Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/207b40-5fff-4f43-8b82-103b9f327924/1/a56R_9RTmMQijvX9kAXFXdjldxg.roa
File:                     a56R_9RTmMQijvX9kAXFXdjldxg.roa (raw, json)
Hash identifier:          i6uJOhNBcfVibpoqUaUOHSeVZR/CT+/3WISvQLIDp1U=
Subject key identifier:   6B:9E:91:FF:D4:53:98:C4:22:8E:F5:FD:90:05:C5:5D:D8:E5:77:18
Certificate issuer:       /CN=0e1fb63628fe3a11065189bdcf1357fbfc06dade
Certificate serial:       018CC86FF1FE52207ECB2510D6608DA7FAE4
Authority key identifier: 0E:1F:B6:36:28:FE:3A:11:06:51:89:BD:CF:13:57:FB:FC:06:DA:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Dh-2Nij-OhEGUYm9zxNX-_wG2t4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/207b40-5fff-4f43-8b82-103b9f327924/1/a56R_9RTmMQijvX9kAXFXdjldxg.roa
Signing time:             Tue 02 Jan 2024 04:30:28 +0000
ROA not before:           Tue 02 Jan 2024 04:30:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204776
IP address blocks:        77.83.58.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/207b40-5fff-4f43-8b82-103b9f327924/1/Dh-2Nij-OhEGUYm9zxNX-_wG2t4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/207b40-5fff-4f43-8b82-103b9f327924/1/Dh-2Nij-OhEGUYm9zxNX-_wG2t4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Dh-2Nij-OhEGUYm9zxNX-_wG2t4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 06:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:f1:fe:52:20:7e:cb:25:10:d6:60:8d:a7:fa:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e1fb63628fe3a11065189bdcf1357fbfc06dade
        Validity
            Not Before: Jan  2 04:30:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6b9e91ffd45398c4228ef5fd9005c55dd8e57718
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:f1:64:e4:e0:11:89:80:67:93:30:d6:18:b7:
                    ac:12:a5:15:33:52:21:5c:82:da:c0:52:94:82:9c:
                    a8:01:b6:42:5c:0d:99:93:5a:c1:7d:a6:73:30:98:
                    1e:bf:2b:f1:ba:ed:46:51:84:0a:f6:92:c6:7d:48:
                    ed:28:a4:50:da:53:48:00:5d:b8:20:26:9b:de:4d:
                    81:6b:24:2b:f2:8f:9b:17:7a:5b:df:c6:f6:d2:fb:
                    fc:aa:e7:7b:1f:cf:f9:17:57:3f:c5:62:8b:c8:78:
                    e7:68:6e:f7:41:40:de:ec:dc:8e:48:d1:13:85:dd:
                    29:1b:27:61:bf:a8:67:51:6c:41:88:5d:fc:66:8e:
                    64:a3:17:3b:b7:d5:c7:d1:12:ce:b3:55:a4:91:cb:
                    d4:63:bb:e9:b6:fa:46:b8:cb:19:34:d6:7c:c6:0e:
                    40:2e:06:5f:b6:2f:01:25:5f:5d:a2:9f:45:51:ba:
                    b4:7e:fc:fe:71:a7:1d:aa:f7:48:84:9d:66:9e:44:
                    15:e5:22:78:0d:a6:f1:79:69:fd:97:ec:5d:a9:b7:
                    97:fb:dc:40:6a:4a:36:1e:b7:19:49:d9:d5:f3:22:
                    4a:f4:d6:d9:a3:af:de:e2:d5:21:c9:19:43:3e:32:
                    a9:64:6a:a8:fe:fe:97:0f:8c:61:e3:2e:79:db:06:
                    7e:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:9E:91:FF:D4:53:98:C4:22:8E:F5:FD:90:05:C5:5D:D8:E5:77:18
            X509v3 Authority Key Identifier:
                keyid:0E:1F:B6:36:28:FE:3A:11:06:51:89:BD:CF:13:57:FB:FC:06:DA:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Dh-2Nij-OhEGUYm9zxNX-_wG2t4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/207b40-5fff-4f43-8b82-103b9f327924/1/a56R_9RTmMQijvX9kAXFXdjldxg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/207b40-5fff-4f43-8b82-103b9f327924/1/Dh-2Nij-OhEGUYm9zxNX-_wG2t4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.83.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:a2:15:99:58:da:35:db:1d:d9:f7:26:d7:9d:71:95:ef:f8:
         d8:f7:bd:bc:15:35:37:64:01:88:20:88:c3:65:ad:39:eb:c7:
         3d:4f:18:7e:a5:b6:4d:17:56:00:97:41:e3:ba:62:3b:23:e2:
         80:54:17:5c:cb:84:b8:21:c8:f8:68:b0:58:3c:da:d0:65:0a:
         d7:06:c5:43:9d:68:0f:2e:06:cc:e2:fa:9a:2f:b3:e7:c6:da:
         6d:0a:75:fb:c9:84:60:52:bd:03:da:02:bb:5d:bd:98:da:cd:
         4b:01:2b:6e:bd:5c:d3:db:43:06:11:93:3c:9d:79:62:b6:f1:
         87:60:47:cd:ea:97:60:6f:20:83:09:17:b1:a1:95:07:82:02:
         67:b0:26:d2:f6:ea:77:c1:19:a7:e9:c1:02:a7:4f:e0:32:fa:
         dd:12:22:37:85:a8:93:12:12:b6:c0:42:27:f6:42:ea:0e:e9:
         b6:ca:fb:e1:f2:39:72:b7:26:05:8a:dd:90:d4:34:95:ea:a2:
         dc:ee:f6:f6:29:14:7b:16:1a:7e:2d:98:2b:eb:18:7a:c6:e8:
         18:dc:e7:16:fd:ed:76:da:22:03:1b:80:67:f9:2d:ae:ff:db:
         fc:cc:48:ee:57:51:7d:46:74:00:e1:ed:0b:2f:3c:a4:2a:54:
         04:1d:b9:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb/H+UiB+yyUQ1mCNp/rkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlMWZiNjM2MjhmZTNhMTEwNjUxODliZGNmMTM1N2ZiZmMw
NmRhZGUwHhcNMjQwMTAyMDQzMDI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjllOTFmZmQ0NTM5OGM0MjI4ZWY1ZmQ5MDA1YzU1ZGQ4ZTU3NzE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvPFk5OARiYBnkzDWGLesEqUVM1Ih
XILawFKUgpyoAbZCXA2Zk1rBfaZzMJgevyvxuu1GUYQK9pLGfUjtKKRQ2lNIAF24
ICab3k2BayQr8o+bF3pb38b20vv8qud7H8/5F1c/xWKLyHjnaG73QUDe7NyOSNET
hd0pGydhv6hnUWxBiF38Zo5koxc7t9XH0RLOs1WkkcvUY7vptvpGuMsZNNZ8xg5A
LgZfti8BJV9dop9FUbq0fvz+cacdqvdIhJ1mnkQV5SJ4DabxeWn9l+xdqbeX+9xA
ako2HrcZSdnV8yJK9NbZo6/e4tUhyRlDPjKpZGqo/v6XD4xh4y552wZ+gQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGuekf/UU5jEIo71/ZAFxV3Y5XcYMB8GA1UdIwQY
MBaAFA4ftjYo/joRBlGJvc8TV/v8BtreMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGgtMk5pai1PaEVHVVltOXp4TlgtX3dHMnQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi8yMDdiNDAtNWZmZi00ZjQzLThiODIt
MTAzYjlmMzI3OTI0LzEvYTU2Ul85UlRtTVFpanZYOWtBWEZYZGpsZHhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi8yMDdiNDAtNWZmZi00ZjQzLThiODItMTAzYjlmMzI3OTI0
LzEvRGgtMk5pai1PaEVHVVltOXp4TlgtX3dHMnQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVM6MA0G
CSqGSIb3DQEBCwUAA4IBAQBnohWZWNo12x3Z9ybXnXGV7/jY9728FTU3ZAGIIIjD
Za0568c9Txh+pbZNF1YAl0HjumI7I+KAVBdcy4S4Icj4aLBYPNrQZQrXBsVDnWgP
LgbM4vqaL7PnxtptCnX7yYRgUr0D2gK7Xb2Y2s1LAStuvVzT20MGEZM8nXlitvGH
YEfN6pdgbyCDCRexoZUHggJnsCbS9up3wRmn6cECp0/gMvrdEiI3haiTEhK2wEIn
9kLqDum2yvvh8jlytyYFit2Q1DSV6qLc7vb2KRR7Fhp+LZgr6xh6xugY3OcW/e12
2iIDG4Bn+S2u/9v8zEjuV1F9RnQA4e0LLzykKlQEHbkh
-----END CERTIFICATE-----