Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/_Rlz-WRPfG2IOQOJDUA8xwk0l74.roa
File:                     _Rlz-WRPfG2IOQOJDUA8xwk0l74.roa (raw, json)
Hash identifier:          BovIbxPobxCsBORHlIZbnSLtYc8F7PZ6pFNfO4Ph0lM=
Subject key identifier:   FD:19:73:F9:64:4F:7C:6D:88:39:03:89:0D:40:3C:C7:09:34:97:BE
Certificate issuer:       /CN=b9954499977278a75570b3403f4d3aa00b1b36e8
Certificate serial:       018CC64B84DB5A6D2105C73666196D9A2D65
Authority key identifier: B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/_Rlz-WRPfG2IOQOJDUA8xwk0l74.roa
Signing time:             Mon 01 Jan 2024 18:31:27 +0000
ROA not before:           Mon 01 Jan 2024 18:31:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42402
IP address blocks:        77.65.136.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:84:db:5a:6d:21:05:c7:36:66:19:6d:9a:2d:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9954499977278a75570b3403f4d3aa00b1b36e8
        Validity
            Not Before: Jan  1 18:31:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fd1973f9644f7c6d883903890d403cc7093497be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:df:bd:a0:78:96:7e:9f:cb:db:24:79:35:80:
                    b6:4b:4b:99:92:ca:1a:09:4a:b3:79:31:0a:6b:b0:
                    39:68:48:5c:4b:3b:8c:ed:97:49:13:c1:e0:f7:82:
                    3e:8d:3e:ae:f7:6c:ec:2c:55:45:f3:84:5a:7b:14:
                    a4:03:b5:ea:76:e7:0d:0a:ab:af:a9:8c:36:43:bf:
                    51:7d:48:92:a4:aa:01:10:5b:64:6e:f0:e8:d4:43:
                    e7:3f:a7:28:b3:90:86:f5:c7:9a:4e:be:06:ef:98:
                    bc:3e:12:82:fd:7a:33:74:62:18:89:ad:b7:d5:82:
                    28:73:c2:5a:ae:74:4f:6e:9c:99:5f:46:37:30:35:
                    a3:65:b3:eb:ac:cf:dd:5b:dc:ab:21:12:6d:c0:e6:
                    fb:1a:b4:6e:88:7b:26:3f:f4:b6:2e:ec:4f:b3:a8:
                    87:fe:bd:83:57:cb:28:3a:e6:9e:80:2b:26:57:69:
                    82:ff:33:63:3f:1e:c5:fa:23:cd:40:64:a9:ae:61:
                    43:b1:fa:b0:dd:d0:d6:e3:c4:1f:78:0b:0a:c3:2d:
                    5b:0b:45:19:75:d7:20:54:79:86:3e:35:80:8d:40:
                    44:f3:33:7c:8e:95:ed:71:49:62:b4:60:dd:25:f6:
                    fc:45:b3:19:d6:9f:36:e8:0d:b1:a6:aa:b1:51:f2:
                    f0:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:19:73:F9:64:4F:7C:6D:88:39:03:89:0D:40:3C:C7:09:34:97:BE
            X509v3 Authority Key Identifier:
                keyid:B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/_Rlz-WRPfG2IOQOJDUA8xwk0l74.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.65.136.0/22

    Signature Algorithm: sha256WithRSAEncryption
         92:f4:05:ba:3d:52:23:3f:e8:c0:61:57:a6:fe:fe:80:0c:43:
         6b:d8:75:45:d7:7a:46:f9:b7:16:eb:82:8d:e6:5c:2e:f9:9a:
         06:d7:83:6d:5f:ac:fa:8f:2a:5a:03:4b:9f:6a:e5:7b:cc:6d:
         45:9b:95:b2:6f:d3:7b:05:45:5a:93:a6:b2:f0:cf:0c:b4:a0:
         54:eb:db:0a:c2:24:61:be:af:ac:6c:c2:19:58:36:66:c0:b6:
         98:01:b3:88:2b:e3:ad:81:89:ce:16:cd:21:36:b3:cb:8c:9e:
         5a:92:db:d0:b7:de:a3:ed:df:56:50:43:03:10:f3:b2:29:fb:
         43:73:63:05:67:fc:8a:9a:04:a9:21:13:10:2a:95:19:e0:55:
         ec:ec:3a:b7:30:21:a8:e3:4a:76:28:fe:46:ba:3a:a1:35:d9:
         ac:39:3c:90:c8:11:f7:95:11:ff:79:73:2e:7a:47:0a:e4:74:
         d7:7d:a3:59:80:d6:38:f0:93:af:71:0a:0d:c1:54:02:3d:eb:
         be:98:be:fe:f5:51:3a:f2:93:92:98:bf:f1:5b:1a:45:ef:b8:
         6c:62:fe:a5:58:0c:1e:10:fe:8e:1c:32:51:c6:a8:1a:eb:45:
         7d:d8:17:12:af:ae:4a:aa:9e:e2:02:08:ad:a0:f2:fd:62:8b:
         0b:0a:f2:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS4TbWm0hBcc2Zhltmi1lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5OTU0NDk5OTc3Mjc4YTc1NTcwYjM0MDNmNGQzYWEwMGIx
YjM2ZTgwHhcNMjQwMTAxMTgzMTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDE5NzNmOTY0NGY3YzZkODgzOTAzODkwZDQwM2NjNzA5MzQ5N2JlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn9+9oHiWfp/L2yR5NYC2S0uZksoa
CUqzeTEKa7A5aEhcSzuM7ZdJE8Hg94I+jT6u92zsLFVF84RaexSkA7XqducNCquv
qYw2Q79RfUiSpKoBEFtkbvDo1EPnP6cos5CG9ceaTr4G75i8PhKC/XozdGIYia23
1YIoc8JarnRPbpyZX0Y3MDWjZbPrrM/dW9yrIRJtwOb7GrRuiHsmP/S2LuxPs6iH
/r2DV8soOuaegCsmV2mC/zNjPx7F+iPNQGSprmFDsfqw3dDW48QfeAsKwy1bC0UZ
ddcgVHmGPjWAjUBE8zN8jpXtcUlitGDdJfb8RbMZ1p826A2xpqqxUfLw2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP0Zc/lkT3xtiDkDiQ1APMcJNJe+MB8GA1UdIwQY
MBaAFLmVRJmXcninVXCzQD9NOqALGzboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAt
MDI0YjE2NTVjMjQ3LzEvX1Jsei1XUlBmRzJJT1FPSkRVQTh4d2swbDc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAtMDI0YjE2NTVjMjQ3
LzEvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCTUGIMA0G
CSqGSIb3DQEBCwUAA4IBAQCS9AW6PVIjP+jAYVem/v6ADENr2HVF13pG+bcW64KN
5lwu+ZoG14NtX6z6jypaA0ufauV7zG1Fm5Wyb9N7BUVak6ay8M8MtKBU69sKwiRh
vq+sbMIZWDZmwLaYAbOIK+OtgYnOFs0hNrPLjJ5aktvQt96j7d9WUEMDEPOyKftD
c2MFZ/yKmgSpIRMQKpUZ4FXs7Dq3MCGo40p2KP5GujqhNdmsOTyQyBH3lRH/eXMu
ekcK5HTXfaNZgNY48JOvcQoNwVQCPeu+mL7+9VE68pOSmL/xWxpF77hsYv6lWAwe
EP6OHDJRxqga60V92BcSr65Kqp7iAgitoPL9YosLCvIm
-----END CERTIFICATE-----