Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/367d39-8be4-4ecb-9bb6-ffd91b425a00/1/O2px1aU6bIAARpFepBVuBuziiJg.roa
File:                     O2px1aU6bIAARpFepBVuBuziiJg.roa (raw, json)
Hash identifier:          YWn9Xv+EiDSxX317xosj76y38TuR6qoVCsWMWeoaRA8=
Subject key identifier:   3B:6A:71:D5:A5:3A:6C:80:00:46:91:5E:A4:15:6E:06:EC:E2:88:98
Certificate issuer:       /CN=6c1b77bc4edd8a4b8374476a7347719b676b755e
Certificate serial:       0194266BB4A330B426FD0929009C41A7ECAC
Authority key identifier: 6C:1B:77:BC:4E:DD:8A:4B:83:74:47:6A:73:47:71:9B:67:6B:75:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bBt3vE7dikuDdEdqc0dxm2drdV4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/367d39-8be4-4ecb-9bb6-ffd91b425a00/1/O2px1aU6bIAARpFepBVuBuziiJg.roa
Signing time:             Thu 02 Jan 2025 09:49:40 +0000
ROA not before:           Thu 02 Jan 2025 09:49:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29802
IP address blocks:        77.83.103.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/367d39-8be4-4ecb-9bb6-ffd91b425a00/1/bBt3vE7dikuDdEdqc0dxm2drdV4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/367d39-8be4-4ecb-9bb6-ffd91b425a00/1/bBt3vE7dikuDdEdqc0dxm2drdV4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bBt3vE7dikuDdEdqc0dxm2drdV4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:b4:a3:30:b4:26:fd:09:29:00:9c:41:a7:ec:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c1b77bc4edd8a4b8374476a7347719b676b755e
        Validity
            Not Before: Jan  2 09:49:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3b6a71d5a53a6c800046915ea4156e06ece28898
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:b8:cb:bd:a8:9e:80:2c:47:78:d6:a7:cd:f8:
                    27:cf:ae:df:88:da:f7:97:5a:c9:13:39:6d:cd:34:
                    fc:2c:63:60:b4:e0:40:50:e1:18:02:f0:00:83:1c:
                    a4:5c:d3:9b:0b:11:f0:89:a0:7d:df:0e:ba:d5:a4:
                    73:5b:86:9d:22:2d:4f:6a:02:45:bb:36:0f:d7:b4:
                    cc:d2:8d:da:bf:6e:93:00:16:da:c3:19:70:48:e1:
                    a4:09:dd:83:d6:38:57:03:29:98:56:33:62:c4:1f:
                    fd:6b:9a:b0:fa:bc:1d:5f:d9:00:37:84:e7:e4:ed:
                    7b:59:0f:bd:67:2c:4b:47:1b:56:31:52:78:86:5f:
                    01:07:16:ac:f1:1e:44:96:9c:6e:a2:1c:c6:61:fa:
                    46:7a:28:fa:e3:b4:43:d9:d2:e7:b1:05:fc:95:51:
                    51:52:54:c0:e2:c0:49:40:d6:00:df:bc:de:41:30:
                    86:ed:b5:39:fb:c4:4b:5b:dc:e1:9a:ad:2d:51:dd:
                    b0:ac:71:33:02:9e:05:3d:7d:da:12:fb:19:68:b6:
                    ba:5a:f8:d9:2a:4a:9d:7d:02:da:ef:11:62:b8:ed:
                    25:b4:2b:13:e0:9a:ec:1b:be:fb:71:76:1e:0b:82:
                    ea:9d:35:7e:7c:9e:b3:95:ff:a0:ad:b8:82:9d:86:
                    9f:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:6A:71:D5:A5:3A:6C:80:00:46:91:5E:A4:15:6E:06:EC:E2:88:98
            X509v3 Authority Key Identifier:
                keyid:6C:1B:77:BC:4E:DD:8A:4B:83:74:47:6A:73:47:71:9B:67:6B:75:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bBt3vE7dikuDdEdqc0dxm2drdV4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/367d39-8be4-4ecb-9bb6-ffd91b425a00/1/O2px1aU6bIAARpFepBVuBuziiJg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/367d39-8be4-4ecb-9bb6-ffd91b425a00/1/bBt3vE7dikuDdEdqc0dxm2drdV4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.83.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:d1:d1:ae:23:b3:d3:40:fa:40:b0:6f:ce:8e:ad:97:67:74:
         13:3b:04:65:1c:3f:da:2e:5b:a1:22:68:2c:c1:48:9b:e1:30:
         ec:ce:c1:7d:16:db:1f:f6:7c:b0:69:76:87:67:bc:65:b4:00:
         11:87:cc:2b:56:a9:84:49:75:dd:96:37:36:3c:7c:4a:41:92:
         91:23:79:d3:7b:29:4a:92:0f:ce:5d:74:ef:81:f9:02:4f:31:
         fa:c2:3a:ef:4b:6c:60:9e:e4:76:ee:e9:2b:e1:42:41:03:57:
         8d:95:f4:90:03:17:e8:94:a6:32:d6:dc:f5:2e:20:58:fd:eb:
         53:e6:3a:70:01:c3:c5:98:32:00:c7:00:5d:70:5e:89:a3:ab:
         a6:0a:43:75:7c:fe:14:78:03:74:34:06:cb:4b:e0:f0:62:20:
         89:f6:a6:66:9a:02:03:cf:28:39:71:5e:24:ee:a8:29:0a:b8:
         21:fc:7a:69:5e:b2:4e:22:1b:1d:34:8c:bb:4e:19:ba:d3:08:
         26:12:ae:89:e0:c5:bf:62:4b:d9:af:45:9b:c7:dc:9e:5d:b6:
         6b:e8:b9:d0:b7:34:fa:e2:27:23:3c:09:3f:e2:70:55:d3:f9:
         2b:29:d8:7c:d3:ea:2b:84:b3:17:51:71:98:19:ee:87:68:45:
         0c:99:d7:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma7SjMLQm/QkpAJxBp+ysMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjMWI3N2JjNGVkZDhhNGI4Mzc0NDc2YTczNDc3MTliNjc2
Yjc1NWUwHhcNMjUwMTAyMDk0OTQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjZhNzFkNWE1M2E2YzgwMDA0NjkxNWVhNDE1NmUwNmVjZTI4ODk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt7jLvaiegCxHeNanzfgnz67fiNr3
l1rJEzltzTT8LGNgtOBAUOEYAvAAgxykXNObCxHwiaB93w661aRzW4adIi1PagJF
uzYP17TM0o3av26TABbawxlwSOGkCd2D1jhXAymYVjNixB/9a5qw+rwdX9kAN4Tn
5O17WQ+9ZyxLRxtWMVJ4hl8BBxas8R5ElpxuohzGYfpGeij647RD2dLnsQX8lVFR
UlTA4sBJQNYA37zeQTCG7bU5+8RLW9zhmq0tUd2wrHEzAp4FPX3aEvsZaLa6WvjZ
KkqdfQLa7xFiuO0ltCsT4JrsG777cXYeC4LqnTV+fJ6zlf+grbiCnYaf/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDtqcdWlOmyAAEaRXqQVbgbs4oiYMB8GA1UdIwQY
MBaAFGwbd7xO3YpLg3RHanNHcZtna3VeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYkJ0M3ZFN2Rpa3VEZEVkcWMwZHhtMmRyZFY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8zNjdkMzktOGJlNC00ZWNiLTliYjYt
ZmZkOTFiNDI1YTAwLzEvTzJweDFhVTZiSUFBUnBGZXBCVnVCdXppaUpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8zNjdkMzktOGJlNC00ZWNiLTliYjYtZmZkOTFiNDI1YTAw
LzEvYkJ0M3ZFN2Rpa3VEZEVkcWMwZHhtMmRyZFY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVNnMA0G
CSqGSIb3DQEBCwUAA4IBAQBr0dGuI7PTQPpAsG/Ojq2XZ3QTOwRlHD/aLluhImgs
wUib4TDszsF9Ftsf9nywaXaHZ7xltAARh8wrVqmESXXdljc2PHxKQZKRI3nTeylK
kg/OXXTvgfkCTzH6wjrvS2xgnuR27ukr4UJBA1eNlfSQAxfolKYy1tz1LiBY/etT
5jpwAcPFmDIAxwBdcF6Jo6umCkN1fP4UeAN0NAbLS+DwYiCJ9qZmmgIDzyg5cV4k
7qgpCrgh/HppXrJOIhsdNIy7Thm60wgmEq6J4MW/YkvZr0Wbx9yeXbZr6LnQtzT6
4icjPAk/4nBV0/krKdh80+orhLMXUXGYGe6HaEUMmdcU
-----END CERTIFICATE-----