Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/s4M8GtN_z_tMcHYiwRx1Rfk9D0E.roa
File:                     s4M8GtN_z_tMcHYiwRx1Rfk9D0E.roa (raw, json)
Hash identifier:          fIshgxClC+gNVxAg1bIX99NpRz3BLFRc45V341crPAM=
Subject key identifier:   B3:83:3C:1A:D3:7F:CF:FB:4C:70:76:22:C1:1C:75:45:F9:3D:0F:41
Certificate issuer:       /CN=b9954499977278a75570b3403f4d3aa00b1b36e8
Certificate serial:       018CC64B9ECB5ACDEF1BEC45390E2EC2669B
Authority key identifier: B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/s4M8GtN_z_tMcHYiwRx1Rfk9D0E.roa
Signing time:             Mon 01 Jan 2024 18:31:33 +0000
ROA not before:           Mon 01 Jan 2024 18:31:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212915
IP address blocks:        77.65.170.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:9e:cb:5a:cd:ef:1b:ec:45:39:0e:2e:c2:66:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9954499977278a75570b3403f4d3aa00b1b36e8
        Validity
            Not Before: Jan  1 18:31:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b3833c1ad37fcffb4c707622c11c7545f93d0f41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:17:13:78:df:1e:31:11:75:63:f5:bd:45:49:
                    a2:86:27:ae:ba:8b:52:55:07:a5:77:03:d7:56:fc:
                    5f:a1:9e:4f:68:77:74:e3:c1:62:fc:9b:96:5c:08:
                    3f:83:38:fb:bf:e3:a7:3a:73:59:f9:d7:1b:c6:e0:
                    72:4f:ab:e1:4e:ab:ef:2a:14:21:10:ed:48:1d:e9:
                    77:d5:eb:dc:6e:a2:93:4f:1d:ab:80:d9:44:5a:bb:
                    f7:b5:a8:ad:43:0e:96:b1:7c:76:37:55:c0:cc:65:
                    92:d8:cc:e3:2c:fe:df:40:97:41:32:eb:b2:9e:56:
                    16:82:ad:17:1c:f0:e1:27:f0:7d:76:c4:c1:0f:9d:
                    94:34:76:ee:6b:1b:a3:5f:f3:91:a6:ab:fd:0f:60:
                    74:d6:58:51:63:76:2e:f2:47:d7:3c:d1:7a:18:1e:
                    e9:7f:68:a4:8b:bc:6f:cf:29:f1:8b:95:a7:81:cd:
                    ea:0f:5f:a3:4f:4c:ca:95:67:47:17:36:ef:7a:9a:
                    c9:87:95:0e:e1:1a:77:79:4d:a9:4b:31:b2:80:04:
                    97:07:d9:22:33:fc:6d:ff:92:c3:8f:5e:8a:e6:8a:
                    56:36:95:6c:21:94:66:f8:14:f5:85:dc:4e:3b:1d:
                    ea:23:c8:68:fd:cc:64:f3:32:4f:80:44:e5:5c:6b:
                    36:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:83:3C:1A:D3:7F:CF:FB:4C:70:76:22:C1:1C:75:45:F9:3D:0F:41
            X509v3 Authority Key Identifier:
                keyid:B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/s4M8GtN_z_tMcHYiwRx1Rfk9D0E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.65.170.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:47:2e:77:03:fd:0c:9f:90:ac:56:3f:9c:aa:5a:fc:6a:75:
         4d:7a:e6:13:15:74:72:f0:d7:02:29:2e:a8:7a:14:95:88:e4:
         67:a0:ad:65:23:82:7a:04:2c:e5:58:9a:bb:68:51:79:30:fe:
         fc:eb:ed:b3:25:50:ef:43:3b:bc:98:fa:ea:c5:1e:3e:04:1d:
         ab:cf:c1:29:99:58:a5:a6:31:b1:7c:fa:5b:27:49:50:29:e6:
         60:b3:a3:5e:bb:79:82:de:e7:e0:98:21:5f:6a:9e:42:a1:99:
         29:d5:da:56:fb:92:42:9c:57:7d:74:40:14:fe:87:21:aa:80:
         c7:80:75:55:71:01:4f:9f:32:98:a8:d1:91:a4:54:7e:fe:24:
         f0:b5:74:2b:de:a9:a5:50:3b:65:b9:fb:22:ce:53:a8:7b:d7:
         b6:05:87:fe:e5:55:03:2a:f0:38:05:3a:9b:7c:5d:83:d0:22:
         ba:2f:91:9a:20:f3:cd:3a:94:d3:cb:99:ab:be:ba:11:65:9a:
         a7:fc:39:2f:24:43:c7:46:ad:e7:ff:22:ea:a0:02:14:82:cf:
         63:6a:96:30:43:6e:51:8e:98:2f:08:ce:42:b0:ed:0d:d2:a0:
         87:03:d7:3e:71:8e:04:9b:96:0b:73:14:91:5b:28:90:80:c7:
         f1:48:4e:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS57LWs3vG+xFOQ4uwmabMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5OTU0NDk5OTc3Mjc4YTc1NTcwYjM0MDNmNGQzYWEwMGIx
YjM2ZTgwHhcNMjQwMTAxMTgzMTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzgzM2MxYWQzN2ZjZmZiNGM3MDc2MjJjMTFjNzU0NWY5M2QwZjQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmhcTeN8eMRF1Y/W9RUmihieuuotS
VQeldwPXVvxfoZ5PaHd048Fi/JuWXAg/gzj7v+OnOnNZ+dcbxuByT6vhTqvvKhQh
EO1IHel31evcbqKTTx2rgNlEWrv3taitQw6WsXx2N1XAzGWS2MzjLP7fQJdBMuuy
nlYWgq0XHPDhJ/B9dsTBD52UNHbuaxujX/ORpqv9D2B01lhRY3Yu8kfXPNF6GB7p
f2iki7xvzynxi5Wngc3qD1+jT0zKlWdHFzbveprJh5UO4Rp3eU2pSzGygASXB9ki
M/xt/5LDj16K5opWNpVsIZRm+BT1hdxOOx3qI8ho/cxk8zJPgETlXGs2WQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLODPBrTf8/7THB2IsEcdUX5PQ9BMB8GA1UdIwQY
MBaAFLmVRJmXcninVXCzQD9NOqALGzboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAt
MDI0YjE2NTVjMjQ3LzEvczRNOEd0Tl96X3RNY0hZaXdSeDFSZms5RDBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAtMDI0YjE2NTVjMjQ3
LzEvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATUGqMA0G
CSqGSIb3DQEBCwUAA4IBAQB1Ry53A/0Mn5CsVj+cqlr8anVNeuYTFXRy8NcCKS6o
ehSViORnoK1lI4J6BCzlWJq7aFF5MP786+2zJVDvQzu8mPrqxR4+BB2rz8EpmVil
pjGxfPpbJ0lQKeZgs6Neu3mC3ufgmCFfap5CoZkp1dpW+5JCnFd9dEAU/ochqoDH
gHVVcQFPnzKYqNGRpFR+/iTwtXQr3qmlUDtlufsizlOoe9e2BYf+5VUDKvA4BTqb
fF2D0CK6L5GaIPPNOpTTy5mrvroRZZqn/DkvJEPHRq3n/yLqoAIUgs9japYwQ25R
jpgvCM5CsO0N0qCHA9c+cY4Em5YLcxSRWyiQgMfxSE74
-----END CERTIFICATE-----