Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/e5a253-19cf-4ce8-9c5c-56c6d551a932/1/m7Cz1q1hBVHLymPsLoAJCj8yNxo.roa
File:                     m7Cz1q1hBVHLymPsLoAJCj8yNxo.roa (raw, json)
Hash identifier:          RURXhmGgVcAgWvDqa57698v6CHjQNGGTZ9jdyp0/XBQ=
Subject key identifier:   9B:B0:B3:D6:AD:61:05:51:CB:CA:63:EC:2E:80:09:0A:3F:32:37:1A
Certificate issuer:       /CN=db8a0a3d6a44a58304e1b1dbf62e5d7a16b3887a
Certificate serial:       018CC348A4D5B91D79858C38E7D47B84C841
Authority key identifier: DB:8A:0A:3D:6A:44:A5:83:04:E1:B1:DB:F6:2E:5D:7A:16:B3:88:7A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/24oKPWpEpYME4bHb9i5dehaziHo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/e5a253-19cf-4ce8-9c5c-56c6d551a932/1/m7Cz1q1hBVHLymPsLoAJCj8yNxo.roa
Signing time:             Mon 01 Jan 2024 04:29:27 +0000
ROA not before:           Mon 01 Jan 2024 04:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43185
IP address blocks:        77.95.208.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/e5a253-19cf-4ce8-9c5c-56c6d551a932/1/24oKPWpEpYME4bHb9i5dehaziHo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/e5a253-19cf-4ce8-9c5c-56c6d551a932/1/24oKPWpEpYME4bHb9i5dehaziHo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/24oKPWpEpYME4bHb9i5dehaziHo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:a4:d5:b9:1d:79:85:8c:38:e7:d4:7b:84:c8:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=db8a0a3d6a44a58304e1b1dbf62e5d7a16b3887a
        Validity
            Not Before: Jan  1 04:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9bb0b3d6ad610551cbca63ec2e80090a3f32371a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:a6:2a:45:c1:b4:78:1b:23:68:af:da:24:5b:
                    20:ce:da:55:8d:f1:47:5c:75:d7:0f:33:90:61:00:
                    70:da:f8:fa:61:3f:f3:c2:6b:90:60:f9:b7:b7:8a:
                    c2:ad:fe:87:f1:b7:ca:2b:e3:c4:1e:05:19:d8:7c:
                    92:98:a2:9f:82:2a:fb:d9:16:3c:b6:98:c7:02:6e:
                    df:7f:ea:b6:67:8b:53:5c:a6:21:2c:83:88:cb:e9:
                    59:7d:8b:81:22:ec:30:53:3c:b7:91:a0:f8:a5:ef:
                    00:09:34:f5:5e:94:93:a0:67:90:6f:a5:86:00:6e:
                    95:22:3b:53:10:2c:c6:39:0c:1d:b1:33:a5:71:e3:
                    21:f8:ae:c1:96:fa:0b:3d:ae:48:f9:82:00:8b:5b:
                    91:28:8d:2b:a6:c3:ba:6b:c9:fd:6e:c6:d1:d0:d2:
                    2e:94:01:c8:cc:db:61:36:82:3d:33:f7:29:10:66:
                    99:93:4f:93:68:58:d6:68:c3:8a:f5:a8:29:2c:26:
                    e0:ec:93:7e:b6:d3:0f:f2:1b:19:8b:b3:fb:08:27:
                    3f:c3:be:77:b9:ce:39:28:d7:7c:5f:3d:0f:3d:92:
                    52:ed:e6:5f:1d:45:78:85:9e:e7:86:10:a1:8b:74:
                    10:09:33:49:a2:ee:45:45:92:13:78:6a:77:f6:19:
                    23:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:B0:B3:D6:AD:61:05:51:CB:CA:63:EC:2E:80:09:0A:3F:32:37:1A
            X509v3 Authority Key Identifier:
                keyid:DB:8A:0A:3D:6A:44:A5:83:04:E1:B1:DB:F6:2E:5D:7A:16:B3:88:7A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/24oKPWpEpYME4bHb9i5dehaziHo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/e5a253-19cf-4ce8-9c5c-56c6d551a932/1/m7Cz1q1hBVHLymPsLoAJCj8yNxo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/e5a253-19cf-4ce8-9c5c-56c6d551a932/1/24oKPWpEpYME4bHb9i5dehaziHo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.95.208.0/21

    Signature Algorithm: sha256WithRSAEncryption
         4c:48:fc:34:81:01:a1:68:c4:72:16:d6:61:d1:95:e6:68:68:
         b7:8b:a4:41:da:80:7b:bf:f5:8e:76:2e:f5:9c:79:53:9c:1d:
         8a:d6:13:af:94:97:8e:a9:74:cd:d9:71:6c:32:42:2b:9f:cf:
         2f:ca:85:c7:35:22:f5:7a:0c:9a:7f:11:6d:5f:8c:a2:cc:80:
         78:9c:d9:20:17:66:33:77:3a:65:ee:33:ac:0e:d4:62:f4:6e:
         82:ea:18:28:39:6f:22:68:af:df:60:f4:70:23:b6:6b:fe:1b:
         3f:be:1d:6d:d9:ad:1d:f3:29:39:9e:ad:b9:83:c5:fd:0b:1f:
         44:c2:61:45:09:bc:a5:05:a2:df:5a:38:3b:65:83:5b:61:0b:
         80:5c:a6:e3:86:56:27:4d:61:b5:3f:88:bc:f9:da:1f:37:78:
         b5:fc:8c:17:1b:cc:2c:a7:99:f0:3d:fe:01:46:70:b7:0e:bf:
         17:00:20:65:bd:15:e1:8f:a7:58:6c:d6:29:60:98:d9:1e:c7:
         1b:c2:0d:01:b9:cc:c2:31:a9:9e:33:92:66:7f:29:a2:97:c4:
         6c:ae:5a:a7:96:b1:28:15:7a:96:32:ff:14:54:41:2a:d2:3f:
         2b:82:09:02:03:b3:19:dd:a6:9a:94:05:bd:fa:d9:fa:9c:d0:
         7b:46:e9:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSKTVuR15hYw459R7hMhBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiOGEwYTNkNmE0NGE1ODMwNGUxYjFkYmY2MmU1ZDdhMTZi
Mzg4N2EwHhcNMjQwMTAxMDQyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YmIwYjNkNmFkNjEwNTUxY2JjYTYzZWMyZTgwMDkwYTNmMzIzNzFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk6YqRcG0eBsjaK/aJFsgztpVjfFH
XHXXDzOQYQBw2vj6YT/zwmuQYPm3t4rCrf6H8bfKK+PEHgUZ2HySmKKfgir72RY8
tpjHAm7ff+q2Z4tTXKYhLIOIy+lZfYuBIuwwUzy3kaD4pe8ACTT1XpSToGeQb6WG
AG6VIjtTECzGOQwdsTOlceMh+K7BlvoLPa5I+YIAi1uRKI0rpsO6a8n9bsbR0NIu
lAHIzNthNoI9M/cpEGaZk0+TaFjWaMOK9agpLCbg7JN+ttMP8hsZi7P7CCc/w753
uc45KNd8Xz0PPZJS7eZfHUV4hZ7nhhChi3QQCTNJou5FRZITeGp39hkj+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJuws9atYQVRy8pj7C6ACQo/MjcaMB8GA1UdIwQY
MBaAFNuKCj1qRKWDBOGx2/YuXXoWs4h6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjRvS1BXcEVwWU1FNGJIYjlpNWRlaGF6aUhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9lNWEyNTMtMTljZi00Y2U4LTljNWMt
NTZjNmQ1NTFhOTMyLzEvbTdDejFxMWhCVkhMeW1Qc0xvQUpDajh5TnhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9lNWEyNTMtMTljZi00Y2U4LTljNWMtNTZjNmQ1NTFhOTMy
LzEvMjRvS1BXcEVwWU1FNGJIYjlpNWRlaGF6aUhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDTV/QMA0G
CSqGSIb3DQEBCwUAA4IBAQBMSPw0gQGhaMRyFtZh0ZXmaGi3i6RB2oB7v/WOdi71
nHlTnB2K1hOvlJeOqXTN2XFsMkIrn88vyoXHNSL1egyafxFtX4yizIB4nNkgF2Yz
dzpl7jOsDtRi9G6C6hgoOW8iaK/fYPRwI7Zr/hs/vh1t2a0d8yk5nq25g8X9Cx9E
wmFFCbylBaLfWjg7ZYNbYQuAXKbjhlYnTWG1P4i8+dofN3i1/IwXG8wsp5nwPf4B
RnC3Dr8XACBlvRXhj6dYbNYpYJjZHscbwg0BuczCMameM5Jmfymil8RsrlqnlrEo
FXqWMv8UVEEq0j8rggkCA7MZ3aaalAW9+tn6nNB7Rukz
-----END CERTIFICATE-----