Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/Wm_7x3Xvraf2QpaFmV_i_AjC8-U.roa
File:                     Wm_7x3Xvraf2QpaFmV_i_AjC8-U.roa (raw, json)
Hash identifier:          r3lfEt2xzl3kK1FpAJByY8CPI/8mdj0iWkazMdWgpOs=
Subject key identifier:   5A:6F:FB:C7:75:EF:AD:A7:F6:42:96:85:99:5F:E2:FC:08:C2:F3:E5
Certificate issuer:       /CN=b9954499977278a75570b3403f4d3aa00b1b36e8
Certificate serial:       018CC64B8ACB339B576622C2E85606738DE4
Authority key identifier: B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/Wm_7x3Xvraf2QpaFmV_i_AjC8-U.roa
Signing time:             Mon 01 Jan 2024 18:31:28 +0000
ROA not before:           Mon 01 Jan 2024 18:31:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198408
IP address blocks:        77.65.189.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:8a:cb:33:9b:57:66:22:c2:e8:56:06:73:8d:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9954499977278a75570b3403f4d3aa00b1b36e8
        Validity
            Not Before: Jan  1 18:31:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5a6ffbc775efada7f6429685995fe2fc08c2f3e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:13:59:1e:5e:59:6d:d5:9a:30:1c:6f:7e:7f:
                    69:c7:06:2c:c1:41:3e:c2:12:0d:1d:b9:e8:49:d6:
                    d5:f2:a3:7e:ac:07:4b:73:9c:e4:19:f9:be:cc:d5:
                    35:68:7a:cb:eb:7a:f8:0c:8e:f0:49:c4:44:80:b2:
                    4b:51:77:5f:13:54:fd:23:6c:52:83:dd:0f:7f:18:
                    72:95:5a:d6:c8:15:24:17:b5:29:e5:f8:1a:62:ba:
                    af:75:61:f8:dd:c8:bd:1d:f5:68:66:62:ed:a7:7d:
                    49:15:b1:60:cc:fa:da:79:55:69:a2:14:bb:e5:13:
                    da:7d:dd:d9:d8:58:32:49:45:8b:59:71:07:9c:38:
                    59:7b:dc:39:e7:fd:92:c2:c0:36:53:09:f3:65:af:
                    1f:9b:6f:96:01:8e:f5:69:92:7a:f8:d6:5d:57:d5:
                    34:18:b7:85:87:fe:44:b4:61:cb:a4:91:fd:49:a2:
                    ed:8a:a5:be:44:30:27:df:b6:b7:13:3e:90:99:e0:
                    75:df:4f:96:7a:6f:51:e4:bf:5d:84:38:79:66:36:
                    08:bd:93:48:4d:d0:a6:14:f7:cb:d0:12:db:fc:47:
                    db:f2:a9:60:82:b0:c8:30:e0:fe:05:9e:24:4e:3b:
                    42:4d:30:48:75:58:53:5b:39:af:c6:53:50:13:f4:
                    21:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:6F:FB:C7:75:EF:AD:A7:F6:42:96:85:99:5F:E2:FC:08:C2:F3:E5
            X509v3 Authority Key Identifier:
                keyid:B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/Wm_7x3Xvraf2QpaFmV_i_AjC8-U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.65.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:66:22:60:6d:da:44:70:52:d6:f4:8c:6e:f5:59:8a:66:38:
         08:ca:d5:ad:83:53:45:fb:27:da:4b:43:c7:5a:18:b8:5d:99:
         5f:4b:0c:23:d9:55:05:c7:3b:18:e0:63:fe:3a:d8:e2:3f:68:
         dd:55:44:41:c1:cb:67:c3:e4:52:55:46:61:b3:5d:93:50:cc:
         b6:17:50:d1:e7:82:3d:b6:1a:5b:ab:08:ce:54:dc:44:01:23:
         4c:9a:61:7d:59:ec:81:4a:3d:ba:90:c3:7d:84:df:4a:51:b5:
         2b:0f:e5:a6:68:37:d2:db:4d:b2:2e:34:86:b9:89:49:52:12:
         4c:54:87:02:1c:ab:7f:ba:12:ab:e3:41:c2:0f:c9:89:b8:6f:
         0d:29:3b:cb:4d:5e:38:5d:60:a8:76:77:ef:3a:b5:d7:c9:5a:
         66:53:22:ca:48:3e:d1:65:1e:91:f0:80:13:a8:99:b1:d0:05:
         65:2f:18:42:4d:b4:3f:f0:e2:52:3f:3f:b3:fb:fe:a8:bb:04:
         42:f5:d2:68:ef:0d:c8:8a:c7:38:5c:84:62:38:06:36:ac:9f:
         22:ae:41:fa:86:06:32:9f:32:ee:47:57:1d:e3:33:d4:a3:15:
         5c:36:bb:e6:b9:aa:85:9d:b1:30:ea:48:b4:fe:1c:c7:e5:96:
         e3:c9:f1:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS4rLM5tXZiLC6FYGc43kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5OTU0NDk5OTc3Mjc4YTc1NTcwYjM0MDNmNGQzYWEwMGIx
YjM2ZTgwHhcNMjQwMTAxMTgzMTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTZmZmJjNzc1ZWZhZGE3ZjY0Mjk2ODU5OTVmZTJmYzA4YzJmM2U1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAghNZHl5ZbdWaMBxvfn9pxwYswUE+
whINHbnoSdbV8qN+rAdLc5zkGfm+zNU1aHrL63r4DI7wScREgLJLUXdfE1T9I2xS
g90PfxhylVrWyBUkF7Up5fgaYrqvdWH43ci9HfVoZmLtp31JFbFgzPraeVVpohS7
5RPafd3Z2FgySUWLWXEHnDhZe9w55/2SwsA2UwnzZa8fm2+WAY71aZJ6+NZdV9U0
GLeFh/5EtGHLpJH9SaLtiqW+RDAn37a3Ez6QmeB130+Wem9R5L9dhDh5ZjYIvZNI
TdCmFPfL0BLb/Efb8qlggrDIMOD+BZ4kTjtCTTBIdVhTWzmvxlNQE/QhdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFpv+8d1762n9kKWhZlf4vwIwvPlMB8GA1UdIwQY
MBaAFLmVRJmXcninVXCzQD9NOqALGzboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAt
MDI0YjE2NTVjMjQ3LzEvV21fN3gzWHZyYWYyUXBhRm1WX2lfQWpDOC1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAtMDI0YjE2NTVjMjQ3
LzEvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATUG9MA0G
CSqGSIb3DQEBCwUAA4IBAQAXZiJgbdpEcFLW9Ixu9VmKZjgIytWtg1NF+yfaS0PH
Whi4XZlfSwwj2VUFxzsY4GP+OtjiP2jdVURBwctnw+RSVUZhs12TUMy2F1DR54I9
thpbqwjOVNxEASNMmmF9WeyBSj26kMN9hN9KUbUrD+WmaDfS202yLjSGuYlJUhJM
VIcCHKt/uhKr40HCD8mJuG8NKTvLTV44XWCodnfvOrXXyVpmUyLKSD7RZR6R8IAT
qJmx0AVlLxhCTbQ/8OJSPz+z+/6ouwRC9dJo7w3Iisc4XIRiOAY2rJ8irkH6hgYy
nzLuR1cd4zPUoxVcNrvmuaqFnbEw6ki0/hzH5ZbjyfHe
-----END CERTIFICATE-----