Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/54a65b-cf0b-498f-80d4-bc584b36cbef/1/jgufP0nlO7kJAH3UTLJ4prTJpsI.roa
File:                     jgufP0nlO7kJAH3UTLJ4prTJpsI.roa (raw, json)
Hash identifier:          d8qrWax5diAzlx/d6IxXY92PYcThDm5I2piamtEAD54=
Subject key identifier:   8E:0B:9F:3F:49:E5:3B:B9:09:00:7D:D4:4C:B2:78:A6:B4:C9:A6:C2
Certificate issuer:       /CN=79e24b47f8943cad6e04c9f646cb1077c140fdfb
Certificate serial:       018D1C2484921AAD5D325E542067E62974CD
Authority key identifier: 79:E2:4B:47:F8:94:3C:AD:6E:04:C9:F6:46:CB:10:77:C1:40:FD:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eeJLR_iUPK1uBMn2RssQd8FA_fs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/54a65b-cf0b-498f-80d4-bc584b36cbef/1/jgufP0nlO7kJAH3UTLJ4prTJpsI.roa
Signing time:             Thu 18 Jan 2024 10:36:11 +0000
ROA not before:           Thu 18 Jan 2024 10:36:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43317
IP address blocks:        77.73.64.0/21 maxlen: 21
                          94.242.48.0/20 maxlen: 20
                          185.22.172.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/54a65b-cf0b-498f-80d4-bc584b36cbef/1/eeJLR_iUPK1uBMn2RssQd8FA_fs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/54a65b-cf0b-498f-80d4-bc584b36cbef/1/eeJLR_iUPK1uBMn2RssQd8FA_fs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eeJLR_iUPK1uBMn2RssQd8FA_fs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 12:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:1c:24:84:92:1a:ad:5d:32:5e:54:20:67:e6:29:74:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=79e24b47f8943cad6e04c9f646cb1077c140fdfb
        Validity
            Not Before: Jan 18 10:36:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8e0b9f3f49e53bb909007dd44cb278a6b4c9a6c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:3d:db:9c:06:81:b9:df:be:d6:c1:c0:d1:9b:
                    55:07:11:8d:18:0c:4e:5e:d7:25:43:ee:8a:ab:1a:
                    0c:77:0c:43:4c:2c:9f:cc:fc:32:e0:07:37:07:e2:
                    d5:f6:d5:8f:82:e0:4d:1b:32:af:e9:a5:77:ff:83:
                    2d:3c:8a:b0:b3:df:7d:e1:ab:51:44:d1:05:5d:12:
                    36:2c:76:4e:3d:d7:c2:6b:b2:4b:ed:a8:5c:61:4a:
                    f8:f1:7c:d3:4f:5a:20:ab:91:a5:57:92:17:d9:9e:
                    cd:cc:18:4e:00:fc:74:8c:4f:07:db:b3:1f:c6:cb:
                    d1:e2:3a:95:74:20:6c:f7:4c:8b:b7:34:11:06:a5:
                    5e:a2:97:c1:67:1f:fc:04:f7:a0:5f:52:aa:06:7f:
                    ee:9c:bd:bd:59:8e:3b:1b:cd:6a:8e:2b:32:d2:54:
                    6d:19:dc:aa:17:13:cd:f4:b4:a3:9c:0c:73:9a:06:
                    03:dd:ac:9d:c0:0a:77:f1:7a:2c:c0:25:b0:d8:a4:
                    7c:71:80:53:36:1b:4f:c8:ec:bf:ee:ba:2b:a4:94:
                    0b:2a:2e:3b:76:f4:4e:4e:d0:03:5d:23:33:3e:2e:
                    57:be:36:7a:12:f1:7d:c1:19:be:42:f2:2b:8d:bb:
                    cc:97:df:6d:c3:7d:52:33:c0:0f:f5:df:2a:37:c8:
                    d9:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:0B:9F:3F:49:E5:3B:B9:09:00:7D:D4:4C:B2:78:A6:B4:C9:A6:C2
            X509v3 Authority Key Identifier:
                keyid:79:E2:4B:47:F8:94:3C:AD:6E:04:C9:F6:46:CB:10:77:C1:40:FD:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eeJLR_iUPK1uBMn2RssQd8FA_fs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/54a65b-cf0b-498f-80d4-bc584b36cbef/1/jgufP0nlO7kJAH3UTLJ4prTJpsI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/54a65b-cf0b-498f-80d4-bc584b36cbef/1/eeJLR_iUPK1uBMn2RssQd8FA_fs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.73.64.0/21
                  94.242.48.0/20
                  185.22.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         51:ce:8b:44:4f:af:1d:2b:80:f2:3d:05:8d:ae:46:43:02:83:
         89:16:9a:7d:04:00:9f:3f:a8:71:48:14:eb:52:af:ac:70:32:
         11:46:3a:a7:44:dd:9f:26:88:a9:6a:84:cd:c1:f5:27:17:8e:
         e5:f5:2f:53:cc:a3:3a:59:36:e4:25:84:99:14:78:4d:af:22:
         28:d7:48:38:cf:d6:c9:5a:4a:88:8f:ce:5b:2d:9b:fa:75:4c:
         ba:cf:23:d3:3d:00:7b:b2:7d:9e:c8:f9:41:f8:3a:0c:ac:84:
         ab:95:bc:4a:f4:d2:f9:af:e2:7d:d5:f6:5a:40:79:81:58:3b:
         88:3d:88:f4:54:98:7e:3e:b2:2f:27:03:18:69:29:5f:a6:a5:
         d8:ae:ba:27:a8:98:2b:67:31:db:6e:98:77:cb:0d:25:e3:b3:
         ef:95:45:a7:57:2f:30:4d:85:a5:6e:dc:c0:bf:ec:4e:da:61:
         58:c8:2c:55:a6:01:3d:17:4d:5d:10:84:ab:2b:30:fd:c1:b4:
         30:73:07:35:aa:89:93:89:1f:54:13:6d:d0:cb:fa:da:b0:c2:
         fc:9e:bb:6a:2f:14:ba:bf:7e:fa:32:a3:1e:68:37:2e:91:65:
         23:90:55:9e:ad:29:f9:43:4f:e5:e8:5d:1f:b3:27:f5:7b:5f:
         ae:91:e3:72
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY0cJISSGq1dMl5UIGfmKXTNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5ZTI0YjQ3Zjg5NDNjYWQ2ZTA0YzlmNjQ2Y2IxMDc3YzE0
MGZkZmIwHhcNMjQwMTE4MTAzNjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTBiOWYzZjQ5ZTUzYmI5MDkwMDdkZDQ0Y2IyNzhhNmI0YzlhNmMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnj3bnAaBud++1sHA0ZtVBxGNGAxO
XtclQ+6KqxoMdwxDTCyfzPwy4Ac3B+LV9tWPguBNGzKv6aV3/4MtPIqws9994atR
RNEFXRI2LHZOPdfCa7JL7ahcYUr48XzTT1ogq5GlV5IX2Z7NzBhOAPx0jE8H27Mf
xsvR4jqVdCBs90yLtzQRBqVeopfBZx/8BPegX1KqBn/unL29WY47G81qjisy0lRt
GdyqFxPN9LSjnAxzmgYD3aydwAp38XoswCWw2KR8cYBTNhtPyOy/7rorpJQLKi47
dvROTtADXSMzPi5XvjZ6EvF9wRm+QvIrjbvMl99tw31SM8AP9d8qN8jZmwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFI4Lnz9J5Tu5CQB91EyyeKa0yabCMB8GA1UdIwQY
MBaAFHniS0f4lDytbgTJ9kbLEHfBQP37MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWVKTFJfaVVQSzF1Qk1uMlJzc1FkOEZBX2ZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi81NGE2NWItY2YwYi00OThmLTgwZDQt
YmM1ODRiMzZjYmVmLzEvamd1ZlAwbmxPN2tKQUgzVVRMSjRwclRKcHNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi81NGE2NWItY2YwYi00OThmLTgwZDQtYmM1ODRiMzZjYmVm
LzEvZWVKTFJfaVVQSzF1Qk1uMlJzc1FkOEZBX2ZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDTUlAAwQE
XvIwAwQCuRasMA0GCSqGSIb3DQEBCwUAA4IBAQBRzotET68dK4DyPQWNrkZDAoOJ
Fpp9BACfP6hxSBTrUq+scDIRRjqnRN2fJoipaoTNwfUnF47l9S9TzKM6WTbkJYSZ
FHhNryIo10g4z9bJWkqIj85bLZv6dUy6zyPTPQB7sn2eyPlB+DoMrISrlbxK9NL5
r+J91fZaQHmBWDuIPYj0VJh+PrIvJwMYaSlfpqXYrronqJgrZzHbbph3yw0l47Pv
lUWnVy8wTYWlbtzAv+xO2mFYyCxVpgE9F01dEISrKzD9wbQwcwc1qomTiR9UE23Q
y/rasML8nrtqLxS6v376MqMeaDcukWUjkFWerSn5Q0/l6F0fsyf1e1+ukeNy
-----END CERTIFICATE-----