Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/ul0GAOlwqYlP4-EPJiCmRx6maCM.roa
File:                     ul0GAOlwqYlP4-EPJiCmRx6maCM.roa (raw, json)
Hash identifier:          G/LAYmbruJmYHcaX0kpXHw2WoouIu1JXetN3vtNuLW4=
Subject key identifier:   BA:5D:06:00:E9:70:A9:89:4F:E3:E1:0F:26:20:A6:47:1E:A6:68:23
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       0194228D99985A35CE404489011F7BB19DAF
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/ul0GAOlwqYlP4-EPJiCmRx6maCM.roa
Signing time:             Wed 01 Jan 2025 15:48:12 +0000
ROA not before:           Wed 01 Jan 2025 15:48:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     53767
IP address blocks:        77.67.106.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:99:98:5a:35:ce:40:44:89:01:1f:7b:b1:9d:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Jan  1 15:48:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ba5d0600e970a9894fe3e10f2620a6471ea66823
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:cb:68:5a:ba:2f:e2:e1:82:27:84:c6:ca:3a:
                    75:f6:f0:16:c1:23:71:3c:cc:56:3c:19:31:d6:f9:
                    03:5c:d6:5a:91:46:ad:6f:c1:31:3f:df:bb:4c:af:
                    dc:69:c9:77:e2:a8:4b:5b:6e:18:8f:ed:c1:45:5c:
                    c8:8e:f4:89:df:20:e7:6d:67:5c:35:b1:f1:ff:2c:
                    12:94:c6:f7:ce:16:2e:0c:22:5c:0f:65:3d:92:f7:
                    6e:9b:96:b9:65:18:47:5c:1e:9c:31:28:cd:38:80:
                    bc:90:a8:b8:b1:0f:f2:36:56:6a:cb:f1:0a:3b:3a:
                    5b:a7:35:df:72:c3:24:98:c4:ae:a8:79:e5:20:25:
                    c4:dc:63:ed:84:9e:a5:3d:ef:aa:0d:f6:91:64:99:
                    de:71:d7:06:b2:7a:ad:86:4d:6f:41:fc:3d:58:fe:
                    bb:63:33:0e:c5:3e:c7:7d:f4:0c:53:a0:3d:8c:81:
                    b6:17:55:90:2a:7c:9d:8f:d9:d2:ca:86:de:82:a6:
                    c8:aa:51:15:39:07:82:ec:58:61:9e:9d:93:a1:30:
                    c4:16:d1:90:2f:09:52:52:10:08:e6:fc:36:3f:ef:
                    6f:f5:60:d8:4b:98:cb:c4:16:d8:87:a9:9c:2e:c1:
                    7c:8c:a2:59:fb:32:af:9e:a7:93:6d:84:d5:8e:e6:
                    a3:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:5D:06:00:E9:70:A9:89:4F:E3:E1:0F:26:20:A6:47:1E:A6:68:23
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/ul0GAOlwqYlP4-EPJiCmRx6maCM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.67.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:2b:46:bb:d7:3d:70:e8:6c:4a:1b:a9:a6:2b:ee:57:ec:76:
         9b:7c:41:a3:8c:3f:cb:17:7f:75:df:fc:81:54:fa:ed:f9:8e:
         f9:33:b9:a9:aa:f9:29:e7:c8:4b:0a:40:10:0e:7b:eb:44:96:
         4f:91:16:1e:0f:5a:ad:1f:88:31:d6:cd:7d:30:ea:18:d1:db:
         87:7a:03:05:6b:35:45:5d:c6:35:07:3d:65:ab:8d:6e:03:4e:
         38:2e:63:1b:54:47:a7:75:f1:08:30:7f:e1:b7:66:06:65:32:
         45:bb:49:1b:75:eb:3a:86:0d:d4:1c:d2:9d:06:95:78:2a:0e:
         47:21:55:53:36:4f:01:a2:82:62:97:4a:e6:45:3c:c1:0d:a7:
         95:ce:7b:88:4f:f5:83:f0:01:76:65:47:53:0b:d6:b0:da:01:
         2a:e6:d0:30:c5:18:bb:1c:ed:72:ab:37:74:85:be:a9:48:92:
         75:ee:ae:3a:9c:cb:bf:ee:dd:68:94:b2:ec:e9:87:e1:4b:17:
         0f:a1:c4:9a:7d:2c:72:49:34:d4:17:cb:e2:26:6e:7e:70:90:
         57:9e:06:07:d3:a7:21:fd:b3:8d:3f:04:96:2d:9e:dc:68:f1:
         11:00:88:e4:f8:d1:7b:0d:23:b2:86:fc:cd:2f:db:69:6d:ea:
         60:74:64:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijZmYWjXOQESJAR97sZ2vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjUwMTAxMTU0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTVkMDYwMGU5NzBhOTg5NGZlM2UxMGYyNjIwYTY0NzFlYTY2ODIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqMtoWrov4uGCJ4TGyjp19vAWwSNx
PMxWPBkx1vkDXNZakUatb8ExP9+7TK/cacl34qhLW24Yj+3BRVzIjvSJ3yDnbWdc
NbHx/ywSlMb3zhYuDCJcD2U9kvdum5a5ZRhHXB6cMSjNOIC8kKi4sQ/yNlZqy/EK
OzpbpzXfcsMkmMSuqHnlICXE3GPthJ6lPe+qDfaRZJnecdcGsnqthk1vQfw9WP67
YzMOxT7HffQMU6A9jIG2F1WQKnydj9nSyobegqbIqlEVOQeC7Fhhnp2ToTDEFtGQ
LwlSUhAI5vw2P+9v9WDYS5jLxBbYh6mcLsF8jKJZ+zKvnqeTbYTVjuajMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLpdBgDpcKmJT+PhDyYgpkcepmgjMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvdWwwR0FPbHdxWWxQNC1FUEppQ21SeDZtYUNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATUNqMA0G
CSqGSIb3DQEBCwUAA4IBAQAQK0a71z1w6GxKG6mmK+5X7HabfEGjjD/LF3913/yB
VPrt+Y75M7mpqvkp58hLCkAQDnvrRJZPkRYeD1qtH4gx1s19MOoY0duHegMFazVF
XcY1Bz1lq41uA044LmMbVEendfEIMH/ht2YGZTJFu0kbdes6hg3UHNKdBpV4Kg5H
IVVTNk8BooJil0rmRTzBDaeVznuIT/WD8AF2ZUdTC9aw2gEq5tAwxRi7HO1yqzd0
hb6pSJJ17q46nMu/7t1olLLs6YfhSxcPocSafSxySTTUF8viJm5+cJBXngYH06ch
/bONPwSWLZ7caPERAIjk+NF7DSOyhvzNL9tpbepgdGSG
-----END CERTIFICATE-----