Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/i2iJj-IQjH-69M83cAJmCQfRMAs.roa
File:                     i2iJj-IQjH-69M83cAJmCQfRMAs.roa (raw, json)
Hash identifier:          Ca8Zd4UA4YhRSLStSXtQyKcLXDuwj1eGs1YGMStdVWw=
Subject key identifier:   8B:68:89:8F:E2:10:8C:7F:BA:F4:CF:37:70:02:66:09:07:D1:30:0B
Certificate issuer:       /CN=b9954499977278a75570b3403f4d3aa00b1b36e8
Certificate serial:       018CC64B810037D7718AEC6FF773327050DD
Authority key identifier: B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/i2iJj-IQjH-69M83cAJmCQfRMAs.roa
Signing time:             Mon 01 Jan 2024 18:31:26 +0000
ROA not before:           Mon 01 Jan 2024 18:31:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28732
IP address blocks:        77.65.153.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:81:00:37:d7:71:8a:ec:6f:f7:73:32:70:50:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9954499977278a75570b3403f4d3aa00b1b36e8
        Validity
            Not Before: Jan  1 18:31:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8b68898fe2108c7fbaf4cf377002660907d1300b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:3f:16:2b:0c:e1:4e:8c:16:5b:9c:0c:b8:ad:
                    23:25:60:53:c4:96:02:43:a4:93:f9:55:72:df:ec:
                    7b:40:80:45:5f:d1:89:8c:4f:ec:6e:68:bd:db:a6:
                    cf:ba:63:91:68:2f:9d:52:61:39:4f:6d:f0:ce:f8:
                    0f:63:28:a8:79:1d:8b:1e:10:d1:ed:38:a6:74:3b:
                    62:c0:b9:3f:f4:27:81:32:d7:96:f8:d8:8b:e1:8c:
                    e9:d5:e4:8c:e6:3b:19:27:02:36:01:b8:6f:43:50:
                    f6:b3:e3:d5:6d:e2:f5:58:84:21:4b:4d:bd:37:ad:
                    99:54:f7:71:9f:aa:00:f5:5d:1e:66:1a:62:6c:14:
                    17:92:43:11:79:10:f7:b3:89:e1:cf:3b:42:da:03:
                    d9:5f:44:8c:c5:98:a8:f9:58:e6:71:65:01:89:0b:
                    82:a0:2c:e0:f8:17:bc:08:a3:bb:ee:84:aa:4d:d5:
                    95:45:9d:71:b1:36:17:2e:e4:7b:46:d5:3a:92:b8:
                    93:ef:e8:79:73:84:9c:6e:7a:42:65:f6:7a:15:c7:
                    df:3d:0f:95:b0:8f:d0:6b:f6:66:9d:27:d4:90:84:
                    57:05:22:0b:51:c8:c0:f1:b3:19:46:15:ad:3a:55:
                    dc:3e:fe:4c:8a:fe:f5:f3:4e:4d:d5:0f:c6:3a:99:
                    88:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:68:89:8F:E2:10:8C:7F:BA:F4:CF:37:70:02:66:09:07:D1:30:0B
            X509v3 Authority Key Identifier:
                keyid:B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/i2iJj-IQjH-69M83cAJmCQfRMAs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.65.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:ad:93:40:2c:d6:d1:3c:99:3b:37:06:65:20:32:aa:19:fe:
         2f:2a:67:0e:79:08:5d:74:14:c4:2a:bf:51:cb:3a:fa:b3:cb:
         8c:82:c9:6e:5f:aa:4c:83:fb:71:2b:8c:b1:f4:56:79:50:ab:
         36:6b:5c:9b:07:a4:64:94:9e:a5:38:e0:24:84:bc:33:7b:ff:
         09:2b:ad:b9:14:40:45:b8:6f:80:c4:e2:bf:f2:23:9c:2e:ae:
         6e:ae:d2:97:cc:5f:18:4a:8a:f9:46:dc:1e:9a:76:c9:56:79:
         da:e7:dd:86:57:f4:46:21:b8:3c:e8:74:59:a1:76:4e:75:b1:
         55:20:31:08:fe:2a:34:ec:8a:8b:6f:55:ab:e8:99:8c:61:44:
         e6:38:09:1b:98:4d:fb:f6:80:f1:67:f9:cc:db:7d:69:a3:c6:
         bf:41:d0:c5:15:38:f2:7e:a5:39:41:6d:32:f9:1f:20:35:eb:
         b3:3e:ff:53:9b:84:06:a4:9e:a8:cc:e4:dd:1c:e6:8c:e4:15:
         cf:19:2e:7e:d2:44:46:12:73:82:02:65:13:f2:96:d9:0d:ce:
         42:6e:ab:16:00:7c:ee:9c:80:db:5c:8e:14:63:98:b2:00:14:
         58:be:f3:1d:ca:7e:80:52:c1:43:09:e1:24:e6:d6:c8:8e:e6:
         4a:ee:f0:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS4EAN9dxiuxv93MycFDdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5OTU0NDk5OTc3Mjc4YTc1NTcwYjM0MDNmNGQzYWEwMGIx
YjM2ZTgwHhcNMjQwMTAxMTgzMTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjY4ODk4ZmUyMTA4YzdmYmFmNGNmMzc3MDAyNjYwOTA3ZDEzMDBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnj8WKwzhTowWW5wMuK0jJWBTxJYC
Q6ST+VVy3+x7QIBFX9GJjE/sbmi926bPumORaC+dUmE5T23wzvgPYyioeR2LHhDR
7TimdDtiwLk/9CeBMteW+NiL4Yzp1eSM5jsZJwI2AbhvQ1D2s+PVbeL1WIQhS029
N62ZVPdxn6oA9V0eZhpibBQXkkMReRD3s4nhzztC2gPZX0SMxZio+VjmcWUBiQuC
oCzg+Be8CKO77oSqTdWVRZ1xsTYXLuR7RtU6kriT7+h5c4ScbnpCZfZ6FcffPQ+V
sI/Qa/ZmnSfUkIRXBSILUcjA8bMZRhWtOlXcPv5Miv71805N1Q/GOpmIpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFItoiY/iEIx/uvTPN3ACZgkH0TALMB8GA1UdIwQY
MBaAFLmVRJmXcninVXCzQD9NOqALGzboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAt
MDI0YjE2NTVjMjQ3LzEvaTJpSmotSVFqSC02OU04M2NBSm1DUWZSTUFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAtMDI0YjE2NTVjMjQ3
LzEvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATUGZMA0G
CSqGSIb3DQEBCwUAA4IBAQBNrZNALNbRPJk7NwZlIDKqGf4vKmcOeQhddBTEKr9R
yzr6s8uMgsluX6pMg/txK4yx9FZ5UKs2a1ybB6RklJ6lOOAkhLwze/8JK625FEBF
uG+AxOK/8iOcLq5urtKXzF8YSor5RtwemnbJVnna592GV/RGIbg86HRZoXZOdbFV
IDEI/io07IqLb1Wr6JmMYUTmOAkbmE379oDxZ/nM231po8a/QdDFFTjyfqU5QW0y
+R8gNeuzPv9Tm4QGpJ6ozOTdHOaM5BXPGS5+0kRGEnOCAmUT8pbZDc5CbqsWAHzu
nIDbXI4UY5iyABRYvvMdyn6AUsFDCeEk5tbIjuZK7vBl
-----END CERTIFICATE-----