Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/6iX20PjG4TqMXVWZ9lasil11dYE.roa
File:                     6iX20PjG4TqMXVWZ9lasil11dYE.roa (raw, json)
Hash identifier:          eOb40WA9LTx9pSs9Za5y1WMPfDHSPVEViXKHlHovYX4=
Subject key identifier:   EA:25:F6:D0:F8:C6:E1:3A:8C:5D:55:99:F6:56:AC:8A:5D:75:75:81
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       0194CC1326C6FA2BEDD949708237BC9FAA9B
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/6iX20PjG4TqMXVWZ9lasil11dYE.roa
Signing time:             Mon 03 Feb 2025 13:49:54 +0000
ROA not before:           Mon 03 Feb 2025 13:49:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35913
IP address blocks:        77.83.241.0/24 maxlen: 24
                          77.83.243.0/24 maxlen: 24
                          85.202.162.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 03:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:cc:13:26:c6:fa:2b:ed:d9:49:70:82:37:bc:9f:aa:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Feb  3 13:49:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ea25f6d0f8c6e13a8c5d5599f656ac8a5d757581
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:67:aa:5e:4e:51:65:4f:86:33:fe:09:2c:3f:
                    f9:38:38:c6:af:51:f5:74:c3:0d:96:31:c4:15:6d:
                    ae:4b:a9:da:13:6c:f4:3d:2b:2f:7a:b0:9e:56:b1:
                    8b:11:4d:eb:8d:e4:70:70:bb:81:0f:70:c6:c5:41:
                    fd:c4:12:6a:11:33:21:b9:60:d4:a4:e8:25:b0:02:
                    65:fa:a1:73:8d:60:db:70:cf:32:95:80:14:ba:95:
                    36:c3:1d:86:fb:73:9e:a1:7f:50:31:61:e4:cd:07:
                    30:23:34:cb:0f:c4:00:f2:d2:0d:76:82:08:7f:5e:
                    b5:a5:88:f7:8c:d2:05:f6:48:86:8b:9e:10:66:5c:
                    81:76:fe:9e:1e:f0:8c:5b:09:e9:d5:f6:ad:9f:7a:
                    fd:6a:44:9a:f9:93:4d:be:6e:18:cf:9d:f5:1f:be:
                    70:76:11:7f:1a:c4:d2:f6:eb:f7:b4:df:3b:ff:70:
                    a1:97:c4:5a:2c:5b:6e:b5:5c:35:b4:45:10:df:3f:
                    9c:a2:76:34:94:fa:32:d4:b0:09:9b:48:35:87:05:
                    55:da:b3:6a:a9:fd:e8:e8:25:23:33:9b:5a:91:6a:
                    4b:d4:76:74:f7:df:f9:95:01:e4:1a:9f:fa:a4:e7:
                    66:ef:6a:16:ac:10:e8:25:e1:ae:63:c0:3a:a4:5c:
                    7f:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:25:F6:D0:F8:C6:E1:3A:8C:5D:55:99:F6:56:AC:8A:5D:75:75:81
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/6iX20PjG4TqMXVWZ9lasil11dYE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.83.241.0/24
                  77.83.243.0/24
                  85.202.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:f6:aa:4b:41:26:47:a0:c6:cb:1b:6f:ab:f1:62:66:90:c3:
         bf:58:b9:0e:e1:57:87:da:35:c2:54:3b:82:30:a5:cb:a0:3d:
         38:2e:a2:82:25:7d:e8:b9:a6:f0:b8:26:87:88:41:28:81:70:
         2e:25:56:55:f7:ba:8c:3e:84:a3:de:b4:9f:11:a5:19:fa:ea:
         bf:ca:07:cf:bb:4d:f7:a5:71:3a:49:57:f1:bd:2c:23:ba:00:
         61:e4:fb:39:63:81:38:a7:60:d8:78:da:0f:d5:9d:16:f5:1a:
         46:91:77:fe:f3:4e:65:8f:76:4b:95:d0:e4:29:42:68:f0:70:
         b8:7a:6e:d0:c2:35:80:bd:5f:e9:e5:71:b1:b7:91:a7:4c:60:
         fd:3f:78:ac:c0:50:9f:61:9e:67:17:b2:29:82:78:8c:60:e2:
         2c:c5:5c:93:8a:e5:54:1f:38:ec:c0:ec:1e:4a:59:19:e5:5d:
         49:7b:a8:1f:2e:63:80:15:20:4a:c0:e1:72:3a:85:d1:9a:5d:
         a3:55:c3:cc:d9:85:33:45:58:05:3c:55:78:d3:33:db:73:92:
         9d:fe:8a:48:77:03:66:21:72:71:81:08:9f:ab:19:3c:bd:f3:
         7a:b4:0a:6a:dc:96:6c:71:18:42:dd:6b:f4:7c:2e:9a:d5:60:
         4e:8e:0d:96
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZTMEybG+ivt2Ulwgje8n6qbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjUwMjAzMTM0OTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTI1ZjZkMGY4YzZlMTNhOGM1ZDU1OTlmNjU2YWM4YTVkNzU3NTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyWeqXk5RZU+GM/4JLD/5ODjGr1H1
dMMNljHEFW2uS6naE2z0PSsverCeVrGLEU3rjeRwcLuBD3DGxUH9xBJqETMhuWDU
pOglsAJl+qFzjWDbcM8ylYAUupU2wx2G+3OeoX9QMWHkzQcwIzTLD8QA8tINdoII
f161pYj3jNIF9kiGi54QZlyBdv6eHvCMWwnp1fatn3r9akSa+ZNNvm4Yz531H75w
dhF/GsTS9uv3tN87/3Chl8RaLFtutVw1tEUQ3z+conY0lPoy1LAJm0g1hwVV2rNq
qf3o6CUjM5takWpL1HZ099/5lQHkGp/6pOdm72oWrBDoJeGuY8A6pFx/TQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFOol9tD4xuE6jF1VmfZWrIpddXWBMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvNmlYMjBQakc0VHFNWFZXWjlsYXNpbDExZFlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQATVPxAwQA
TVPzAwQAVcqiMA0GCSqGSIb3DQEBCwUAA4IBAQBi9qpLQSZHoMbLG2+r8WJmkMO/
WLkO4VeH2jXCVDuCMKXLoD04LqKCJX3ouabwuCaHiEEogXAuJVZV97qMPoSj3rSf
EaUZ+uq/ygfPu033pXE6SVfxvSwjugBh5Ps5Y4E4p2DYeNoP1Z0W9RpGkXf+805l
j3ZLldDkKUJo8HC4em7QwjWAvV/p5XGxt5GnTGD9P3iswFCfYZ5nF7IpgniMYOIs
xVyTiuVUHzjswOweSlkZ5V1Je6gfLmOAFSBKwOFyOoXRml2jVcPM2YUzRVgFPFV4
0zPbc5Kd/opIdwNmIXJxgQifqxk8vfN6tApq3JZscRhC3Wv0fC6a1WBOjg2W
-----END CERTIFICATE-----