Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/o8F2QSC9aVIrQDWICY36C7aspnk.roa
File:                     o8F2QSC9aVIrQDWICY36C7aspnk.roa (raw, json)
Hash identifier:          /1n7VM294w4gBMXAGZNLMUsdOXONtyzTBXMtGKKJ7lg=
Subject key identifier:   A3:C1:76:41:20:BD:69:52:2B:40:35:88:09:8D:FA:0B:B6:AC:A6:79
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       018CC7955F93E4F0C405F570F7FE5BA07C17
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/o8F2QSC9aVIrQDWICY36C7aspnk.roa
Signing time:             Tue 02 Jan 2024 00:31:44 +0000
ROA not before:           Tue 02 Jan 2024 00:31:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60403
IP address blocks:        77.81.97.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 03:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:5f:93:e4:f0:c4:05:f5:70:f7:fe:5b:a0:7c:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Jan  2 00:31:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a3c1764120bd69522b403588098dfa0bb6aca679
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:f0:e1:86:94:ab:74:ae:88:e3:14:ab:fa:d3:
                    03:64:dc:0d:2c:bf:b7:38:52:cd:09:1e:82:ac:1d:
                    1f:df:2f:d6:40:13:f5:4f:6b:ac:a1:84:2e:c9:85:
                    4d:13:3d:75:8c:97:f9:03:74:1c:2c:b2:22:50:da:
                    9e:6f:64:d7:ea:55:fe:99:00:45:de:d2:cd:db:e4:
                    74:1b:29:18:18:bc:06:df:0c:f0:47:06:c6:06:8a:
                    c5:6c:17:1b:4a:11:56:24:f5:fb:c6:65:da:aa:cd:
                    7b:29:23:7f:da:4c:ef:b3:f2:e7:36:0d:52:4f:b4:
                    a5:b3:f0:c3:92:84:95:74:62:ff:e5:1e:0c:5d:6d:
                    44:86:b9:b7:ec:57:c2:5b:f6:17:24:e9:98:f7:b7:
                    9b:d9:83:91:3e:ba:bc:b9:90:2c:94:17:98:e2:8f:
                    08:0d:f2:43:09:9f:d7:df:06:4b:4c:d8:69:3f:d9:
                    6a:46:e1:07:a9:cd:26:f3:68:55:ca:ea:d7:94:ec:
                    57:00:5f:fd:3d:e8:cb:43:4b:29:a7:35:15:ec:a2:
                    84:13:12:d0:d6:15:24:ac:66:1a:a4:0c:2c:70:e5:
                    a8:a1:10:61:0b:f5:96:09:00:bf:28:76:e5:c5:42:
                    77:1e:ab:b0:cf:e8:43:2b:1c:9e:cc:8d:0b:0b:ef:
                    ae:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:C1:76:41:20:BD:69:52:2B:40:35:88:09:8D:FA:0B:B6:AC:A6:79
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/o8F2QSC9aVIrQDWICY36C7aspnk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.81.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:fc:3c:cd:6c:0a:fc:ef:eb:b7:01:07:fc:f5:48:c6:70:aa:
         67:bb:bf:08:fb:21:29:5d:95:ac:66:8b:08:61:b7:a8:2a:1a:
         14:2f:0d:74:f2:48:a0:df:f4:e8:fc:7c:c4:2f:09:c1:2a:c1:
         d5:f9:ca:cc:9f:53:bc:02:3f:5f:1d:1b:f7:a3:a1:17:26:2c:
         e7:c1:c2:42:9c:68:66:79:63:ff:f3:af:a5:e9:05:e1:25:7b:
         1e:41:1b:3f:a4:c9:a7:2f:d1:e4:33:06:c6:02:53:2a:99:44:
         fd:12:29:b0:13:01:82:ed:ae:00:ce:e2:b7:14:56:60:b3:2b:
         55:6d:b7:d1:df:33:1f:62:56:b0:9b:3c:21:02:89:7f:da:8a:
         2b:ef:a9:9b:82:b1:66:71:ff:94:94:b9:3e:e5:e7:d9:eb:3b:
         6e:d5:e4:62:1b:9b:b9:0e:b8:89:1d:d0:2d:2f:d2:33:d0:00:
         ef:ad:43:86:d8:7d:9d:4e:87:e0:cf:1b:b9:17:16:29:a2:a9:
         11:f2:01:54:f7:24:fd:fc:e2:0b:a8:74:6e:16:97:dc:e5:0d:
         29:5b:fd:f4:86:44:cc:bd:28:00:d2:7e:dd:f9:b9:44:2b:c8:
         d2:65:6a:4b:ac:00:77:b6:ee:98:93:20:59:2d:65:19:18:2e:
         db:c2:6c:2d
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzHlV+T5PDEBfVw9/5boHwXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjQwMTAyMDAzMTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2MxNzY0MTIwYmQ2OTUyMmI0MDM1ODgwOThkZmEwYmI2YWNhNjc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPDhhpSrdK6I4xSr+tMDZNwNLL+3
OFLNCR6CrB0f3y/WQBP1T2usoYQuyYVNEz11jJf5A3QcLLIiUNqeb2TX6lX+mQBF
3tLN2+R0GykYGLwG3wzwRwbGBorFbBcbShFWJPX7xmXaqs17KSN/2kzvs/LnNg1S
T7Sls/DDkoSVdGL/5R4MXW1Ehrm37FfCW/YXJOmY97eb2YORPrq8uZAslBeY4o8I
DfJDCZ/X3wZLTNhpP9lqRuEHqc0m82hVyurXlOxXAF/9PejLQ0sppzUV7KKEExLQ
1hUkrGYapAwscOWooRBhC/WWCQC/KHblxUJ3Hquwz+hDKxyezI0LC++uvQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFKPBdkEgvWlSK0A1iAmN+gu2rKZ5MB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL284RjJRU0M5YVZJclFEV0lDWTM2Qzdhc3Buay5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABNUWEw
DQYJKoZIhvcNAQELBQADggEBALT8PM1sCvzv67cBB/z1SMZwqme7vwj7ISldlaxm
iwhht6gqGhQvDXTySKDf9Oj8fMQvCcEqwdX5ysyfU7wCP18dG/ejoRcmLOfBwkKc
aGZ5Y//zr6XpBeElex5BGz+kyacv0eQzBsYCUyqZRP0SKbATAYLtrgDO4rcUVmCz
K1Vtt9HfMx9iVrCbPCECiX/aiivvqZuCsWZx/5SUuT7l59nrO27V5GIbm7kOuIkd
0C0v0jPQAO+tQ4bYfZ1Oh+DPG7kXFimiqRHyAVT3JP384guodG4Wl9zlDSlb/fSG
RMy9KADSft35uUQryNJlakusAHe27piTIFktZRkYLtvCbC0=
-----END CERTIFICATE-----