Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/fDx3S8gJLiBc_wwuJuyfDv3d-ZE.roa
File:                     fDx3S8gJLiBc_wwuJuyfDv3d-ZE.roa (raw, json)
Hash identifier:          Y2dYXgLxED2eAP/PkZUU0WeBQEbC4jbh221h1APX1Mg=
Subject key identifier:   7C:3C:77:4B:C8:09:2E:20:5C:FF:0C:2E:26:EC:9F:0E:FD:DD:F9:91
Certificate issuer:       /CN=9aee15c33de358938d6900a1b3c14480a389e85b
Certificate serial:       018CCA29D29FF558D24EAD5236950938BEB7
Authority key identifier: 9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/fDx3S8gJLiBc_wwuJuyfDv3d-ZE.roa
Signing time:             Tue 02 Jan 2024 12:33:07 +0000
ROA not before:           Tue 02 Jan 2024 12:33:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     46844
IP address blocks:        185.77.216.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 22:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:d2:9f:f5:58:d2:4e:ad:52:36:95:09:38:be:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9aee15c33de358938d6900a1b3c14480a389e85b
        Validity
            Not Before: Jan  2 12:33:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7c3c774bc8092e205cff0c2e26ec9f0efdddf991
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:0a:96:12:c6:0d:a4:90:7c:6d:1f:59:eb:72:
                    c9:1c:fc:f7:ae:b3:27:30:66:65:53:a3:01:a6:80:
                    3c:77:d9:db:9b:ea:52:a5:f7:e4:a5:cc:83:0f:83:
                    c1:47:2f:1c:99:c2:6a:35:a5:e6:89:fb:dd:ee:a7:
                    87:08:4e:e2:97:67:7f:78:d2:5b:81:bd:3c:3b:b2:
                    bb:d1:16:5a:ad:d2:57:d5:cd:8d:79:bc:cf:0c:a4:
                    6e:bf:93:b5:39:2b:62:39:84:ad:8f:a7:64:7b:af:
                    29:75:ae:ad:97:17:ea:a9:d4:d9:fe:c5:1d:80:d6:
                    d9:30:8b:a7:a3:8b:22:7f:f5:0a:b4:c2:9a:aa:8f:
                    d7:9f:8b:ec:1e:20:b9:88:7e:55:4a:98:d5:48:e6:
                    59:86:21:a8:68:9f:c2:61:12:96:83:16:86:43:98:
                    9d:aa:08:b7:fe:9c:25:25:47:03:ac:3c:ac:de:19:
                    26:d1:01:d5:f1:4d:56:9b:24:5d:a6:7f:94:76:c9:
                    83:4c:aa:58:bf:99:60:49:23:65:51:96:7d:44:82:
                    99:5d:e8:15:70:8a:34:b4:5e:27:41:d8:20:15:a6:
                    69:df:da:c7:b4:3a:4d:22:37:46:03:c6:25:a6:0b:
                    fa:c0:33:85:48:3b:0a:ab:5b:54:86:61:f4:7f:69:
                    ec:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:3C:77:4B:C8:09:2E:20:5C:FF:0C:2E:26:EC:9F:0E:FD:DD:F9:91
            X509v3 Authority Key Identifier:
                keyid:9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/fDx3S8gJLiBc_wwuJuyfDv3d-ZE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.77.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:e0:4f:fa:96:a8:f5:10:5e:76:47:fa:96:e1:4a:60:0e:f1:
         a4:c6:35:b6:d4:4c:f9:df:4d:53:b7:74:79:40:01:39:a1:45:
         f2:cc:f1:16:1a:b3:69:46:78:96:21:97:b6:36:b0:58:64:5c:
         ee:69:f8:d0:2f:3d:58:64:4f:7d:bd:f1:a1:2f:c0:3f:a6:db:
         ad:f0:58:a3:87:e8:62:26:44:db:45:1d:c0:c5:67:c9:19:48:
         65:c8:fd:a3:6d:50:45:78:8e:da:29:3d:02:d6:96:05:4c:80:
         be:92:3c:37:54:5b:aa:af:3a:61:82:1c:94:2d:73:da:11:1f:
         47:63:61:19:b6:3a:8a:23:8e:cd:22:df:24:d7:c4:95:1e:5b:
         09:08:02:b2:5f:a8:c4:1f:13:89:2a:54:29:53:62:fd:82:75:
         cf:bd:1b:5a:e0:c9:61:43:81:5d:fe:90:59:70:43:ea:44:a5:
         41:d2:3f:20:58:5c:9a:7f:7b:0d:c2:07:17:bd:b2:dc:51:ae:
         a0:3c:65:34:da:e6:e2:80:ba:f1:57:d9:a3:85:ba:f8:b5:73:
         d2:48:dd:1a:26:5f:d3:c7:31:27:75:41:03:e8:18:fb:c0:e3:
         ee:0f:5f:20:7c:3b:5f:31:05:1e:de:dc:da:5e:e1:8d:e1:f8:
         31:90:7c:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKdKf9VjSTq1SNpUJOL63MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhZWUxNWMzM2RlMzU4OTM4ZDY5MDBhMWIzYzE0NDgwYTM4
OWU4NWIwHhcNMjQwMTAyMTIzMzA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzNjNzc0YmM4MDkyZTIwNWNmZjBjMmUyNmVjOWYwZWZkZGRmOTkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqAqWEsYNpJB8bR9Z63LJHPz3rrMn
MGZlU6MBpoA8d9nbm+pSpffkpcyDD4PBRy8cmcJqNaXmifvd7qeHCE7il2d/eNJb
gb08O7K70RZardJX1c2NebzPDKRuv5O1OStiOYStj6dke68pda6tlxfqqdTZ/sUd
gNbZMIuno4sif/UKtMKaqo/Xn4vsHiC5iH5VSpjVSOZZhiGoaJ/CYRKWgxaGQ5id
qgi3/pwlJUcDrDys3hkm0QHV8U1WmyRdpn+UdsmDTKpYv5lgSSNlUZZ9RIKZXegV
cIo0tF4nQdggFaZp39rHtDpNIjdGA8Ylpgv6wDOFSDsKq1tUhmH0f2nsOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHw8d0vICS4gXP8MLibsnw793fmRMB8GA1UdIwQY
MBaAFJruFcM941iTjWkAobPBRICjiehbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjIt
NmVlNTM0ZDkyZTUyLzEvZkR4M1M4Z0pMaUJjX3d3dUp1eWZEdjNkLVpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjItNmVlNTM0ZDkyZTUy
LzEvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuU3YMA0G
CSqGSIb3DQEBCwUAA4IBAQAL4E/6lqj1EF52R/qW4UpgDvGkxjW21Ez5301Tt3R5
QAE5oUXyzPEWGrNpRniWIZe2NrBYZFzuafjQLz1YZE99vfGhL8A/ptut8Fijh+hi
JkTbRR3AxWfJGUhlyP2jbVBFeI7aKT0C1pYFTIC+kjw3VFuqrzphghyULXPaER9H
Y2EZtjqKI47NIt8k18SVHlsJCAKyX6jEHxOJKlQpU2L9gnXPvRta4MlhQ4Fd/pBZ
cEPqRKVB0j8gWFyaf3sNwgcXvbLcUa6gPGU02ubigLrxV9mjhbr4tXPSSN0aJl/T
xzEndUED6Bj7wOPuD18gfDtfMQUe3tzaXuGN4fgxkHwv
-----END CERTIFICATE-----