Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/54c70d-f57a-4a56-b20c-1399ad37c4e3/1/FIyTe6Z5c9SlUs06XwKmTie5dUo.roa
File:                     FIyTe6Z5c9SlUs06XwKmTie5dUo.roa (raw, json)
Hash identifier:          uOWoCbldz8pcJx7RQheZzjsLIzs/KJyulSs2wwLgbgk=
Subject key identifier:   14:8C:93:7B:A6:79:73:D4:A5:52:CD:3A:5F:02:A6:4E:27:B9:75:4A
Certificate issuer:       /CN=432ebe0b60bae2ecbf21ef14fc5fdc9ddb9a3f21
Certificate serial:       01941FFA61ECFC99290E72385F8B83886906
Authority key identifier: 43:2E:BE:0B:60:BA:E2:EC:BF:21:EF:14:FC:5F:DC:9D:DB:9A:3F:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Qy6-C2C64uy_Ie8U_F_cnduaPyE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/54c70d-f57a-4a56-b20c-1399ad37c4e3/1/FIyTe6Z5c9SlUs06XwKmTie5dUo.roa
Signing time:             Wed 01 Jan 2025 03:48:10 +0000
ROA not before:           Wed 01 Jan 2025 03:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        77.73.208.0/24 maxlen: 24
                          77.73.209.0/24 maxlen: 24
                          77.73.210.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/54c70d-f57a-4a56-b20c-1399ad37c4e3/1/Qy6-C2C64uy_Ie8U_F_cnduaPyE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/54c70d-f57a-4a56-b20c-1399ad37c4e3/1/Qy6-C2C64uy_Ie8U_F_cnduaPyE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Qy6-C2C64uy_Ie8U_F_cnduaPyE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:61:ec:fc:99:29:0e:72:38:5f:8b:83:88:69:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=432ebe0b60bae2ecbf21ef14fc5fdc9ddb9a3f21
        Validity
            Not Before: Jan  1 03:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=148c937ba67973d4a552cd3a5f02a64e27b9754a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:c4:c7:69:6b:80:5b:2c:d7:30:58:e3:d1:ac:
                    e2:7c:a8:4b:2c:5c:d8:12:76:15:d6:94:d6:f5:77:
                    85:84:84:04:e6:71:6e:81:20:ee:37:38:f9:81:29:
                    84:01:64:ee:64:70:92:c5:6a:a7:42:82:b3:09:4c:
                    d4:a6:2b:63:f5:55:52:cd:56:b6:1f:9b:66:11:d1:
                    5d:bb:44:2a:a5:b6:d4:84:e8:96:58:41:7c:08:38:
                    b1:89:3a:29:c8:74:ea:99:ff:6d:44:4b:07:37:80:
                    36:e0:c1:b9:4f:57:da:4a:29:ab:ab:2f:21:35:18:
                    da:70:95:95:b0:c8:24:33:cd:80:5f:b2:aa:d2:19:
                    83:9a:92:25:08:b9:99:a6:27:a8:61:f9:ad:c6:6d:
                    c0:3c:c9:d1:54:0b:b3:5c:3f:e1:41:b7:c4:2f:25:
                    d5:7d:56:78:d3:94:42:49:ca:3c:16:8a:27:70:51:
                    e1:9a:83:51:86:56:24:78:89:0e:35:eb:f0:33:9a:
                    e6:14:bc:d5:d5:2c:e8:2f:5f:0f:3d:8b:81:fb:a9:
                    4f:a6:91:63:c9:33:97:0e:6f:f7:11:fa:9e:ff:3c:
                    1b:99:4c:e8:b7:4f:43:97:7f:92:60:37:78:eb:17:
                    9e:ac:75:71:33:20:6e:c7:35:da:3b:24:47:1b:4f:
                    a4:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:8C:93:7B:A6:79:73:D4:A5:52:CD:3A:5F:02:A6:4E:27:B9:75:4A
            X509v3 Authority Key Identifier:
                keyid:43:2E:BE:0B:60:BA:E2:EC:BF:21:EF:14:FC:5F:DC:9D:DB:9A:3F:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Qy6-C2C64uy_Ie8U_F_cnduaPyE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/54c70d-f57a-4a56-b20c-1399ad37c4e3/1/FIyTe6Z5c9SlUs06XwKmTie5dUo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/54c70d-f57a-4a56-b20c-1399ad37c4e3/1/Qy6-C2C64uy_Ie8U_F_cnduaPyE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.73.208.0-77.73.210.255

    Signature Algorithm: sha256WithRSAEncryption
         42:da:8c:a9:d3:c3:e9:7b:50:1b:c9:6b:ce:c7:25:52:d4:8a:
         f0:05:e7:ff:c2:42:98:0b:c2:e4:95:a4:2f:cb:ec:f8:f5:87:
         65:48:1c:ba:e5:10:34:00:3f:2e:89:f3:33:19:90:3b:79:4f:
         35:59:69:7f:b8:fa:5d:0d:02:8e:19:53:2d:e8:3a:28:50:d2:
         ab:93:ee:64:29:4c:54:b9:0c:a1:04:37:a1:0e:ba:21:11:af:
         72:f9:85:92:2e:c5:2d:a6:fd:5c:49:e1:61:7b:d9:49:70:b7:
         4e:52:01:ee:f1:d4:34:1d:5f:50:a1:48:5a:51:de:83:e3:7a:
         be:ef:0e:ee:b0:0b:dc:7a:41:f4:36:47:06:72:a7:76:64:10:
         6f:87:67:83:5d:40:6e:fa:ab:2f:c2:ed:1f:0a:2b:31:b8:21:
         6e:c2:7d:1c:f9:0c:b2:e5:3d:85:c6:6c:30:2f:ba:f5:98:85:
         b1:57:7c:1f:8d:f6:10:c1:6c:d5:f6:62:8c:6e:da:da:ec:a0:
         b9:64:b2:bb:b8:ae:de:d9:4a:57:25:06:a7:d9:44:6d:15:42:
         de:df:23:f5:0b:cf:79:ca:fb:09:62:b0:fc:df:c8:27:a4:6e:
         ee:c5:59:79:78:71:cc:15:30:40:0f:84:f8:95:b2:f4:31:75:
         02:45:8b:d8
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQf+mHs/JkpDnI4X4uDiGkGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzMmViZTBiNjBiYWUyZWNiZjIxZWYxNGZjNWZkYzlkZGI5
YTNmMjEwHhcNMjUwMTAxMDM0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDhjOTM3YmE2Nzk3M2Q0YTU1MmNkM2E1ZjAyYTY0ZTI3Yjk3NTRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwMTHaWuAWyzXMFjj0azifKhLLFzY
EnYV1pTW9XeFhIQE5nFugSDuNzj5gSmEAWTuZHCSxWqnQoKzCUzUpitj9VVSzVa2
H5tmEdFdu0QqpbbUhOiWWEF8CDixiTopyHTqmf9tREsHN4A24MG5T1faSimrqy8h
NRjacJWVsMgkM82AX7Kq0hmDmpIlCLmZpieoYfmtxm3APMnRVAuzXD/hQbfELyXV
fVZ405RCSco8FooncFHhmoNRhlYkeIkONevwM5rmFLzV1SzoL18PPYuB+6lPppFj
yTOXDm/3Efqe/zwbmUzot09Dl3+SYDd46xeerHVxMyBuxzXaOyRHG0+kXQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFBSMk3umeXPUpVLNOl8Cpk4nuXVKMB8GA1UdIwQY
MBaAFEMuvgtguuLsvyHvFPxf3J3bmj8hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXk2LUMyQzY0dXlfSWU4VV9GX2NuZHVhUHlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC81NGM3MGQtZjU3YS00YTU2LWIyMGMt
MTM5OWFkMzdjNGUzLzEvRkl5VGU2WjVjOVNsVXMwNlh3S21UaWU1ZFVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC81NGM3MGQtZjU3YS00YTU2LWIyMGMtMTM5OWFkMzdjNGUz
LzEvUXk2LUMyQzY0dXlfSWU4VV9GX2NuZHVhUHlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBARNSdAD
BABNSdIwDQYJKoZIhvcNAQELBQADggEBAELajKnTw+l7UBvJa87HJVLUivAF5//C
QpgLwuSVpC/L7Pj1h2VIHLrlEDQAPy6J8zMZkDt5TzVZaX+4+l0NAo4ZUy3oOihQ
0quT7mQpTFS5DKEEN6EOuiERr3L5hZIuxS2m/VxJ4WF72Ulwt05SAe7x1DQdX1Ch
SFpR3oPjer7vDu6wC9x6QfQ2RwZyp3ZkEG+HZ4NdQG76qy/C7R8KKzG4IW7CfRz5
DLLlPYXGbDAvuvWYhbFXfB+N9hDBbNX2Yoxu2trsoLlksru4rt7ZSlclBqfZRG0V
Qt7fI/ULz3nK+wlisPzfyCekbu7FWXl4ccwVMEAPhPiVsvQxdQJFi9g=
-----END CERTIFICATE-----