Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/P1m77-TfQ2Wh4AM2sCEg0Kl2soo.roa
File:                     P1m77-TfQ2Wh4AM2sCEg0Kl2soo.roa (raw, json)
Hash identifier:          5+ZQ/DvdN426rBLbLKNkW6iaxQqU7O4QA5dH2tMu6ao=
Subject key identifier:   3F:59:BB:EF:E4:DF:43:65:A1:E0:03:36:B0:21:20:D0:A9:76:B2:8A
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       0191E543A7B292223FA98E6404C190E2B6D5
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/P1m77-TfQ2Wh4AM2sCEg0Kl2soo.roa
Signing time:             Thu 12 Sep 2024 08:05:01 +0000
ROA not before:           Thu 12 Sep 2024 08:05:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214403
IP address blocks:        77.83.36.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:e5:43:a7:b2:92:22:3f:a9:8e:64:04:c1:90:e2:b6:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Sep 12 08:05:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3f59bbefe4df4365a1e00336b02120d0a976b28a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:57:6e:81:83:04:e5:a4:e3:e0:25:f0:78:ad:
                    fd:c5:92:90:5c:9e:3a:60:e4:07:09:ae:d1:6c:ac:
                    f8:f7:9d:3a:95:5e:8f:4e:b0:14:63:a2:50:04:6b:
                    e8:7a:e7:99:c6:00:91:f0:03:03:e5:67:0e:38:70:
                    52:3e:90:39:a8:30:a3:f7:a0:fa:4e:65:64:79:ab:
                    50:4f:8c:cd:1b:aa:3e:b3:57:a5:cf:e3:81:ea:b9:
                    42:00:0c:f0:24:e9:52:b0:2e:8d:4f:73:2e:58:26:
                    2a:3e:5c:35:80:ab:3e:a6:0b:d1:4a:79:f4:2c:5d:
                    94:cd:e3:13:c5:32:ef:87:49:c5:05:04:68:f2:f4:
                    5f:19:0d:6c:36:45:71:a5:fb:d1:95:56:d4:18:17:
                    28:1a:19:07:c2:6c:5c:e9:bc:96:fe:54:5b:4a:46:
                    ea:0b:b9:25:7b:a7:f7:5b:35:e8:db:ff:b4:97:ba:
                    6e:cd:ee:89:f3:47:0f:55:31:dd:62:6c:9c:62:6d:
                    b8:30:01:8a:78:bc:66:ff:5d:f0:b2:1e:2e:4a:69:
                    35:de:64:6b:8d:a3:ea:a4:f0:76:00:49:ed:71:f7:
                    a5:97:72:0d:9a:83:26:93:e6:3a:f3:89:b0:4b:22:
                    77:9d:94:57:93:32:45:0f:ce:e0:86:a0:a3:18:5c:
                    3c:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:59:BB:EF:E4:DF:43:65:A1:E0:03:36:B0:21:20:D0:A9:76:B2:8A
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/P1m77-TfQ2Wh4AM2sCEg0Kl2soo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.83.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:8b:d4:c0:ae:62:03:07:eb:8c:f1:d7:c1:af:72:62:ed:62:
         26:25:24:54:70:8d:a2:aa:f4:5c:01:07:f3:bd:74:8a:cb:3b:
         d6:f8:08:da:e2:48:59:06:f0:97:a6:95:b5:2d:54:b7:7f:d2:
         7a:09:01:bc:be:1e:0e:c2:3d:92:3a:be:92:d7:70:2e:57:d5:
         1c:c2:a6:48:8d:2f:71:87:8f:c7:59:58:fe:c7:24:a9:b1:fd:
         e5:96:be:fd:65:b7:b2:59:5f:51:a6:fe:f1:51:dd:9a:47:17:
         af:6e:2f:f2:7a:ab:cf:e8:54:fe:74:b0:9e:f8:e4:fd:26:64:
         4a:63:a2:f6:18:cb:c0:75:45:cd:f0:f9:d5:86:17:06:1e:17:
         e2:04:c9:44:2d:e3:bf:13:46:0d:6e:0c:91:7d:59:34:b7:97:
         91:31:01:3c:c4:79:b7:d3:54:bd:69:94:15:93:11:4e:e5:55:
         29:58:1c:05:4a:ee:90:0f:27:ca:c4:3c:0a:d8:85:f0:fa:c1:
         c0:4e:a5:a8:8b:b2:d8:36:21:e8:73:ce:1d:2c:ab:b9:81:9f:
         6c:f5:85:db:d4:8f:2a:a6:62:a3:de:46:c6:58:6d:f8:04:d3:
         8e:1f:e6:88:9c:c4:39:9a:a0:eb:3f:90:18:4f:04:7b:32:95:
         e1:e2:07:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZHlQ6eykiI/qY5kBMGQ4rbVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjQwOTEyMDgwNTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjU5YmJlZmU0ZGY0MzY1YTFlMDAzMzZiMDIxMjBkMGE5NzZiMjhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuFdugYME5aTj4CXweK39xZKQXJ46
YOQHCa7RbKz49506lV6PTrAUY6JQBGvoeueZxgCR8AMD5WcOOHBSPpA5qDCj96D6
TmVkeatQT4zNG6o+s1elz+OB6rlCAAzwJOlSsC6NT3MuWCYqPlw1gKs+pgvRSnn0
LF2UzeMTxTLvh0nFBQRo8vRfGQ1sNkVxpfvRlVbUGBcoGhkHwmxc6byW/lRbSkbq
C7kle6f3WzXo2/+0l7puze6J80cPVTHdYmycYm24MAGKeLxm/13wsh4uSmk13mRr
jaPqpPB2AEntcfell3INmoMmk+Y684mwSyJ3nZRXkzJFD87ghqCjGFw83wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD9Zu+/k30NloeADNrAhINCpdrKKMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvUDFtNzctVGZRMldoNEFNMnNDRWcwS2wyc29vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVMkMA0G
CSqGSIb3DQEBCwUAA4IBAQCXi9TArmIDB+uM8dfBr3Ji7WImJSRUcI2iqvRcAQfz
vXSKyzvW+Aja4khZBvCXppW1LVS3f9J6CQG8vh4Owj2SOr6S13AuV9UcwqZIjS9x
h4/HWVj+xySpsf3llr79ZbeyWV9Rpv7xUd2aRxevbi/yeqvP6FT+dLCe+OT9JmRK
Y6L2GMvAdUXN8PnVhhcGHhfiBMlELeO/E0YNbgyRfVk0t5eRMQE8xHm301S9aZQV
kxFO5VUpWBwFSu6QDyfKxDwK2IXw+sHATqWoi7LYNiHoc84dLKu5gZ9s9YXb1I8q
pmKj3kbGWG34BNOOH+aInMQ5mqDrP5AYTwR7MpXh4gdn
-----END CERTIFICATE-----