Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/44aa17-2d36-49c3-ba4f-cd14fe2d9571/1/JL64IYR_TQ5Xa-d3oTnZf7vCvf0.roa
File:                     JL64IYR_TQ5Xa-d3oTnZf7vCvf0.roa (raw, json)
Hash identifier:          c5BJIDGV82v4laDV3iiKoaLBLmXbJfkmjmJFVhYfRik=
Subject key identifier:   24:BE:B8:21:84:7F:4D:0E:57:6B:E7:77:A1:39:D9:7F:BB:C2:BD:FD
Certificate issuer:       /CN=51b2cf749af6967078c04bd0c70b5141f4e5a60a
Certificate serial:       019427B657F61A72C1F9BD03F4AAF482EEEE
Authority key identifier: 51:B2:CF:74:9A:F6:96:70:78:C0:4B:D0:C7:0B:51:41:F4:E5:A6:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UbLPdJr2lnB4wEvQxwtRQfTlpgo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/44aa17-2d36-49c3-ba4f-cd14fe2d9571/1/JL64IYR_TQ5Xa-d3oTnZf7vCvf0.roa
Signing time:             Thu 02 Jan 2025 15:50:48 +0000
ROA not before:           Thu 02 Jan 2025 15:50:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213363
IP address blocks:        77.83.120.0/22 maxlen: 22
                          77.83.120.0/24 maxlen: 24
                          77.83.121.0/24 maxlen: 24
                          77.83.122.0/24 maxlen: 24
                          77.83.123.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/44aa17-2d36-49c3-ba4f-cd14fe2d9571/1/UbLPdJr2lnB4wEvQxwtRQfTlpgo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/44aa17-2d36-49c3-ba4f-cd14fe2d9571/1/UbLPdJr2lnB4wEvQxwtRQfTlpgo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UbLPdJr2lnB4wEvQxwtRQfTlpgo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:57:f6:1a:72:c1:f9:bd:03:f4:aa:f4:82:ee:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=51b2cf749af6967078c04bd0c70b5141f4e5a60a
        Validity
            Not Before: Jan  2 15:50:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=24beb821847f4d0e576be777a139d97fbbc2bdfd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:cf:c5:80:fa:f3:c6:b8:35:2f:c4:90:25:89:
                    e3:23:02:61:10:17:ff:1b:cb:b6:cb:e3:fa:ae:ab:
                    d8:2c:a4:f2:63:ee:44:db:1a:b1:2e:31:f3:72:56:
                    fc:aa:60:cc:4a:6e:4d:d7:3f:c5:ab:82:fe:a0:ae:
                    bf:83:41:5d:17:d6:21:4e:2a:3b:f3:bc:f9:44:40:
                    8b:c7:d3:63:31:4d:f6:ee:e9:98:51:d5:2b:88:4f:
                    b7:97:78:8e:17:56:99:ec:0b:46:10:15:70:8f:a1:
                    b5:b4:60:29:4f:2b:84:14:ed:f2:77:80:c6:24:a3:
                    33:5a:a5:8a:56:7b:85:58:06:92:d0:ee:2d:3a:62:
                    8e:7a:44:1b:af:5a:41:a3:a3:16:71:3d:d4:5c:cb:
                    0d:a8:76:cd:3b:1c:ce:ce:1a:0b:c8:47:ad:81:f5:
                    54:0a:66:18:51:f2:99:12:ce:2f:0c:cd:86:01:2c:
                    b4:a9:02:65:77:3c:30:7d:02:5e:2d:33:22:e0:5f:
                    18:12:88:c9:d8:81:35:b1:f5:31:ab:bb:d1:7b:ff:
                    3a:bc:db:03:00:96:c5:07:ed:2c:c4:8c:8d:41:a7:
                    a3:da:07:de:00:c2:97:a3:5b:0f:aa:cd:43:cd:a3:
                    b6:7d:3e:b0:19:2f:f8:98:af:6f:10:f2:5b:41:55:
                    e5:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:BE:B8:21:84:7F:4D:0E:57:6B:E7:77:A1:39:D9:7F:BB:C2:BD:FD
            X509v3 Authority Key Identifier:
                keyid:51:B2:CF:74:9A:F6:96:70:78:C0:4B:D0:C7:0B:51:41:F4:E5:A6:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UbLPdJr2lnB4wEvQxwtRQfTlpgo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/44aa17-2d36-49c3-ba4f-cd14fe2d9571/1/JL64IYR_TQ5Xa-d3oTnZf7vCvf0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/44aa17-2d36-49c3-ba4f-cd14fe2d9571/1/UbLPdJr2lnB4wEvQxwtRQfTlpgo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.83.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         87:b9:60:ac:f8:a3:2c:a9:5b:9d:52:d9:86:c5:9f:93:e8:d0:
         00:00:58:b5:a6:1a:aa:f3:45:55:49:a7:79:a9:84:2f:ce:8d:
         e7:17:e9:44:23:5e:e2:8a:b1:3f:91:c8:62:c0:b6:cb:22:f6:
         d2:5e:2e:56:36:82:1d:48:49:1d:ae:a2:16:28:e6:40:af:a0:
         25:c6:d6:06:6c:4b:4b:20:d9:15:46:70:2b:f2:91:5d:db:d4:
         b7:63:69:16:29:8e:14:13:9b:bd:ae:8f:b3:40:d9:52:a1:07:
         3f:29:e7:87:19:26:22:a6:61:36:8f:fe:02:fb:7c:2c:9b:40:
         d6:ca:9d:5b:92:ec:df:e2:f9:33:aa:c3:4d:a9:2d:47:aa:08:
         ca:2f:b7:f7:13:07:81:84:8a:1a:5a:88:2e:dd:7b:b8:e7:59:
         01:79:a5:8a:c1:9e:75:b9:ab:b3:b5:e5:3f:50:aa:77:dc:72:
         67:64:03:98:1a:76:e6:24:12:30:7f:fa:99:cf:f6:48:2d:53:
         38:f8:b8:0c:a0:13:c2:22:c8:74:61:e0:3b:51:45:af:15:9d:
         07:89:2c:ff:ca:cf:de:11:2c:d1:60:19:88:49:d1:0b:36:77:
         0c:9c:5c:da:61:a4:9b:34:8c:92:46:8e:80:94:1c:08:cc:a5:
         73:eb:34:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntlf2GnLB+b0D9Kr0gu7uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxYjJjZjc0OWFmNjk2NzA3OGMwNGJkMGM3MGI1MTQxZjRl
NWE2MGEwHhcNMjUwMTAyMTU1MDQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGJlYjgyMTg0N2Y0ZDBlNTc2YmU3NzdhMTM5ZDk3ZmJiYzJiZGZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2M/FgPrzxrg1L8SQJYnjIwJhEBf/
G8u2y+P6rqvYLKTyY+5E2xqxLjHzclb8qmDMSm5N1z/Fq4L+oK6/g0FdF9YhTio7
87z5RECLx9NjMU327umYUdUriE+3l3iOF1aZ7AtGEBVwj6G1tGApTyuEFO3yd4DG
JKMzWqWKVnuFWAaS0O4tOmKOekQbr1pBo6MWcT3UXMsNqHbNOxzOzhoLyEetgfVU
CmYYUfKZEs4vDM2GASy0qQJldzwwfQJeLTMi4F8YEojJ2IE1sfUxq7vRe/86vNsD
AJbFB+0sxIyNQaej2gfeAMKXo1sPqs1DzaO2fT6wGS/4mK9vEPJbQVXlFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCS+uCGEf00OV2vnd6E52X+7wr39MB8GA1UdIwQY
MBaAFFGyz3Sa9pZweMBL0McLUUH05aYKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWJMUGRKcjJsbkI0d0V2UXh3dFJRZlRscGdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi80NGFhMTctMmQzNi00OWMzLWJhNGYt
Y2QxNGZlMmQ5NTcxLzEvSkw2NElZUl9UUTVYYS1kM29UblpmN3ZDdmYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi80NGFhMTctMmQzNi00OWMzLWJhNGYtY2QxNGZlMmQ5NTcx
LzEvVWJMUGRKcjJsbkI0d0V2UXh3dFJRZlRscGdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCTVN4MA0G
CSqGSIb3DQEBCwUAA4IBAQCHuWCs+KMsqVudUtmGxZ+T6NAAAFi1phqq80VVSad5
qYQvzo3nF+lEI17iirE/kchiwLbLIvbSXi5WNoIdSEkdrqIWKOZAr6AlxtYGbEtL
INkVRnAr8pFd29S3Y2kWKY4UE5u9ro+zQNlSoQc/KeeHGSYipmE2j/4C+3wsm0DW
yp1bkuzf4vkzqsNNqS1HqgjKL7f3EweBhIoaWogu3Xu451kBeaWKwZ51uauzteU/
UKp33HJnZAOYGnbmJBIwf/qZz/ZILVM4+LgMoBPCIsh0YeA7UUWvFZ0HiSz/ys/e
ESzRYBmISdELNncMnFzaYaSbNIySRo6AlBwIzKVz6zR4
-----END CERTIFICATE-----