Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/ucd37ryibW27iJp1LSiePnG8QM4.roa
File:                     ucd37ryibW27iJp1LSiePnG8QM4.roa (raw, json)
Hash identifier:          NMuQJwbaZIR4s3fSThWqnIRh4qin2UEJigdrhMB2tUU=
Subject key identifier:   B9:C7:77:EE:BC:A2:6D:6D:BB:88:9A:75:2D:28:9E:3E:71:BC:40:CE
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       018E4E9C3BFDD29C3CE89A039C850D413A1E
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/ucd37ryibW27iJp1LSiePnG8QM4.roa
Signing time:             Sun 17 Mar 2024 22:50:45 +0000
ROA not before:           Sun 17 Mar 2024 22:50:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7029
IP address blocks:        77.105.22.0/24 maxlen: 24
                          109.121.0.0/19 maxlen: 24
                          178.219.14.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 05:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:4e:9c:3b:fd:d2:9c:3c:e8:9a:03:9c:85:0d:41:3a:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Mar 17 22:50:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b9c777eebca26d6dbb889a752d289e3e71bc40ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:71:1d:eb:d7:06:3a:13:f9:1e:75:e0:a2:cf:
                    9a:ab:75:1b:90:03:d0:c3:80:79:52:f7:77:28:c8:
                    74:09:3e:b8:7d:fc:3d:44:8d:4b:71:9a:85:c4:34:
                    1d:f8:a4:bf:31:40:1f:86:99:77:cc:c6:fa:8a:1e:
                    b3:75:f5:cb:12:c2:c1:07:1e:38:a4:1e:0c:0b:29:
                    fd:6d:6e:7a:d4:c0:1e:b0:ba:28:de:83:2a:63:6f:
                    52:91:b4:41:ca:76:48:b2:3e:1e:a2:49:a9:49:4b:
                    24:26:e7:c3:eb:d3:78:20:5c:87:23:7d:20:09:c9:
                    6c:e4:22:c6:17:73:d4:66:12:cf:48:61:cb:73:56:
                    ec:8f:a2:42:08:14:ea:5c:af:40:cf:a0:92:a2:74:
                    a1:77:4d:0a:55:a9:11:26:94:1d:36:78:d2:f3:59:
                    ac:42:df:89:70:56:d0:88:07:7f:32:33:51:21:43:
                    a5:80:8e:41:7b:e5:10:d0:3d:82:97:83:9f:a9:f2:
                    cb:4e:4f:cc:60:6f:e2:d5:96:cb:d4:d5:88:97:ca:
                    58:17:7a:36:80:a4:a7:e4:64:7c:67:56:20:b6:d5:
                    23:ea:65:50:24:2b:12:a7:fe:e8:82:c0:c9:9f:12:
                    81:71:44:f8:01:4d:8e:38:21:de:64:60:56:61:fc:
                    06:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:C7:77:EE:BC:A2:6D:6D:BB:88:9A:75:2D:28:9E:3E:71:BC:40:CE
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/ucd37ryibW27iJp1LSiePnG8QM4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.105.22.0/24
                  109.121.0.0/19
                  178.219.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:56:d2:c7:8c:c7:f9:66:81:a1:8c:1d:e2:12:11:62:1d:43:
         fc:06:71:0f:80:b4:37:1b:9e:9f:5f:4f:d4:32:8b:38:17:f6:
         12:6b:7f:18:f1:88:ca:92:66:22:34:bf:43:e7:df:55:d4:2c:
         a4:76:d9:77:fd:e2:0e:fa:dc:95:88:e2:2f:ca:82:2e:fa:5b:
         fa:2c:5c:7d:21:8c:12:b2:71:93:5d:6d:96:7f:ed:76:cd:3e:
         6a:de:77:f1:fb:01:20:68:b2:cb:54:bc:34:d8:a2:90:83:00:
         23:41:3b:23:cd:a4:d9:c7:1e:4a:ea:38:a2:f2:8c:09:29:70:
         6c:07:4b:19:93:08:f3:28:81:86:d4:e0:00:d2:8f:28:8c:08:
         08:dc:35:6d:10:0e:82:69:66:80:0d:f7:f8:b2:79:df:fb:20:
         ed:c9:d4:a8:5b:36:86:3e:5a:87:70:21:1f:24:3a:9a:ab:d7:
         79:86:c6:e7:36:12:25:1e:3a:f9:3b:25:c6:62:c3:68:56:46:
         09:eb:bd:59:8d:ba:f6:6c:85:34:f9:ee:31:56:c7:9f:16:9e:
         24:60:f8:5b:c0:20:0f:52:e1:36:2c:78:81:73:b1:bb:64:67:
         b8:8a:fa:ad:34:c3:b2:43:ed:5b:e0:64:54:56:ef:4a:bf:19:
         c3:e9:44:21
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY5OnDv90pw86JoDnIUNQToeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjQwMzE3MjI1MDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOWM3NzdlZWJjYTI2ZDZkYmI4ODlhNzUyZDI4OWUzZTcxYmM0MGNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApnEd69cGOhP5HnXgos+aq3UbkAPQ
w4B5Uvd3KMh0CT64ffw9RI1LcZqFxDQd+KS/MUAfhpl3zMb6ih6zdfXLEsLBBx44
pB4MCyn9bW561MAesLoo3oMqY29SkbRBynZIsj4eokmpSUskJufD69N4IFyHI30g
Ccls5CLGF3PUZhLPSGHLc1bsj6JCCBTqXK9Az6CSonShd00KVakRJpQdNnjS81ms
Qt+JcFbQiAd/MjNRIUOlgI5Be+UQ0D2Cl4OfqfLLTk/MYG/i1ZbL1NWIl8pYF3o2
gKSn5GR8Z1YgttUj6mVQJCsSp/7ogsDJnxKBcUT4AU2OOCHeZGBWYfwGYwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLnHd+68om1tu4iadS0onj5xvEDOMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvdWNkMzdyeWliVzI3aUpwMUxTaWVQbkc4UU00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQATWkWAwQF
bXkAAwQAstsOMA0GCSqGSIb3DQEBCwUAA4IBAQCGVtLHjMf5ZoGhjB3iEhFiHUP8
BnEPgLQ3G56fX0/UMos4F/YSa38Y8YjKkmYiNL9D599V1Cykdtl3/eIO+tyViOIv
yoIu+lv6LFx9IYwSsnGTXW2Wf+12zT5q3nfx+wEgaLLLVLw02KKQgwAjQTsjzaTZ
xx5K6jii8owJKXBsB0sZkwjzKIGG1OAA0o8ojAgI3DVtEA6CaWaADff4snnf+yDt
ydSoWzaGPlqHcCEfJDqaq9d5hsbnNhIlHjr5OyXGYsNoVkYJ671Zjbr2bIU0+e4x
VsefFp4kYPhbwCAPUuE2LHiBc7G7ZGe4ivqtNMOyQ+1b4GRUVu9KvxnD6UQh
-----END CERTIFICATE-----