Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/3314ec-8ff0-4950-858f-a051ae63dba1/1/s1Gqcb4cma0dzStLOOm8HvEO5jQ.roa
File:                     s1Gqcb4cma0dzStLOOm8HvEO5jQ.roa (raw, json)
Hash identifier:          NwYmvG8onNhwCfDmhQjAdYoUGMe+Y6N54avr4BG3ekE=
Subject key identifier:   B3:51:AA:71:BE:1C:99:AD:1D:CD:2B:4B:38:E9:BC:1E:F1:0E:E6:34
Certificate issuer:       /CN=be4943f5203d43460a13ad4ea9d7d5b950c613cd
Certificate serial:       019426D9669C153D124A16E3ACFFB005F7A7
Authority key identifier: BE:49:43:F5:20:3D:43:46:0A:13:AD:4E:A9:D7:D5:B9:50:C6:13:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vklD9SA9Q0YKE61OqdfVuVDGE80.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/3314ec-8ff0-4950-858f-a051ae63dba1/1/s1Gqcb4cma0dzStLOOm8HvEO5jQ.roa
Signing time:             Thu 02 Jan 2025 11:49:29 +0000
ROA not before:           Thu 02 Jan 2025 11:49:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61077
IP address blocks:        77.81.96.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/3314ec-8ff0-4950-858f-a051ae63dba1/1/vklD9SA9Q0YKE61OqdfVuVDGE80.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/3314ec-8ff0-4950-858f-a051ae63dba1/1/vklD9SA9Q0YKE61OqdfVuVDGE80.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vklD9SA9Q0YKE61OqdfVuVDGE80.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:66:9c:15:3d:12:4a:16:e3:ac:ff:b0:05:f7:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be4943f5203d43460a13ad4ea9d7d5b950c613cd
        Validity
            Not Before: Jan  2 11:49:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b351aa71be1c99ad1dcd2b4b38e9bc1ef10ee634
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:ff:a2:58:e4:8a:4a:cf:61:6f:22:f8:58:34:
                    b4:e7:b5:c1:70:f9:ea:e6:fe:60:88:2e:87:5d:8e:
                    6f:bf:6d:5f:72:99:e6:dd:96:5e:f6:bb:68:1b:d4:
                    ea:54:ab:ae:44:c2:cc:99:3d:04:2d:4b:aa:76:63:
                    c4:6a:45:20:de:cd:9f:94:7d:0e:b4:22:43:99:97:
                    4f:b1:78:46:b8:c3:d9:38:af:7b:4e:a5:67:fb:79:
                    f7:13:0f:17:b7:e0:54:8a:0e:d8:8c:fa:99:fb:e9:
                    3f:9c:25:41:eb:2f:97:99:e2:6e:0c:49:be:af:dd:
                    2a:dd:4c:c1:98:96:28:b2:b7:48:86:02:03:4c:e7:
                    1a:2f:a5:45:19:35:7d:84:bd:7d:4c:15:9c:9f:7b:
                    45:74:c7:9c:77:90:0d:ba:07:af:f0:51:6d:b4:41:
                    b6:24:21:ec:71:6d:54:04:df:2c:8a:45:b2:ca:93:
                    48:87:2b:2c:54:92:ac:b6:1d:dd:0b:f1:85:39:5b:
                    b0:ac:88:45:f7:a4:38:73:0e:b0:9c:f6:e0:f7:22:
                    1c:ca:a5:86:0f:19:25:a5:a3:58:ec:69:54:37:39:
                    69:99:ca:7d:5e:9a:8e:e2:ec:b7:4f:a5:b8:ff:c9:
                    00:9d:4c:c4:5e:bd:88:48:e8:b4:8c:78:3e:c1:87:
                    ab:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:51:AA:71:BE:1C:99:AD:1D:CD:2B:4B:38:E9:BC:1E:F1:0E:E6:34
            X509v3 Authority Key Identifier:
                keyid:BE:49:43:F5:20:3D:43:46:0A:13:AD:4E:A9:D7:D5:B9:50:C6:13:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vklD9SA9Q0YKE61OqdfVuVDGE80.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/3314ec-8ff0-4950-858f-a051ae63dba1/1/s1Gqcb4cma0dzStLOOm8HvEO5jQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/3314ec-8ff0-4950-858f-a051ae63dba1/1/vklD9SA9Q0YKE61OqdfVuVDGE80.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.81.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:51:54:f2:cd:34:a6:48:3f:9a:5b:dc:27:35:80:5e:8f:52:
         86:30:15:b1:4f:c9:2c:6d:35:fd:d1:d8:a3:1a:e5:3b:94:54:
         5f:68:1f:0a:96:91:60:b8:c8:a8:81:c8:55:c1:6f:a0:50:bf:
         5d:9c:90:4b:27:5e:93:f2:97:30:78:b5:2a:2a:63:24:bb:7c:
         67:e8:03:f1:ad:6d:00:f4:fb:d9:c3:2e:59:e8:ed:ca:93:19:
         c4:95:d6:cd:26:58:94:bc:8e:e6:70:80:64:86:66:2b:06:45:
         d0:89:6e:46:57:71:6d:2c:da:e8:b1:0a:5c:0e:ef:bf:5b:d0:
         f3:a5:63:a3:40:07:7f:12:b5:80:8a:66:a0:b4:a8:92:30:d7:
         39:b7:ad:91:ca:00:d3:d9:83:f8:8e:ac:a2:66:69:cd:5c:04:
         98:28:dd:64:11:22:b7:49:dd:7e:1f:d3:b8:ab:c6:85:3a:b7:
         0f:0f:f4:72:54:a5:44:e7:b8:18:7e:68:68:5c:49:ca:24:3b:
         f5:97:0c:f1:5d:25:57:ea:f9:1c:00:9e:f5:3e:d8:f5:b5:68:
         6f:98:be:d8:d0:62:72:5a:41:a5:97:7d:30:9b:de:92:38:24:
         ec:a3:85:3e:6e:3c:5c:f7:fd:ec:44:23:33:a5:ea:c2:92:ff:
         75:e3:cc:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2WacFT0SShbjrP+wBfenMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNDk0M2Y1MjAzZDQzNDYwYTEzYWQ0ZWE5ZDdkNWI5NTBj
NjEzY2QwHhcNMjUwMTAyMTE0OTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzUxYWE3MWJlMWM5OWFkMWRjZDJiNGIzOGU5YmMxZWYxMGVlNjM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArv+iWOSKSs9hbyL4WDS057XBcPnq
5v5giC6HXY5vv21fcpnm3ZZe9rtoG9TqVKuuRMLMmT0ELUuqdmPEakUg3s2flH0O
tCJDmZdPsXhGuMPZOK97TqVn+3n3Ew8Xt+BUig7YjPqZ++k/nCVB6y+XmeJuDEm+
r90q3UzBmJYosrdIhgIDTOcaL6VFGTV9hL19TBWcn3tFdMecd5ANugev8FFttEG2
JCHscW1UBN8sikWyypNIhyssVJKsth3dC/GFOVuwrIhF96Q4cw6wnPbg9yIcyqWG
DxklpaNY7GlUNzlpmcp9XpqO4uy3T6W4/8kAnUzEXr2ISOi0jHg+wYersQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLNRqnG+HJmtHc0rSzjpvB7xDuY0MB8GA1UdIwQY
MBaAFL5JQ/UgPUNGChOtTqnX1blQxhPNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmtsRDlTQTlRMFlLRTYxT3FkZlZ1VkRHRTgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8zMzE0ZWMtOGZmMC00OTUwLTg1OGYt
YTA1MWFlNjNkYmExLzEvczFHcWNiNGNtYTBkelN0TE9PbThIdkVPNWpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8zMzE0ZWMtOGZmMC00OTUwLTg1OGYtYTA1MWFlNjNkYmEx
LzEvdmtsRDlTQTlRMFlLRTYxT3FkZlZ1VkRHRTgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVFgMA0G
CSqGSIb3DQEBCwUAA4IBAQAqUVTyzTSmSD+aW9wnNYBej1KGMBWxT8ksbTX90dij
GuU7lFRfaB8KlpFguMiogchVwW+gUL9dnJBLJ16T8pcweLUqKmMku3xn6APxrW0A
9PvZwy5Z6O3KkxnEldbNJliUvI7mcIBkhmYrBkXQiW5GV3FtLNrosQpcDu+/W9Dz
pWOjQAd/ErWAimagtKiSMNc5t62RygDT2YP4jqyiZmnNXASYKN1kESK3Sd1+H9O4
q8aFOrcPD/RyVKVE57gYfmhoXEnKJDv1lwzxXSVX6vkcAJ71Ptj1tWhvmL7Y0GJy
WkGll30wm96SOCTso4U+bjxc9/3sRCMzperCkv9148xV
-----END CERTIFICATE-----