Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/3hua107VErvGO7427wUpbuLdn2s.roa
File:                     3hua107VErvGO7427wUpbuLdn2s.roa (raw, json)
Hash identifier:          wodKZMIIfHhljh0061fiAldhyJClYSTPP0B2Bltn6KE=
Subject key identifier:   DE:1B:9A:D7:4E:D5:12:BB:C6:3B:BE:36:EF:05:29:6E:E2:DD:9F:6B
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       019422FBBA92A53716B0B4D4CC530C3479D8
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/3hua107VErvGO7427wUpbuLdn2s.roa
Signing time:             Wed 01 Jan 2025 17:48:30 +0000
ROA not before:           Wed 01 Jan 2025 17:48:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202673
IP address blocks:        77.83.39.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:ba:92:a5:37:16:b0:b4:d4:cc:53:0c:34:79:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Jan  1 17:48:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=de1b9ad74ed512bbc63bbe36ef05296ee2dd9f6b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:6f:82:29:52:c3:3f:e2:51:11:4e:e9:8f:b7:
                    ba:41:ae:75:83:b8:be:e1:72:0e:42:78:2e:9f:ac:
                    8d:a5:ca:be:14:15:3a:ca:0f:7b:26:b4:e4:e9:c4:
                    e8:45:52:0c:66:bc:97:4f:c8:3d:de:c1:16:fa:45:
                    41:6e:12:e2:8d:5b:ef:97:87:ce:fa:2a:7f:bf:52:
                    15:97:e2:b1:a6:df:f2:12:52:e2:75:8d:c4:78:23:
                    03:4e:d4:a2:7c:1a:75:92:5a:f3:73:35:a9:e6:b7:
                    c8:b7:27:66:f7:de:db:c5:8f:11:d9:b5:ca:98:94:
                    03:0d:1b:c4:b2:fa:d9:f6:f0:4b:45:84:b6:ea:64:
                    c4:54:49:06:05:4a:5a:a2:30:3a:a9:5d:dc:cd:80:
                    8a:f9:9f:2f:71:7b:ad:e1:84:aa:e9:9c:d0:4f:0f:
                    4d:a3:0a:64:14:17:74:52:c7:d9:26:30:05:44:be:
                    90:4a:dc:cb:58:d1:6d:41:4f:de:44:99:12:b2:4b:
                    a8:4b:b2:9b:63:72:b8:a4:a6:24:3a:9c:2f:f1:0c:
                    2a:90:08:c5:2f:d1:da:ca:9d:6c:51:c7:a2:93:ea:
                    84:a6:bb:20:b5:3c:5d:0b:47:57:0b:23:35:10:99:
                    dd:61:6d:55:ef:2c:34:48:9a:7e:32:30:ad:3d:0a:
                    cc:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:1B:9A:D7:4E:D5:12:BB:C6:3B:BE:36:EF:05:29:6E:E2:DD:9F:6B
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/3hua107VErvGO7427wUpbuLdn2s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.83.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         be:c1:02:ea:ef:c5:68:61:9b:4f:7e:dc:5d:d0:06:f6:6c:62:
         9b:69:97:8a:a0:14:40:25:25:e5:e2:b5:36:d6:bb:08:19:ec:
         16:7f:fd:ff:b0:23:8a:45:55:2b:58:f0:ee:1b:82:27:d2:f7:
         3d:3a:b6:e4:ca:76:a7:74:50:50:23:43:0d:e1:54:60:3e:20:
         11:7a:6a:03:34:8a:e3:d6:bb:a2:b6:c2:75:03:18:f5:2a:d0:
         09:80:eb:7e:1c:1a:91:dd:01:7d:79:18:0e:f4:02:d0:5d:82:
         1c:b4:fe:03:f7:a0:fc:8c:0e:cd:e6:e9:e7:39:53:b3:2c:a9:
         36:78:46:17:d4:0a:01:f8:30:1a:e9:67:a8:f3:f9:b1:0d:72:
         86:ee:41:66:e0:c8:8a:83:74:f5:e7:28:5a:70:04:e8:63:a2:
         6d:84:d7:8d:73:7f:b8:e6:8a:63:5b:2d:e6:8e:d0:e0:3a:63:
         55:dc:bb:4a:85:5f:97:46:c9:46:5a:d5:38:ce:3f:30:e8:13:
         a6:c5:61:76:bb:ce:b6:cb:24:9e:cb:06:c1:13:f9:c3:d3:50:
         f1:54:2a:fc:cb:d4:f6:c5:c7:8e:0e:e0:43:60:d3:29:47:83:
         ea:60:44:54:eb:88:f1:fe:92:81:88:53:7f:e1:78:54:e2:74:
         db:43:32:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+7qSpTcWsLTUzFMMNHnYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjUwMTAxMTc0ODMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTFiOWFkNzRlZDUxMmJiYzYzYmJlMzZlZjA1Mjk2ZWUyZGQ5ZjZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0W+CKVLDP+JREU7pj7e6Qa51g7i+
4XIOQngun6yNpcq+FBU6yg97JrTk6cToRVIMZryXT8g93sEW+kVBbhLijVvvl4fO
+ip/v1IVl+Kxpt/yElLidY3EeCMDTtSifBp1klrzczWp5rfItydm997bxY8R2bXK
mJQDDRvEsvrZ9vBLRYS26mTEVEkGBUpaojA6qV3czYCK+Z8vcXut4YSq6ZzQTw9N
owpkFBd0UsfZJjAFRL6QStzLWNFtQU/eRJkSskuoS7KbY3K4pKYkOpwv8QwqkAjF
L9Hayp1sUceik+qEprsgtTxdC0dXCyM1EJndYW1V7yw0SJp+MjCtPQrMwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN4bmtdO1RK7xju+Nu8FKW7i3Z9rMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvM2h1YTEwN1ZFcnZHTzc0Mjd3VXBidUxkbjJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVMnMA0G
CSqGSIb3DQEBCwUAA4IBAQC+wQLq78VoYZtPftxd0Ab2bGKbaZeKoBRAJSXl4rU2
1rsIGewWf/3/sCOKRVUrWPDuG4In0vc9OrbkynandFBQI0MN4VRgPiARemoDNIrj
1ruitsJ1Axj1KtAJgOt+HBqR3QF9eRgO9ALQXYIctP4D96D8jA7N5unnOVOzLKk2
eEYX1AoB+DAa6Weo8/mxDXKG7kFm4MiKg3T15yhacAToY6JthNeNc3+45opjWy3m
jtDgOmNV3LtKhV+XRslGWtU4zj8w6BOmxWF2u862yySeywbBE/nD01DxVCr8y9T2
xceODuBDYNMpR4PqYERU64jx/pKBiFN/4XhU4nTbQzId
-----END CERTIFICATE-----