Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/_IIJNNBVIJnRZO7BofuL7NBJGdo.roa
File:                     _IIJNNBVIJnRZO7BofuL7NBJGdo.roa (raw, json)
Hash identifier:          CAFZCizjyo71tG2mA3duxrcdBeYI+/Yk5z06CVfSQh0=
Subject key identifier:   FC:82:09:34:D0:55:20:99:D1:64:EE:C1:A1:FB:8B:EC:D0:49:19:DA
Certificate issuer:       /CN=19426325acb8ce609a686fa655b058968809b346
Certificate serial:       018CC94D43597F91D8F1E770681A18FA6E88
Authority key identifier: 19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/_IIJNNBVIJnRZO7BofuL7NBJGdo.roa
Signing time:             Tue 02 Jan 2024 08:32:13 +0000
ROA not before:           Tue 02 Jan 2024 08:32:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209371
IP address blocks:        77.47.142.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 01:03:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:43:59:7f:91:d8:f1:e7:70:68:1a:18:fa:6e:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19426325acb8ce609a686fa655b058968809b346
        Validity
            Not Before: Jan  2 08:32:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fc820934d0552099d164eec1a1fb8becd04919da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:ed:b3:b5:62:a5:4d:b1:de:9c:13:1e:e9:b2:
                    5f:bc:90:72:62:c6:31:39:b2:89:22:6d:52:b7:ae:
                    17:9f:37:ec:4b:fa:29:15:b8:e7:fd:2e:d0:55:eb:
                    ba:3a:b2:99:a2:22:ea:f5:dd:7c:8d:33:64:47:2b:
                    be:c6:1b:98:85:82:e1:1c:93:27:c5:06:78:f2:ee:
                    a9:12:cd:5d:0b:fe:53:b9:a6:b9:e5:e6:ad:57:29:
                    a0:01:1a:6e:83:70:99:6e:2a:35:e6:7c:6a:0a:86:
                    f9:a0:fe:3a:81:1c:4b:40:c5:fa:71:83:e8:43:1d:
                    32:29:ca:06:4c:77:bf:e8:3f:20:79:61:87:7d:67:
                    c4:23:75:40:a6:0f:bb:2e:c5:9a:84:69:af:9c:c3:
                    78:47:64:85:44:83:94:09:d7:c8:cc:d0:62:65:3f:
                    41:c2:85:9e:0b:fe:3b:0d:37:fd:21:23:51:e2:b1:
                    95:a2:2f:a1:48:9e:e7:fb:36:29:b8:23:06:bc:3b:
                    02:34:3a:10:ff:d6:2d:ed:f7:07:b9:b4:7d:90:a6:
                    10:81:97:be:3d:61:0f:11:48:e1:e4:08:ec:ab:cf:
                    83:89:4c:b1:10:fd:3a:f4:79:06:26:fd:0d:26:ba:
                    a1:51:86:c1:8d:cf:09:d9:73:62:0b:2f:86:f6:67:
                    4f:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:82:09:34:D0:55:20:99:D1:64:EE:C1:A1:FB:8B:EC:D0:49:19:DA
            X509v3 Authority Key Identifier:
                keyid:19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/_IIJNNBVIJnRZO7BofuL7NBJGdo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.47.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:08:f2:d9:7a:44:24:d6:39:e5:93:84:50:96:cf:32:89:95:
         9c:ad:1f:8e:51:72:9a:4d:bf:19:40:4d:92:9b:c7:7e:84:1f:
         cf:3c:f0:71:11:f6:73:4a:d8:e3:8f:d9:e1:af:9d:21:42:34:
         ba:f5:a6:f1:47:da:89:da:84:a1:05:38:7a:ad:0c:ba:7a:0e:
         28:cc:98:31:7b:2f:c3:72:96:b6:3c:bc:78:3b:c8:d9:0a:06:
         b6:a3:21:6a:3a:d1:21:7d:3d:47:e8:94:ff:65:d5:f7:ac:dd:
         c7:9a:f1:96:d7:d3:7a:57:9c:3f:c0:3b:77:09:02:fe:cf:7c:
         8d:ac:53:33:a4:ba:ed:24:44:09:7d:00:db:06:5f:b5:28:5e:
         11:5d:64:70:77:d2:34:83:c2:1f:0a:f6:32:3d:fa:57:74:dc:
         68:2b:3f:05:72:32:a5:17:8a:12:b3:cd:92:40:04:7d:d2:e6:
         9c:ae:57:a3:bd:61:f8:67:5b:1e:4b:08:0f:8d:5b:35:8a:f4:
         42:05:f2:75:8c:dd:d0:7e:71:3d:c6:09:9a:cf:03:c3:39:19:
         33:98:db:2c:60:5a:c0:5d:59:5d:a4:2d:a2:c5:42:26:1e:66:
         5a:83:c9:a9:08:d3:9c:7f:e4:ae:86:bc:b8:54:14:42:60:8a:
         ab:31:76:00
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTUNZf5HY8edwaBoY+m6IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5NDI2MzI1YWNiOGNlNjA5YTY4NmZhNjU1YjA1ODk2ODgw
OWIzNDYwHhcNMjQwMTAyMDgzMjEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzgyMDkzNGQwNTUyMDk5ZDE2NGVlYzFhMWZiOGJlY2QwNDkxOWRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlO2ztWKlTbHenBMe6bJfvJByYsYx
ObKJIm1St64XnzfsS/opFbjn/S7QVeu6OrKZoiLq9d18jTNkRyu+xhuYhYLhHJMn
xQZ48u6pEs1dC/5Tuaa55eatVymgARpug3CZbio15nxqCob5oP46gRxLQMX6cYPo
Qx0yKcoGTHe/6D8geWGHfWfEI3VApg+7LsWahGmvnMN4R2SFRIOUCdfIzNBiZT9B
woWeC/47DTf9ISNR4rGVoi+hSJ7n+zYpuCMGvDsCNDoQ/9Yt7fcHubR9kKYQgZe+
PWEPEUjh5Ajsq8+DiUyxEP069HkGJv0NJrqhUYbBjc8J2XNiCy+G9mdPNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPyCCTTQVSCZ0WTuwaH7i+zQSRnaMB8GA1UdIwQY
MBaAFBlCYyWsuM5gmmhvplWwWJaICbNGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQt
MDNmNGM3MTEzYzM0LzEvX0lJSk5OQlZJSm5SWk83Qm9mdUw3TkJKR2RvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQtMDNmNGM3MTEzYzM0
LzEvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATS+OMA0G
CSqGSIb3DQEBCwUAA4IBAQCvCPLZekQk1jnlk4RQls8yiZWcrR+OUXKaTb8ZQE2S
m8d+hB/PPPBxEfZzStjjj9nhr50hQjS69abxR9qJ2oShBTh6rQy6eg4ozJgxey/D
cpa2PLx4O8jZCga2oyFqOtEhfT1H6JT/ZdX3rN3HmvGW19N6V5w/wDt3CQL+z3yN
rFMzpLrtJEQJfQDbBl+1KF4RXWRwd9I0g8IfCvYyPfpXdNxoKz8FcjKlF4oSs82S
QAR90uacrlejvWH4Z1seSwgPjVs1ivRCBfJ1jN3QfnE9xgmazwPDORkzmNssYFrA
XVldpC2ixUImHmZag8mpCNOcf+Suhry4VBRCYIqrMXYA
-----END CERTIFICATE-----