Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/dded95-cb8c-4335-aed0-64838df3977a/1/3Ti0VRFQXYG5OETL6H3xqGURx7g.roa
File:                     3Ti0VRFQXYG5OETL6H3xqGURx7g.roa (raw, json)
Hash identifier:          wOZdgFUImj0qeOyuyvxGEJ5Ru8WQDiyIL/ijF462qBo=
Subject key identifier:   DD:38:B4:55:11:50:5D:81:B9:38:44:CB:E8:7D:F1:A8:65:11:C7:B8
Certificate issuer:       /CN=0195727f07b758f9868476c13cf977654bf380ee
Certificate serial:       019423D6B31DF8A256D9FF9B6FC601EDBCEE
Authority key identifier: 01:95:72:7F:07:B7:58:F9:86:84:76:C1:3C:F9:77:65:4B:F3:80:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AZVyfwe3WPmGhHbBPPl3ZUvzgO4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/dded95-cb8c-4335-aed0-64838df3977a/1/3Ti0VRFQXYG5OETL6H3xqGURx7g.roa
Signing time:             Wed 01 Jan 2025 21:47:40 +0000
ROA not before:           Wed 01 Jan 2025 21:47:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207228
IP address blocks:        77.243.126.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/dded95-cb8c-4335-aed0-64838df3977a/1/AZVyfwe3WPmGhHbBPPl3ZUvzgO4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/dded95-cb8c-4335-aed0-64838df3977a/1/AZVyfwe3WPmGhHbBPPl3ZUvzgO4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AZVyfwe3WPmGhHbBPPl3ZUvzgO4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 09:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:b3:1d:f8:a2:56:d9:ff:9b:6f:c6:01:ed:bc:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0195727f07b758f9868476c13cf977654bf380ee
        Validity
            Not Before: Jan  1 21:47:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dd38b45511505d81b93844cbe87df1a86511c7b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:10:ea:24:e8:66:9d:22:b7:12:91:d4:91:1d:
                    11:f3:c3:ec:6c:6f:09:e5:00:4a:97:a5:17:04:0f:
                    9c:eb:cb:d1:98:0e:ed:4f:79:b8:91:4a:64:33:33:
                    ae:55:02:9c:dc:44:ce:b3:06:5d:00:4d:47:c8:0b:
                    03:6d:cb:4e:5f:02:50:9e:b4:4f:0b:ff:7f:e4:5f:
                    28:e3:83:f2:58:31:d3:50:13:52:09:95:e9:d6:ce:
                    b8:2b:78:b6:44:75:ad:66:7e:eb:1a:c4:5c:51:42:
                    30:b5:74:ce:f9:5a:f3:38:da:01:c1:b7:d7:47:15:
                    94:56:e3:8f:82:87:15:ff:38:f3:0b:67:3a:38:ea:
                    7f:b0:fa:d9:50:32:2f:52:81:34:32:56:2d:ce:9f:
                    37:2b:b6:f5:c7:08:7b:ec:1e:10:04:79:21:b5:8a:
                    f8:3f:0b:1e:f5:14:ee:bb:2c:b0:b1:a3:46:7a:4d:
                    63:db:bb:f9:d5:6e:09:e2:50:00:e2:95:0f:5c:a4:
                    8b:d6:5c:33:d4:41:21:4d:b0:2d:97:89:b5:71:a4:
                    a0:04:64:f2:e4:23:c3:10:87:2f:94:15:1f:26:08:
                    5f:34:0a:13:6e:6f:3b:9b:fa:cf:ce:18:4b:28:f2:
                    c1:0c:c5:56:e9:9a:dc:a6:65:21:d6:c9:8e:af:f9:
                    92:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:38:B4:55:11:50:5D:81:B9:38:44:CB:E8:7D:F1:A8:65:11:C7:B8
            X509v3 Authority Key Identifier:
                keyid:01:95:72:7F:07:B7:58:F9:86:84:76:C1:3C:F9:77:65:4B:F3:80:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AZVyfwe3WPmGhHbBPPl3ZUvzgO4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/dded95-cb8c-4335-aed0-64838df3977a/1/3Ti0VRFQXYG5OETL6H3xqGURx7g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/dded95-cb8c-4335-aed0-64838df3977a/1/AZVyfwe3WPmGhHbBPPl3ZUvzgO4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.243.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:ca:3c:21:60:05:eb:1e:be:e4:6a:28:72:03:a5:ec:8a:55:
         e7:3c:1a:e2:7c:94:b4:b3:65:14:49:dd:9f:49:63:8a:8f:35:
         6f:61:56:b0:8b:2c:23:6c:79:ed:22:5f:75:72:8e:48:38:4a:
         d7:d6:da:d2:01:97:36:59:56:79:09:fe:86:4d:00:e3:34:94:
         c8:91:64:24:db:da:71:20:b9:ae:55:8b:35:b5:d4:2a:bd:f2:
         70:9d:ee:25:f3:f3:94:c9:e8:83:a6:5e:cc:0c:b1:bd:e0:65:
         2f:13:b6:6e:43:ea:d2:12:a3:5e:5d:de:67:0c:e0:f7:4f:c1:
         26:61:2a:2d:46:6d:63:cb:b5:e4:0e:06:8c:7a:cb:89:9c:66:
         fe:81:c4:39:59:16:09:a4:35:1d:96:ec:e5:8b:ae:2f:5a:6c:
         b9:8e:45:68:8f:b6:67:4f:cf:74:e4:b7:30:d1:db:00:59:8f:
         31:fa:11:35:c0:b9:f6:d1:06:0c:7d:34:4e:45:af:8b:28:f8:
         df:63:9e:0e:41:3f:85:f8:2f:40:5a:75:bd:78:14:b3:c4:e7:
         15:12:1b:8a:92:c5:9f:3f:98:6a:b8:5c:8e:6a:26:20:ee:b5:
         d6:eb:71:64:8c:29:ea:f2:62:89:81:1b:cc:9e:f8:45:2e:80:
         07:bd:aa:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1rMd+KJW2f+bb8YB7bzuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxOTU3MjdmMDdiNzU4Zjk4Njg0NzZjMTNjZjk3NzY1NGJm
MzgwZWUwHhcNMjUwMTAxMjE0NzQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDM4YjQ1NTExNTA1ZDgxYjkzODQ0Y2JlODdkZjFhODY1MTFjN2I4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsRDqJOhmnSK3EpHUkR0R88PsbG8J
5QBKl6UXBA+c68vRmA7tT3m4kUpkMzOuVQKc3ETOswZdAE1HyAsDbctOXwJQnrRP
C/9/5F8o44PyWDHTUBNSCZXp1s64K3i2RHWtZn7rGsRcUUIwtXTO+VrzONoBwbfX
RxWUVuOPgocV/zjzC2c6OOp/sPrZUDIvUoE0MlYtzp83K7b1xwh77B4QBHkhtYr4
Pwse9RTuuyywsaNGek1j27v51W4J4lAA4pUPXKSL1lwz1EEhTbAtl4m1caSgBGTy
5CPDEIcvlBUfJghfNAoTbm87m/rPzhhLKPLBDMVW6ZrcpmUh1smOr/mSswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN04tFURUF2BuThEy+h98ahlEce4MB8GA1UdIwQY
MBaAFAGVcn8Ht1j5hoR2wTz5d2VL84DuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVpWeWZ3ZTNXUG1HaEhiQlBQbDNaVXZ6Z080LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9kZGVkOTUtY2I4Yy00MzM1LWFlZDAt
NjQ4MzhkZjM5NzdhLzEvM1RpMFZSRlFYWUc1T0VUTDZIM3hxR1VSeDdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9kZGVkOTUtY2I4Yy00MzM1LWFlZDAtNjQ4MzhkZjM5Nzdh
LzEvQVpWeWZ3ZTNXUG1HaEhiQlBQbDNaVXZ6Z080LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATfN+MA0G
CSqGSIb3DQEBCwUAA4IBAQCpyjwhYAXrHr7kaihyA6XsilXnPBrifJS0s2UUSd2f
SWOKjzVvYVawiywjbHntIl91co5IOErX1trSAZc2WVZ5Cf6GTQDjNJTIkWQk29px
ILmuVYs1tdQqvfJwne4l8/OUyeiDpl7MDLG94GUvE7ZuQ+rSEqNeXd5nDOD3T8Em
YSotRm1jy7XkDgaMesuJnGb+gcQ5WRYJpDUdluzli64vWmy5jkVoj7ZnT8905Lcw
0dsAWY8x+hE1wLn20QYMfTRORa+LKPjfY54OQT+F+C9AWnW9eBSzxOcVEhuKksWf
P5hquFyOaiYg7rXW63FkjCnq8mKJgRvMnvhFLoAHvarJ
-----END CERTIFICATE-----