Im1+ZONYAQHkUuDb9R4kA
-----END CERTIFICATE-----