Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/77JUDhH8EUkY6HFWuvF4p4cE7eQ.roa
File:                     77JUDhH8EUkY6HFWuvF4p4cE7eQ.roa (raw, json)
Hash identifier:          7GBXpTdSDDFcGYnfJvpghA/DWXSdlJyjsm9sNU9GD20=
Subject key identifier:   EF:B2:54:0E:11:FC:11:49:18:E8:71:56:BA:F1:78:A7:87:04:ED:E4
Certificate issuer:       /CN=e2c2b834fbc91af0ec6b1d34fd64054d2269a1fd
Certificate serial:       018CC794E850D387DFF8FF2635EF2CAD448B
Authority key identifier: E2:C2:B8:34:FB:C9:1A:F0:EC:6B:1D:34:FD:64:05:4D:22:69:A1:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/77JUDhH8EUkY6HFWuvF4p4cE7eQ.roa
Signing time:             Tue 02 Jan 2024 00:31:13 +0000
ROA not before:           Tue 02 Jan 2024 00:31:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3170
IP address blocks:        194.124.43.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:e8:50:d3:87:df:f8:ff:26:35:ef:2c:ad:44:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2c2b834fbc91af0ec6b1d34fd64054d2269a1fd
        Validity
            Not Before: Jan  2 00:31:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=efb2540e11fc114918e87156baf178a78704ede4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:78:02:0d:29:56:86:e6:88:69:f5:18:38:1e:
                    b4:c4:5b:54:ec:25:ca:bd:cc:9c:41:e3:96:d4:b6:
                    ee:25:e5:61:db:1d:52:7b:9f:54:d1:2d:51:45:46:
                    23:6d:7a:fc:c4:a2:ac:41:7b:8d:66:dd:cd:fd:93:
                    a6:aa:65:1b:fe:90:ea:b0:ff:99:e8:c8:a1:1f:9b:
                    a8:6a:0e:5c:9c:e1:71:32:15:1a:86:64:18:6b:4b:
                    85:c4:84:a1:0d:da:ba:8b:8d:eb:62:96:28:cc:34:
                    ef:e4:2a:bf:23:8c:da:0b:7e:aa:b5:38:3c:4c:a7:
                    a9:5d:ff:31:6a:ee:c3:49:89:ef:bf:7e:71:31:f9:
                    80:d7:6c:46:c9:b9:5c:c3:82:40:b6:45:bf:dd:f3:
                    e4:7f:ee:6a:e2:2c:b1:98:9e:5a:03:af:68:5d:09:
                    14:05:9b:d7:4d:0b:30:17:04:9d:a0:d0:79:11:f2:
                    3d:13:a5:24:9c:93:82:fa:67:3a:23:03:08:19:57:
                    f2:e9:1f:50:d3:1b:5f:95:af:b4:51:98:01:0e:ea:
                    91:f0:b4:42:ec:a7:dd:28:e1:d5:15:ca:17:c8:13:
                    86:e7:8c:9a:c0:1f:7b:35:29:da:d7:40:c6:85:5c:
                    7a:17:ed:da:5d:4a:22:09:cb:c2:46:95:75:3b:0c:
                    c5:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:B2:54:0E:11:FC:11:49:18:E8:71:56:BA:F1:78:A7:87:04:ED:E4
            X509v3 Authority Key Identifier:
                keyid:E2:C2:B8:34:FB:C9:1A:F0:EC:6B:1D:34:FD:64:05:4D:22:69:A1:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/77JUDhH8EUkY6HFWuvF4p4cE7eQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.124.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:57:9b:69:34:ba:18:53:32:b2:9d:88:37:72:c4:ee:3c:75:
         f4:4d:4b:bc:09:f7:9e:b5:a2:b6:2a:60:2c:76:a6:61:3a:78:
         5f:00:8f:3b:41:a7:4a:e7:16:fb:da:c9:57:3d:47:76:5c:18:
         ea:21:a7:cb:37:ed:a2:8d:d2:c4:f0:5c:21:10:03:37:4c:cf:
         fd:f2:21:05:e7:45:3e:df:ae:7b:79:9e:d1:34:b5:b8:64:c0:
         2a:4f:bc:e4:cb:0e:c7:13:ec:5b:79:5a:7a:8b:90:3d:a3:ed:
         30:35:c1:3e:db:1a:d5:e9:b1:f6:23:05:0f:0f:d8:2b:87:5b:
         99:cf:d3:9f:46:e7:28:66:66:11:5d:75:1b:1a:f6:7c:6e:1c:
         6a:f0:32:92:7b:cc:2f:78:04:d5:22:91:ca:13:71:b9:1d:f5:
         1d:fc:95:a2:a6:db:7d:e8:f4:2f:ce:80:fa:bc:dd:c8:84:a2:
         f6:85:a8:d2:cc:78:1b:f0:a5:93:72:d9:30:7b:4c:95:a4:2d:
         74:85:1d:e2:70:4a:96:8f:a2:f8:58:5a:e5:81:19:50:6a:20:
         c0:53:fa:b3:4f:a3:d5:dc:87:44:55:1f:4b:27:6d:03:1c:83:
         1b:df:71:2b:2a:a7:31:e2:72:50:d8:68:75:3d:f4:2d:c4:ff:
         93:94:3b:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlOhQ04ff+P8mNe8srUSLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyYzJiODM0ZmJjOTFhZjBlYzZiMWQzNGZkNjQwNTRkMjI2
OWExZmQwHhcNMjQwMTAyMDAzMTEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZmIyNTQwZTExZmMxMTQ5MThlODcxNTZiYWYxNzhhNzg3MDRlZGU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsHgCDSlWhuaIafUYOB60xFtU7CXK
vcycQeOW1LbuJeVh2x1Se59U0S1RRUYjbXr8xKKsQXuNZt3N/ZOmqmUb/pDqsP+Z
6MihH5uoag5cnOFxMhUahmQYa0uFxIShDdq6i43rYpYozDTv5Cq/I4zaC36qtTg8
TKepXf8xau7DSYnvv35xMfmA12xGyblcw4JAtkW/3fPkf+5q4iyxmJ5aA69oXQkU
BZvXTQswFwSdoNB5EfI9E6UknJOC+mc6IwMIGVfy6R9Q0xtfla+0UZgBDuqR8LRC
7KfdKOHVFcoXyBOG54yawB97NSna10DGhVx6F+3aXUoiCcvCRpV1OwzFDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO+yVA4R/BFJGOhxVrrxeKeHBO3kMB8GA1UdIwQY
MBaAFOLCuDT7yRrw7GsdNP1kBU0iaaH9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHNLNE5QdkpHdkRzYXgwMF9XUUZUU0pwb2YwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8zZjI0OWItZTgzNi00MWI0LTlhM2Et
OTk0ODA2ZjA4MWYwLzEvNzdKVURoSDhFVWtZNkhGV3V2RjRwNGNFN2VRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8zZjI0OWItZTgzNi00MWI0LTlhM2EtOTk0ODA2ZjA4MWYw
LzEvNHNLNE5QdkpHdkRzYXgwMF9XUUZUU0pwb2YwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwnwrMA0G
CSqGSIb3DQEBCwUAA4IBAQBrV5tpNLoYUzKynYg3csTuPHX0TUu8CfeetaK2KmAs
dqZhOnhfAI87QadK5xb72slXPUd2XBjqIafLN+2ijdLE8FwhEAM3TM/98iEF50U+
3657eZ7RNLW4ZMAqT7zkyw7HE+xbeVp6i5A9o+0wNcE+2xrV6bH2IwUPD9grh1uZ
z9OfRucoZmYRXXUbGvZ8bhxq8DKSe8wveATVIpHKE3G5HfUd/JWiptt96PQvzoD6
vN3IhKL2hajSzHgb8KWTctkwe0yVpC10hR3icEqWj6L4WFrlgRlQaiDAU/qzT6PV
3IdEVR9LJ20DHIMb33ErKqcx4nJQ2Gh1PfQtxP+TlDtF
-----END CERTIFICATE-----