Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/egZBV_xPq3PnSwmpAfbQYFcxMwE.roa
File:                     egZBV_xPq3PnSwmpAfbQYFcxMwE.roa (raw, json)
Hash identifier:          Rw2cQznddlmAydy+QH83AOW5ugJCnYdSnsJFltUsQ5s=
Subject key identifier:   7A:06:41:57:FC:4F:AB:73:E7:4B:09:A9:01:F6:D0:60:57:31:33:01
Certificate issuer:       /CN=c9d57447e3420b853875b6fa40372aade3192ca2
Certificate serial:       019164DBF6CAEBECA1BD20EB6EF9F48BCCB6
Authority key identifier: C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/egZBV_xPq3PnSwmpAfbQYFcxMwE.roa
Signing time:             Sun 18 Aug 2024 09:40:22 +0000
ROA not before:           Sun 18 Aug 2024 09:40:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210099
IP address blocks:        77.92.153.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:64:db:f6:ca:eb:ec:a1:bd:20:eb:6e:f9:f4:8b:cc:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d57447e3420b853875b6fa40372aade3192ca2
        Validity
            Not Before: Aug 18 09:40:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7a064157fc4fab73e74b09a901f6d06057313301
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:e3:4a:5a:03:d7:aa:c4:89:81:ac:64:90:17:
                    51:7d:db:03:0f:ae:ee:7e:80:70:76:1f:72:60:d8:
                    0f:eb:f4:ad:4d:92:26:89:a6:28:56:a2:3d:e0:23:
                    79:13:c3:35:08:b4:ab:18:84:91:67:2e:e5:73:87:
                    e9:9b:67:ed:e2:d7:62:94:2f:06:c0:60:41:2d:50:
                    c6:28:5c:07:42:fe:d7:8f:6e:20:c6:a2:c6:c4:a6:
                    39:b6:3c:d7:69:08:d6:6b:5e:b2:84:a1:fe:5a:49:
                    0c:61:4e:1f:22:b9:d6:30:01:c6:00:b9:2c:e1:2a:
                    ca:3b:16:8b:e5:d6:e6:18:84:f1:0c:31:94:d5:22:
                    cd:d3:0b:a6:74:eb:4c:2d:76:9d:a3:5d:70:ab:f9:
                    08:39:b5:16:79:1f:b1:69:ee:45:9a:d2:43:30:fe:
                    ae:4f:c4:d3:71:d7:4d:8a:bb:5f:55:55:6a:e9:3c:
                    f1:79:65:51:68:98:2d:64:62:f4:de:ee:02:30:98:
                    2d:bf:c0:2a:db:2f:09:d4:4a:c7:d4:4e:fa:09:b9:
                    2b:f0:62:f9:16:6f:43:df:53:d4:97:d2:dd:36:85:
                    2b:b8:e9:8c:65:75:c7:7c:92:d4:fe:d7:4d:70:8e:
                    59:28:0d:cb:25:90:ef:e7:fb:e0:68:4d:50:4d:60:
                    b4:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:06:41:57:FC:4F:AB:73:E7:4B:09:A9:01:F6:D0:60:57:31:33:01
            X509v3 Authority Key Identifier:
                keyid:C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/egZBV_xPq3PnSwmpAfbQYFcxMwE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.92.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:c2:34:6a:84:ef:90:a1:d4:61:cf:d9:03:2a:3a:4a:32:b5:
         9b:b4:d6:a8:14:46:d7:e0:cf:e0:60:6e:1f:77:6f:4d:75:e7:
         57:68:9a:bb:4f:a7:c4:c5:c6:e2:11:98:8d:16:99:a0:b0:63:
         46:2c:6b:93:49:6c:7f:87:1e:ea:70:d2:8c:cb:54:37:db:79:
         85:ac:62:6d:5c:cd:96:de:32:c5:b7:0f:d4:d7:d2:42:e9:66:
         96:7c:38:fc:15:8d:5d:71:39:8b:33:c2:ee:26:9a:0f:b3:e0:
         00:99:c2:45:2c:43:63:40:cc:85:3a:b2:e2:82:5e:3d:9a:12:
         cd:3e:90:cd:57:7f:a2:48:13:1a:8c:8e:d2:6e:99:fd:ec:9c:
         75:67:00:07:eb:66:75:67:03:f8:53:72:4e:d3:57:19:9f:17:
         ef:52:13:0d:8f:da:7c:c1:5e:34:fc:28:e0:c5:18:55:06:fc:
         7a:98:78:ac:bb:6b:68:fc:54:77:46:68:ff:fa:de:53:1a:05:
         1d:8e:b8:56:59:27:5a:e6:47:99:b0:3a:39:ce:73:d6:e9:fd:
         13:ae:c9:a6:c4:33:af:08:0d:3e:0c:87:59:3b:eb:16:39:d8:
         2e:bb:53:4d:7b:31:0c:ff:99:4e:fb:6d:86:22:23:2e:e3:46:
         b5:95:1f:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZFk2/bK6+yhvSDrbvn0i8y2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDU3NDQ3ZTM0MjBiODUzODc1YjZmYTQwMzcyYWFkZTMx
OTJjYTIwHhcNMjQwODE4MDk0MDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTA2NDE1N2ZjNGZhYjczZTc0YjA5YTkwMWY2ZDA2MDU3MzEzMzAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvONKWgPXqsSJgaxkkBdRfdsDD67u
foBwdh9yYNgP6/StTZImiaYoVqI94CN5E8M1CLSrGISRZy7lc4fpm2ft4tdilC8G
wGBBLVDGKFwHQv7Xj24gxqLGxKY5tjzXaQjWa16yhKH+WkkMYU4fIrnWMAHGALks
4SrKOxaL5dbmGITxDDGU1SLN0wumdOtMLXado11wq/kIObUWeR+xae5FmtJDMP6u
T8TTcddNirtfVVVq6TzxeWVRaJgtZGL03u4CMJgtv8Aq2y8J1ErH1E76Cbkr8GL5
Fm9D31PUl9LdNoUruOmMZXXHfJLU/tdNcI5ZKA3LJZDv5/vgaE1QTWC0BwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHoGQVf8T6tz50sJqQH20GBXMTMBMB8GA1UdIwQY
MBaAFMnVdEfjQguFOHW2+kA3Kq3jGSyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTkt
NGUxOThmMGE2MDEzLzEvZWdaQlZfeFBxM1BuU3dtcEFmYlFZRmN4TXdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTktNGUxOThmMGE2MDEz
LzEveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVyZMA0G
CSqGSIb3DQEBCwUAA4IBAQBKwjRqhO+QodRhz9kDKjpKMrWbtNaoFEbX4M/gYG4f
d29NdedXaJq7T6fExcbiEZiNFpmgsGNGLGuTSWx/hx7qcNKMy1Q323mFrGJtXM2W
3jLFtw/U19JC6WaWfDj8FY1dcTmLM8LuJpoPs+AAmcJFLENjQMyFOrLigl49mhLN
PpDNV3+iSBMajI7Sbpn97Jx1ZwAH62Z1ZwP4U3JO01cZnxfvUhMNj9p8wV40/Cjg
xRhVBvx6mHisu2to/FR3Rmj/+t5TGgUdjrhWWSda5keZsDo5znPW6f0TrsmmxDOv
CA0+DIdZO+sWOdguu1NNezEM/5lO+22GIiMu40a1lR+H
-----END CERTIFICATE-----