Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/a9af0e-e91a-4f1c-b72c-1e2b1c87d317/1/W3y7u2g9NtdZgM-Bk0FIL4Ts9xs.roa
File:                     W3y7u2g9NtdZgM-Bk0FIL4Ts9xs.roa (raw, json)
Hash identifier:          FFqDPdAt8yYUgCt1VUIl0KsoOpSy32KbURaYuItntwg=
Subject key identifier:   5B:7C:BB:BB:68:3D:36:D7:59:80:CF:81:93:41:48:2F:84:EC:F7:1B
Certificate issuer:       /CN=0a39f9a00278e69d1b3dddaa0bf0cd17d2e66708
Certificate serial:       018FBECDE21A8C029B90D5FFDE0E079C140F
Authority key identifier: 0A:39:F9:A0:02:78:E6:9D:1B:3D:DD:AA:0B:F0:CD:17:D2:E6:67:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Cjn5oAJ45p0bPd2qC_DNF9LmZwg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/a9af0e-e91a-4f1c-b72c-1e2b1c87d317/1/W3y7u2g9NtdZgM-Bk0FIL4Ts9xs.roa
Signing time:             Tue 28 May 2024 10:45:14 +0000
ROA not before:           Tue 28 May 2024 10:45:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8866
IP address blocks:        77.76.32.0/19 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/a9af0e-e91a-4f1c-b72c-1e2b1c87d317/1/Cjn5oAJ45p0bPd2qC_DNF9LmZwg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/a9af0e-e91a-4f1c-b72c-1e2b1c87d317/1/Cjn5oAJ45p0bPd2qC_DNF9LmZwg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Cjn5oAJ45p0bPd2qC_DNF9LmZwg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:be:cd:e2:1a:8c:02:9b:90:d5:ff:de:0e:07:9c:14:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a39f9a00278e69d1b3dddaa0bf0cd17d2e66708
        Validity
            Not Before: May 28 10:45:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5b7cbbbb683d36d75980cf819341482f84ecf71b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:1a:a0:f5:53:c9:e0:09:0e:9a:81:6d:a8:e4:
                    4e:ad:e8:f0:a0:bc:b2:38:e0:ad:68:00:b7:ee:e4:
                    4e:8a:65:a8:5a:fe:99:3a:a2:2e:9a:38:5d:a0:6f:
                    40:93:79:10:8d:fe:af:fc:f4:54:39:59:73:0a:8d:
                    4d:57:76:60:89:20:42:8a:52:cc:fe:44:bb:c4:17:
                    a2:36:8d:34:41:b1:d3:5b:44:81:ab:fa:3a:67:2e:
                    43:06:b0:9c:c7:ca:b8:09:84:2c:8b:f3:3d:44:27:
                    e7:16:2a:3e:0c:e0:c7:33:8c:ae:c1:42:b7:6b:4b:
                    6f:ab:95:db:a8:ed:c0:16:9c:bf:70:16:4b:d8:5f:
                    3b:3d:0e:0a:bf:10:22:c8:5e:56:2c:6a:e1:a1:d9:
                    c7:be:74:28:1c:dd:7b:ab:dd:6d:f5:03:77:fa:c7:
                    16:19:9c:91:15:43:34:ed:3f:a4:63:1e:52:39:ff:
                    1b:8a:3a:1c:95:82:3f:f9:b0:05:f3:f7:cd:fc:a4:
                    de:9f:f2:48:bc:bd:2c:4a:84:a8:5e:c7:cd:48:1f:
                    8c:06:bc:3f:38:87:d8:28:4e:37:34:de:3e:a3:85:
                    d5:ab:be:91:d0:ae:4b:77:4c:2f:27:5c:a2:4b:47:
                    fc:bf:89:3b:a7:82:a3:18:06:8a:46:9f:6e:83:9d:
                    46:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:7C:BB:BB:68:3D:36:D7:59:80:CF:81:93:41:48:2F:84:EC:F7:1B
            X509v3 Authority Key Identifier:
                keyid:0A:39:F9:A0:02:78:E6:9D:1B:3D:DD:AA:0B:F0:CD:17:D2:E6:67:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Cjn5oAJ45p0bPd2qC_DNF9LmZwg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/a9af0e-e91a-4f1c-b72c-1e2b1c87d317/1/W3y7u2g9NtdZgM-Bk0FIL4Ts9xs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/a9af0e-e91a-4f1c-b72c-1e2b1c87d317/1/Cjn5oAJ45p0bPd2qC_DNF9LmZwg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.76.32.0/19

    Signature Algorithm: sha256WithRSAEncryption
         77:83:41:d3:68:1d:f6:85:68:12:d4:c8:ed:f9:65:ab:74:0d:
         61:ff:f4:7f:4e:da:46:77:d2:c4:33:90:2a:d3:4b:86:bd:2f:
         04:f6:21:4a:75:dd:63:49:3f:07:6c:07:d5:85:e9:4a:19:25:
         e2:d2:84:a9:a2:15:b5:60:d0:da:9a:fb:08:dd:13:f5:c9:3b:
         01:52:06:b2:de:63:91:92:0a:53:f3:b7:49:d6:01:7b:52:ff:
         df:7b:0f:f0:33:49:90:2f:d6:94:34:89:11:36:87:b8:c5:a4:
         01:43:f8:5d:f0:d5:56:b8:71:db:47:d2:13:4f:6e:93:9f:ab:
         f2:4a:45:7c:09:b5:00:fc:a0:2c:73:72:18:78:86:4e:de:70:
         fd:39:ca:ae:14:c3:65:d0:25:2c:7c:1f:71:71:e6:15:d0:5d:
         9b:c0:ef:e4:6c:18:d5:d1:5a:ed:ea:f6:8f:e3:c4:2a:0c:2f:
         d4:84:f2:fd:3c:e7:46:48:e1:6d:03:7a:36:1c:a6:da:dc:ea:
         79:c0:e2:87:2b:6b:73:be:1c:9e:3d:14:bc:fb:42:56:91:6a:
         e3:75:fb:bf:ac:89:bb:9d:d6:c7:67:93:d7:b9:5b:1c:24:92:
         7b:20:d1:b6:31:3c:ec:88:a9:c7:5b:d1:a3:1d:eb:f0:2a:ba:
         9a:b2:b8:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY++zeIajAKbkNX/3g4HnBQPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhMzlmOWEwMDI3OGU2OWQxYjNkZGRhYTBiZjBjZDE3ZDJl
NjY3MDgwHhcNMjQwNTI4MTA0NTE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjdjYmJiYjY4M2QzNmQ3NTk4MGNmODE5MzQxNDgyZjg0ZWNmNzFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApRqg9VPJ4AkOmoFtqOROrejwoLyy
OOCtaAC37uROimWoWv6ZOqIumjhdoG9Ak3kQjf6v/PRUOVlzCo1NV3ZgiSBCilLM
/kS7xBeiNo00QbHTW0SBq/o6Zy5DBrCcx8q4CYQsi/M9RCfnFio+DODHM4yuwUK3
a0tvq5XbqO3AFpy/cBZL2F87PQ4KvxAiyF5WLGrhodnHvnQoHN17q91t9QN3+scW
GZyRFUM07T+kYx5SOf8bijoclYI/+bAF8/fN/KTen/JIvL0sSoSoXsfNSB+MBrw/
OIfYKE43NN4+o4XVq76R0K5Ld0wvJ1yiS0f8v4k7p4KjGAaKRp9ug51GTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFt8u7toPTbXWYDPgZNBSC+E7PcbMB8GA1UdIwQY
MBaAFAo5+aACeOadGz3dqgvwzRfS5mcIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2puNW9BSjQ1cDBiUGQycUNfRE5GOUxtWndnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS9hOWFmMGUtZTkxYS00ZjFjLWI3MmMt
MWUyYjFjODdkMzE3LzEvVzN5N3UyZzlOdGRaZ00tQmswRklMNFRzOXhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS9hOWFmMGUtZTkxYS00ZjFjLWI3MmMtMWUyYjFjODdkMzE3
LzEvQ2puNW9BSjQ1cDBiUGQycUNfRE5GOUxtWndnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFTUwgMA0G
CSqGSIb3DQEBCwUAA4IBAQB3g0HTaB32hWgS1Mjt+WWrdA1h//R/TtpGd9LEM5Aq
00uGvS8E9iFKdd1jST8HbAfVhelKGSXi0oSpohW1YNDamvsI3RP1yTsBUgay3mOR
kgpT87dJ1gF7Uv/few/wM0mQL9aUNIkRNoe4xaQBQ/hd8NVWuHHbR9ITT26Tn6vy
SkV8CbUA/KAsc3IYeIZO3nD9OcquFMNl0CUsfB9xceYV0F2bwO/kbBjV0Vrt6vaP
48QqDC/UhPL9POdGSOFtA3o2HKba3Op5wOKHK2tzvhyePRS8+0JWkWrjdfu/rIm7
ndbHZ5PXuVscJJJ7ING2MTzsiKnHW9GjHevwKrqasri5
-----END CERTIFICATE-----