Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/195893-699b-45b4-a03d-0db50bff944a/1/fjW9QPCz0TS-ACNyYaY_QLJwJMA.roa
File:                     fjW9QPCz0TS-ACNyYaY_QLJwJMA.roa (raw, json)
Hash identifier:          BS4ARye4rmNsonmK7zO+va5gFUB5h2N9FvebpIEEibQ=
Subject key identifier:   7E:35:BD:40:F0:B3:D1:34:BE:00:23:72:61:A6:3F:40:B2:70:24:C0
Certificate issuer:       /CN=c969dcbc33e8010438129282d37ad4e8bf84b81f
Certificate serial:       018CC5DC66012E58E3B6DC650BF7C5F9B344
Authority key identifier: C9:69:DC:BC:33:E8:01:04:38:12:92:82:D3:7A:D4:E8:BF:84:B8:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yWncvDPoAQQ4EpKC03rU6L-EuB8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c9/195893-699b-45b4-a03d-0db50bff944a/1/fjW9QPCz0TS-ACNyYaY_QLJwJMA.roa
Signing time:             Mon 01 Jan 2024 16:30:04 +0000
ROA not before:           Mon 01 Jan 2024 16:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42818
IP address blocks:        77.244.80.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c9/195893-699b-45b4-a03d-0db50bff944a/1/yWncvDPoAQQ4EpKC03rU6L-EuB8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c9/195893-699b-45b4-a03d-0db50bff944a/1/yWncvDPoAQQ4EpKC03rU6L-EuB8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yWncvDPoAQQ4EpKC03rU6L-EuB8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 14:49:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:66:01:2e:58:e3:b6:dc:65:0b:f7:c5:f9:b3:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c969dcbc33e8010438129282d37ad4e8bf84b81f
        Validity
            Not Before: Jan  1 16:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7e35bd40f0b3d134be00237261a63f40b27024c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:58:fb:01:2e:63:66:0a:05:6a:b1:6d:0c:92:
                    ae:f9:29:23:a5:80:b9:ed:fd:00:25:0e:91:34:b4:
                    18:bd:0d:7f:0f:3e:52:e1:2b:fb:38:da:4a:22:1b:
                    6c:d9:9a:de:a0:78:73:41:5b:b4:fc:60:be:bd:fc:
                    4e:2a:4d:76:3b:68:55:a2:c9:c2:0e:11:c1:84:17:
                    42:4c:71:25:80:fd:aa:61:32:d9:21:06:a6:c6:53:
                    fe:dd:5b:f6:3e:f5:ac:d0:4d:bf:3a:a3:8a:8f:27:
                    dc:8a:2d:fd:7c:4f:9e:cb:7f:15:b8:ff:aa:b1:57:
                    7a:61:15:80:56:06:dc:b9:42:3b:75:0c:e6:13:81:
                    7a:f6:5a:d3:44:98:53:99:c1:59:49:7f:18:38:0d:
                    d5:91:78:9b:f7:c5:f6:bc:2f:a1:b2:22:9b:2f:9f:
                    ed:76:63:ad:8e:fb:73:aa:e0:48:33:50:fa:f4:8d:
                    44:6e:71:60:58:dd:02:c5:db:18:93:fc:7d:d7:e3:
                    66:b1:99:d5:b5:a6:5d:b4:6b:bb:d2:f1:ec:e0:50:
                    e5:61:0a:46:2a:19:33:67:60:48:fd:35:2b:f6:2c:
                    01:4c:97:3d:49:43:99:e7:7b:ad:0b:32:87:f2:41:
                    bf:68:3c:66:b4:04:af:04:5d:51:c0:bd:4c:fb:df:
                    e9:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:35:BD:40:F0:B3:D1:34:BE:00:23:72:61:A6:3F:40:B2:70:24:C0
            X509v3 Authority Key Identifier:
                keyid:C9:69:DC:BC:33:E8:01:04:38:12:92:82:D3:7A:D4:E8:BF:84:B8:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yWncvDPoAQQ4EpKC03rU6L-EuB8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/195893-699b-45b4-a03d-0db50bff944a/1/fjW9QPCz0TS-ACNyYaY_QLJwJMA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/195893-699b-45b4-a03d-0db50bff944a/1/yWncvDPoAQQ4EpKC03rU6L-EuB8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.244.80.0/20

    Signature Algorithm: sha256WithRSAEncryption
         62:31:88:a7:47:2e:93:1f:31:14:ec:94:31:0f:a6:55:b1:f6:
         5b:50:d6:e3:3d:50:10:ec:71:5b:60:c6:2d:6e:4d:cf:a1:9b:
         33:3c:40:03:2a:2d:ff:9c:93:5d:00:aa:85:84:b7:d6:2b:f4:
         3e:50:a4:42:ec:80:e4:dd:0d:ea:ae:9b:cf:43:b0:e8:1a:b8:
         56:ab:8d:ff:b4:5f:fd:36:c9:51:cb:32:62:67:3d:41:50:f0:
         6d:66:46:bc:bd:47:38:fa:4c:e3:7e:e1:a0:87:57:a8:67:dd:
         0b:4d:a0:32:5a:34:bc:17:70:a6:d9:af:cf:b2:5d:28:18:0c:
         00:92:cf:c1:ad:a9:98:60:62:13:25:1c:26:02:a1:75:da:f7:
         11:b1:f8:bc:a4:ac:8b:2f:4b:67:bc:fe:d8:db:3e:97:9e:d8:
         3e:bd:ff:22:9c:6a:d7:fb:78:3a:23:90:fe:a8:c8:12:f7:cf:
         10:95:08:fc:22:d4:e1:99:da:f4:ad:b3:a0:2d:c3:08:63:1d:
         a0:bd:3a:24:42:3e:7b:54:5e:ac:79:7b:46:67:53:ed:0d:b2:
         19:01:9e:87:9c:3c:24:c4:bb:70:3c:16:06:f3:cd:36:9b:7f:
         12:72:03:5e:51:f9:71:63:3c:14:a7:87:06:1e:bd:94:01:57:
         73:01:02:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3GYBLljjttxlC/fF+bNEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5NjlkY2JjMzNlODAxMDQzODEyOTI4MmQzN2FkNGU4YmY4
NGI4MWYwHhcNMjQwMTAxMTYzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTM1YmQ0MGYwYjNkMTM0YmUwMDIzNzI2MWE2M2Y0MGIyNzAyNGMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhlj7AS5jZgoFarFtDJKu+SkjpYC5
7f0AJQ6RNLQYvQ1/Dz5S4Sv7ONpKIhts2ZreoHhzQVu0/GC+vfxOKk12O2hVosnC
DhHBhBdCTHElgP2qYTLZIQamxlP+3Vv2PvWs0E2/OqOKjyfcii39fE+ey38VuP+q
sVd6YRWAVgbcuUI7dQzmE4F69lrTRJhTmcFZSX8YOA3VkXib98X2vC+hsiKbL5/t
dmOtjvtzquBIM1D69I1EbnFgWN0CxdsYk/x91+NmsZnVtaZdtGu70vHs4FDlYQpG
KhkzZ2BI/TUr9iwBTJc9SUOZ53utCzKH8kG/aDxmtASvBF1RwL1M+9/p7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH41vUDws9E0vgAjcmGmP0CycCTAMB8GA1UdIwQY
MBaAFMlp3Lwz6AEEOBKSgtN61Oi/hLgfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveVduY3ZEUG9BUVE0RXBLQzAzclU2TC1FdUI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS8xOTU4OTMtNjk5Yi00NWI0LWEwM2Qt
MGRiNTBiZmY5NDRhLzEvZmpXOVFQQ3owVFMtQUNOeVlhWV9RTEp3Sk1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS8xOTU4OTMtNjk5Yi00NWI0LWEwM2QtMGRiNTBiZmY5NDRh
LzEveVduY3ZEUG9BUVE0RXBLQzAzclU2TC1FdUI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQETfRQMA0G
CSqGSIb3DQEBCwUAA4IBAQBiMYinRy6THzEU7JQxD6ZVsfZbUNbjPVAQ7HFbYMYt
bk3PoZszPEADKi3/nJNdAKqFhLfWK/Q+UKRC7IDk3Q3qrpvPQ7DoGrhWq43/tF/9
NslRyzJiZz1BUPBtZka8vUc4+kzjfuGgh1eoZ90LTaAyWjS8F3Cm2a/Psl0oGAwA
ks/BramYYGITJRwmAqF12vcRsfi8pKyLL0tnvP7Y2z6Xntg+vf8inGrX+3g6I5D+
qMgS988QlQj8ItThmdr0rbOgLcMIYx2gvTokQj57VF6seXtGZ1PtDbIZAZ6HnDwk
xLtwPBYG8802m38ScgNeUflxYzwUp4cGHr2UAVdzAQLb
-----END CERTIFICATE-----