Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/VSk9YNoQ_L7f8nU872tIyK3fFc4.roa
File:                     VSk9YNoQ_L7f8nU872tIyK3fFc4.roa (raw, json)
Hash identifier:          xrQRJoGoXkNgogymbxmJmW5z5NiM4HkImwCE+E3WkUk=
Subject key identifier:   55:29:3D:60:DA:10:FC:BE:DF:F2:75:3C:EF:6B:48:C8:AD:DF:15:CE
Certificate issuer:       /CN=b9954499977278a75570b3403f4d3aa00b1b36e8
Certificate serial:       018CC64B9D342CF2ADAB5BCEC3339EED6E71
Authority key identifier: B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/VSk9YNoQ_L7f8nU872tIyK3fFc4.roa
Signing time:             Mon 01 Jan 2024 18:31:33 +0000
ROA not before:           Mon 01 Jan 2024 18:31:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210959
IP address blocks:        77.65.206.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:9d:34:2c:f2:ad:ab:5b:ce:c3:33:9e:ed:6e:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9954499977278a75570b3403f4d3aa00b1b36e8
        Validity
            Not Before: Jan  1 18:31:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=55293d60da10fcbedff2753cef6b48c8addf15ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:f3:0f:12:15:55:e9:c2:cc:75:22:41:b8:85:
                    2f:46:ea:16:df:74:ec:c6:4d:c5:de:b6:07:b6:8d:
                    04:81:6f:6c:a1:22:1e:dd:00:bd:27:e0:8c:85:af:
                    02:0d:b0:a6:5a:dd:fa:b6:08:1c:48:67:49:39:67:
                    0b:88:81:1b:a4:e3:f4:34:d1:e4:84:73:bb:1d:35:
                    f8:b5:19:1b:0b:c3:b5:8f:d0:98:2b:62:06:a4:34:
                    f7:6e:b5:21:95:c2:c5:4b:df:65:74:ea:bf:44:7d:
                    4a:cb:ab:e6:4c:5d:43:1f:8f:22:3c:6c:44:6b:16:
                    38:3c:a1:29:b2:a6:f5:e9:b4:90:6b:66:fc:1b:f9:
                    66:24:34:fb:63:fd:c7:36:24:ab:28:ad:7c:cd:48:
                    57:d6:aa:86:83:20:fc:6b:dd:12:83:46:18:64:a4:
                    5c:9b:b7:89:6a:54:75:c2:30:5b:ca:c9:bd:75:6f:
                    34:0a:88:28:37:ac:24:be:05:21:3d:0c:c1:64:a8:
                    da:f0:b8:c9:28:81:08:62:25:5d:a9:9e:81:d8:46:
                    bd:7d:c7:46:e3:31:98:fd:63:99:9f:1a:f3:1b:c5:
                    1a:e7:11:39:15:d6:b8:b8:4b:5a:4c:37:15:40:39:
                    85:8b:e9:6f:95:7f:ab:7d:7f:dd:44:cd:cf:20:ba:
                    ce:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:29:3D:60:DA:10:FC:BE:DF:F2:75:3C:EF:6B:48:C8:AD:DF:15:CE
            X509v3 Authority Key Identifier:
                keyid:B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/VSk9YNoQ_L7f8nU872tIyK3fFc4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.65.206.0/23

    Signature Algorithm: sha256WithRSAEncryption
         61:05:e8:58:b9:9b:1a:e2:85:28:ee:22:c9:45:f2:98:ea:53:
         4e:7e:c3:fe:13:f5:c9:7b:da:94:d3:cc:88:7f:43:54:9d:90:
         3c:61:4e:8c:a5:d4:7f:2b:e7:d3:99:d4:81:db:fb:fd:0c:64:
         76:7b:4b:79:89:23:2b:80:6f:5a:08:08:7b:e5:21:34:3d:2c:
         6d:5f:f9:8b:e2:41:df:88:09:90:55:ce:d6:71:50:07:65:88:
         7c:1f:21:1d:bb:28:13:63:5f:18:ee:a6:f2:e7:ce:19:79:60:
         24:35:2f:db:a9:10:85:69:6b:8c:85:63:ac:f7:48:3c:39:fc:
         8d:9f:7b:e0:b3:aa:34:cd:9c:a2:4c:c4:87:74:4a:a6:5f:ad:
         69:b6:87:5c:cd:a6:d6:4c:5d:31:db:7a:2f:e6:2b:ab:e9:3e:
         fd:32:c3:1c:d9:3e:c8:1b:f3:7c:9e:ce:8b:4d:0b:3c:2e:99:
         a0:ba:72:37:61:42:c0:b3:70:90:53:d9:ea:03:f5:06:be:d3:
         d0:0a:52:7b:25:19:4e:96:4a:bd:eb:e6:01:34:93:42:7c:63:
         2a:34:85:38:63:2c:b8:d8:dd:53:9e:99:e1:cb:95:96:48:86:
         83:af:49:89:85:e5:7d:6d:50:4f:6f:16:c3:f1:a5:19:24:7e:
         e2:72:2b:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS500LPKtq1vOwzOe7W5xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5OTU0NDk5OTc3Mjc4YTc1NTcwYjM0MDNmNGQzYWEwMGIx
YjM2ZTgwHhcNMjQwMTAxMTgzMTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTI5M2Q2MGRhMTBmY2JlZGZmMjc1M2NlZjZiNDhjOGFkZGYxNWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgfMPEhVV6cLMdSJBuIUvRuoW33Ts
xk3F3rYHto0EgW9soSIe3QC9J+CMha8CDbCmWt36tggcSGdJOWcLiIEbpOP0NNHk
hHO7HTX4tRkbC8O1j9CYK2IGpDT3brUhlcLFS99ldOq/RH1Ky6vmTF1DH48iPGxE
axY4PKEpsqb16bSQa2b8G/lmJDT7Y/3HNiSrKK18zUhX1qqGgyD8a90Sg0YYZKRc
m7eJalR1wjBbysm9dW80CogoN6wkvgUhPQzBZKja8LjJKIEIYiVdqZ6B2Ea9fcdG
4zGY/WOZnxrzG8Ua5xE5Fda4uEtaTDcVQDmFi+lvlX+rfX/dRM3PILrOPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFUpPWDaEPy+3/J1PO9rSMit3xXOMB8GA1UdIwQY
MBaAFLmVRJmXcninVXCzQD9NOqALGzboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAt
MDI0YjE2NTVjMjQ3LzEvVlNrOVlOb1FfTDdmOG5VODcydEl5SzNmRmM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAtMDI0YjE2NTVjMjQ3
LzEvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBTUHOMA0G
CSqGSIb3DQEBCwUAA4IBAQBhBehYuZsa4oUo7iLJRfKY6lNOfsP+E/XJe9qU08yI
f0NUnZA8YU6MpdR/K+fTmdSB2/v9DGR2e0t5iSMrgG9aCAh75SE0PSxtX/mL4kHf
iAmQVc7WcVAHZYh8HyEduygTY18Y7qby584ZeWAkNS/bqRCFaWuMhWOs90g8OfyN
n3vgs6o0zZyiTMSHdEqmX61ptodczabWTF0x23ov5iur6T79MsMc2T7IG/N8ns6L
TQs8LpmgunI3YULAs3CQU9nqA/UGvtPQClJ7JRlOlkq96+YBNJNCfGMqNIU4Yyy4
2N1Tnpnhy5WWSIaDr0mJheV9bVBPbxbD8aUZJH7icivz
-----END CERTIFICATE-----