Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/McuBhl5AuU3rSVRjHSbjBvKNIRM.roa
File:                     McuBhl5AuU3rSVRjHSbjBvKNIRM.roa (raw, json)
Hash identifier:          lUAmSuVGvq0A42OZxbtL5a1Nx4578dYVkVaRbSsN64Q=
Subject key identifier:   31:CB:81:86:5E:40:B9:4D:EB:49:54:63:1D:26:E3:06:F2:8D:21:13
Certificate issuer:       /CN=b9954499977278a75570b3403f4d3aa00b1b36e8
Certificate serial:       0194266BF6462708A13E9BE97F311470B56F
Authority key identifier: B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/McuBhl5AuU3rSVRjHSbjBvKNIRM.roa
Signing time:             Thu 02 Jan 2025 09:49:57 +0000
ROA not before:           Thu 02 Jan 2025 09:49:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207329
IP address blocks:        77.65.149.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:f6:46:27:08:a1:3e:9b:e9:7f:31:14:70:b5:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9954499977278a75570b3403f4d3aa00b1b36e8
        Validity
            Not Before: Jan  2 09:49:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=31cb81865e40b94deb4954631d26e306f28d2113
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:5b:55:03:fd:80:97:94:b4:39:ae:22:42:44:
                    6d:03:c8:a4:39:14:60:ad:b0:98:04:97:36:04:2d:
                    be:dd:de:a4:7e:a6:1d:2a:10:5e:0c:c7:ce:74:2e:
                    6d:c4:65:7b:cd:41:f2:9f:15:fe:bd:50:0e:e0:d7:
                    cc:c5:c2:67:01:26:cd:70:b6:5a:7a:08:86:4b:29:
                    f2:57:96:75:f5:80:a9:12:11:8a:d5:2e:8d:84:6f:
                    74:ca:b1:0b:dd:27:90:35:7c:a4:44:55:ef:aa:db:
                    90:22:d4:87:b9:08:14:6c:28:bd:80:88:93:ee:51:
                    67:3e:e2:55:1e:25:d3:6a:cc:fa:ec:a7:a5:88:4a:
                    48:e7:bb:96:ae:20:7a:49:d9:a9:ec:91:4d:e7:46:
                    d5:eb:31:02:0a:02:00:84:1c:0a:f7:66:ba:f4:83:
                    45:87:07:b5:60:90:ea:c8:b7:90:d2:c2:99:20:8d:
                    55:e5:bc:4b:52:ed:43:be:8b:f7:f6:6a:d3:03:e5:
                    09:09:c5:6c:cf:c9:84:2f:91:c7:2c:12:c1:3d:b0:
                    ed:fe:e3:89:63:af:b4:b2:c3:2b:ac:63:eb:59:7a:
                    8e:02:1e:c9:db:35:44:f3:a8:53:df:a3:8b:08:35:
                    4c:46:35:2f:14:cc:61:c1:6e:72:7b:80:32:46:73:
                    8a:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:CB:81:86:5E:40:B9:4D:EB:49:54:63:1D:26:E3:06:F2:8D:21:13
            X509v3 Authority Key Identifier:
                keyid:B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/McuBhl5AuU3rSVRjHSbjBvKNIRM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.65.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:44:5c:b7:f5:2e:e2:c4:9e:4b:87:15:21:9e:dd:78:66:cf:
         69:ee:44:ae:b3:08:bb:86:02:b2:4c:49:f4:fa:4b:d9:6b:14:
         06:5a:4c:40:bf:37:99:29:a3:77:a8:69:c9:36:58:12:12:16:
         84:33:60:84:1c:33:0d:9a:fb:2d:49:bc:dc:4b:fb:50:62:9e:
         16:5b:b9:95:c3:9b:23:fd:c4:25:f6:4b:5d:ec:27:77:94:7a:
         15:8f:7a:04:fb:2f:b4:86:9a:6c:95:a6:e5:14:16:74:b0:e7:
         1b:7b:40:2e:bf:70:f2:8b:f9:32:ab:b6:6e:fc:64:7a:22:37:
         ce:aa:f9:75:a8:eb:ad:88:45:6e:81:f4:ee:25:0c:71:19:f1:
         70:19:1f:46:3e:76:64:14:04:5d:a0:ae:a8:b9:a5:8e:30:d1:
         83:2f:93:41:fc:f6:ec:95:02:d2:27:ee:7d:f2:f9:a0:66:6d:
         e9:8a:a1:29:43:fb:00:46:60:81:40:1f:ba:2b:04:8e:45:15:
         a6:a3:e4:72:db:26:9b:c8:f2:c1:a3:24:ac:17:60:89:fe:b6:
         97:d7:19:ba:eb:39:16:9e:1a:b2:4b:94:49:27:fe:f4:55:f9:
         34:24:40:1b:5d:24:2f:1a:5a:8f:ed:c4:bf:13:e9:d8:51:d5:
         5f:06:c4:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma/ZGJwihPpvpfzEUcLVvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5OTU0NDk5OTc3Mjc4YTc1NTcwYjM0MDNmNGQzYWEwMGIx
YjM2ZTgwHhcNMjUwMTAyMDk0OTU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWNiODE4NjVlNDBiOTRkZWI0OTU0NjMxZDI2ZTMwNmYyOGQyMTEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtVtVA/2Al5S0Oa4iQkRtA8ikORRg
rbCYBJc2BC2+3d6kfqYdKhBeDMfOdC5txGV7zUHynxX+vVAO4NfMxcJnASbNcLZa
egiGSynyV5Z19YCpEhGK1S6NhG90yrEL3SeQNXykRFXvqtuQItSHuQgUbCi9gIiT
7lFnPuJVHiXTasz67KeliEpI57uWriB6Sdmp7JFN50bV6zECCgIAhBwK92a69INF
hwe1YJDqyLeQ0sKZII1V5bxLUu1Dvov39mrTA+UJCcVsz8mEL5HHLBLBPbDt/uOJ
Y6+0ssMrrGPrWXqOAh7J2zVE86hT36OLCDVMRjUvFMxhwW5ye4AyRnOKawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDHLgYZeQLlN60lUYx0m4wbyjSETMB8GA1UdIwQY
MBaAFLmVRJmXcninVXCzQD9NOqALGzboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAt
MDI0YjE2NTVjMjQ3LzEvTWN1QmhsNUF1VTNyU1ZSakhTYmpCdktOSVJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAtMDI0YjE2NTVjMjQ3
LzEvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATUGVMA0G
CSqGSIb3DQEBCwUAA4IBAQCBRFy39S7ixJ5LhxUhnt14Zs9p7kSuswi7hgKyTEn0
+kvZaxQGWkxAvzeZKaN3qGnJNlgSEhaEM2CEHDMNmvstSbzcS/tQYp4WW7mVw5sj
/cQl9ktd7Cd3lHoVj3oE+y+0hppslablFBZ0sOcbe0Auv3Dyi/kyq7Zu/GR6IjfO
qvl1qOutiEVugfTuJQxxGfFwGR9GPnZkFARdoK6ouaWOMNGDL5NB/PbslQLSJ+59
8vmgZm3piqEpQ/sARmCBQB+6KwSORRWmo+Ry2yabyPLBoySsF2CJ/raX1xm66zkW
nhqyS5RJJ/70Vfk0JEAbXSQvGlqP7cS/E+nYUdVfBsSC
-----END CERTIFICATE-----