Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/_woB-k25EN7z3XiAHe5D8zDoVYg.roa
File:                     _woB-k25EN7z3XiAHe5D8zDoVYg.roa (raw, json)
Hash identifier:          nnsux1v/Rb73Uz9STxcZ4/1rSuUiYU+/hRWd+ppanE0=
Subject key identifier:   FF:0A:01:FA:4D:B9:10:DE:F3:DD:78:80:1D:EE:43:F3:30:E8:55:88
Certificate issuer:       /CN=c378bc3bd350eedc4f377c224556b250da6dde6f
Certificate serial:       018CC424A025EE2AF75E7AEF572E8C008B82
Authority key identifier: C3:78:BC:3B:D3:50:EE:DC:4F:37:7C:22:45:56:B2:50:DA:6D:DE:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w3i8O9NQ7txPN3wiRVayUNpt3m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/_woB-k25EN7z3XiAHe5D8zDoVYg.roa
Signing time:             Mon 01 Jan 2024 08:29:43 +0000
ROA not before:           Mon 01 Jan 2024 08:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     54825
IP address blocks:        77.37.84.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/w3i8O9NQ7txPN3wiRVayUNpt3m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/w3i8O9NQ7txPN3wiRVayUNpt3m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w3i8O9NQ7txPN3wiRVayUNpt3m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:a0:25:ee:2a:f7:5e:7a:ef:57:2e:8c:00:8b:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c378bc3bd350eedc4f377c224556b250da6dde6f
        Validity
            Not Before: Jan  1 08:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ff0a01fa4db910def3dd78801dee43f330e85588
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:08:12:11:5a:d4:56:bb:20:5e:ae:14:ed:06:
                    dd:ed:fc:57:a0:ac:5e:85:ba:78:07:23:7f:45:cc:
                    83:a5:40:a7:d3:b3:bc:d6:bf:ff:31:b0:f9:7a:83:
                    e7:0f:76:b9:c4:3f:02:f0:ba:57:14:db:dd:9d:d6:
                    c2:aa:b7:ff:b8:4c:85:3e:86:b7:f6:50:8a:28:64:
                    eb:50:b7:ce:d9:42:82:a8:59:6d:65:ef:8a:10:3c:
                    31:52:01:a2:77:b5:af:f0:8c:15:17:83:e0:85:6f:
                    8f:b7:52:25:47:8b:3b:4e:97:05:14:fa:b1:6f:97:
                    14:a1:3b:07:a0:8e:93:54:91:32:30:95:69:cd:e7:
                    86:2e:33:08:99:c1:aa:91:2f:24:73:70:4c:45:64:
                    cb:b6:6e:fa:cc:09:72:13:3b:ab:fa:b4:44:ca:5a:
                    a7:10:30:61:9b:9b:0c:1d:85:80:d2:38:f4:d8:44:
                    fe:f0:7c:cb:11:00:7f:79:5e:4a:19:ad:d8:34:38:
                    78:fc:a5:f7:cd:ca:eb:64:08:69:80:0e:81:1c:ac:
                    59:fd:07:0d:52:02:02:58:56:df:2f:0c:0a:70:58:
                    73:53:46:54:60:94:01:df:ac:b8:d1:8f:6f:74:17:
                    40:23:c1:ea:bc:8b:07:d9:7e:27:e3:b8:c1:90:bd:
                    b7:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:0A:01:FA:4D:B9:10:DE:F3:DD:78:80:1D:EE:43:F3:30:E8:55:88
            X509v3 Authority Key Identifier:
                keyid:C3:78:BC:3B:D3:50:EE:DC:4F:37:7C:22:45:56:B2:50:DA:6D:DE:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w3i8O9NQ7txPN3wiRVayUNpt3m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/_woB-k25EN7z3XiAHe5D8zDoVYg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/w3i8O9NQ7txPN3wiRVayUNpt3m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.37.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:3f:4c:fc:fd:58:48:08:ef:7a:f4:26:5e:6e:93:f9:d5:b2:
         8e:ce:e4:e9:25:37:21:c8:6d:fc:c5:5f:64:e9:57:82:3f:c3:
         60:eb:0d:8d:5a:18:de:d7:de:c9:b4:7c:ff:4c:b6:01:4c:b7:
         bb:ca:40:25:89:7a:c8:d4:48:18:67:08:b0:05:a3:d9:1f:dd:
         b0:2d:6c:07:a6:f8:f2:e8:79:01:32:e2:8b:df:0e:59:7f:f5:
         5b:6d:9c:24:64:33:86:7d:61:64:18:cc:24:18:4c:8f:63:4b:
         23:03:4c:72:1c:4c:67:42:81:6d:76:85:83:90:b2:4e:e3:32:
         69:2d:c3:d0:c3:93:af:2b:a4:28:c0:6d:1b:c3:cc:45:51:41:
         13:22:e6:54:40:2d:b5:00:e5:1b:01:17:6c:5f:ff:76:71:63:
         01:8c:b0:a1:a1:b6:bf:06:91:3c:70:04:7e:33:e6:53:91:f0:
         d7:50:3b:10:27:8c:4b:08:f9:a2:58:39:b0:dd:62:18:71:cd:
         8b:c6:67:dd:8c:0a:18:4e:ed:a3:6a:25:31:93:49:e4:cf:4c:
         97:bd:f7:61:c8:6d:24:b9:f5:b9:85:6f:d8:95:53:dd:22:d6:
         0b:de:d6:95:fb:34:dc:12:a9:c8:94:8e:53:72:ec:bc:4f:dc:
         b4:09:48:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJKAl7ir3XnrvVy6MAIuCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNzhiYzNiZDM1MGVlZGM0ZjM3N2MyMjQ1NTZiMjUwZGE2
ZGRlNmYwHhcNMjQwMTAxMDgyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjBhMDFmYTRkYjkxMGRlZjNkZDc4ODAxZGVlNDNmMzMwZTg1NTg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApQgSEVrUVrsgXq4U7Qbd7fxXoKxe
hbp4ByN/RcyDpUCn07O81r//MbD5eoPnD3a5xD8C8LpXFNvdndbCqrf/uEyFPoa3
9lCKKGTrULfO2UKCqFltZe+KEDwxUgGid7Wv8IwVF4PghW+Pt1IlR4s7TpcFFPqx
b5cUoTsHoI6TVJEyMJVpzeeGLjMImcGqkS8kc3BMRWTLtm76zAlyEzur+rREylqn
EDBhm5sMHYWA0jj02ET+8HzLEQB/eV5KGa3YNDh4/KX3zcrrZAhpgA6BHKxZ/QcN
UgICWFbfLwwKcFhzU0ZUYJQB36y40Y9vdBdAI8HqvIsH2X4n47jBkL23RwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP8KAfpNuRDe8914gB3uQ/Mw6FWIMB8GA1UdIwQY
MBaAFMN4vDvTUO7cTzd8IkVWslDabd5vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzNpOE85TlE3dHhQTjN3aVJWYXlVTnB0M204LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi9iZTY2ZTQtZjE0Yi00YjMxLWJkYWYt
NDQxNDU1OGZkY2JiLzEvX3dvQi1rMjVFTjd6M1hpQUhlNUQ4ekRvVllnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi9iZTY2ZTQtZjE0Yi00YjMxLWJkYWYtNDQxNDU1OGZkY2Ji
LzEvdzNpOE85TlE3dHhQTjN3aVJWYXlVTnB0M204LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATSVUMA0G
CSqGSIb3DQEBCwUAA4IBAQCoP0z8/VhICO969CZebpP51bKOzuTpJTchyG38xV9k
6VeCP8Ng6w2NWhje197JtHz/TLYBTLe7ykAliXrI1EgYZwiwBaPZH92wLWwHpvjy
6HkBMuKL3w5Zf/VbbZwkZDOGfWFkGMwkGEyPY0sjA0xyHExnQoFtdoWDkLJO4zJp
LcPQw5OvK6QowG0bw8xFUUETIuZUQC21AOUbARdsX/92cWMBjLChoba/BpE8cAR+
M+ZTkfDXUDsQJ4xLCPmiWDmw3WIYcc2LxmfdjAoYTu2jaiUxk0nkz0yXvfdhyG0k
ufW5hW/YlVPdItYL3taV+zTcEqnIlI5Tcuy8T9y0CUgu
-----END CERTIFICATE-----