Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/hpjgyNsmNJf-Ig7l4Th01W8hCLs.roa
File:                     hpjgyNsmNJf-Ig7l4Th01W8hCLs.roa (raw, json)
Hash identifier:          xFBYCLPPo2ssKVAPnO8XF577xIyOWoeoCw+6gAzNdAc=
Subject key identifier:   86:98:E0:C8:DB:26:34:97:FE:22:0E:E5:E1:38:74:D5:6F:21:08:BB
Certificate issuer:       /CN=c74c60adeb0cd5768cf756f562b1b5cc5b9c180a
Certificate serial:       018CC3B678B8AFD80B8967E9774B5D7CB626
Authority key identifier: C7:4C:60:AD:EB:0C:D5:76:8C:F7:56:F5:62:B1:B5:CC:5B:9C:18:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/hpjgyNsmNJf-Ig7l4Th01W8hCLs.roa
Signing time:             Mon 01 Jan 2024 06:29:24 +0000
ROA not before:           Mon 01 Jan 2024 06:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211122
IP address blocks:        77.75.227.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 04:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:78:b8:af:d8:0b:89:67:e9:77:4b:5d:7c:b6:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c74c60adeb0cd5768cf756f562b1b5cc5b9c180a
        Validity
            Not Before: Jan  1 06:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8698e0c8db263497fe220ee5e13874d56f2108bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:7d:e9:11:93:2b:66:9e:bd:3c:39:cc:23:5a:
                    a2:13:e9:30:d2:cb:c9:cf:cf:c6:ba:53:4d:f8:a1:
                    63:d3:45:e0:a7:4d:53:bf:1f:5e:8f:17:33:d5:d3:
                    a2:be:5d:e5:49:f8:a6:1b:e0:94:ff:1c:44:7b:6c:
                    05:c9:af:f5:c6:12:ae:b4:63:84:1c:a5:c7:68:b9:
                    2c:9c:12:4c:f7:8b:3e:85:0d:06:2c:b3:79:22:ba:
                    d3:b0:10:94:b2:b9:97:5b:7d:f3:ca:50:00:b7:44:
                    ec:0d:19:7f:29:28:7b:58:16:d6:ba:65:14:87:4e:
                    25:4f:46:cc:e0:a9:7f:c3:d8:24:10:51:5f:14:e7:
                    d9:87:d2:b3:fb:a7:ae:8a:45:1c:b9:87:d5:37:63:
                    b4:6c:48:45:fe:2f:da:e2:63:f3:99:d1:2d:f1:7e:
                    87:5e:6b:8f:bf:33:cd:2b:69:a4:40:20:f4:1e:fe:
                    1b:e1:8b:a9:1d:16:b1:4d:84:db:50:03:a2:ab:91:
                    2f:78:fb:6c:19:88:86:d2:cf:04:02:59:fb:42:08:
                    6d:89:3d:9d:6a:63:7c:12:25:ee:95:f0:5a:e9:17:
                    15:4f:fe:d4:e6:23:80:36:e6:44:1b:ed:4a:bd:1c:
                    29:63:2f:40:51:35:36:2c:21:3a:a2:bd:3f:c6:69:
                    87:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:98:E0:C8:DB:26:34:97:FE:22:0E:E5:E1:38:74:D5:6F:21:08:BB
            X509v3 Authority Key Identifier:
                keyid:C7:4C:60:AD:EB:0C:D5:76:8C:F7:56:F5:62:B1:B5:CC:5B:9C:18:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/hpjgyNsmNJf-Ig7l4Th01W8hCLs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.75.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:7d:c8:52:e2:a5:13:aa:95:0a:36:6f:ba:88:a3:07:f3:ff:
         91:a8:8c:18:0b:8c:20:04:bc:a5:36:cb:1c:fa:d7:ef:6b:e6:
         17:62:9e:00:ca:6c:a7:d0:51:3f:8e:cc:59:61:b2:c0:a0:49:
         d2:ca:fd:65:fd:3a:fb:b7:c8:c8:da:10:2a:f5:aa:2a:68:7f:
         f1:7a:aa:f1:cd:cc:2d:b3:7c:0b:1f:08:77:7e:e0:1f:11:8b:
         24:63:64:55:26:c7:b9:ed:d0:79:1a:79:25:6b:ec:79:c5:aa:
         cd:0f:61:59:18:ec:1f:73:7a:12:e4:0b:6d:c8:54:2d:52:10:
         4d:c2:ec:a3:9b:e2:0a:5a:7a:7e:d0:ef:db:8f:fe:61:35:43:
         ea:58:e0:68:69:20:94:81:96:2e:73:95:ca:0a:44:23:0e:16:
         62:6e:89:b1:c7:5c:39:e3:45:ec:c1:aa:bc:61:cc:2f:34:58:
         2c:62:11:8a:71:13:17:82:f3:28:6f:92:ff:e7:7a:de:9e:49:
         37:e8:0b:ac:fe:df:9f:83:9c:e4:98:93:a9:f5:bb:fc:b5:66:
         63:96:f4:27:17:a2:60:72:0c:be:67:d5:fa:3b:88:80:99:f2:
         06:24:8e:de:c3:ce:f7:ba:3d:85:dd:93:76:48:66:11:07:6a:
         13:9d:0c:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtni4r9gLiWfpd0tdfLYmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3NGM2MGFkZWIwY2Q1NzY4Y2Y3NTZmNTYyYjFiNWNjNWI5
YzE4MGEwHhcNMjQwMTAxMDYyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Njk4ZTBjOGRiMjYzNDk3ZmUyMjBlZTVlMTM4NzRkNTZmMjEwOGJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArX3pEZMrZp69PDnMI1qiE+kw0svJ
z8/GulNN+KFj00Xgp01Tvx9ejxcz1dOivl3lSfimG+CU/xxEe2wFya/1xhKutGOE
HKXHaLksnBJM94s+hQ0GLLN5IrrTsBCUsrmXW33zylAAt0TsDRl/KSh7WBbWumUU
h04lT0bM4Kl/w9gkEFFfFOfZh9Kz+6euikUcuYfVN2O0bEhF/i/a4mPzmdEt8X6H
XmuPvzPNK2mkQCD0Hv4b4YupHRaxTYTbUAOiq5EvePtsGYiG0s8EAln7QghtiT2d
amN8EiXulfBa6RcVT/7U5iOANuZEG+1KvRwpYy9AUTU2LCE6or0/xmmHnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIaY4MjbJjSX/iIO5eE4dNVvIQi7MB8GA1UdIwQY
MBaAFMdMYK3rDNV2jPdW9WKxtcxbnBgKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDB4Z3Jlc00xWGFNOTFiMVlyRzF6RnVjR0FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi9hZGI2NWMtZjZmNy00NDk1LWJhMjMt
ODg1ZTg0ZTc1MTJlLzEvaHBqZ3lOc21OSmYtSWc3bDRUaDAxVzhoQ0xzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi9hZGI2NWMtZjZmNy00NDk1LWJhMjMtODg1ZTg0ZTc1MTJl
LzEveDB4Z3Jlc00xWGFNOTFiMVlyRzF6RnVjR0FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATUvjMA0G
CSqGSIb3DQEBCwUAA4IBAQBEfchS4qUTqpUKNm+6iKMH8/+RqIwYC4wgBLylNssc
+tfva+YXYp4Aymyn0FE/jsxZYbLAoEnSyv1l/Tr7t8jI2hAq9aoqaH/xeqrxzcwt
s3wLHwh3fuAfEYskY2RVJse57dB5Gnkla+x5xarND2FZGOwfc3oS5AttyFQtUhBN
wuyjm+IKWnp+0O/bj/5hNUPqWOBoaSCUgZYuc5XKCkQjDhZibomxx1w540Xswaq8
YcwvNFgsYhGKcRMXgvMob5L/53renkk36Aus/t+fg5zkmJOp9bv8tWZjlvQnF6Jg
cgy+Z9X6O4iAmfIGJI7ew873uj2F3ZN2SGYRB2oTnQyZ
-----END CERTIFICATE-----