Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/ikEuk0S6MFWjyIC9oEdMrXB7OdY.roa
File:                     ikEuk0S6MFWjyIC9oEdMrXB7OdY.roa (raw, json)
Hash identifier:          nnESy1kpro+R9FbQto4zcHjQ09ZXnffe4Rrjy4lViA0=
Subject key identifier:   8A:41:2E:93:44:BA:30:55:A3:C8:80:BD:A0:47:4C:AD:70:7B:39:D6
Certificate issuer:       /CN=b9954499977278a75570b3403f4d3aa00b1b36e8
Certificate serial:       0194266C03905EE325E78218E4D87BCBD45B
Authority key identifier: B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/ikEuk0S6MFWjyIC9oEdMrXB7OdY.roa
Signing time:             Thu 02 Jan 2025 09:50:00 +0000
ROA not before:           Thu 02 Jan 2025 09:50:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213174
IP address blocks:        77.65.160.0/21 maxlen: 24
                          77.65.168.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:03:90:5e:e3:25:e7:82:18:e4:d8:7b:cb:d4:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9954499977278a75570b3403f4d3aa00b1b36e8
        Validity
            Not Before: Jan  2 09:50:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8a412e9344ba3055a3c880bda0474cad707b39d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:b5:56:13:41:1a:22:06:08:b9:e2:d4:2f:b4:
                    ba:66:c4:e6:da:f0:02:bc:b1:bd:0d:94:60:1f:48:
                    8b:93:d6:46:f5:a5:ee:f9:53:bb:37:41:a6:7a:e4:
                    a4:b4:f4:ed:b8:0d:e2:82:28:01:6c:a9:20:c9:5b:
                    ff:50:41:a3:3b:79:0b:55:de:4b:86:c7:7b:36:61:
                    2c:d4:f1:cb:38:0f:6f:f9:f8:9d:ca:9b:0a:51:33:
                    97:9a:d6:b7:a1:94:0e:96:ca:76:b0:5e:25:ab:20:
                    e4:f8:59:5d:09:e5:11:fe:db:59:f8:76:23:69:98:
                    40:d6:ea:cd:29:2c:f5:53:66:c7:85:12:58:ad:0a:
                    83:62:67:ec:b1:1a:78:63:3c:e6:d0:1a:ee:f4:16:
                    7e:c8:e7:23:da:ff:cf:94:24:60:68:0e:75:7b:d5:
                    d5:54:69:b1:d1:d1:79:8e:18:f2:39:e4:10:4b:05:
                    87:38:a8:d0:36:72:6d:ee:a8:6d:0e:66:bb:41:ad:
                    9f:72:e8:72:9f:55:4e:36:96:ca:0d:82:57:44:e6:
                    e6:36:a7:cc:fe:8d:ca:2b:42:0d:93:e2:85:29:4a:
                    70:39:63:37:ac:36:4c:31:8e:3b:3c:08:7e:c9:ef:
                    29:d1:a4:52:82:d8:1f:81:0a:2d:36:27:0b:7e:e3:
                    ae:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:41:2E:93:44:BA:30:55:A3:C8:80:BD:A0:47:4C:AD:70:7B:39:D6
            X509v3 Authority Key Identifier:
                keyid:B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/ikEuk0S6MFWjyIC9oEdMrXB7OdY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.65.160.0-77.65.169.255

    Signature Algorithm: sha256WithRSAEncryption
         24:bf:c2:39:9c:10:7b:d6:38:f6:b3:75:1f:77:ba:ef:72:b0:
         b9:1b:81:13:10:8c:91:c0:3f:b3:a5:06:08:54:52:a1:15:c1:
         2e:66:81:6b:79:f2:91:f3:01:1d:3c:b0:34:29:02:24:e6:f5:
         11:ee:0d:b3:f3:e9:58:6f:dd:3d:19:4b:ed:77:6c:b2:02:43:
         c4:70:2f:87:1a:14:7e:68:7a:67:14:91:a7:6b:42:c8:b5:4e:
         f6:fa:64:f4:bf:75:f3:23:92:0e:af:d7:e6:b7:00:2a:3e:3f:
         24:58:c1:ab:8a:f6:05:40:e9:ea:22:d2:03:1c:e1:90:29:a6:
         dc:a7:f7:42:bd:3e:de:45:76:33:a8:4a:ee:3a:28:c2:c8:5a:
         ac:79:4d:ed:05:1f:aa:a9:f8:f5:05:ec:6d:38:e0:6b:a8:50:
         4a:89:58:67:1d:6f:0d:85:7d:8f:58:93:f2:10:9b:8a:3f:13:
         0b:da:40:de:db:a8:b2:31:f7:cd:1b:86:7a:b3:d2:32:3e:34:
         a9:18:68:27:60:ca:56:52:a6:9f:c4:81:6a:c5:f1:6d:28:1c:
         06:d8:5d:6d:a3:42:40:c8:8a:15:50:84:a5:02:94:26:6c:61:
         9e:0c:ed:b1:06:31:6b:22:aa:dd:01:16:86:92:99:e9:74:65:
         4c:97:bf:68
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQmbAOQXuMl54IY5Nh7y9RbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5OTU0NDk5OTc3Mjc4YTc1NTcwYjM0MDNmNGQzYWEwMGIx
YjM2ZTgwHhcNMjUwMTAyMDk1MDAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTQxMmU5MzQ0YmEzMDU1YTNjODgwYmRhMDQ3NGNhZDcwN2IzOWQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm7VWE0EaIgYIueLUL7S6ZsTm2vAC
vLG9DZRgH0iLk9ZG9aXu+VO7N0GmeuSktPTtuA3igigBbKkgyVv/UEGjO3kLVd5L
hsd7NmEs1PHLOA9v+fidypsKUTOXmta3oZQOlsp2sF4lqyDk+FldCeUR/ttZ+HYj
aZhA1urNKSz1U2bHhRJYrQqDYmfssRp4Yzzm0Bru9BZ+yOcj2v/PlCRgaA51e9XV
VGmx0dF5jhjyOeQQSwWHOKjQNnJt7qhtDma7Qa2fcuhyn1VONpbKDYJXRObmNqfM
/o3KK0INk+KFKUpwOWM3rDZMMY47PAh+ye8p0aRSgtgfgQotNicLfuOuPQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFIpBLpNEujBVo8iAvaBHTK1weznWMB8GA1UdIwQY
MBaAFLmVRJmXcninVXCzQD9NOqALGzboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAt
MDI0YjE2NTVjMjQ3LzEvaWtFdWswUzZNRldqeUlDOW9FZE1yWEI3T2RZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAtMDI0YjE2NTVjMjQ3
LzEvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAVNQaAD
BAFNQagwDQYJKoZIhvcNAQELBQADggEBACS/wjmcEHvWOPazdR93uu9ysLkbgRMQ
jJHAP7OlBghUUqEVwS5mgWt58pHzAR08sDQpAiTm9RHuDbPz6Vhv3T0ZS+13bLIC
Q8RwL4caFH5oemcUkadrQsi1Tvb6ZPS/dfMjkg6v1+a3ACo+PyRYwauK9gVA6eoi
0gMc4ZApptyn90K9Pt5FdjOoSu46KMLIWqx5Te0FH6qp+PUF7G044GuoUEqJWGcd
bw2FfY9Yk/IQm4o/EwvaQN7bqLIx980bhnqz0jI+NKkYaCdgylZSpp/EgWrF8W0o
HAbYXW2jQkDIihVQhKUClCZsYZ4M7bEGMWsiqt0BFoaSmel0ZUyXv2g=
-----END CERTIFICATE-----