Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/SlfPrvDA02eZPZaLnHUG_ZeKxXM.roa
File:                     SlfPrvDA02eZPZaLnHUG_ZeKxXM.roa (raw, json)
Hash identifier:          2TMDDq91UAzM+sThYNjC3+3uY9ZgZ0gmeV5R82e4cQ4=
Subject key identifier:   4A:57:CF:AE:F0:C0:D3:67:99:3D:96:8B:9C:75:06:FD:97:8A:C5:73
Certificate issuer:       /CN=b9954499977278a75570b3403f4d3aa00b1b36e8
Certificate serial:       0194266C00D4B00CB9841D726DB53829453D
Authority key identifier: B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/SlfPrvDA02eZPZaLnHUG_ZeKxXM.roa
Signing time:             Thu 02 Jan 2025 09:49:59 +0000
ROA not before:           Thu 02 Jan 2025 09:49:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210997
IP address blocks:        77.65.217.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:00:d4:b0:0c:b9:84:1d:72:6d:b5:38:29:45:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9954499977278a75570b3403f4d3aa00b1b36e8
        Validity
            Not Before: Jan  2 09:49:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4a57cfaef0c0d367993d968b9c7506fd978ac573
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:c2:73:7e:1a:e3:28:c4:37:ff:86:18:dd:fa:
                    f5:4d:ca:28:c7:a7:22:bd:5d:98:fd:27:e8:25:bb:
                    4d:08:3a:40:82:81:6f:87:fb:58:71:85:47:02:d8:
                    62:57:82:2a:ab:1c:43:48:9b:0e:db:08:db:42:34:
                    2a:a2:d6:26:9a:7d:c1:38:f6:1f:e7:63:a9:fa:ce:
                    d2:8a:65:38:4f:b6:6f:78:e4:5a:d5:94:b9:7f:2f:
                    de:5d:91:d0:8a:59:5d:b5:44:44:8a:c1:08:c8:4f:
                    6b:d2:59:8a:4e:fc:0d:8f:4a:c9:8b:48:3e:83:f4:
                    52:49:8e:44:09:36:e7:ce:7d:84:c2:a7:cb:8d:ca:
                    cd:1f:25:00:ff:45:aa:4e:ba:59:dd:2a:82:38:8f:
                    3f:42:1c:4c:d6:e2:1d:ad:5f:21:3d:3d:2f:77:c2:
                    e2:71:6f:ce:56:bd:be:c1:b6:4b:48:05:ba:38:ce:
                    50:0f:12:db:16:2d:2e:71:ed:f5:ac:a2:86:ac:5f:
                    d1:77:2e:06:55:b8:19:b8:b7:b4:24:2f:27:ab:75:
                    eb:75:3e:41:ac:69:ae:5f:af:67:d9:13:f0:9a:ac:
                    3a:5d:07:e6:a7:7f:1b:cf:7c:3b:92:d3:a3:71:7f:
                    75:a5:eb:65:37:84:65:f3:53:ec:e1:ee:d9:2e:3a:
                    d1:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:57:CF:AE:F0:C0:D3:67:99:3D:96:8B:9C:75:06:FD:97:8A:C5:73
            X509v3 Authority Key Identifier:
                keyid:B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/SlfPrvDA02eZPZaLnHUG_ZeKxXM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.65.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:2b:de:13:57:02:81:0f:5d:0a:bd:e8:01:3b:ce:47:48:a7:
         fb:eb:78:f8:fd:cc:e2:c6:04:96:ce:0f:33:d2:be:01:27:7f:
         04:16:00:44:fd:0d:2f:28:9e:b2:86:b4:18:b1:a8:b0:cf:08:
         13:4a:fb:7f:3d:4f:3c:c9:70:41:f1:14:b3:41:bf:5f:9b:cb:
         4e:e7:b2:20:06:60:5b:29:51:f0:5a:b8:d1:e6:79:0b:55:bb:
         a1:d4:af:d1:e9:e9:87:e0:57:05:e7:6a:67:2c:0c:42:5d:16:
         c0:96:61:ce:19:d9:d7:72:dd:59:45:9a:9d:2b:39:82:b4:ff:
         50:de:e6:06:73:88:ab:70:35:b9:4e:35:0b:96:2a:dc:76:a7:
         ab:eb:0c:db:57:3b:6b:41:46:7f:f5:1a:a0:55:0b:dc:f8:ce:
         bd:27:72:ec:18:3d:fc:84:56:94:75:97:12:24:df:e5:c0:bb:
         0d:cf:5f:62:11:04:78:dc:9c:9b:1a:3f:e5:ad:c9:bf:40:4f:
         27:c0:88:c8:6e:5f:af:67:6d:d9:b4:54:f4:73:e3:ae:c2:f5:
         e6:37:de:b7:5a:d6:cd:0b:42:ea:b1:06:87:02:03:2d:7b:66:
         cf:88:11:11:0b:2d:fd:d9:79:bb:b3:34:fe:c3:44:bb:4b:0e:
         6d:a8:99:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmbADUsAy5hB1ybbU4KUU9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5OTU0NDk5OTc3Mjc4YTc1NTcwYjM0MDNmNGQzYWEwMGIx
YjM2ZTgwHhcNMjUwMTAyMDk0OTU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTU3Y2ZhZWYwYzBkMzY3OTkzZDk2OGI5Yzc1MDZmZDk3OGFjNTczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2sJzfhrjKMQ3/4YY3fr1Tcoox6ci
vV2Y/SfoJbtNCDpAgoFvh/tYcYVHAthiV4IqqxxDSJsO2wjbQjQqotYmmn3BOPYf
52Op+s7SimU4T7ZveORa1ZS5fy/eXZHQilldtUREisEIyE9r0lmKTvwNj0rJi0g+
g/RSSY5ECTbnzn2EwqfLjcrNHyUA/0WqTrpZ3SqCOI8/QhxM1uIdrV8hPT0vd8Li
cW/OVr2+wbZLSAW6OM5QDxLbFi0uce31rKKGrF/Rdy4GVbgZuLe0JC8nq3XrdT5B
rGmuX69n2RPwmqw6XQfmp38bz3w7ktOjcX91petlN4Rl81Ps4e7ZLjrRLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEpXz67wwNNnmT2Wi5x1Bv2XisVzMB8GA1UdIwQY
MBaAFLmVRJmXcninVXCzQD9NOqALGzboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAt
MDI0YjE2NTVjMjQ3LzEvU2xmUHJ2REEwMmVaUFphTG5IVUdfWmVLeFhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAtMDI0YjE2NTVjMjQ3
LzEvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATUHZMA0G
CSqGSIb3DQEBCwUAA4IBAQAkK94TVwKBD10KvegBO85HSKf763j4/czixgSWzg8z
0r4BJ38EFgBE/Q0vKJ6yhrQYsaiwzwgTSvt/PU88yXBB8RSzQb9fm8tO57IgBmBb
KVHwWrjR5nkLVbuh1K/R6emH4FcF52pnLAxCXRbAlmHOGdnXct1ZRZqdKzmCtP9Q
3uYGc4ircDW5TjULlircdqer6wzbVztrQUZ/9RqgVQvc+M69J3LsGD38hFaUdZcS
JN/lwLsNz19iEQR43JybGj/lrcm/QE8nwIjIbl+vZ23ZtFT0c+OuwvXmN963WtbN
C0LqsQaHAgMte2bPiBERCy392Xm7szT+w0S7Sw5tqJnW
-----END CERTIFICATE-----