Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/JH6ZqnzlK7y4i1ezCE0sTyZfrOY.roa
File:                     JH6ZqnzlK7y4i1ezCE0sTyZfrOY.roa (raw, json)
Hash identifier:          zHlRJW7Q5l6P3gzi2IPTuXOZzlJqtKC2D5w6lDaKs8Q=
Subject key identifier:   24:7E:99:AA:7C:E5:2B:BC:B8:8B:57:B3:08:4D:2C:4F:26:5F:AC:E6
Certificate issuer:       /CN=b9954499977278a75570b3403f4d3aa00b1b36e8
Certificate serial:       018CC64B945101DD94D97FAA94A0ABEFEAA5
Authority key identifier: B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/JH6ZqnzlK7y4i1ezCE0sTyZfrOY.roa
Signing time:             Mon 01 Jan 2024 18:31:31 +0000
ROA not before:           Mon 01 Jan 2024 18:31:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204063
IP address blocks:        77.65.140.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 02:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:94:51:01:dd:94:d9:7f:aa:94:a0:ab:ef:ea:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9954499977278a75570b3403f4d3aa00b1b36e8
        Validity
            Not Before: Jan  1 18:31:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=247e99aa7ce52bbcb88b57b3084d2c4f265face6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:db:3a:ce:47:3a:cb:49:b8:a8:55:21:e8:f5:
                    e4:ff:4b:92:40:81:65:f6:e7:2b:dc:57:03:2a:93:
                    b4:74:2e:43:48:c4:a3:ca:0d:65:b6:2a:ca:de:f1:
                    d0:aa:2c:c5:dd:67:c7:f5:57:54:3b:61:ee:b0:95:
                    fb:12:57:e3:c3:db:97:15:91:3b:64:91:dd:23:c4:
                    97:a4:a1:f0:9f:e4:a2:1c:15:05:bd:9d:1c:c5:22:
                    e5:de:30:49:ba:c7:6e:2e:06:5f:5b:85:b0:3f:8e:
                    7e:61:fe:b1:0e:72:75:24:48:5e:d4:4f:bc:27:2b:
                    17:98:6a:32:e4:85:b9:5a:09:7d:f2:7c:50:b3:97:
                    fa:7b:4f:02:b3:7e:08:02:7a:2f:4f:06:a9:7b:b4:
                    ac:ba:d2:8f:37:09:99:f5:c5:2e:8f:5a:96:ab:4a:
                    81:0b:df:d7:ee:b2:05:64:ec:91:90:f0:1d:d5:60:
                    df:c4:93:cf:6e:03:02:29:30:23:94:04:1b:98:6b:
                    80:03:2c:2a:5c:93:13:4e:be:f3:fe:0e:50:63:9b:
                    66:6a:f6:96:53:7e:cc:5a:97:ad:ba:67:2f:5c:af:
                    64:71:ed:a4:02:0f:84:c5:22:5c:c8:fb:26:aa:38:
                    45:fe:42:da:90:70:af:72:a5:55:89:f0:06:b6:41:
                    1a:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:7E:99:AA:7C:E5:2B:BC:B8:8B:57:B3:08:4D:2C:4F:26:5F:AC:E6
            X509v3 Authority Key Identifier:
                keyid:B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/JH6ZqnzlK7y4i1ezCE0sTyZfrOY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.65.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:21:c8:6d:a0:11:3b:65:60:57:cc:6b:9b:b7:15:aa:5e:71:
         3a:18:67:9a:3c:fe:97:e0:8e:27:e8:6e:e1:31:0b:03:93:c3:
         83:a9:8d:1f:5a:a3:7f:ae:28:92:56:0d:69:e7:3e:63:b5:6d:
         de:a6:96:88:c2:81:0f:70:b8:35:47:0a:da:48:e0:4d:b0:52:
         1f:10:d8:1e:f2:74:1f:e9:e8:69:fd:12:f6:5e:c8:c4:92:cb:
         58:c7:38:a5:a3:2f:8f:73:c4:e8:d2:01:0f:17:63:70:32:9b:
         65:9f:dd:2f:a2:97:e4:53:20:9b:a0:e7:15:f0:e5:31:74:97:
         7b:0d:fe:7b:d4:83:31:63:b4:f4:ac:21:e7:4a:75:6d:0d:c7:
         7c:ea:a8:e1:9f:c1:b7:e4:38:b1:ec:ff:84:4f:ec:99:82:c5:
         4a:9a:16:63:b7:df:39:a9:00:ac:5a:62:59:45:85:c8:a9:05:
         b4:0f:34:55:11:7d:1a:f7:44:2a:ff:6c:d4:50:c7:5f:fb:a0:
         3b:22:e5:5f:13:e2:31:59:84:4f:a8:8d:d9:df:62:a4:d7:30:
         2a:f9:7b:83:63:42:52:e7:ba:35:db:9b:72:51:41:a7:bd:4b:
         a0:ab:42:7d:90:b7:8e:7b:1e:76:31:2c:44:f6:39:5e:1f:b8:
         5e:58:cd:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS5RRAd2U2X+qlKCr7+qlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5OTU0NDk5OTc3Mjc4YTc1NTcwYjM0MDNmNGQzYWEwMGIx
YjM2ZTgwHhcNMjQwMTAxMTgzMTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDdlOTlhYTdjZTUyYmJjYjg4YjU3YjMwODRkMmM0ZjI2NWZhY2U2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjts6zkc6y0m4qFUh6PXk/0uSQIFl
9ucr3FcDKpO0dC5DSMSjyg1ltirK3vHQqizF3WfH9VdUO2HusJX7Elfjw9uXFZE7
ZJHdI8SXpKHwn+SiHBUFvZ0cxSLl3jBJusduLgZfW4WwP45+Yf6xDnJ1JEhe1E+8
JysXmGoy5IW5Wgl98nxQs5f6e08Cs34IAnovTwape7SsutKPNwmZ9cUuj1qWq0qB
C9/X7rIFZOyRkPAd1WDfxJPPbgMCKTAjlAQbmGuAAywqXJMTTr7z/g5QY5tmavaW
U37MWpetumcvXK9kce2kAg+ExSJcyPsmqjhF/kLakHCvcqVVifAGtkEaHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCR+map85Su8uItXswhNLE8mX6zmMB8GA1UdIwQY
MBaAFLmVRJmXcninVXCzQD9NOqALGzboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAt
MDI0YjE2NTVjMjQ3LzEvSkg2WnFuemxLN3k0aTFlekNFMHNUeVpmck9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAtMDI0YjE2NTVjMjQ3
LzEvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATUGMMA0G
CSqGSIb3DQEBCwUAA4IBAQAxIchtoBE7ZWBXzGubtxWqXnE6GGeaPP6X4I4n6G7h
MQsDk8ODqY0fWqN/riiSVg1p5z5jtW3eppaIwoEPcLg1RwraSOBNsFIfENge8nQf
6ehp/RL2XsjEkstYxziloy+Pc8To0gEPF2NwMptln90vopfkUyCboOcV8OUxdJd7
Df571IMxY7T0rCHnSnVtDcd86qjhn8G35Dix7P+ET+yZgsVKmhZjt985qQCsWmJZ
RYXIqQW0DzRVEX0a90Qq/2zUUMdf+6A7IuVfE+IxWYRPqI3Z32Kk1zAq+XuDY0JS
57o125tyUUGnvUugq0J9kLeOex52MSxE9jleH7heWM2F
-----END CERTIFICATE-----