Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/pUbid9yw7jFhD4Lcd2hql4VmH48.roa
File:                     pUbid9yw7jFhD4Lcd2hql4VmH48.roa (raw, json)
Hash identifier:          fvxIcUMCmWHMzLoNEeTEbGiBAAC/y5E69xz2Yk8mtS0=
Subject key identifier:   A5:46:E2:77:DC:B0:EE:31:61:0F:82:DC:77:68:6A:97:85:66:1F:8F
Certificate issuer:       /CN=b9954499977278a75570b3403f4d3aa00b1b36e8
Certificate serial:       018CC64B9E0D89FFC5A4E986B14A45C67886
Authority key identifier: B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/pUbid9yw7jFhD4Lcd2hql4VmH48.roa
Signing time:             Mon 01 Jan 2024 18:31:33 +0000
ROA not before:           Mon 01 Jan 2024 18:31:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211516
IP address blocks:        77.65.220.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:9e:0d:89:ff:c5:a4:e9:86:b1:4a:45:c6:78:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9954499977278a75570b3403f4d3aa00b1b36e8
        Validity
            Not Before: Jan  1 18:31:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a546e277dcb0ee31610f82dc77686a9785661f8f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:70:10:19:9d:0c:92:0e:58:9f:40:fe:75:c0:
                    8e:8f:de:e2:57:62:58:1d:1d:01:b0:d3:0a:b5:64:
                    f4:1e:d7:ec:a0:7e:a2:dd:3a:1b:07:b4:43:8d:7b:
                    aa:2b:0f:d8:0c:c3:20:57:52:6d:00:b9:45:bf:a3:
                    da:5d:14:77:27:ec:d9:ef:b1:9a:52:a6:c3:51:4c:
                    82:76:72:3a:97:5d:e6:37:2c:2c:00:6e:7d:85:b6:
                    66:8e:a4:11:59:40:5e:06:e4:1f:c1:9c:1b:0d:b3:
                    9d:43:64:eb:f7:6b:e3:c6:5f:73:67:53:a4:46:f3:
                    ae:ee:57:51:cb:8f:11:25:4e:51:57:4c:0b:c4:c5:
                    92:99:57:8c:90:e1:ac:ed:e9:34:b1:47:27:09:4e:
                    a4:4b:7d:02:ec:f7:66:ff:65:f2:bd:9f:2b:a4:ec:
                    ae:8d:84:de:6f:5a:00:54:02:47:3b:2c:45:99:9b:
                    82:b3:51:04:fd:cf:0a:24:89:7b:a3:02:32:8a:63:
                    d4:46:25:3d:1e:83:5e:fb:dd:43:23:f2:67:e5:ba:
                    b8:c8:02:ac:80:f0:6e:19:7c:d9:17:6f:00:9a:29:
                    f0:e3:1d:01:67:38:1d:76:7d:b6:6c:84:6c:9f:2f:
                    39:33:c9:7f:31:0d:5a:40:0b:0e:f5:f5:1e:b8:1e:
                    f7:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:46:E2:77:DC:B0:EE:31:61:0F:82:DC:77:68:6A:97:85:66:1F:8F
            X509v3 Authority Key Identifier:
                keyid:B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/pUbid9yw7jFhD4Lcd2hql4VmH48.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.65.220.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1d:08:a2:82:67:d2:df:24:95:94:a8:a0:93:4a:74:eb:b0:1d:
         36:08:65:53:a5:e3:e7:25:2e:c7:a3:4a:ef:66:80:fe:8e:20:
         58:5d:3f:fe:01:4e:c7:58:d4:14:bf:64:bd:9a:e6:c2:18:3b:
         59:10:40:14:c2:0f:6a:45:82:57:d9:33:63:0c:fd:c3:9f:69:
         1a:70:ec:55:35:04:da:7c:a0:84:db:b1:ff:d1:37:f7:6e:32:
         c6:4a:c4:ea:35:1f:ab:de:f1:cd:4d:46:f6:26:35:8d:b2:12:
         da:7c:22:81:43:6c:8c:6c:8e:15:be:a4:53:10:f6:d8:10:a5:
         dd:19:91:2b:1e:04:4c:2e:7f:c4:5a:9f:4f:d6:97:c9:e5:dc:
         70:32:e1:18:b4:d5:a6:b5:14:f8:e8:87:42:af:a6:4f:9a:4b:
         5a:fc:2c:bb:af:62:8b:7f:62:93:03:5a:f1:e4:c9:c0:13:92:
         c3:db:ce:9f:3d:82:74:0c:7f:11:5a:d0:38:48:69:bb:c4:64:
         bc:99:0e:ab:28:48:15:d2:c9:66:d3:b5:88:5e:18:2e:a4:10:
         a2:e1:5a:ff:6c:9e:51:a4:d4:ed:dd:68:90:48:06:e9:b3:44:
         8b:72:db:e9:31:18:41:18:1f:29:b1:21:3b:f2:14:a0:0b:05:
         ba:9b:50:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS54Nif/FpOmGsUpFxniGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5OTU0NDk5OTc3Mjc4YTc1NTcwYjM0MDNmNGQzYWEwMGIx
YjM2ZTgwHhcNMjQwMTAxMTgzMTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTQ2ZTI3N2RjYjBlZTMxNjEwZjgyZGM3NzY4NmE5Nzg1NjYxZjhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvnAQGZ0Mkg5Yn0D+dcCOj97iV2JY
HR0BsNMKtWT0HtfsoH6i3TobB7RDjXuqKw/YDMMgV1JtALlFv6PaXRR3J+zZ77Ga
UqbDUUyCdnI6l13mNywsAG59hbZmjqQRWUBeBuQfwZwbDbOdQ2Tr92vjxl9zZ1Ok
RvOu7ldRy48RJU5RV0wLxMWSmVeMkOGs7ek0sUcnCU6kS30C7Pdm/2XyvZ8rpOyu
jYTeb1oAVAJHOyxFmZuCs1EE/c8KJIl7owIyimPURiU9HoNe+91DI/Jn5bq4yAKs
gPBuGXzZF28Aminw4x0BZzgddn22bIRsny85M8l/MQ1aQAsO9fUeuB73ZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKVG4nfcsO4xYQ+C3HdoapeFZh+PMB8GA1UdIwQY
MBaAFLmVRJmXcninVXCzQD9NOqALGzboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAt
MDI0YjE2NTVjMjQ3LzEvcFViaWQ5eXc3akZoRDRMY2QyaHFsNFZtSDQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAtMDI0YjE2NTVjMjQ3
LzEvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBTUHcMA0G
CSqGSIb3DQEBCwUAA4IBAQAdCKKCZ9LfJJWUqKCTSnTrsB02CGVTpePnJS7Ho0rv
ZoD+jiBYXT/+AU7HWNQUv2S9mubCGDtZEEAUwg9qRYJX2TNjDP3Dn2kacOxVNQTa
fKCE27H/0Tf3bjLGSsTqNR+r3vHNTUb2JjWNshLafCKBQ2yMbI4VvqRTEPbYEKXd
GZErHgRMLn/EWp9P1pfJ5dxwMuEYtNWmtRT46IdCr6ZPmkta/Cy7r2KLf2KTA1rx
5MnAE5LD286fPYJ0DH8RWtA4SGm7xGS8mQ6rKEgV0slm07WIXhgupBCi4Vr/bJ5R
pNTt3WiQSAbps0SLctvpMRhBGB8psSE78hSgCwW6m1AL
-----END CERTIFICATE-----