Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/gIlo4vPfA-Asqm6bEqwCB86sKZw.roa
File:                     gIlo4vPfA-Asqm6bEqwCB86sKZw.roa (raw, json)
Hash identifier:          mlBG0jrpcRSdb5T2GyUhX9gWpQsliliCeTcNKQRGY5g=
Subject key identifier:   80:89:68:E2:F3:DF:03:E0:2C:AA:6E:9B:12:AC:02:07:CE:AC:29:9C
Certificate issuer:       /CN=352ae33b11b36a319ba81347d852480d8e74c87d
Certificate serial:       0194266B86539B792EF3F0FCA49F4491E1B6
Authority key identifier: 35:2A:E3:3B:11:B3:6A:31:9B:A8:13:47:D8:52:48:0D:8E:74:C8:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NSrjOxGzajGbqBNH2FJIDY50yH0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/gIlo4vPfA-Asqm6bEqwCB86sKZw.roa
Signing time:             Thu 02 Jan 2025 09:49:28 +0000
ROA not before:           Thu 02 Jan 2025 09:49:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205191
IP address blocks:        77.224.68.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/NSrjOxGzajGbqBNH2FJIDY50yH0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/NSrjOxGzajGbqBNH2FJIDY50yH0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NSrjOxGzajGbqBNH2FJIDY50yH0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:86:53:9b:79:2e:f3:f0:fc:a4:9f:44:91:e1:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=352ae33b11b36a319ba81347d852480d8e74c87d
        Validity
            Not Before: Jan  2 09:49:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=808968e2f3df03e02caa6e9b12ac0207ceac299c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:a6:c7:04:23:8b:e2:00:90:46:0f:94:e5:4a:
                    dd:11:0a:bd:54:2d:c4:51:28:41:12:fc:74:c1:5d:
                    b0:a2:22:45:1b:33:7c:c9:73:dc:cb:7e:12:ed:a4:
                    0d:c6:61:62:f4:4e:21:71:61:81:26:92:64:c9:84:
                    38:64:7b:49:fb:ac:2e:b7:a1:2f:1a:87:29:93:fb:
                    52:6f:3b:08:96:e0:19:0c:05:0e:3b:a0:c2:34:84:
                    bd:1f:36:6c:91:34:8a:8c:a6:77:d0:11:6f:36:84:
                    ce:66:be:94:ff:67:b2:70:9e:e5:40:68:3f:88:69:
                    a8:8a:7e:3e:56:3c:b4:2a:5c:72:f5:cd:21:77:ee:
                    7f:25:3d:df:8e:94:07:30:d5:d6:23:c6:a7:6b:14:
                    ec:4b:f7:a9:29:c5:d2:aa:35:ca:e2:5a:10:53:2f:
                    6b:8d:c0:d8:3e:6a:36:0c:f6:d7:04:db:50:6e:57:
                    ef:d8:5a:23:76:f5:25:f4:ca:e9:b9:c2:93:e1:24:
                    19:04:88:8e:89:67:01:f1:dc:f0:fc:02:73:16:f0:
                    4e:74:df:a0:70:b3:88:6f:39:33:4f:75:2b:e4:61:
                    85:74:53:3f:a3:4b:56:36:c2:11:9e:75:8f:e5:2e:
                    d2:76:1a:54:fd:d2:f4:12:39:1d:04:49:2d:cd:b0:
                    41:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:89:68:E2:F3:DF:03:E0:2C:AA:6E:9B:12:AC:02:07:CE:AC:29:9C
            X509v3 Authority Key Identifier:
                keyid:35:2A:E3:3B:11:B3:6A:31:9B:A8:13:47:D8:52:48:0D:8E:74:C8:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NSrjOxGzajGbqBNH2FJIDY50yH0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/gIlo4vPfA-Asqm6bEqwCB86sKZw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/NSrjOxGzajGbqBNH2FJIDY50yH0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.224.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:7d:a5:51:a8:ff:3b:50:3a:66:d0:b4:08:d3:4c:00:a3:41:
         e5:49:47:85:e6:1b:4e:7d:05:11:10:5b:4b:c5:f8:69:6c:1e:
         1c:fd:c8:0c:89:2f:cc:1d:e9:b2:7c:44:96:41:d4:fb:77:b5:
         bc:2c:60:5b:ea:75:5f:52:94:28:4b:46:bf:7b:d1:0f:88:89:
         30:a2:b4:b5:1a:62:43:5e:e6:40:8e:04:39:62:3b:45:e3:0e:
         8e:aa:60:f5:49:83:71:5e:9a:81:84:da:ba:83:84:ad:06:76:
         dd:cc:0b:6a:5a:5d:da:9b:56:84:95:9e:40:66:c3:42:2d:46:
         aa:5e:a5:e1:06:d9:ac:9f:d1:d8:88:8f:aa:db:6e:de:be:8d:
         47:e4:fe:57:13:22:dd:d2:fb:ab:8b:00:b1:cf:68:ff:69:41:
         92:94:26:af:eb:9d:09:56:72:bd:ae:c1:86:62:a2:10:79:0d:
         31:c0:c9:6f:92:77:0b:52:a2:50:d8:03:a7:e1:46:89:8a:04:
         73:f7:41:29:c6:22:81:dc:3d:06:72:e9:33:ed:4a:11:a8:6f:
         83:4c:85:5b:a8:ac:05:dd:55:87:91:64:54:38:49:b6:24:73:
         90:e1:59:c6:a1:10:18:a4:7e:6e:86:85:fb:9a:67:67:05:36:
         e0:f2:7a:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma4ZTm3ku8/D8pJ9EkeG2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MmFlMzNiMTFiMzZhMzE5YmE4MTM0N2Q4NTI0ODBkOGU3
NGM4N2QwHhcNMjUwMTAyMDk0OTI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDg5NjhlMmYzZGYwM2UwMmNhYTZlOWIxMmFjMDIwN2NlYWMyOTljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzabHBCOL4gCQRg+U5UrdEQq9VC3E
UShBEvx0wV2woiJFGzN8yXPcy34S7aQNxmFi9E4hcWGBJpJkyYQ4ZHtJ+6wut6Ev
Gocpk/tSbzsIluAZDAUOO6DCNIS9HzZskTSKjKZ30BFvNoTOZr6U/2eycJ7lQGg/
iGmoin4+Vjy0Klxy9c0hd+5/JT3fjpQHMNXWI8anaxTsS/epKcXSqjXK4loQUy9r
jcDYPmo2DPbXBNtQblfv2FojdvUl9MrpucKT4SQZBIiOiWcB8dzw/AJzFvBOdN+g
cLOIbzkzT3Ur5GGFdFM/o0tWNsIRnnWP5S7SdhpU/dL0EjkdBEktzbBBzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFICJaOLz3wPgLKpumxKsAgfOrCmcMB8GA1UdIwQY
MBaAFDUq4zsRs2oxm6gTR9hSSA2OdMh9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlNyak94R3phakdicUJOSDJGSklEWTUweUgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9jNTVhYjAtZWEyMi00YTE5LThiMzMt
MjUwNTBjNTkzYWExLzEvZ0lsbzR2UGZBLUFzcW02YkVxd0NCODZzS1p3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9jNTVhYjAtZWEyMi00YTE5LThiMzMtMjUwNTBjNTkzYWEx
LzEvTlNyak94R3phakdicUJOSDJGSklEWTUweUgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATeBEMA0G
CSqGSIb3DQEBCwUAA4IBAQAmfaVRqP87UDpm0LQI00wAo0HlSUeF5htOfQUREFtL
xfhpbB4c/cgMiS/MHemyfESWQdT7d7W8LGBb6nVfUpQoS0a/e9EPiIkworS1GmJD
XuZAjgQ5YjtF4w6OqmD1SYNxXpqBhNq6g4StBnbdzAtqWl3am1aElZ5AZsNCLUaq
XqXhBtmsn9HYiI+q227evo1H5P5XEyLd0vuriwCxz2j/aUGSlCav650JVnK9rsGG
YqIQeQ0xwMlvkncLUqJQ2AOn4UaJigRz90EpxiKB3D0Gcukz7UoRqG+DTIVbqKwF
3VWHkWRUOEm2JHOQ4VnGoRAYpH5uhoX7mmdnBTbg8noX
-----END CERTIFICATE-----