Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/nEsjgRFgt15xedpuQOkAvAtgtNM.roa
File:                     nEsjgRFgt15xedpuQOkAvAtgtNM.roa (raw, json)
Hash identifier:          BDD9e8RQJofZUx/ojpYI5h+NlHN1XyDEy06pMS+TOC0=
Subject key identifier:   9C:4B:23:81:11:60:B7:5E:71:79:DA:6E:40:E9:00:BC:0B:60:B4:D3
Certificate issuer:       /CN=19426325acb8ce609a686fa655b058968809b346
Certificate serial:       018CC94D472FCB7E40411F77D3E6B9BB6EBB
Authority key identifier: 19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/nEsjgRFgt15xedpuQOkAvAtgtNM.roa
Signing time:             Tue 02 Jan 2024 08:32:14 +0000
ROA not before:           Tue 02 Jan 2024 08:32:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     399587
IP address blocks:        77.47.252.0/22 maxlen: 24
                          77.47.248.0/22 maxlen: 24
                          195.178.128.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 May 2024 01:03:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:47:2f:cb:7e:40:41:1f:77:d3:e6:b9:bb:6e:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19426325acb8ce609a686fa655b058968809b346
        Validity
            Not Before: Jan  2 08:32:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9c4b23811160b75e7179da6e40e900bc0b60b4d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:d3:7f:4c:f1:c3:da:ee:53:15:26:f8:fa:7c:
                    16:de:56:49:f0:f1:18:46:26:b0:33:1b:35:14:3a:
                    a1:be:da:46:9e:bf:b5:b7:e4:bc:b1:d7:f4:5f:0f:
                    83:66:7b:b7:2b:41:c8:88:5b:c2:14:35:17:50:e0:
                    4c:2f:6b:69:a6:f7:2d:e8:b5:cc:fe:a3:20:15:b0:
                    a0:ad:6f:c4:ca:c1:e6:fc:05:14:b4:eb:15:a5:88:
                    99:6d:07:8c:06:ef:82:1c:b6:92:4b:4e:46:1d:f3:
                    bb:f9:c9:86:9c:1d:5a:bb:1c:06:fd:9b:f4:95:39:
                    ef:95:a1:09:c1:d4:04:15:85:00:9f:9b:0a:5b:c5:
                    30:c5:e0:38:9f:f4:1c:f1:62:20:06:a2:5e:84:59:
                    50:3e:93:94:9d:e8:fc:b1:99:ac:6c:75:6a:e9:b7:
                    6b:f5:81:bf:93:52:e4:94:83:e1:c6:52:92:4c:ec:
                    4c:0e:8e:16:5f:05:d0:99:d5:2a:66:78:9b:42:ba:
                    46:27:97:95:d5:9f:a6:e0:ec:19:70:a5:cf:aa:69:
                    60:c7:3a:f1:e9:a6:52:a6:07:41:79:29:b6:1a:da:
                    3c:09:a1:14:39:27:50:49:c7:e4:7c:86:ae:a4:a6:
                    c3:53:b8:d3:ce:83:8d:2c:33:00:44:b0:3f:0d:4c:
                    89:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:4B:23:81:11:60:B7:5E:71:79:DA:6E:40:E9:00:BC:0B:60:B4:D3
            X509v3 Authority Key Identifier:
                keyid:19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/nEsjgRFgt15xedpuQOkAvAtgtNM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.47.248.0/21
                  195.178.128.0/22

    Signature Algorithm: sha256WithRSAEncryption
         08:d1:b0:48:7c:91:6f:09:4e:1b:68:48:9d:be:0b:dd:0e:6b:
         24:7e:74:7e:31:53:1b:6d:22:f6:e6:ec:1d:ac:65:a2:bb:2b:
         e8:14:0b:0e:92:8c:d1:73:c5:2b:05:a4:ff:9c:7c:e5:15:e5:
         8a:c6:62:3d:08:a0:81:96:cd:70:6e:be:6f:16:fd:ae:7c:e3:
         d0:60:e1:c5:20:c9:40:26:2b:57:7b:50:b1:7e:84:ce:b1:5c:
         a1:57:30:3d:6f:6f:2a:67:32:40:0f:ef:69:84:9f:36:2e:a2:
         50:96:55:e8:bd:03:1d:a0:b7:fe:b4:30:b5:1f:c2:e0:93:c1:
         b8:d0:22:e4:ff:f0:f8:4a:90:ff:de:9f:0c:9a:a4:cf:2a:2d:
         35:35:9c:8e:54:a2:63:d3:74:aa:18:2b:24:f5:51:1e:3e:47:
         f6:4a:6f:3f:31:46:bb:0c:cd:99:f6:81:d6:cb:4d:72:36:b1:
         e0:9f:bd:4c:d8:d0:ee:1a:e9:02:8b:59:9e:98:a9:44:c1:73:
         b2:0c:be:ad:0c:59:8a:7d:2f:0c:d2:75:c5:42:8a:13:bb:be:
         cb:06:57:d5:8c:65:9b:fb:36:55:4e:49:c9:79:3f:c6:f4:b2:
         cf:99:aa:b8:29:58:a6:97:f3:7c:43:5d:be:bf:1b:55:c3:bc:
         7f:0a:96:b1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJTUcvy35AQR930+a5u267MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5NDI2MzI1YWNiOGNlNjA5YTY4NmZhNjU1YjA1ODk2ODgw
OWIzNDYwHhcNMjQwMTAyMDgzMjE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzRiMjM4MTExNjBiNzVlNzE3OWRhNmU0MGU5MDBiYzBiNjBiNGQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9tN/TPHD2u5TFSb4+nwW3lZJ8PEY
RiawMxs1FDqhvtpGnr+1t+S8sdf0Xw+DZnu3K0HIiFvCFDUXUOBML2tppvct6LXM
/qMgFbCgrW/EysHm/AUUtOsVpYiZbQeMBu+CHLaSS05GHfO7+cmGnB1auxwG/Zv0
lTnvlaEJwdQEFYUAn5sKW8UwxeA4n/Qc8WIgBqJehFlQPpOUnej8sZmsbHVq6bdr
9YG/k1LklIPhxlKSTOxMDo4WXwXQmdUqZnibQrpGJ5eV1Z+m4OwZcKXPqmlgxzrx
6aZSpgdBeSm2Gto8CaEUOSdQScfkfIaupKbDU7jTzoONLDMARLA/DUyJNwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJxLI4ERYLdecXnabkDpALwLYLTTMB8GA1UdIwQY
MBaAFBlCYyWsuM5gmmhvplWwWJaICbNGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQt
MDNmNGM3MTEzYzM0LzEvbkVzamdSRmd0MTV4ZWRwdVFPa0F2QXRndE5NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQtMDNmNGM3MTEzYzM0
LzEvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDTS/4AwQC
w7KAMA0GCSqGSIb3DQEBCwUAA4IBAQAI0bBIfJFvCU4baEidvgvdDmskfnR+MVMb
bSL25uwdrGWiuyvoFAsOkozRc8UrBaT/nHzlFeWKxmI9CKCBls1wbr5vFv2ufOPQ
YOHFIMlAJitXe1CxfoTOsVyhVzA9b28qZzJAD+9phJ82LqJQllXovQMdoLf+tDC1
H8Lgk8G40CLk//D4SpD/3p8MmqTPKi01NZyOVKJj03SqGCsk9VEePkf2Sm8/MUa7
DM2Z9oHWy01yNrHgn71M2NDuGukCi1memKlEwXOyDL6tDFmKfS8M0nXFQooTu77L
BlfVjGWb+zZVTknJeT/G9LLPmaq4KViml/N8Q12+vxtVw7x/Cpax
-----END CERTIFICATE-----