Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/DmLI3o5EKcGPfGwVYfSu744ZhsM.roa
File:                     DmLI3o5EKcGPfGwVYfSu744ZhsM.roa (raw, json)
Hash identifier:          9/Kh4KsbS4+BJAWX9nLLvWOPpMZ1wB4r6h11WXnRbGg=
Subject key identifier:   0E:62:C8:DE:8E:44:29:C1:8F:7C:6C:15:61:F4:AE:EF:8E:19:86:C3
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       018CC794485A52BA75CBACE5F1831806C26E
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/DmLI3o5EKcGPfGwVYfSu744ZhsM.roa
Signing time:             Tue 02 Jan 2024 00:30:32 +0000
ROA not before:           Tue 02 Jan 2024 00:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     53767
IP address blocks:        77.67.106.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Jun 2024 04:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:48:5a:52:ba:75:cb:ac:e5:f1:83:18:06:c2:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Jan  2 00:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0e62c8de8e4429c18f7c6c1561f4aeef8e1986c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:48:e0:ad:09:89:b5:b7:0f:e1:b7:01:73:41:
                    ca:f0:ca:f4:02:f2:5f:00:1c:72:2c:01:e0:db:f4:
                    e5:65:f8:af:f3:f1:4e:e4:a6:d8:51:51:a6:bf:95:
                    39:29:b6:7a:39:ad:b7:36:e4:1c:c7:1a:c4:f5:69:
                    6d:da:5b:31:a2:b9:04:68:2f:70:28:20:50:20:2a:
                    3a:13:6c:67:1e:bd:f2:42:a8:39:ff:59:b9:1d:0d:
                    04:de:0e:d7:b4:05:2f:e9:30:22:48:7a:a8:2c:03:
                    f4:c5:33:b1:80:b4:8b:d8:fd:5f:0b:c1:0f:74:de:
                    10:e3:e4:ab:eb:42:c0:36:4a:40:d7:4c:a6:00:51:
                    35:42:77:fb:34:99:cd:0b:45:3c:b9:02:82:05:63:
                    3d:0e:b5:d5:59:c9:57:23:37:f6:46:9d:41:fc:40:
                    9a:39:d0:bd:da:d0:61:b4:a5:e6:c4:86:cc:47:54:
                    94:35:b0:f6:05:f6:85:f0:b5:b6:0f:68:72:f1:ba:
                    76:bc:2a:ca:5e:c3:bc:4c:bf:ac:01:f9:70:58:6a:
                    4e:96:a5:5b:8a:28:db:91:75:d5:ba:55:ae:d9:13:
                    b1:38:32:0c:1d:93:ce:1e:c2:e7:21:79:78:6b:4a:
                    42:4d:47:7a:ed:9c:0e:89:81:58:0b:09:d4:bc:33:
                    35:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:62:C8:DE:8E:44:29:C1:8F:7C:6C:15:61:F4:AE:EF:8E:19:86:C3
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/DmLI3o5EKcGPfGwVYfSu744ZhsM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.67.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d7:28:db:d6:38:d5:68:30:c2:47:df:8b:63:ad:98:e1:81:fe:
         65:07:85:6b:92:44:40:a9:10:f6:9c:f6:8d:f4:de:ad:41:76:
         f3:4b:a5:c5:16:29:5d:5d:ed:94:ea:d5:36:4b:01:2b:17:1e:
         07:e2:41:ce:ed:94:d2:76:2d:81:5c:6e:3b:99:25:17:6a:2b:
         64:77:71:29:60:37:eb:fd:7c:57:82:c6:83:18:6c:1d:53:f8:
         e0:90:65:c1:4b:e3:f1:d7:a1:18:17:50:02:ff:58:79:c3:f4:
         dc:87:4c:63:78:6b:2a:25:5f:f8:ea:02:3d:32:3b:23:07:0b:
         0d:3b:cf:50:19:f2:55:28:75:9b:99:00:08:46:67:66:e6:11:
         06:30:f5:ca:5a:b1:f8:1d:d8:3d:dc:02:84:28:0b:cc:5c:10:
         cf:7a:ea:69:fb:fd:8a:6b:21:55:9e:9d:03:24:22:29:73:49:
         bc:9a:13:4f:55:c8:da:7a:f5:48:90:f6:43:4d:8a:98:1c:8c:
         ca:69:30:2d:07:2f:28:e1:7e:0e:81:bc:9e:3d:f8:ff:63:7f:
         67:27:fb:b1:6e:31:e0:13:93:38:5e:31:eb:19:ff:a7:39:e6:
         c9:ad:77:07:b9:c5:88:79:3b:71:94:9c:ec:30:36:57:1b:fe:
         89:54:e8:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlEhaUrp1y6zl8YMYBsJuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjQwMTAyMDAzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTYyYzhkZThlNDQyOWMxOGY3YzZjMTU2MWY0YWVlZjhlMTk4NmMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhUjgrQmJtbcP4bcBc0HK8Mr0AvJf
ABxyLAHg2/TlZfiv8/FO5KbYUVGmv5U5KbZ6Oa23NuQcxxrE9Wlt2lsxorkEaC9w
KCBQICo6E2xnHr3yQqg5/1m5HQ0E3g7XtAUv6TAiSHqoLAP0xTOxgLSL2P1fC8EP
dN4Q4+Sr60LANkpA10ymAFE1Qnf7NJnNC0U8uQKCBWM9DrXVWclXIzf2Rp1B/ECa
OdC92tBhtKXmxIbMR1SUNbD2BfaF8LW2D2hy8bp2vCrKXsO8TL+sAflwWGpOlqVb
iijbkXXVulWu2ROxODIMHZPOHsLnIXl4a0pCTUd67ZwOiYFYCwnUvDM11QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA5iyN6ORCnBj3xsFWH0ru+OGYbDMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvRG1MSTNvNUVLY0dQZkd3VllmU3U3NDRaaHNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATUNqMA0G
CSqGSIb3DQEBCwUAA4IBAQDXKNvWONVoMMJH34tjrZjhgf5lB4VrkkRAqRD2nPaN
9N6tQXbzS6XFFildXe2U6tU2SwErFx4H4kHO7ZTSdi2BXG47mSUXaitkd3EpYDfr
/XxXgsaDGGwdU/jgkGXBS+Px16EYF1AC/1h5w/Tch0xjeGsqJV/46gI9MjsjBwsN
O89QGfJVKHWbmQAIRmdm5hEGMPXKWrH4Hdg93AKEKAvMXBDPeupp+/2KayFVnp0D
JCIpc0m8mhNPVcjaevVIkPZDTYqYHIzKaTAtBy8o4X4OgbyePfj/Y39nJ/uxbjHg
E5M4XjHrGf+nOebJrXcHucWIeTtxlJzsMDZXG/6JVOjQ
-----END CERTIFICATE-----