Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/9c70e9-3df3-4bc7-82e6-006e9bb8ed59/1/oYQCczyAHBf7s6m02iapqQA_kBM.roa
File:                     oYQCczyAHBf7s6m02iapqQA_kBM.roa (raw, json)
Hash identifier:          AMGHMQ1Q2oTraaS99AVQUt4vyiSoHTWA8NRvLVWLMrI=
Subject key identifier:   A1:84:02:73:3C:80:1C:17:FB:B3:A9:B4:DA:26:A9:A9:00:3F:90:13
Certificate issuer:       /CN=71c1690ef57afcffae73bdb9934309f8b70ebb61
Certificate serial:       018CC94E3A91B09A6218B7FE94F3CD510D6F
Authority key identifier: 71:C1:69:0E:F5:7A:FC:FF:AE:73:BD:B9:93:43:09:F8:B7:0E:BB:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ccFpDvV6_P-uc725k0MJ-LcOu2E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/9c70e9-3df3-4bc7-82e6-006e9bb8ed59/1/oYQCczyAHBf7s6m02iapqQA_kBM.roa
Signing time:             Tue 02 Jan 2024 08:33:16 +0000
ROA not before:           Tue 02 Jan 2024 08:33:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43171
IP address blocks:        91.189.32.0/21 maxlen: 21
                          77.87.77.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/9c70e9-3df3-4bc7-82e6-006e9bb8ed59/1/ccFpDvV6_P-uc725k0MJ-LcOu2E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/9c70e9-3df3-4bc7-82e6-006e9bb8ed59/1/ccFpDvV6_P-uc725k0MJ-LcOu2E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ccFpDvV6_P-uc725k0MJ-LcOu2E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 20:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:3a:91:b0:9a:62:18:b7:fe:94:f3:cd:51:0d:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=71c1690ef57afcffae73bdb9934309f8b70ebb61
        Validity
            Not Before: Jan  2 08:33:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a18402733c801c17fbb3a9b4da26a9a9003f9013
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:b1:68:0c:1a:86:2e:96:5f:de:60:66:92:33:
                    ca:a6:0f:bb:6e:74:32:b2:80:3d:a4:6a:5c:c7:ff:
                    5b:4c:70:5d:73:0a:08:27:d6:eb:e7:6d:7d:d6:7a:
                    bb:7f:42:de:46:98:d0:6f:bd:21:52:ea:29:77:7d:
                    e4:8b:85:9e:91:e0:59:67:5a:11:6b:a9:53:d0:23:
                    29:b7:59:30:e1:78:18:9f:04:04:26:61:3b:a2:0c:
                    34:2f:92:3f:75:6e:43:e3:a8:d4:a9:fd:50:90:6a:
                    de:15:61:bc:69:eb:fc:74:48:10:24:01:5d:8b:1a:
                    53:61:3d:29:7c:65:91:d6:14:55:62:cd:f3:94:42:
                    4c:8b:8d:81:f0:01:02:09:e8:5b:af:08:9b:a4:9f:
                    6f:b1:4e:ee:ce:0c:74:be:1d:43:c0:fc:36:8b:7c:
                    5c:24:83:75:fe:d3:3e:08:0b:dc:84:ea:62:46:b7:
                    4c:3e:2e:f1:fd:d6:fd:ff:39:05:de:0f:eb:0a:49:
                    43:41:7a:c5:d6:ba:1f:bc:83:31:25:7e:e3:94:34:
                    e5:78:2d:98:a0:d0:47:09:dc:30:5a:0f:3a:72:7e:
                    e3:b6:39:a4:a3:d6:54:c6:33:dc:94:32:cb:0e:03:
                    74:c7:d5:3b:81:6b:5a:e5:99:ec:7c:63:b9:5a:1a:
                    83:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:84:02:73:3C:80:1C:17:FB:B3:A9:B4:DA:26:A9:A9:00:3F:90:13
            X509v3 Authority Key Identifier:
                keyid:71:C1:69:0E:F5:7A:FC:FF:AE:73:BD:B9:93:43:09:F8:B7:0E:BB:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ccFpDvV6_P-uc725k0MJ-LcOu2E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/9c70e9-3df3-4bc7-82e6-006e9bb8ed59/1/oYQCczyAHBf7s6m02iapqQA_kBM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/9c70e9-3df3-4bc7-82e6-006e9bb8ed59/1/ccFpDvV6_P-uc725k0MJ-LcOu2E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.87.77.0/24
                  91.189.32.0/21

    Signature Algorithm: sha256WithRSAEncryption
         7f:6f:ab:d8:4a:c3:06:d8:3d:08:e1:8f:6e:71:48:a8:b7:5d:
         a0:32:f8:ca:6a:c2:08:e3:18:fa:2b:7a:69:03:4d:07:d9:36:
         3a:e7:87:25:fe:b5:e7:a7:a2:3c:8c:32:88:29:4f:1f:ee:ce:
         4b:09:e6:f2:66:88:da:27:12:99:fb:0d:36:44:80:02:72:6b:
         a0:9c:0e:88:25:f3:48:da:fd:88:24:21:6f:e8:8e:fb:a6:e7:
         1b:0a:54:01:b9:ac:9f:49:35:e7:69:5a:d6:5f:1e:84:51:2c:
         bf:28:e0:52:cb:ca:94:e6:ba:37:75:9b:d0:db:6e:cf:38:6b:
         a3:29:8b:35:24:d7:dd:02:fc:23:2c:84:9e:34:45:d1:f1:a0:
         21:85:40:72:ef:ba:35:79:09:23:1b:90:d2:8b:c2:19:fc:04:
         ab:ec:b3:6c:16:c1:cc:3a:4f:3a:20:cd:40:aa:81:8c:f1:99:
         78:a9:73:60:d3:2e:08:cc:a7:92:92:44:f8:e9:b4:bd:2e:df:
         b7:2a:74:82:37:86:0c:4a:d0:fc:ee:ec:60:e9:d1:0d:4d:7e:
         6c:26:db:2c:0c:b3:c1:79:66:82:63:e5:41:2d:26:86:07:be:
         ba:13:7d:65:73:61:5c:23:61:cf:7d:31:eb:cc:82:52:91:89:
         ee:5d:f6:56
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJTjqRsJpiGLf+lPPNUQ1vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcxYzE2OTBlZjU3YWZjZmZhZTczYmRiOTkzNDMwOWY4Yjcw
ZWJiNjEwHhcNMjQwMTAyMDgzMzE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTg0MDI3MzNjODAxYzE3ZmJiM2E5YjRkYTI2YTlhOTAwM2Y5MDEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjLFoDBqGLpZf3mBmkjPKpg+7bnQy
soA9pGpcx/9bTHBdcwoIJ9br52191nq7f0LeRpjQb70hUuopd33ki4WekeBZZ1oR
a6lT0CMpt1kw4XgYnwQEJmE7ogw0L5I/dW5D46jUqf1QkGreFWG8aev8dEgQJAFd
ixpTYT0pfGWR1hRVYs3zlEJMi42B8AECCehbrwibpJ9vsU7uzgx0vh1DwPw2i3xc
JIN1/tM+CAvchOpiRrdMPi7x/db9/zkF3g/rCklDQXrF1rofvIMxJX7jlDTleC2Y
oNBHCdwwWg86cn7jtjmko9ZUxjPclDLLDgN0x9U7gWta5ZnsfGO5WhqDEwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKGEAnM8gBwX+7OptNomqakAP5ATMB8GA1UdIwQY
MBaAFHHBaQ71evz/rnO9uZNDCfi3DrthMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2NGcER2VjZfUC11YzcyNWswTUotTGNPdTJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS85YzcwZTktM2RmMy00YmM3LTgyZTYt
MDA2ZTliYjhlZDU5LzEvb1lRQ2N6eUFIQmY3czZtMDJpYXBxUUFfa0JNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS85YzcwZTktM2RmMy00YmM3LTgyZTYtMDA2ZTliYjhlZDU5
LzEvY2NGcER2VjZfUC11YzcyNWswTUotTGNPdTJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATVdNAwQD
W70gMA0GCSqGSIb3DQEBCwUAA4IBAQB/b6vYSsMG2D0I4Y9ucUiot12gMvjKasII
4xj6K3ppA00H2TY654cl/rXnp6I8jDKIKU8f7s5LCebyZojaJxKZ+w02RIACcmug
nA6IJfNI2v2IJCFv6I77pucbClQBuayfSTXnaVrWXx6EUSy/KOBSy8qU5ro3dZvQ
227POGujKYs1JNfdAvwjLISeNEXR8aAhhUBy77o1eQkjG5DSi8IZ/ASr7LNsFsHM
Ok86IM1AqoGM8Zl4qXNg0y4IzKeSkkT46bS9Lt+3KnSCN4YMStD87uxg6dENTX5s
JtssDLPBeWaCY+VBLSaGB766E31lc2FcI2HPfTHrzIJSkYnuXfZW
-----END CERTIFICATE-----