Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/KbHwSWtkfHwnlj9UQXVEPT-EZ7k.roa
File:                     KbHwSWtkfHwnlj9UQXVEPT-EZ7k.roa (raw, json)
Hash identifier:          D+Cqr/+QwrLtz5zIQtBviAJHQ1yJMAm5YCW5gXMFWiE=
Subject key identifier:   29:B1:F0:49:6B:64:7C:7C:27:96:3F:54:41:75:44:3D:3F:84:67:B9
Certificate issuer:       /CN=c9d57447e3420b853875b6fa40372aade3192ca2
Certificate serial:       01942746AE66F7E94D75697A7C7075C183CB
Authority key identifier: C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/KbHwSWtkfHwnlj9UQXVEPT-EZ7k.roa
Signing time:             Thu 02 Jan 2025 13:48:51 +0000
ROA not before:           Thu 02 Jan 2025 13:48:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207279
IP address blocks:        77.92.154.0/24 maxlen: 24
                          78.135.87.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:46:ae:66:f7:e9:4d:75:69:7a:7c:70:75:c1:83:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d57447e3420b853875b6fa40372aade3192ca2
        Validity
            Not Before: Jan  2 13:48:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=29b1f0496b647c7c27963f544175443d3f8467b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:e1:9b:e5:fc:91:cb:ee:27:9a:c0:17:74:f6:
                    bd:c7:4f:a5:c6:9a:2c:fa:c0:6b:9e:0b:19:ce:eb:
                    cd:9a:4c:62:3f:b4:f9:b9:41:78:f0:29:e3:45:f7:
                    2b:7e:d3:60:d4:25:47:76:40:39:c9:10:38:cf:6a:
                    ed:ca:f5:ba:03:fd:ae:4b:63:81:9f:20:bc:45:f4:
                    08:e8:54:c1:9d:3d:fc:bd:91:e7:d4:61:02:f7:0b:
                    ee:32:51:b7:df:77:17:14:f6:79:a0:e8:d3:19:e2:
                    22:e0:9e:7e:7d:4b:e9:d7:f9:c4:fb:5a:0d:d3:d4:
                    78:db:d4:83:5a:d0:06:f1:8c:78:5d:1c:83:de:4e:
                    a7:f2:2c:8f:07:43:c0:e8:da:62:1b:66:9e:e0:bb:
                    5e:bb:af:3a:39:9d:3a:94:bb:6d:14:c3:75:7c:04:
                    d7:7f:81:59:81:06:2b:0d:16:00:30:4f:fd:c3:3e:
                    c8:25:6e:52:e0:35:7e:6b:77:a9:e7:b8:9c:86:f2:
                    b9:d5:e5:7b:32:23:33:aa:6f:77:88:24:72:f2:66:
                    cd:82:eb:b5:2e:19:88:2b:52:f7:08:76:cf:cd:fa:
                    5e:f7:4d:56:59:05:c8:64:51:a3:bb:20:8c:45:61:
                    2b:41:be:03:96:92:4f:af:37:b8:8f:e2:0d:e0:59:
                    07:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:B1:F0:49:6B:64:7C:7C:27:96:3F:54:41:75:44:3D:3F:84:67:B9
            X509v3 Authority Key Identifier:
                keyid:C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/KbHwSWtkfHwnlj9UQXVEPT-EZ7k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.92.154.0/24
                  78.135.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:9a:e6:f6:61:b1:02:2c:e2:d8:42:23:51:10:1d:2b:8f:9d:
         99:7b:59:08:c2:55:14:5a:19:6e:fd:36:ec:99:90:d5:c6:25:
         e2:ee:be:de:33:69:17:68:e7:ab:7f:4e:73:9b:14:8a:00:88:
         55:7a:0d:f0:98:45:93:5c:25:d3:31:b6:2f:2d:ef:d2:f7:c2:
         0e:38:61:b3:6b:4f:15:f3:e6:5c:64:f5:1a:53:00:9d:10:7d:
         f8:f7:f0:ee:8a:8a:74:ce:86:bb:bf:c3:72:6b:06:5b:32:8c:
         9a:c3:01:ee:0b:ca:7a:17:69:8f:f6:b0:7a:57:f4:6e:f1:51:
         d4:df:d0:a5:f1:2d:e5:06:ea:8d:cd:b7:91:e1:77:1e:63:b5:
         fc:d0:b1:ed:4b:a1:a4:61:dd:12:1d:08:0f:ad:02:da:db:e7:
         94:1a:d7:53:22:3d:b1:e5:4d:06:89:02:3d:18:7d:c9:cf:5b:
         8d:27:2d:20:70:62:6c:c5:b8:76:1e:3b:b9:69:6b:0b:5d:d0:
         80:75:31:bc:6a:d0:a4:0d:82:91:46:84:32:ce:1e:ab:17:ca:
         ca:32:55:e4:c4:ce:00:f8:ab:32:dc:4f:92:0c:9d:0c:01:5c:
         8b:98:74:3b:ed:ff:6b:01:0a:5c:e4:a1:5c:7d:f2:64:56:cf:
         57:fa:2d:8c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQnRq5m9+lNdWl6fHB1wYPLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDU3NDQ3ZTM0MjBiODUzODc1YjZmYTQwMzcyYWFkZTMx
OTJjYTIwHhcNMjUwMTAyMTM0ODUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWIxZjA0OTZiNjQ3YzdjMjc5NjNmNTQ0MTc1NDQzZDNmODQ2N2I5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyOGb5fyRy+4nmsAXdPa9x0+lxpos
+sBrngsZzuvNmkxiP7T5uUF48CnjRfcrftNg1CVHdkA5yRA4z2rtyvW6A/2uS2OB
nyC8RfQI6FTBnT38vZHn1GEC9wvuMlG333cXFPZ5oOjTGeIi4J5+fUvp1/nE+1oN
09R429SDWtAG8Yx4XRyD3k6n8iyPB0PA6NpiG2ae4Lteu686OZ06lLttFMN1fATX
f4FZgQYrDRYAME/9wz7IJW5S4DV+a3ep57ichvK51eV7MiMzqm93iCRy8mbNguu1
LhmIK1L3CHbPzfpe901WWQXIZFGjuyCMRWErQb4DlpJPrze4j+IN4FkHYQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCmx8ElrZHx8J5Y/VEF1RD0/hGe5MB8GA1UdIwQY
MBaAFMnVdEfjQguFOHW2+kA3Kq3jGSyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTkt
NGUxOThmMGE2MDEzLzEvS2JId1NXdGtmSHdubGo5VVFYVkVQVC1FWjdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTktNGUxOThmMGE2MDEz
LzEveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATVyaAwQA
TodXMA0GCSqGSIb3DQEBCwUAA4IBAQCKmub2YbECLOLYQiNREB0rj52Ze1kIwlUU
Whlu/TbsmZDVxiXi7r7eM2kXaOerf05zmxSKAIhVeg3wmEWTXCXTMbYvLe/S98IO
OGGza08V8+ZcZPUaUwCdEH349/Duiop0zoa7v8NyawZbMoyawwHuC8p6F2mP9rB6
V/Ru8VHU39Cl8S3lBuqNzbeR4XceY7X80LHtS6GkYd0SHQgPrQLa2+eUGtdTIj2x
5U0GiQI9GH3Jz1uNJy0gcGJsxbh2Hju5aWsLXdCAdTG8atCkDYKRRoQyzh6rF8rK
MlXkxM4A+Ksy3E+SDJ0MAVyLmHQ77f9rAQpc5KFcffJkVs9X+i2M
-----END CERTIFICATE-----