Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/dd55e8-febd-49d0-a5a7-1cf15b2ba7be/1/96Q3_tRAllst6ja08qEgDUeoS3s.roa
File:                     96Q3_tRAllst6ja08qEgDUeoS3s.roa (raw, json)
Hash identifier:          M/XsnaTMi6H7HudvwSEvRzo4uPxFB65/y7e+qQGzx28=
Subject key identifier:   F7:A4:37:FE:D4:40:96:5B:2D:EA:36:B4:F2:A1:20:0D:47:A8:4B:7B
Certificate issuer:       /CN=ac7cc334f51d2b6eb4e27d6d56b9bce3e85560cc
Certificate serial:       01942144172017370F6DEFEAA6B8779FD3DF
Authority key identifier: AC:7C:C3:34:F5:1D:2B:6E:B4:E2:7D:6D:56:B9:BC:E3:E8:55:60:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rHzDNPUdK2604n1tVrm84-hVYMw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/dd55e8-febd-49d0-a5a7-1cf15b2ba7be/1/96Q3_tRAllst6ja08qEgDUeoS3s.roa
Signing time:             Wed 01 Jan 2025 09:48:18 +0000
ROA not before:           Wed 01 Jan 2025 09:48:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47254
IP address blocks:        77.95.140.0/24 maxlen: 24
                          217.19.152.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/dd55e8-febd-49d0-a5a7-1cf15b2ba7be/1/rHzDNPUdK2604n1tVrm84-hVYMw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/dd55e8-febd-49d0-a5a7-1cf15b2ba7be/1/rHzDNPUdK2604n1tVrm84-hVYMw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rHzDNPUdK2604n1tVrm84-hVYMw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:17:20:17:37:0f:6d:ef:ea:a6:b8:77:9f:d3:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ac7cc334f51d2b6eb4e27d6d56b9bce3e85560cc
        Validity
            Not Before: Jan  1 09:48:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f7a437fed440965b2dea36b4f2a1200d47a84b7b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:21:58:01:70:88:6c:20:2b:e6:99:77:c2:36:
                    2b:68:3c:6d:e5:a1:23:a5:0f:b6:1a:a9:02:5d:af:
                    22:41:ac:81:f0:8d:b8:69:53:30:5f:ec:56:20:a9:
                    a2:48:9b:29:64:cf:c3:e3:a5:4a:fa:e0:3b:b3:12:
                    eb:fa:07:15:05:1b:5c:1c:61:4a:a4:c8:04:a8:13:
                    7c:87:9e:df:f2:a3:04:a0:d6:d6:a3:53:f5:66:34:
                    3a:10:df:e4:c5:e7:46:4b:53:25:08:f0:36:2e:16:
                    6d:12:7b:5e:ad:ad:72:6c:42:8b:d2:1a:01:f1:06:
                    b9:99:2c:e4:ad:53:d1:82:e5:cd:7e:a8:fb:56:90:
                    8e:11:bd:94:c4:55:4b:ba:7e:fa:08:6a:64:99:15:
                    55:56:e5:17:c6:06:cf:94:ca:cd:3a:74:60:86:61:
                    03:ee:bf:f8:e2:51:26:5e:23:a4:f3:8d:bd:e4:dc:
                    5e:45:5a:29:79:ce:27:e7:1f:94:c5:f1:03:a8:2f:
                    ba:97:aa:32:5d:9e:6e:dd:91:bb:1f:ed:c9:b4:e4:
                    a7:32:2d:6b:6c:86:f8:b5:83:38:a1:dc:1c:e5:bc:
                    b5:45:12:ab:03:35:7b:72:cd:8e:a6:45:b1:a0:22:
                    41:f5:43:e2:bd:e5:73:ca:64:b3:cb:39:30:fd:64:
                    09:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:A4:37:FE:D4:40:96:5B:2D:EA:36:B4:F2:A1:20:0D:47:A8:4B:7B
            X509v3 Authority Key Identifier:
                keyid:AC:7C:C3:34:F5:1D:2B:6E:B4:E2:7D:6D:56:B9:BC:E3:E8:55:60:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rHzDNPUdK2604n1tVrm84-hVYMw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/dd55e8-febd-49d0-a5a7-1cf15b2ba7be/1/96Q3_tRAllst6ja08qEgDUeoS3s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/dd55e8-febd-49d0-a5a7-1cf15b2ba7be/1/rHzDNPUdK2604n1tVrm84-hVYMw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.95.140.0/24
                  217.19.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:49:8a:8c:2c:08:73:9e:7b:ec:cd:69:89:c8:34:8c:17:19:
         bd:e3:8f:63:20:8c:fd:34:22:19:4d:6f:be:cf:21:c9:f2:ef:
         a1:1f:eb:3c:d8:8b:12:4b:5d:46:6d:56:40:36:a3:43:86:15:
         9d:98:02:e3:b4:5c:a5:c3:6a:66:13:99:48:86:a5:b1:79:a5:
         ac:05:a3:96:3b:63:0d:4f:05:ff:a4:b8:63:09:ed:72:da:10:
         6a:c7:5c:8e:b2:a7:94:0c:be:78:64:c7:43:1a:ba:e6:59:e1:
         1f:90:3c:63:e6:aa:c1:cd:74:fd:07:78:d3:12:0f:a9:75:11:
         27:cf:d6:0b:9c:fe:48:92:05:bf:df:22:d6:a3:88:4b:02:de:
         65:0b:88:0c:a5:24:b2:ff:67:3a:38:f7:5d:45:c6:61:a5:2f:
         cf:e3:46:90:b0:47:0d:a5:39:94:cf:19:1d:04:af:76:d0:96:
         7a:43:66:9e:3d:30:0d:46:44:1d:fb:7b:54:c8:0e:68:e1:40:
         38:62:d8:4e:12:15:ab:97:2c:44:44:39:4a:61:9e:bb:c2:a7:
         21:01:e2:30:cd:0e:70:5b:13:72:91:0a:4a:96:3e:bb:75:a4:
         96:f8:9d:c5:dd:cc:77:cc:f2:68:51:cf:97:5e:05:36:55:6a:
         f8:b3:ae:fa
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQhRBcgFzcPbe/qprh3n9PfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjN2NjMzM0ZjUxZDJiNmViNGUyN2Q2ZDU2YjliY2UzZTg1
NTYwY2MwHhcNMjUwMTAxMDk0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmN2E0MzdmZWQ0NDA5NjViMmRlYTM2YjRmMmExMjAwZDQ3YTg0YjdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsCFYAXCIbCAr5pl3wjYraDxt5aEj
pQ+2GqkCXa8iQayB8I24aVMwX+xWIKmiSJspZM/D46VK+uA7sxLr+gcVBRtcHGFK
pMgEqBN8h57f8qMEoNbWo1P1ZjQ6EN/kxedGS1MlCPA2LhZtEntera1ybEKL0hoB
8Qa5mSzkrVPRguXNfqj7VpCOEb2UxFVLun76CGpkmRVVVuUXxgbPlMrNOnRghmED
7r/44lEmXiOk84295NxeRVopec4n5x+UxfEDqC+6l6oyXZ5u3ZG7H+3JtOSnMi1r
bIb4tYM4odwc5by1RRKrAzV7cs2OpkWxoCJB9UPiveVzymSzyzkw/WQJ3QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPekN/7UQJZbLeo2tPKhIA1HqEt7MB8GA1UdIwQY
MBaAFKx8wzT1HStutOJ9bVa5vOPoVWDMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvckh6RE5QVWRLMjYwNG4xdFZybTg0LWhWWU13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS9kZDU1ZTgtZmViZC00OWQwLWE1YTct
MWNmMTViMmJhN2JlLzEvOTZRM190UkFsbHN0NmphMDhxRWdEVWVvUzNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS9kZDU1ZTgtZmViZC00OWQwLWE1YTctMWNmMTViMmJhN2Jl
LzEvckh6RE5QVWRLMjYwNG4xdFZybTg0LWhWWU13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATV+MAwQA
2ROYMA0GCSqGSIb3DQEBCwUAA4IBAQAvSYqMLAhznnvszWmJyDSMFxm9449jIIz9
NCIZTW++zyHJ8u+hH+s82IsSS11GbVZANqNDhhWdmALjtFylw2pmE5lIhqWxeaWs
BaOWO2MNTwX/pLhjCe1y2hBqx1yOsqeUDL54ZMdDGrrmWeEfkDxj5qrBzXT9B3jT
Eg+pdREnz9YLnP5IkgW/3yLWo4hLAt5lC4gMpSSy/2c6OPddRcZhpS/P40aQsEcN
pTmUzxkdBK920JZ6Q2aePTANRkQd+3tUyA5o4UA4YthOEhWrlyxERDlKYZ67wqch
AeIwzQ5wWxNykQpKlj67daSW+J3F3cx3zPJoUc+XXgU2VWr4s676
-----END CERTIFICATE-----