Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/9lfJZmZ4WrNqWZ0C_GNItXyCwWg.roa
File:                     9lfJZmZ4WrNqWZ0C_GNItXyCwWg.roa (raw, json)
Hash identifier:          hhTGC58jLwt1EeNK00GvauOz2UBvNyRZyT79pcnIUAs=
Subject key identifier:   F6:57:C9:66:66:78:5A:B3:6A:59:9D:02:FC:63:48:B5:7C:82:C1:68
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       0194228D9465BB2E714EA21103857B747511
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/9lfJZmZ4WrNqWZ0C_GNItXyCwWg.roa
Signing time:             Wed 01 Jan 2025 15:48:11 +0000
ROA not before:           Wed 01 Jan 2025 15:48:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     26476
IP address blocks:        77.67.38.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:94:65:bb:2e:71:4e:a2:11:03:85:7b:74:75:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Jan  1 15:48:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f657c96666785ab36a599d02fc6348b57c82c168
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:d7:b8:54:b2:9e:cf:19:c2:ad:91:bf:93:05:
                    7a:3d:fc:cb:9c:47:98:28:25:34:b0:3f:70:06:91:
                    2d:66:42:c3:e0:28:c2:5a:b9:33:69:84:ab:58:ed:
                    8e:37:7a:d8:1d:77:0a:f5:c0:4f:e5:55:02:c5:ec:
                    2b:40:b5:98:0f:be:30:04:51:3d:eb:59:59:7d:ba:
                    59:22:af:19:63:ae:b6:31:04:00:ea:5b:99:d4:a7:
                    02:36:3a:7a:ed:6e:12:ac:66:cf:7f:5b:95:1c:62:
                    ea:09:5b:87:36:95:17:4a:f8:9c:10:e9:cc:07:d5:
                    c6:6f:e3:83:5f:6b:df:15:41:35:02:87:a2:b8:bb:
                    4d:1b:a2:0a:1f:bb:94:30:a6:90:64:7c:14:c7:59:
                    60:8c:c6:04:69:d7:e0:12:97:e2:d4:46:ea:73:0b:
                    1d:7f:2b:59:bd:d2:fa:de:0a:b2:1d:8a:e5:bd:1a:
                    02:d3:08:be:a4:f4:25:c9:61:a4:bf:2a:72:6e:c7:
                    5f:54:2b:62:a0:e0:bf:ea:2d:d3:76:94:73:e1:28:
                    e8:51:e5:7b:2f:41:a9:41:81:89:16:e2:ac:3c:98:
                    bd:44:e3:c9:32:1c:bc:4b:0a:96:d4:5a:74:da:ac:
                    a5:ef:2f:1a:96:61:1f:2f:d4:8e:a8:c9:70:1f:47:
                    76:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:57:C9:66:66:78:5A:B3:6A:59:9D:02:FC:63:48:B5:7C:82:C1:68
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/9lfJZmZ4WrNqWZ0C_GNItXyCwWg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.67.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c7:8d:68:da:cf:43:e7:44:bf:e4:cd:9a:f7:bb:82:af:13:08:
         3a:bc:17:f0:3e:fc:d8:c2:e8:d5:d6:d9:2a:c4:32:fd:4d:e7:
         6c:f8:c2:5b:00:4e:6f:c7:d7:ef:c9:ab:3a:bd:5d:f4:18:e3:
         9b:05:dc:91:c3:81:1b:f9:ac:01:d0:96:b9:04:0a:3b:dc:9a:
         2e:08:a9:14:4e:e5:ef:15:ce:03:53:23:ab:f2:47:de:ad:d0:
         99:07:0b:e6:a4:94:f5:86:a8:fc:e0:bc:09:1b:97:e3:63:68:
         d1:23:f9:32:3c:39:0e:40:f8:0c:9d:e4:a6:6e:03:93:35:46:
         2d:5f:15:9b:5e:40:06:69:26:81:73:fa:e7:21:8d:c6:67:57:
         49:63:a4:4c:84:21:aa:1b:5e:ff:4a:a3:de:72:8e:4c:8d:ec:
         e9:06:e0:e0:64:73:10:18:56:59:6e:d7:b0:58:5c:3b:71:3e:
         06:53:50:a8:02:61:96:f1:4c:50:4f:b1:55:40:00:e5:fb:a1:
         61:30:25:ff:b0:3f:6b:35:24:2e:47:2d:1a:31:f8:ad:51:a1:
         0c:8e:40:12:3a:a2:f9:d6:aa:0f:51:44:66:56:fa:d3:23:9f:
         92:dd:a2:fe:55:4b:1e:c0:57:53:5e:59:e6:b6:a4:0b:96:5c:
         72:79:fe:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijZRluy5xTqIRA4V7dHURMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjUwMTAxMTU0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjU3Yzk2NjY2Nzg1YWIzNmE1OTlkMDJmYzYzNDhiNTdjODJjMTY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnNe4VLKezxnCrZG/kwV6PfzLnEeY
KCU0sD9wBpEtZkLD4CjCWrkzaYSrWO2ON3rYHXcK9cBP5VUCxewrQLWYD74wBFE9
61lZfbpZIq8ZY662MQQA6luZ1KcCNjp67W4SrGbPf1uVHGLqCVuHNpUXSvicEOnM
B9XGb+ODX2vfFUE1AoeiuLtNG6IKH7uUMKaQZHwUx1lgjMYEadfgEpfi1Ebqcwsd
fytZvdL63gqyHYrlvRoC0wi+pPQlyWGkvypybsdfVCtioOC/6i3TdpRz4SjoUeV7
L0GpQYGJFuKsPJi9ROPJMhy8SwqW1Fp02qyl7y8almEfL9SOqMlwH0d26QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPZXyWZmeFqzalmdAvxjSLV8gsFoMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvOWxmSlptWjRXck5xV1owQ19HTkl0WHlDd1dnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATUMmMA0G
CSqGSIb3DQEBCwUAA4IBAQDHjWjaz0PnRL/kzZr3u4KvEwg6vBfwPvzYwujV1tkq
xDL9Teds+MJbAE5vx9fvyas6vV30GOObBdyRw4Eb+awB0Ja5BAo73JouCKkUTuXv
Fc4DUyOr8kferdCZBwvmpJT1hqj84LwJG5fjY2jRI/kyPDkOQPgMneSmbgOTNUYt
XxWbXkAGaSaBc/rnIY3GZ1dJY6RMhCGqG17/SqPeco5MjezpBuDgZHMQGFZZbtew
WFw7cT4GU1CoAmGW8UxQT7FVQADl+6FhMCX/sD9rNSQuRy0aMfitUaEMjkASOqL5
1qoPUURmVvrTI5+S3aL+VUsewFdTXlnmtqQLllxyef5i
-----END CERTIFICATE-----