Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/I0xIjW4_1gMifBBZqMoGsuV3IOw.roa
File:                     I0xIjW4_1gMifBBZqMoGsuV3IOw.roa (raw, json)
Hash identifier:          ovT/r2UOu84vs7XCnocp2wlt5G468aRkG2ckeFAOprY=
Subject key identifier:   23:4C:48:8D:6E:3F:D6:03:22:7C:10:59:A8:CA:06:B2:E5:77:20:EC
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       018CFA416DF1D6A5FE20814DFC4EBE448110
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/I0xIjW4_1gMifBBZqMoGsuV3IOw.roa
Signing time:             Thu 11 Jan 2024 20:40:41 +0000
ROA not before:           Thu 11 Jan 2024 20:40:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202673
IP address blocks:        77.83.39.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 14:51:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:fa:41:6d:f1:d6:a5:fe:20:81:4d:fc:4e:be:44:81:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Jan 11 20:40:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=234c488d6e3fd603227c1059a8ca06b2e57720ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:86:69:30:40:ef:f3:f7:91:50:69:3a:39:61:
                    d7:5a:06:cc:b2:2b:16:86:c6:14:8e:85:d5:01:96:
                    d0:5d:0b:f0:8d:40:b3:6e:20:cd:81:68:c1:c3:2e:
                    79:91:69:14:a6:f8:42:f2:e8:b5:62:0e:44:c5:7c:
                    eb:98:76:99:b0:37:a1:2a:25:d0:78:13:15:76:f0:
                    1c:8b:a5:9c:30:c4:00:4a:8f:f0:39:14:bb:fd:bf:
                    b0:62:d8:04:91:88:2e:d2:12:54:6b:1c:62:48:dd:
                    77:6e:37:e2:20:00:05:86:52:23:c3:88:be:38:75:
                    ed:85:15:55:fb:e2:30:bb:15:f6:45:04:9c:1c:2f:
                    8c:1d:eb:97:d3:f0:39:b1:2c:8f:46:93:b6:06:47:
                    16:41:2e:78:2e:0a:cc:aa:a7:7b:4f:74:12:4f:53:
                    d3:d9:74:d3:c8:dc:6b:4e:6a:30:99:be:9d:e3:f0:
                    60:4b:19:40:2a:6c:ba:a6:13:5b:44:c3:31:81:44:
                    5b:c6:d7:6a:c5:5e:e5:fe:df:f8:f9:df:6d:ae:25:
                    71:c1:de:5d:a8:9c:12:f6:c2:dc:21:31:9e:00:3c:
                    38:c1:35:b8:97:ff:7d:27:1f:f7:2f:a7:70:e9:9f:
                    34:28:ce:d4:27:72:66:ec:84:44:b5:9a:11:c1:4d:
                    8c:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:4C:48:8D:6E:3F:D6:03:22:7C:10:59:A8:CA:06:B2:E5:77:20:EC
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/I0xIjW4_1gMifBBZqMoGsuV3IOw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.83.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:19:07:a9:71:74:8a:85:d1:80:bc:c3:a4:5a:17:4f:b0:26:
         69:fa:ca:0d:12:38:54:53:e7:aa:21:1f:fb:b3:fc:12:97:44:
         18:f4:c2:91:de:21:66:d9:53:15:9a:e7:b2:64:01:74:9d:ac:
         a6:e4:d3:97:66:1d:35:21:41:b0:f6:57:a2:ca:93:62:97:04:
         20:b4:fb:26:3f:e4:2e:26:84:72:d1:0a:29:85:c3:db:84:49:
         e4:e0:5f:c9:53:5e:3b:27:fa:74:84:1c:66:0e:6e:70:a4:c0:
         61:2a:a7:2b:62:d1:3b:82:a3:d9:5f:d3:a2:9b:45:5b:d1:15:
         66:f2:dc:56:21:bb:4b:4c:b3:2d:73:22:81:c9:7f:44:8b:df:
         f1:9a:4a:82:80:c8:04:be:90:eb:18:61:55:37:d9:2e:0c:f7:
         e9:c8:e7:22:f1:b0:73:b5:d5:1b:f2:76:4f:a5:c0:92:74:be:
         13:7d:9c:8f:50:34:cf:fd:b0:87:af:15:12:0b:ff:62:07:f9:
         23:8e:46:95:f0:f0:45:50:88:f9:fd:c9:29:e0:4f:2e:64:17:
         b2:9e:57:a0:94:9b:7d:1a:01:1b:d0:79:01:99:6d:88:a7:6d:
         92:18:78:a2:d3:4f:aa:ca:a4:7d:5b:41:fc:f4:7f:f5:02:91:
         ac:34:32:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYz6QW3x1qX+IIFN/E6+RIEQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjQwMTExMjA0MDQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzRjNDg4ZDZlM2ZkNjAzMjI3YzEwNTlhOGNhMDZiMmU1NzcyMGVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn4ZpMEDv8/eRUGk6OWHXWgbMsisW
hsYUjoXVAZbQXQvwjUCzbiDNgWjBwy55kWkUpvhC8ui1Yg5ExXzrmHaZsDehKiXQ
eBMVdvAci6WcMMQASo/wORS7/b+wYtgEkYgu0hJUaxxiSN13bjfiIAAFhlIjw4i+
OHXthRVV++IwuxX2RQScHC+MHeuX0/A5sSyPRpO2BkcWQS54LgrMqqd7T3QST1PT
2XTTyNxrTmowmb6d4/BgSxlAKmy6phNbRMMxgURbxtdqxV7l/t/4+d9triVxwd5d
qJwS9sLcITGeADw4wTW4l/99Jx/3L6dw6Z80KM7UJ3Jm7IREtZoRwU2MLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCNMSI1uP9YDInwQWajKBrLldyDsMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvSTB4SWpXNF8xZ01pZkJCWnFNb0dzdVYzSU93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVMnMA0G
CSqGSIb3DQEBCwUAA4IBAQChGQepcXSKhdGAvMOkWhdPsCZp+soNEjhUU+eqIR/7
s/wSl0QY9MKR3iFm2VMVmueyZAF0naym5NOXZh01IUGw9leiypNilwQgtPsmP+Qu
JoRy0QophcPbhEnk4F/JU147J/p0hBxmDm5wpMBhKqcrYtE7gqPZX9Oim0Vb0RVm
8txWIbtLTLMtcyKByX9Ei9/xmkqCgMgEvpDrGGFVN9kuDPfpyOci8bBztdUb8nZP
pcCSdL4TfZyPUDTP/bCHrxUSC/9iB/kjjkaV8PBFUIj5/ckp4E8uZBeynleglJt9
GgEb0HkBmW2Ip22SGHii00+qyqR9W0H89H/1ApGsNDIZ
-----END CERTIFICATE-----