Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/oNQd_5KUh01JTOmVc3UtdpzMDio.roa
File:                     oNQd_5KUh01JTOmVc3UtdpzMDio.roa (raw, json)
Hash identifier:          eSFfeSnt8xht2Z+/W/Ghl3lIpjVVTNqtJ9FrFyMrbMk=
Subject key identifier:   A0:D4:1D:FF:92:94:87:4D:49:4C:E9:95:73:75:2D:76:9C:CC:0E:2A
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       018CC794471CE91F438AC0CFEBF068669978
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/oNQd_5KUh01JTOmVc3UtdpzMDio.roa
Signing time:             Tue 02 Jan 2024 00:30:32 +0000
ROA not before:           Tue 02 Jan 2024 00:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47874
IP address blocks:        77.77.163.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 11 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:47:1c:e9:1f:43:8a:c0:cf:eb:f0:68:66:99:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Jan  2 00:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a0d41dff9294874d494ce99573752d769ccc0e2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:b3:23:d7:1d:5c:75:c2:2e:35:d5:fb:db:16:
                    c0:7d:f7:7c:fd:29:80:08:26:ef:ba:01:66:b9:01:
                    dc:d4:0b:2e:a0:f2:1f:fc:3c:63:45:64:58:98:a5:
                    08:8b:06:67:7e:40:0a:70:a0:8c:c7:99:89:f9:1e:
                    26:25:55:50:b5:ce:f6:ad:a2:78:20:43:25:a0:98:
                    c4:d0:f3:0d:54:32:32:87:53:a8:c8:b9:58:e3:c4:
                    c9:99:21:b2:2f:f2:de:8c:47:ca:50:18:38:f9:86:
                    66:61:47:9e:53:71:d9:01:87:0f:f8:c6:10:44:4e:
                    d5:c2:e4:66:71:43:d9:c3:5e:84:b4:8e:77:0f:70:
                    c6:14:0e:9b:2f:d8:de:46:c5:cf:f2:e0:cd:32:60:
                    fd:0c:5d:90:a7:50:1a:50:8b:42:62:55:98:d6:61:
                    60:f7:5b:fb:89:fe:a0:44:76:7f:88:e6:ef:81:e5:
                    c9:92:28:40:bd:82:1d:f2:44:08:79:ad:c2:02:a2:
                    79:0f:95:87:e2:03:2c:85:9b:d8:ad:25:ae:c7:e0:
                    fd:fc:24:7a:80:f1:38:e8:0b:de:90:37:49:e5:29:
                    6d:bd:cf:6b:49:a3:4a:d9:90:96:18:db:94:eb:0e:
                    a3:f6:62:0a:22:41:7f:0d:6c:d7:cb:b7:39:e9:2b:
                    7c:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:D4:1D:FF:92:94:87:4D:49:4C:E9:95:73:75:2D:76:9C:CC:0E:2A
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/oNQd_5KUh01JTOmVc3UtdpzMDio.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.77.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:65:a9:b7:49:fd:ee:37:ce:bc:71:46:be:9a:33:27:2e:40:
         d6:d2:15:4d:60:09:f9:be:ac:14:3c:29:f0:6f:73:09:50:36:
         05:07:af:c9:6b:34:2e:4e:38:68:5e:f4:73:69:8c:40:81:e5:
         90:dc:32:9c:97:40:c9:d7:37:39:7f:19:29:82:a6:73:f9:87:
         ef:5c:11:e6:40:a5:c0:8f:51:8e:7a:e3:18:3c:aa:22:83:be:
         0b:2e:c5:ba:0c:64:ba:40:8b:b2:94:da:2c:13:b3:28:4d:6d:
         a9:c3:b8:b3:d0:cf:0a:56:ef:94:64:9f:f1:3a:e2:fe:e6:1a:
         35:67:c1:9b:b5:b7:80:3f:f8:fc:d9:b0:9b:f9:26:04:c6:33:
         cc:e0:40:7a:68:15:55:df:a7:30:b6:98:3e:88:d3:bd:72:e8:
         81:d2:23:5d:44:3c:f2:46:54:eb:87:7a:65:60:61:40:ed:37:
         4d:83:43:4c:17:5c:15:fb:b3:46:3a:0e:79:e7:73:e9:05:1b:
         0f:6d:6d:71:ae:e1:14:32:f4:b3:1d:72:68:1f:03:80:21:7f:
         92:f2:ae:4c:17:7d:7c:47:41:c3:ad:41:9e:fc:d7:4d:e1:e6:
         97:7e:f8:a4:0e:c0:72:47:e0:2d:e1:78:cb:27:9e:b0:ed:81:
         cb:8b:3f:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlEcc6R9DisDP6/BoZpl4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjQwMTAyMDAzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMGQ0MWRmZjkyOTQ4NzRkNDk0Y2U5OTU3Mzc1MmQ3NjljY2MwZTJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjLMj1x1cdcIuNdX72xbAffd8/SmA
CCbvugFmuQHc1AsuoPIf/DxjRWRYmKUIiwZnfkAKcKCMx5mJ+R4mJVVQtc72raJ4
IEMloJjE0PMNVDIyh1OoyLlY48TJmSGyL/LejEfKUBg4+YZmYUeeU3HZAYcP+MYQ
RE7VwuRmcUPZw16EtI53D3DGFA6bL9jeRsXP8uDNMmD9DF2Qp1AaUItCYlWY1mFg
91v7if6gRHZ/iObvgeXJkihAvYId8kQIea3CAqJ5D5WH4gMshZvYrSWux+D9/CR6
gPE46AvekDdJ5Sltvc9rSaNK2ZCWGNuU6w6j9mIKIkF/DWzXy7c56St8dQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKDUHf+SlIdNSUzplXN1LXaczA4qMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvb05RZF81S1VoMDFKVE9tVmMzVXRkcHpNRGlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATU2jMA0G
CSqGSIb3DQEBCwUAA4IBAQANZam3Sf3uN868cUa+mjMnLkDW0hVNYAn5vqwUPCnw
b3MJUDYFB6/JazQuTjhoXvRzaYxAgeWQ3DKcl0DJ1zc5fxkpgqZz+YfvXBHmQKXA
j1GOeuMYPKoig74LLsW6DGS6QIuylNosE7MoTW2pw7iz0M8KVu+UZJ/xOuL+5ho1
Z8GbtbeAP/j82bCb+SYExjPM4EB6aBVV36cwtpg+iNO9cuiB0iNdRDzyRlTrh3pl
YGFA7TdNg0NMF1wV+7NGOg5553PpBRsPbW1xruEUMvSzHXJoHwOAIX+S8q5MF318
R0HDrUGe/NdN4eaXfvikDsByR+At4XjLJ56w7YHLiz/C
-----END CERTIFICATE-----