Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/c52293-0678-4b42-8ae0-4891653eeb67/1/zFb9es3uXkPMd-ugsb3acKq2kWs.roa
File:                     zFb9es3uXkPMd-ugsb3acKq2kWs.roa (raw, json)
Hash identifier:          CpgoliFvyxru2zXx6gfrBhmQolzdlTSAa5FPVi8Uo/4=
Subject key identifier:   CC:56:FD:7A:CD:EE:5E:43:CC:77:EB:A0:B1:BD:DA:70:AA:B6:91:6B
Certificate issuer:       /CN=e78ba5d98d48cebd5ad04c08bf09082b12a7e3ab
Certificate serial:       0194222008E3FA729B6C4B5B3D859F198987
Authority key identifier: E7:8B:A5:D9:8D:48:CE:BD:5A:D0:4C:08:BF:09:08:2B:12:A7:E3:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/54ul2Y1Izr1a0EwIvwkIKxKn46s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/c52293-0678-4b42-8ae0-4891653eeb67/1/zFb9es3uXkPMd-ugsb3acKq2kWs.roa
Signing time:             Wed 01 Jan 2025 13:48:32 +0000
ROA not before:           Wed 01 Jan 2025 13:48:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        77.81.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/c52293-0678-4b42-8ae0-4891653eeb67/1/54ul2Y1Izr1a0EwIvwkIKxKn46s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/c52293-0678-4b42-8ae0-4891653eeb67/1/54ul2Y1Izr1a0EwIvwkIKxKn46s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/54ul2Y1Izr1a0EwIvwkIKxKn46s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 07:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:08:e3:fa:72:9b:6c:4b:5b:3d:85:9f:19:89:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e78ba5d98d48cebd5ad04c08bf09082b12a7e3ab
        Validity
            Not Before: Jan  1 13:48:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cc56fd7acdee5e43cc77eba0b1bdda70aab6916b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:c2:b8:48:e2:93:f7:4a:ec:9f:e0:05:df:bc:
                    0a:46:74:9e:53:f3:63:9c:34:99:28:14:93:7a:90:
                    bf:91:39:55:68:1e:4e:f9:22:0a:4b:7b:6a:59:0b:
                    22:5c:43:d1:0f:bc:b6:97:37:3c:5d:86:43:7f:e5:
                    cf:f0:58:be:53:99:55:f2:5a:c8:0e:fc:de:6f:96:
                    58:79:68:d2:c4:9d:66:43:e8:c5:06:a2:ea:ba:02:
                    65:a5:99:40:32:d1:5d:93:45:76:3a:6f:8d:72:56:
                    63:b5:e2:0f:e7:64:8a:cf:f9:95:32:ef:0e:a9:44:
                    ed:4e:c0:b6:4f:97:ec:97:19:fc:94:7b:a1:b4:16:
                    19:cb:b8:d2:c2:34:cc:a6:74:b4:eb:76:3d:f4:e9:
                    f4:53:bb:9c:d2:3b:ff:2c:40:76:8d:cb:60:62:54:
                    c0:3d:74:e3:d2:52:ee:ad:ce:bf:9c:49:77:2e:2e:
                    39:3e:05:19:b8:d2:96:5a:f6:82:39:fa:b5:98:45:
                    ac:c9:61:e6:29:49:7b:dc:8e:3e:8c:ca:54:2d:8e:
                    fa:17:f6:7a:b3:7c:ff:60:13:ca:6d:40:89:a2:6d:
                    3f:8d:2c:ab:af:9b:39:df:72:95:b9:a7:12:36:f1:
                    08:ac:d8:06:ad:f4:1b:72:87:6e:81:4e:f7:b1:44:
                    0f:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:56:FD:7A:CD:EE:5E:43:CC:77:EB:A0:B1:BD:DA:70:AA:B6:91:6B
            X509v3 Authority Key Identifier:
                keyid:E7:8B:A5:D9:8D:48:CE:BD:5A:D0:4C:08:BF:09:08:2B:12:A7:E3:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/54ul2Y1Izr1a0EwIvwkIKxKn46s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/c52293-0678-4b42-8ae0-4891653eeb67/1/zFb9es3uXkPMd-ugsb3acKq2kWs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/c52293-0678-4b42-8ae0-4891653eeb67/1/54ul2Y1Izr1a0EwIvwkIKxKn46s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.81.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:74:66:5d:39:78:4b:cc:33:f0:ca:49:0f:b8:1b:0e:07:f5:
         e6:21:28:bf:e9:86:a5:00:ae:18:2e:ef:2a:e5:1e:96:8a:a7:
         49:1a:be:e7:1c:7b:fa:20:a3:09:d1:5e:1d:dd:c7:b6:26:7b:
         3a:85:8a:6e:39:85:76:21:c3:77:bd:c4:d8:ae:64:25:dc:10:
         9c:b0:63:9f:e1:f1:b4:3a:96:6d:79:34:f6:03:93:08:9b:ed:
         66:46:41:8b:2d:bb:c4:b7:9f:10:1b:9b:c4:61:ca:08:ad:89:
         6e:6d:d4:fc:6c:f9:6e:36:d8:09:8d:00:02:bf:48:e8:02:57:
         d5:30:6f:13:59:16:78:4c:3f:50:29:ee:ed:ae:dd:b2:65:4a:
         47:56:33:09:65:01:34:6b:1b:df:4e:3f:0c:4e:84:73:a9:7a:
         b5:e2:2d:86:aa:d1:4c:cf:92:93:af:03:64:cf:ee:e1:28:88:
         c6:2d:80:d9:59:83:e3:40:c1:2f:88:59:d5:17:59:6d:73:76:
         4f:91:12:39:44:8c:b2:01:b1:33:e0:c9:61:f8:c8:0e:52:6f:
         2b:29:ae:d6:22:2e:5d:de:a8:6e:78:30:1c:3a:42:29:a2:3f:
         39:e8:dc:0c:97:c7:ba:b5:3e:fc:68:c1:c6:31:18:64:31:ef:
         0c:50:5b:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiIAjj+nKbbEtbPYWfGYmHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3OGJhNWQ5OGQ0OGNlYmQ1YWQwNGMwOGJmMDkwODJiMTJh
N2UzYWIwHhcNMjUwMTAxMTM0ODMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzU2ZmQ3YWNkZWU1ZTQzY2M3N2ViYTBiMWJkZGE3MGFhYjY5MTZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwMK4SOKT90rsn+AF37wKRnSeU/Nj
nDSZKBSTepC/kTlVaB5O+SIKS3tqWQsiXEPRD7y2lzc8XYZDf+XP8Fi+U5lV8lrI
Dvzeb5ZYeWjSxJ1mQ+jFBqLqugJlpZlAMtFdk0V2Om+NclZjteIP52SKz/mVMu8O
qUTtTsC2T5fslxn8lHuhtBYZy7jSwjTMpnS063Y99On0U7uc0jv/LEB2jctgYlTA
PXTj0lLurc6/nEl3Li45PgUZuNKWWvaCOfq1mEWsyWHmKUl73I4+jMpULY76F/Z6
s3z/YBPKbUCJom0/jSyrr5s533KVuacSNvEIrNgGrfQbcodugU73sUQP+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMxW/XrN7l5DzHfroLG92nCqtpFrMB8GA1UdIwQY
MBaAFOeLpdmNSM69WtBMCL8JCCsSp+OrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTR1bDJZMUl6cjFhMEV3SXZ3a0lLeEtuNDZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC9jNTIyOTMtMDY3OC00YjQyLThhZTAt
NDg5MTY1M2VlYjY3LzEvekZiOWVzM3VYa1BNZC11Z3NiM2FjS3Eya1dzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC9jNTIyOTMtMDY3OC00YjQyLThhZTAtNDg5MTY1M2VlYjY3
LzEvNTR1bDJZMUl6cjFhMEV3SXZ3a0lLeEtuNDZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVEAMA0G
CSqGSIb3DQEBCwUAA4IBAQCcdGZdOXhLzDPwykkPuBsOB/XmISi/6YalAK4YLu8q
5R6WiqdJGr7nHHv6IKMJ0V4d3ce2Jns6hYpuOYV2IcN3vcTYrmQl3BCcsGOf4fG0
OpZteTT2A5MIm+1mRkGLLbvEt58QG5vEYcoIrYlubdT8bPluNtgJjQACv0joAlfV
MG8TWRZ4TD9QKe7trt2yZUpHVjMJZQE0axvfTj8MToRzqXq14i2GqtFMz5KTrwNk
z+7hKIjGLYDZWYPjQMEviFnVF1ltc3ZPkRI5RIyyAbEz4Mlh+MgOUm8rKa7WIi5d
3qhueDAcOkIpoj856NwMl8e6tT78aMHGMRhkMe8MUFsG
-----END CERTIFICATE-----