Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/ba0bd3-b365-4461-8ffa-1f5431e2a5af/1/iJ7kty974jPkWgzxQa34AvpfJzg.roa
File:                     iJ7kty974jPkWgzxQa34AvpfJzg.roa (raw, json)
Hash identifier:          f39eViBwQsbAY89QmdcG3WCS0jbc3aqJWKGT/0jNv9U=
Subject key identifier:   88:9E:E4:B7:2F:7B:E2:33:E4:5A:0C:F1:41:AD:F8:02:FA:5F:27:38
Certificate issuer:       /CN=d4ce2bf0001cd430e9277fb00ed1abe51c0b5c7c
Certificate serial:       0194B83BFC409F263B45922EA3EAEA076163
Authority key identifier: D4:CE:2B:F0:00:1C:D4:30:E9:27:7F:B0:0E:D1:AB:E5:1C:0B:5C:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1M4r8AAc1DDpJ3-wDtGr5RwLXHw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/ba0bd3-b365-4461-8ffa-1f5431e2a5af/1/iJ7kty974jPkWgzxQa34AvpfJzg.roa
Signing time:             Thu 30 Jan 2025 17:22:06 +0000
ROA not before:           Thu 30 Jan 2025 17:22:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60117
IP address blocks:        77.110.96.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/ba0bd3-b365-4461-8ffa-1f5431e2a5af/1/1M4r8AAc1DDpJ3-wDtGr5RwLXHw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/ba0bd3-b365-4461-8ffa-1f5431e2a5af/1/1M4r8AAc1DDpJ3-wDtGr5RwLXHw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1M4r8AAc1DDpJ3-wDtGr5RwLXHw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:b8:3b:fc:40:9f:26:3b:45:92:2e:a3:ea:ea:07:61:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4ce2bf0001cd430e9277fb00ed1abe51c0b5c7c
        Validity
            Not Before: Jan 30 17:22:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=889ee4b72f7be233e45a0cf141adf802fa5f2738
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:fb:60:4d:70:5b:8c:d9:b0:d5:6d:db:50:db:
                    fe:ad:49:64:0b:96:98:0b:fd:69:db:69:2e:53:4e:
                    b4:07:d9:a6:df:6b:05:1c:5a:d4:41:74:0d:79:92:
                    3c:81:5a:b3:a8:1d:fe:b5:ca:cf:bf:ce:9e:ec:2c:
                    13:66:60:26:f5:d2:2e:20:4f:2b:4d:a8:cc:87:fa:
                    01:e6:cb:93:df:73:83:02:12:69:e8:e4:83:80:db:
                    45:81:09:b5:92:29:96:3e:25:34:2a:25:63:99:d5:
                    d3:91:da:e3:b0:53:a2:c0:4d:c8:7d:96:31:09:60:
                    66:7a:06:f4:f4:75:59:4e:1e:b6:d2:36:45:d0:1d:
                    be:02:2f:8c:89:55:c1:b3:0a:6e:4b:26:5a:3e:f5:
                    93:e3:17:2b:ed:09:3b:1c:2c:bf:91:78:54:74:88:
                    92:81:32:8d:bf:d0:6a:d5:3d:6e:e1:91:3c:8d:89:
                    d2:6f:3e:70:e9:89:4f:6f:c2:e3:d0:41:34:8f:e6:
                    4d:cb:49:44:db:fd:c1:76:93:95:4b:ad:05:39:38:
                    d8:68:88:3b:59:47:c3:c0:f0:62:3b:ee:4b:95:9f:
                    92:3c:0e:e6:9f:4c:4e:4c:3b:67:1b:ef:47:31:40:
                    1f:c7:f7:3a:36:bb:e4:4b:1b:7d:2d:68:a2:83:37:
                    33:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:9E:E4:B7:2F:7B:E2:33:E4:5A:0C:F1:41:AD:F8:02:FA:5F:27:38
            X509v3 Authority Key Identifier:
                keyid:D4:CE:2B:F0:00:1C:D4:30:E9:27:7F:B0:0E:D1:AB:E5:1C:0B:5C:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1M4r8AAc1DDpJ3-wDtGr5RwLXHw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/ba0bd3-b365-4461-8ffa-1f5431e2a5af/1/iJ7kty974jPkWgzxQa34AvpfJzg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/ba0bd3-b365-4461-8ffa-1f5431e2a5af/1/1M4r8AAc1DDpJ3-wDtGr5RwLXHw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.110.96.0/19

    Signature Algorithm: sha256WithRSAEncryption
         67:a7:54:2b:fe:5c:53:1e:bb:0e:b8:19:46:0e:b8:46:fb:ff:
         69:d8:19:53:9e:a2:f5:27:78:e7:d0:c1:7d:fb:62:4b:b2:13:
         41:03:d2:6b:d3:23:51:33:1e:de:17:d1:34:d9:38:4b:6d:4d:
         8d:06:07:dc:67:8c:41:7f:27:49:39:50:f3:e7:69:4e:34:cc:
         cc:b3:97:5a:28:60:92:dc:72:dd:30:fe:30:89:e4:f1:6b:05:
         a2:85:25:99:bd:78:8b:26:17:37:65:93:2e:33:ce:94:07:b7:
         63:30:e0:49:3a:ba:3e:20:b4:40:2a:15:a5:98:f2:05:7b:b6:
         75:df:0e:82:1d:6d:0e:78:0a:39:31:da:34:a2:b6:ad:3c:06:
         3f:05:a2:41:65:1d:72:ca:af:a6:2a:b4:bc:59:6b:be:84:17:
         f9:5b:1b:dd:bc:fa:17:2c:50:f2:3e:f9:68:2d:64:70:a2:e0:
         d8:76:90:84:e8:b1:cb:2f:6c:df:fb:92:94:4d:5f:01:9b:e0:
         a2:dc:27:f4:b2:11:b2:25:34:95:7f:4f:28:40:75:74:1a:9f:
         de:87:58:c4:c6:60:bc:1d:fc:65:d3:ef:26:98:ba:f3:fe:5c:
         55:30:f1:0b:0d:48:3e:55:97:f8:a6:95:d0:78:12:74:92:18:
         53:fa:e9:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZS4O/xAnyY7RZIuo+rqB2FjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0Y2UyYmYwMDAxY2Q0MzBlOTI3N2ZiMDBlZDFhYmU1MWMw
YjVjN2MwHhcNMjUwMTMwMTcyMjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODllZTRiNzJmN2JlMjMzZTQ1YTBjZjE0MWFkZjgwMmZhNWYyNzM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjvtgTXBbjNmw1W3bUNv+rUlkC5aY
C/1p22kuU060B9mm32sFHFrUQXQNeZI8gVqzqB3+tcrPv86e7CwTZmAm9dIuIE8r
TajMh/oB5suT33ODAhJp6OSDgNtFgQm1kimWPiU0KiVjmdXTkdrjsFOiwE3IfZYx
CWBmegb09HVZTh620jZF0B2+Ai+MiVXBswpuSyZaPvWT4xcr7Qk7HCy/kXhUdIiS
gTKNv9Bq1T1u4ZE8jYnSbz5w6YlPb8Lj0EE0j+ZNy0lE2/3BdpOVS60FOTjYaIg7
WUfDwPBiO+5LlZ+SPA7mn0xOTDtnG+9HMUAfx/c6NrvkSxt9LWiigzczeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIie5Lcve+Iz5FoM8UGt+AL6Xyc4MB8GA1UdIwQY
MBaAFNTOK/AAHNQw6Sd/sA7Rq+UcC1x8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMU00cjhBQWMxRERwSjMtd0R0R3I1UndMWEh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi9iYTBiZDMtYjM2NS00NDYxLThmZmEt
MWY1NDMxZTJhNWFmLzEvaUo3a3R5OTc0alBrV2d6eFFhMzRBdnBmSnpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi9iYTBiZDMtYjM2NS00NDYxLThmZmEtMWY1NDMxZTJhNWFm
LzEvMU00cjhBQWMxRERwSjMtd0R0R3I1UndMWEh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFTW5gMA0G
CSqGSIb3DQEBCwUAA4IBAQBnp1Qr/lxTHrsOuBlGDrhG+/9p2BlTnqL1J3jn0MF9
+2JLshNBA9Jr0yNRMx7eF9E02ThLbU2NBgfcZ4xBfydJOVDz52lONMzMs5daKGCS
3HLdMP4wieTxawWihSWZvXiLJhc3ZZMuM86UB7djMOBJOro+ILRAKhWlmPIFe7Z1
3w6CHW0OeAo5Mdo0oratPAY/BaJBZR1yyq+mKrS8WWu+hBf5WxvdvPoXLFDyPvlo
LWRwouDYdpCE6LHLL2zf+5KUTV8Bm+Ci3Cf0shGyJTSVf08oQHV0Gp/eh1jExmC8
Hfxl0+8mmLrz/lxVMPELDUg+VZf4ppXQeBJ0khhT+ul9
-----END CERTIFICATE-----