Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/fulwWfpqRCqpiPPprhykhPke6JQ.roa
File:                     fulwWfpqRCqpiPPprhykhPke6JQ.roa (raw, json)
Hash identifier:          MXc6G1RwV1omzeL0EAHY0w18X+5u6aWDsAUpnD5S7Uk=
Subject key identifier:   7E:E9:70:59:FA:6A:44:2A:A9:88:F3:E9:AE:1C:A4:84:F9:1E:E8:94
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       019422FBC4052DD3403BFC252260DB10FAAC
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/fulwWfpqRCqpiPPprhykhPke6JQ.roa
Signing time:             Wed 01 Jan 2025 17:48:32 +0000
ROA not before:           Wed 01 Jan 2025 17:48:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214403
IP address blocks:        77.83.36.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:c4:05:2d:d3:40:3b:fc:25:22:60:db:10:fa:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Jan  1 17:48:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7ee97059fa6a442aa988f3e9ae1ca484f91ee894
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:15:eb:fd:28:99:41:2a:49:dd:44:f6:33:ba:
                    d7:bf:66:af:32:9c:a5:40:18:67:a4:1d:5f:d9:17:
                    a6:f2:df:78:9d:b5:06:4d:0c:a1:23:95:55:9b:e2:
                    d1:54:9e:17:28:da:a4:83:a5:ff:ca:d8:81:ed:8e:
                    17:cb:e6:46:3f:80:f2:2b:75:14:36:5b:6e:e1:a1:
                    83:ca:d1:1e:67:39:5d:80:6b:1a:e5:1d:a8:32:da:
                    d4:5e:9d:ae:58:97:e7:cd:55:62:03:48:e9:ec:ed:
                    bd:33:19:6d:ba:1b:09:ed:a5:9f:54:a5:7d:07:7f:
                    6f:01:7d:7d:09:21:fb:43:2d:93:16:4a:77:98:6a:
                    22:46:46:b5:54:1e:e9:8d:69:b1:6b:cd:bf:2e:b9:
                    06:74:94:5f:f5:69:06:1a:bc:9c:71:fb:8a:9a:2f:
                    d9:92:14:51:14:7f:a9:56:9d:67:e2:84:49:97:4e:
                    5d:26:68:a7:04:5a:ba:9b:6e:de:51:db:b4:ca:a0:
                    6a:bd:40:0f:70:40:a3:ec:e0:b9:87:34:33:71:d7:
                    79:ad:7b:53:dc:86:a2:59:a0:76:2c:80:f2:e3:57:
                    37:7c:4b:03:8d:96:a5:ff:0e:f2:e1:3e:4a:03:82:
                    b7:07:e7:c1:44:32:9f:b9:03:cf:36:3c:2d:33:4d:
                    6a:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:E9:70:59:FA:6A:44:2A:A9:88:F3:E9:AE:1C:A4:84:F9:1E:E8:94
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/fulwWfpqRCqpiPPprhykhPke6JQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.83.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:87:e2:19:ef:dd:11:65:c8:f2:3b:0b:3e:47:61:9d:31:81:
         0e:69:72:1f:c5:d8:de:df:04:86:e2:38:a6:c7:b5:1b:7b:7d:
         1a:fc:52:6d:d4:01:95:5b:05:71:b2:4f:84:fc:b7:00:9e:2c:
         43:46:83:7b:2a:83:4f:fa:09:39:bd:97:bc:da:35:ef:6b:2e:
         17:71:f9:e9:82:18:63:d5:64:eb:e4:0b:c1:f5:68:76:9b:fe:
         93:5e:18:c5:b2:d2:7b:d5:cc:12:04:e7:69:b2:21:4b:c5:e7:
         8c:95:15:9f:e6:5d:72:a8:79:e7:5f:22:19:9e:82:20:c8:56:
         9c:f2:77:93:cb:de:88:67:64:70:dd:1b:0b:01:87:99:5c:dd:
         2e:a5:a0:c5:04:8c:1a:7a:12:d8:08:0d:45:bb:5d:f5:06:65:
         51:69:70:62:c4:c8:07:ea:d2:17:a4:1c:b3:9e:d5:74:a9:ec:
         c2:75:bc:ed:31:ae:36:83:cc:dd:1e:b2:8f:f7:fa:1a:1c:3a:
         f9:22:d0:3f:ff:23:9c:a4:08:09:99:76:01:86:ba:d2:f0:8b:
         a4:de:24:b8:f2:67:82:fa:3d:c4:53:1f:97:29:7f:40:72:4a:
         a9:2f:63:8a:83:ec:e9:78:e9:ba:68:80:20:16:0e:b5:9f:9b:
         a8:9b:d6:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+8QFLdNAO/wlImDbEPqsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjUwMTAxMTc0ODMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZWU5NzA1OWZhNmE0NDJhYTk4OGYzZTlhZTFjYTQ4NGY5MWVlODk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnBXr/SiZQSpJ3UT2M7rXv2avMpyl
QBhnpB1f2Rem8t94nbUGTQyhI5VVm+LRVJ4XKNqkg6X/ytiB7Y4Xy+ZGP4DyK3UU
Nltu4aGDytEeZzldgGsa5R2oMtrUXp2uWJfnzVViA0jp7O29MxltuhsJ7aWfVKV9
B39vAX19CSH7Qy2TFkp3mGoiRka1VB7pjWmxa82/LrkGdJRf9WkGGryccfuKmi/Z
khRRFH+pVp1n4oRJl05dJminBFq6m27eUdu0yqBqvUAPcECj7OC5hzQzcdd5rXtT
3IaiWaB2LIDy41c3fEsDjZal/w7y4T5KA4K3B+fBRDKfuQPPNjwtM01qywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH7pcFn6akQqqYjz6a4cpIT5HuiUMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvZnVsd1dmcHFSQ3FwaVBQcHJoeWtoUGtlNkpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVMkMA0G
CSqGSIb3DQEBCwUAA4IBAQBSh+IZ790RZcjyOws+R2GdMYEOaXIfxdje3wSG4jim
x7Ube30a/FJt1AGVWwVxsk+E/LcAnixDRoN7KoNP+gk5vZe82jXvay4Xcfnpghhj
1WTr5AvB9Wh2m/6TXhjFstJ71cwSBOdpsiFLxeeMlRWf5l1yqHnnXyIZnoIgyFac
8neTy96IZ2Rw3RsLAYeZXN0upaDFBIwaehLYCA1Fu131BmVRaXBixMgH6tIXpByz
ntV0qezCdbztMa42g8zdHrKP9/oaHDr5ItA//yOcpAgJmXYBhrrS8Iuk3iS48meC
+j3EUx+XKX9AckqpL2OKg+zpeOm6aIAgFg61n5uom9aq
-----END CERTIFICATE-----