Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/TTZPOEirIH5YRRMb179mMyd6MdI.roa
File:                     TTZPOEirIH5YRRMb179mMyd6MdI.roa (raw, json)
Hash identifier:          sGVOKj3zYgD4OdSpFtM1O3OBWYe3KUfxmdkm3dSmYuI=
Subject key identifier:   4D:36:4F:38:48:AB:20:7E:58:45:13:1B:D7:BF:66:33:27:7A:31:D2
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       018CC56E1496B85A90E6BED73049CFF9EA69
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/TTZPOEirIH5YRRMb179mMyd6MdI.roa
Signing time:             Mon 01 Jan 2024 14:29:34 +0000
ROA not before:           Mon 01 Jan 2024 14:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208798
IP address blocks:        77.105.9.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 09:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:14:96:b8:5a:90:e6:be:d7:30:49:cf:f9:ea:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Jan  1 14:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4d364f3848ab207e5845131bd7bf6633277a31d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:e8:3f:e9:67:9b:da:24:50:32:d5:7c:c2:2b:
                    a1:96:cb:bb:25:00:cd:82:1e:5c:ca:be:39:3e:54:
                    bb:16:f6:b5:05:c0:db:81:0b:57:01:11:02:e3:c0:
                    d7:3c:95:96:0b:c5:6f:3f:fa:18:3e:16:db:3f:ee:
                    b5:4b:c4:0e:c2:71:88:0f:e9:28:20:13:22:fa:ec:
                    f9:10:c1:b9:05:dd:06:79:71:81:ba:e8:fa:7b:6f:
                    e3:69:ce:c7:6d:4d:5d:cf:64:c7:2c:14:94:13:f2:
                    6c:de:c5:12:a5:51:eb:7d:32:2a:48:44:2a:9d:a6:
                    44:9b:65:59:05:13:5f:4d:6b:6f:90:02:f0:f7:79:
                    3a:d2:df:8e:15:e5:da:55:fa:9b:ae:a4:de:4e:2b:
                    d1:d5:f5:6e:77:61:c4:81:b2:3f:a6:06:83:12:2a:
                    fa:f4:86:16:f3:d9:60:2a:f1:1f:8f:fe:f4:8a:e6:
                    1f:ec:dd:1b:ae:12:37:82:f3:2d:75:64:20:45:70:
                    59:4e:ef:9a:84:28:25:a4:ec:65:e8:d4:56:f9:8f:
                    d8:b7:a8:12:4c:35:f3:15:a9:26:56:eb:e5:b8:ab:
                    90:5b:ae:82:c5:63:08:74:c0:85:07:b0:fd:bd:2f:
                    6e:14:1b:5d:32:d7:67:87:6b:e8:0d:b7:d2:38:ab:
                    ad:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:36:4F:38:48:AB:20:7E:58:45:13:1B:D7:BF:66:33:27:7A:31:D2
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/TTZPOEirIH5YRRMb179mMyd6MdI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.105.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:a4:d2:3e:80:2f:bd:94:f3:bf:63:bf:d2:d3:3e:b1:fa:8d:
         53:19:08:b5:0c:a8:ff:a2:8e:5d:d8:29:31:dd:58:07:c7:3f:
         4e:0a:e4:5b:49:00:35:e9:ba:94:69:fa:05:44:b2:bf:38:e7:
         c4:3e:4a:bf:9b:1a:2c:7f:fb:21:de:73:9e:e8:f1:8b:7f:cd:
         18:f8:ea:42:65:8b:54:cd:eb:19:62:38:6b:5e:d5:d2:3d:5b:
         47:2c:b0:b6:51:08:20:3d:6b:01:8e:23:c6:57:91:22:3e:76:
         7a:29:b6:e3:07:7f:3d:7a:af:1d:9e:4d:c6:12:82:25:e1:a2:
         7b:ed:ac:d6:6d:d1:6c:c7:9e:0e:fd:90:90:21:0e:a2:e7:8b:
         df:97:95:c7:4b:d4:3b:c7:10:b3:35:c3:51:e6:61:da:1b:78:
         3a:24:2b:68:90:c1:0f:c7:72:97:f6:21:78:ea:9d:58:03:21:
         0a:5a:31:7f:5a:2d:b4:c9:7b:cd:04:46:aa:3b:82:0b:3d:d2:
         f3:0e:8e:64:f9:26:8b:60:f9:a4:ef:fa:9e:15:14:60:c8:a1:
         3c:f9:fd:6a:b1:bc:2a:d9:e2:4a:af:eb:b4:7a:99:a8:13:98:
         06:40:1d:bb:2d:2b:04:83:48:ec:26:d4:8a:de:af:71:5a:fa:
         07:69:e9:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbhSWuFqQ5r7XMEnP+eppMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjQwMTAxMTQyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDM2NGYzODQ4YWIyMDdlNTg0NTEzMWJkN2JmNjYzMzI3N2EzMWQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAweg/6Web2iRQMtV8wiuhlsu7JQDN
gh5cyr45PlS7Fva1BcDbgQtXAREC48DXPJWWC8VvP/oYPhbbP+61S8QOwnGID+ko
IBMi+uz5EMG5Bd0GeXGBuuj6e2/jac7HbU1dz2THLBSUE/Js3sUSpVHrfTIqSEQq
naZEm2VZBRNfTWtvkALw93k60t+OFeXaVfqbrqTeTivR1fVud2HEgbI/pgaDEir6
9IYW89lgKvEfj/70iuYf7N0brhI3gvMtdWQgRXBZTu+ahCglpOxl6NRW+Y/Yt6gS
TDXzFakmVuvluKuQW66CxWMIdMCFB7D9vS9uFBtdMtdnh2voDbfSOKutBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE02TzhIqyB+WEUTG9e/ZjMnejHSMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvVFRaUE9FaXJJSDVZUlJNYjE3OW1NeWQ2TWRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATWkJMA0G
CSqGSIb3DQEBCwUAA4IBAQAppNI+gC+9lPO/Y7/S0z6x+o1TGQi1DKj/oo5d2Ckx
3VgHxz9OCuRbSQA16bqUafoFRLK/OOfEPkq/mxosf/sh3nOe6PGLf80Y+OpCZYtU
zesZYjhrXtXSPVtHLLC2UQggPWsBjiPGV5EiPnZ6KbbjB389eq8dnk3GEoIl4aJ7
7azWbdFsx54O/ZCQIQ6i54vfl5XHS9Q7xxCzNcNR5mHaG3g6JCtokMEPx3KX9iF4
6p1YAyEKWjF/Wi20yXvNBEaqO4ILPdLzDo5k+SaLYPmk7/qeFRRgyKE8+f1qsbwq
2eJKr+u0epmoE5gGQB27LSsEg0jsJtSK3q9xWvoHaekp
-----END CERTIFICATE-----