Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/n6EWPSRAFimqNg5BmC-YHUN-MzI.roa
File:                     n6EWPSRAFimqNg5BmC-YHUN-MzI.roa (raw, json)
Hash identifier:          x37FIHDX8WCzdk1oYAX5Ekcc5ynAPBL8SuipKoI0uB0=
Subject key identifier:   9F:A1:16:3D:24:40:16:29:AA:36:0E:41:98:2F:98:1D:43:7E:33:32
Certificate issuer:       /CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
Certificate serial:       018CC492DAB04544CEA2A9FE80E000AAB6BA
Authority key identifier: 81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/n6EWPSRAFimqNg5BmC-YHUN-MzI.roa
Signing time:             Mon 01 Jan 2024 10:30:07 +0000
ROA not before:           Mon 01 Jan 2024 10:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51431
IP address blocks:        77.237.66.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:da:b0:45:44:ce:a2:a9:fe:80:e0:00:aa:b6:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
        Validity
            Not Before: Jan  1 10:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9fa1163d24401629aa360e41982f981d437e3332
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:ae:30:06:f8:c5:a5:58:67:8b:f4:f8:f4:2f:
                    84:54:7d:39:60:20:d4:34:43:86:b9:6b:79:6f:4a:
                    91:cc:03:e6:11:0e:ed:5b:cf:e6:56:26:80:b8:58:
                    e0:cf:f7:32:7f:fb:f7:f7:c1:88:b8:5a:6e:1d:d9:
                    29:1e:1c:91:e5:ad:88:56:0f:25:36:0b:e9:b2:ae:
                    1b:a8:af:18:8f:bb:79:95:f3:77:e8:79:13:e5:63:
                    ab:5d:3b:2d:a6:0e:4b:b7:c4:d1:a1:35:d3:b4:3f:
                    0e:05:17:f9:14:b2:3d:53:a1:c7:08:0d:34:03:14:
                    c2:d3:15:a9:61:e1:af:12:3a:9d:4f:74:7c:4d:e4:
                    e8:d3:d0:6f:af:29:63:55:ab:16:67:a7:c3:75:8a:
                    e3:68:0e:82:5c:da:ea:ee:be:c9:28:48:ee:e8:29:
                    eb:d7:92:9d:fa:0e:15:e2:0a:7c:08:2c:f8:03:59:
                    48:4a:87:ca:52:22:12:0e:51:e3:ce:38:0c:39:77:
                    ce:37:ca:5c:46:74:be:9e:fa:3f:51:70:05:a8:c2:
                    92:c7:71:52:a3:b8:ce:be:a8:d5:87:5c:30:1c:2d:
                    37:61:03:5c:37:7d:bc:52:40:98:c6:a3:89:04:13:
                    4d:a3:d3:30:e4:2e:f0:b9:f0:2a:4b:f8:2b:90:c1:
                    10:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:A1:16:3D:24:40:16:29:AA:36:0E:41:98:2F:98:1D:43:7E:33:32
            X509v3 Authority Key Identifier:
                keyid:81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/n6EWPSRAFimqNg5BmC-YHUN-MzI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.237.66.0/23

    Signature Algorithm: sha256WithRSAEncryption
         56:bc:b4:d3:35:95:38:50:d0:d3:2d:17:33:e8:ea:b0:22:5f:
         eb:ec:cb:e0:0b:ae:e5:8a:33:3b:f7:7c:2c:dc:02:b3:52:67:
         75:28:82:36:39:3e:a6:9e:19:8b:f6:07:e1:65:f8:95:f2:34:
         65:93:db:40:4e:50:39:32:ad:c0:42:c9:61:bb:cc:a4:eb:77:
         13:14:2e:98:06:7b:02:36:ca:40:01:ac:85:12:cb:09:9c:7d:
         09:0f:70:a5:45:97:83:8d:93:c9:00:2e:f7:a0:4c:23:2f:9f:
         0d:f1:e3:b2:f6:1d:8b:52:36:e9:52:e3:ec:df:b6:09:24:32:
         15:11:ae:79:a3:6f:3d:32:2c:fc:66:eb:e3:44:f2:b8:33:e2:
         80:35:81:73:d6:6d:10:47:f2:f3:b0:66:33:6c:24:25:00:21:
         7d:73:f4:cd:ad:d2:82:95:84:1b:3a:cf:8b:db:df:03:a7:87:
         88:31:73:e4:70:28:28:2c:93:df:e4:3d:5b:6c:55:a2:21:04:
         2f:90:2b:2d:7a:9b:b9:88:e1:96:44:36:68:59:29:18:8b:51:
         1b:27:d4:b5:46:18:5e:6d:6a:88:56:1f:2b:d1:71:5d:66:bc:
         29:ed:72:6b:49:ee:5c:4f:7a:7d:cc:aa:3d:13:b5:b7:da:72:
         57:f6:77:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEktqwRUTOoqn+gOAAqra6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxY2NhOWYxNWUxOTIxOTUzYTYyOGM4YWQyYWM0YmU5Nzdi
NmMzMDMwHhcNMjQwMTAxMTAzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZmExMTYzZDI0NDAxNjI5YWEzNjBlNDE5ODJmOTgxZDQzN2UzMzMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhq4wBvjFpVhni/T49C+EVH05YCDU
NEOGuWt5b0qRzAPmEQ7tW8/mViaAuFjgz/cyf/v398GIuFpuHdkpHhyR5a2IVg8l
Ngvpsq4bqK8Yj7t5lfN36HkT5WOrXTstpg5Lt8TRoTXTtD8OBRf5FLI9U6HHCA00
AxTC0xWpYeGvEjqdT3R8TeTo09BvryljVasWZ6fDdYrjaA6CXNrq7r7JKEju6Cnr
15Kd+g4V4gp8CCz4A1lISofKUiISDlHjzjgMOXfON8pcRnS+nvo/UXAFqMKSx3FS
o7jOvqjVh1wwHC03YQNcN328UkCYxqOJBBNNo9Mw5C7wufAqS/grkMEQPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ+hFj0kQBYpqjYOQZgvmB1DfjMyMB8GA1UdIwQY
MBaAFIHMqfFeGSGVOmKMitKsS+l3tsMDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2N5cDhWNFpJWlU2WW95SzBxeEw2WGUyd3dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8xZWEyYjAtNmI5YS00NGQ3LWEyZTUt
MjIwNmNjMmU2OTFjLzEvbjZFV1BTUkFGaW1xTmc1Qm1DLVlIVU4tTXpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8xZWEyYjAtNmI5YS00NGQ3LWEyZTUtMjIwNmNjMmU2OTFj
LzEvZ2N5cDhWNFpJWlU2WW95SzBxeEw2WGUyd3dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBTe1CMA0G
CSqGSIb3DQEBCwUAA4IBAQBWvLTTNZU4UNDTLRcz6OqwIl/r7MvgC67lijM793ws
3AKzUmd1KII2OT6mnhmL9gfhZfiV8jRlk9tATlA5Mq3AQslhu8yk63cTFC6YBnsC
NspAAayFEssJnH0JD3ClRZeDjZPJAC73oEwjL58N8eOy9h2LUjbpUuPs37YJJDIV
Ea55o289Miz8ZuvjRPK4M+KANYFz1m0QR/LzsGYzbCQlACF9c/TNrdKClYQbOs+L
298Dp4eIMXPkcCgoLJPf5D1bbFWiIQQvkCstepu5iOGWRDZoWSkYi1EbJ9S1Rhhe
bWqIVh8r0XFdZrwp7XJrSe5cT3p9zKo9E7W32nJX9nc/
-----END CERTIFICATE-----