Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/nuBb2sfAaD2yJJurgNHuDQnozrE.roa
File:                     nuBb2sfAaD2yJJurgNHuDQnozrE.roa (raw, json)
Hash identifier:          55t3QplezcORVrLmWZ+1FmsojfhZHZbmMDowmzqxnQg=
Subject key identifier:   9E:E0:5B:DA:C7:C0:68:3D:B2:24:9B:AB:80:D1:EE:0D:09:E8:CE:B1
Certificate issuer:       /CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
Certificate serial:       018CC492D673C24171826B04BD3A895CB851
Authority key identifier: 81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/nuBb2sfAaD2yJJurgNHuDQnozrE.roa
Signing time:             Mon 01 Jan 2024 10:30:06 +0000
ROA not before:           Mon 01 Jan 2024 10:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48944
IP address blocks:        77.104.108.0/24 maxlen: 24
                          77.104.109.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:d6:73:c2:41:71:82:6b:04:bd:3a:89:5c:b8:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
        Validity
            Not Before: Jan  1 10:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9ee05bdac7c0683db2249bab80d1ee0d09e8ceb1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:9b:cd:f2:4e:4c:e6:0b:aa:bd:e9:94:54:c4:
                    9c:8a:7b:ea:e6:d2:67:f5:3a:e1:dd:30:6a:e8:01:
                    98:a0:60:7e:aa:34:46:fd:47:c7:36:02:e8:db:9e:
                    04:a9:84:73:29:b6:a3:02:af:1a:34:a0:b7:23:57:
                    15:30:34:93:53:8c:91:40:92:7a:18:50:58:f7:12:
                    2a:d6:55:58:35:f3:1e:b0:1f:40:dd:c6:5b:cd:5a:
                    19:29:93:03:3f:cc:08:0f:af:fd:e9:0e:29:5a:a1:
                    7b:09:a3:c8:b4:14:bf:38:2c:36:ac:ec:11:dd:86:
                    98:3e:b8:81:13:e9:93:8b:d5:2f:0f:55:10:6c:11:
                    1b:36:4c:9b:0e:98:dd:44:db:3c:fd:71:7f:bc:59:
                    df:74:90:1c:f6:d1:c5:15:27:f8:36:a8:be:7e:48:
                    f3:ec:94:50:39:ca:cb:56:01:32:87:7f:bf:ef:ed:
                    ea:da:3d:68:e3:84:35:88:79:14:b2:a0:4f:61:3b:
                    09:74:b2:56:41:59:cf:6b:6e:a5:b3:8c:be:7b:fc:
                    42:aa:15:6a:5e:ae:af:98:bb:c7:ff:28:7c:0e:0e:
                    da:d9:bf:b1:6d:7b:9f:25:21:43:e8:1a:1e:21:30:
                    49:35:9d:2c:4a:1f:e7:f3:b3:ca:71:93:f6:39:52:
                    b8:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:E0:5B:DA:C7:C0:68:3D:B2:24:9B:AB:80:D1:EE:0D:09:E8:CE:B1
            X509v3 Authority Key Identifier:
                keyid:81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/nuBb2sfAaD2yJJurgNHuDQnozrE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.104.108.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5b:70:dc:44:f7:de:a4:aa:e1:bc:8a:de:dd:6c:03:d1:fb:2f:
         ce:bc:7f:4d:27:40:ad:1e:61:70:27:69:39:99:d8:7b:40:06:
         d0:79:b3:e4:2f:0e:09:72:86:8c:64:00:3e:13:d1:cc:2c:72:
         e9:59:99:33:c0:2e:e4:e6:2c:b5:1b:8f:69:85:64:44:ec:3b:
         5d:3e:ba:80:fb:81:31:59:6d:c0:d9:76:8d:22:fa:ba:4c:1a:
         54:37:d0:ef:74:1f:8c:88:dd:6c:8e:94:10:e0:23:9c:42:0c:
         d1:f5:7c:29:92:ab:63:fe:0a:b6:80:04:c2:0b:d4:7a:71:b2:
         bc:62:d8:ac:f1:8a:cc:0c:bf:a0:0a:c2:a7:b3:d4:b3:2e:e8:
         e2:6a:35:4c:04:64:86:02:38:27:28:37:dc:50:b0:dd:91:f0:
         c1:38:f6:a8:4a:ba:f3:f9:44:4c:83:76:c8:43:1d:49:e8:f4:
         c8:19:9c:9d:7b:d7:26:b4:4c:a4:66:95:b4:46:b1:91:a4:d9:
         9b:46:0e:53:e2:f2:1b:15:1e:9c:ea:2c:a3:56:b1:f7:0c:6a:
         92:d6:37:cb:92:42:4b:79:ff:0d:1b:01:ba:b5:51:52:ba:e6:
         70:c4:7b:23:bc:8d:0c:80:b5:7b:17:44:af:a0:9e:02:ed:1d:
         56:05:13:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEktZzwkFxgmsEvTqJXLhRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxY2NhOWYxNWUxOTIxOTUzYTYyOGM4YWQyYWM0YmU5Nzdi
NmMzMDMwHhcNMjQwMTAxMTAzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWUwNWJkYWM3YzA2ODNkYjIyNDliYWI4MGQxZWUwZDA5ZThjZWIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkJvN8k5M5guqvemUVMScinvq5tJn
9Trh3TBq6AGYoGB+qjRG/UfHNgLo254EqYRzKbajAq8aNKC3I1cVMDSTU4yRQJJ6
GFBY9xIq1lVYNfMesB9A3cZbzVoZKZMDP8wID6/96Q4pWqF7CaPItBS/OCw2rOwR
3YaYPriBE+mTi9UvD1UQbBEbNkybDpjdRNs8/XF/vFnfdJAc9tHFFSf4Nqi+fkjz
7JRQOcrLVgEyh3+/7+3q2j1o44Q1iHkUsqBPYTsJdLJWQVnPa26ls4y+e/xCqhVq
Xq6vmLvH/yh8Dg7a2b+xbXufJSFD6BoeITBJNZ0sSh/n87PKcZP2OVK4eQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ7gW9rHwGg9siSbq4DR7g0J6M6xMB8GA1UdIwQY
MBaAFIHMqfFeGSGVOmKMitKsS+l3tsMDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2N5cDhWNFpJWlU2WW95SzBxeEw2WGUyd3dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8xZWEyYjAtNmI5YS00NGQ3LWEyZTUt
MjIwNmNjMmU2OTFjLzEvbnVCYjJzZkFhRDJ5Skp1cmdOSHVEUW5venJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8xZWEyYjAtNmI5YS00NGQ3LWEyZTUtMjIwNmNjMmU2OTFj
LzEvZ2N5cDhWNFpJWlU2WW95SzBxeEw2WGUyd3dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBTWhsMA0G
CSqGSIb3DQEBCwUAA4IBAQBbcNxE996kquG8it7dbAPR+y/OvH9NJ0CtHmFwJ2k5
mdh7QAbQebPkLw4JcoaMZAA+E9HMLHLpWZkzwC7k5iy1G49phWRE7DtdPrqA+4Ex
WW3A2XaNIvq6TBpUN9DvdB+MiN1sjpQQ4COcQgzR9Xwpkqtj/gq2gATCC9R6cbK8
Ytis8YrMDL+gCsKns9SzLujiajVMBGSGAjgnKDfcULDdkfDBOPaoSrrz+URMg3bI
Qx1J6PTIGZyde9cmtEykZpW0RrGRpNmbRg5T4vIbFR6c6iyjVrH3DGqS1jfLkkJL
ef8NGwG6tVFSuuZwxHsjvI0MgLV7F0SvoJ4C7R1WBRP/
-----END CERTIFICATE-----