Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/f819cc-b294-460e-8be4-86e24260516f/1/lSi0kTGzn2fZQ79DDpFPyNvNhWI.roa
File:                     lSi0kTGzn2fZQ79DDpFPyNvNhWI.roa (raw, json)
Hash identifier:          F0jv7qe5DmHgW7kJgMByEcK9/LyeESyPvMnKoboRIjc=
Subject key identifier:   95:28:B4:91:31:B3:9F:67:D9:43:BF:43:0E:91:4F:C8:DB:CD:85:62
Certificate issuer:       /CN=cea79dcd5a3dee450eaf3f93152ed6da806bbf71
Certificate serial:       01963E8F72102C288C11EFE2AA2641B469BC
Authority key identifier: CE:A7:9D:CD:5A:3D:EE:45:0E:AF:3F:93:15:2E:D6:DA:80:6B:BF:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zqedzVo97kUOrz-TFS7W2oBrv3E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/f819cc-b294-460e-8be4-86e24260516f/1/lSi0kTGzn2fZQ79DDpFPyNvNhWI.roa
Signing time:             Wed 16 Apr 2025 12:25:10 +0000
ROA not before:           Wed 16 Apr 2025 12:25:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44970
IP address blocks:        77.88.234.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/f819cc-b294-460e-8be4-86e24260516f/1/zqedzVo97kUOrz-TFS7W2oBrv3E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/f819cc-b294-460e-8be4-86e24260516f/1/zqedzVo97kUOrz-TFS7W2oBrv3E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zqedzVo97kUOrz-TFS7W2oBrv3E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:3e:8f:72:10:2c:28:8c:11:ef:e2:aa:26:41:b4:69:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cea79dcd5a3dee450eaf3f93152ed6da806bbf71
        Validity
            Not Before: Apr 16 12:25:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9528b49131b39f67d943bf430e914fc8dbcd8562
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:82:cc:28:1a:ec:13:86:c4:2a:21:a1:2e:9b:
                    09:e4:83:4f:ec:d6:fd:69:a0:34:39:cc:6b:24:5b:
                    e6:51:fc:26:a0:98:53:d1:89:f3:c4:63:8b:e8:e9:
                    3a:63:f4:e9:35:93:5a:12:ec:3e:c5:84:b5:c8:d9:
                    96:e0:8e:13:6f:33:d6:90:84:31:c5:5d:95:5d:6f:
                    5b:9d:ac:fc:79:7b:a3:36:ce:9f:31:1f:9e:61:18:
                    2f:55:93:6d:54:d0:a9:90:d2:50:f6:da:d6:07:64:
                    3e:45:60:27:fe:da:dd:1e:f8:55:f0:53:6e:07:40:
                    57:ab:11:13:b7:23:f4:74:28:8b:ec:ea:b5:9f:c7:
                    c2:cc:3d:f9:e2:9d:88:25:00:41:52:d0:0b:f5:30:
                    e5:66:35:20:02:da:c7:a5:35:f1:ed:7e:b6:bb:02:
                    ca:4c:23:c6:f4:9d:b7:d0:ca:12:f5:98:9e:d6:58:
                    34:6a:11:ff:19:71:f5:55:35:c5:06:e9:be:3d:ef:
                    81:fb:ac:9b:08:2e:65:02:85:65:f5:6c:4c:e6:e8:
                    30:71:e2:c6:85:f3:17:61:d1:b1:d9:d8:f2:dd:1d:
                    1a:0b:82:e7:50:db:b7:c6:2d:df:10:c4:6a:e7:7e:
                    e4:12:b9:6b:14:70:34:45:6f:68:d6:b1:c8:f6:2b:
                    30:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:28:B4:91:31:B3:9F:67:D9:43:BF:43:0E:91:4F:C8:DB:CD:85:62
            X509v3 Authority Key Identifier:
                keyid:CE:A7:9D:CD:5A:3D:EE:45:0E:AF:3F:93:15:2E:D6:DA:80:6B:BF:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zqedzVo97kUOrz-TFS7W2oBrv3E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/f819cc-b294-460e-8be4-86e24260516f/1/lSi0kTGzn2fZQ79DDpFPyNvNhWI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/f819cc-b294-460e-8be4-86e24260516f/1/zqedzVo97kUOrz-TFS7W2oBrv3E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.88.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:52:68:aa:e5:d0:c8:16:24:cf:81:08:7f:5d:29:51:68:b8:
         88:18:b2:22:76:cc:16:73:8b:9b:cb:53:33:4f:66:a8:00:31:
         04:41:95:bf:91:95:8d:26:15:d2:44:ae:a5:8b:87:cc:19:0a:
         af:16:f8:1e:1d:35:d1:1a:df:ca:6c:33:ef:90:fa:e7:b1:8f:
         34:f8:74:27:25:9d:18:fc:7c:aa:87:ce:9e:c3:3c:ae:9d:9c:
         a1:b9:38:dc:51:49:9a:24:34:43:0f:44:fd:7d:58:ab:d4:67:
         6a:6b:53:14:a7:dc:d4:ce:fb:87:4e:2a:d9:a1:47:65:3f:6d:
         56:c7:d7:b0:70:15:f8:ae:c0:96:df:7a:6b:fb:90:2f:37:69:
         13:0a:ac:f9:7b:90:d7:15:77:39:6e:fb:f6:6a:36:e3:4a:b5:
         6e:88:e8:82:10:5e:6f:ff:13:72:81:6f:2b:e6:d7:e9:1b:3c:
         07:ff:ea:e4:9a:41:9f:f5:5d:7b:75:1c:b1:c7:34:47:e2:00:
         df:5f:08:09:11:9c:ea:68:6d:4b:7a:20:6c:f0:5d:bc:57:ed:
         fa:66:ab:98:37:d0:b6:46:5d:ea:6b:d4:7e:43:a3:c4:35:c9:
         12:17:0b:4f:59:d9:56:d1:9f:c3:c0:71:2f:87:30:35:af:94:
         a7:b6:94:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZY+j3IQLCiMEe/iqiZBtGm8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlYTc5ZGNkNWEzZGVlNDUwZWFmM2Y5MzE1MmVkNmRhODA2
YmJmNzEwHhcNMjUwNDE2MTIyNTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTI4YjQ5MTMxYjM5ZjY3ZDk0M2JmNDMwZTkxNGZjOGRiY2Q4NTYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnYLMKBrsE4bEKiGhLpsJ5INP7Nb9
aaA0OcxrJFvmUfwmoJhT0YnzxGOL6Ok6Y/TpNZNaEuw+xYS1yNmW4I4TbzPWkIQx
xV2VXW9bnaz8eXujNs6fMR+eYRgvVZNtVNCpkNJQ9trWB2Q+RWAn/trdHvhV8FNu
B0BXqxETtyP0dCiL7Oq1n8fCzD354p2IJQBBUtAL9TDlZjUgAtrHpTXx7X62uwLK
TCPG9J230MoS9Zie1lg0ahH/GXH1VTXFBum+Pe+B+6ybCC5lAoVl9WxM5ugwceLG
hfMXYdGx2djy3R0aC4LnUNu3xi3fEMRq537kErlrFHA0RW9o1rHI9iswSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJUotJExs59n2UO/Qw6RT8jbzYViMB8GA1UdIwQY
MBaAFM6nnc1aPe5FDq8/kxUu1tqAa79xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenFlZHpWbzk3a1VPcnotVEZTN1cyb0JydjNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9mODE5Y2MtYjI5NC00NjBlLThiZTQt
ODZlMjQyNjA1MTZmLzEvbFNpMGtUR3puMmZaUTc5RERwRlB5TnZOaFdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9mODE5Y2MtYjI5NC00NjBlLThiZTQtODZlMjQyNjA1MTZm
LzEvenFlZHpWbzk3a1VPcnotVEZTN1cyb0JydjNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVjqMA0G
CSqGSIb3DQEBCwUAA4IBAQAxUmiq5dDIFiTPgQh/XSlRaLiIGLIidswWc4uby1Mz
T2aoADEEQZW/kZWNJhXSRK6li4fMGQqvFvgeHTXRGt/KbDPvkPrnsY80+HQnJZ0Y
/Hyqh86ewzyunZyhuTjcUUmaJDRDD0T9fVir1Gdqa1MUp9zUzvuHTirZoUdlP21W
x9ewcBX4rsCW33pr+5AvN2kTCqz5e5DXFXc5bvv2ajbjSrVuiOiCEF5v/xNygW8r
5tfpGzwH/+rkmkGf9V17dRyxxzRH4gDfXwgJEZzqaG1LeiBs8F28V+36ZquYN9C2
Rl3qa9R+Q6PENckSFwtPWdlW0Z/DwHEvhzA1r5SntpTr
-----END CERTIFICATE-----