Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/9c70e9-3df3-4bc7-82e6-006e9bb8ed59/1/gAYdSZRZZ_QjuGfXSkfwPpLcQRU.roa
File:                     gAYdSZRZZ_QjuGfXSkfwPpLcQRU.roa (raw, json)
Hash identifier:          UBJ8NijbeFSWUsL2SarEFJt/M4VTDuA+908/2/0qnhY=
Subject key identifier:   80:06:1D:49:94:59:67:F4:23:B8:67:D7:4A:47:F0:3E:92:DC:41:15
Certificate issuer:       /CN=71c1690ef57afcffae73bdb9934309f8b70ebb61
Certificate serial:       0191BF10459FC62DEB4C7D26D1967856C127
Authority key identifier: 71:C1:69:0E:F5:7A:FC:FF:AE:73:BD:B9:93:43:09:F8:B7:0E:BB:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ccFpDvV6_P-uc725k0MJ-LcOu2E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/9c70e9-3df3-4bc7-82e6-006e9bb8ed59/1/gAYdSZRZZ_QjuGfXSkfwPpLcQRU.roa
Signing time:             Wed 04 Sep 2024 22:03:20 +0000
ROA not before:           Wed 04 Sep 2024 22:03:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43171
IP address blocks:        77.87.77.0/24 maxlen: 24
                          91.189.32.0/21 maxlen: 21
                          195.22.126.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/9c70e9-3df3-4bc7-82e6-006e9bb8ed59/1/ccFpDvV6_P-uc725k0MJ-LcOu2E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/9c70e9-3df3-4bc7-82e6-006e9bb8ed59/1/ccFpDvV6_P-uc725k0MJ-LcOu2E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ccFpDvV6_P-uc725k0MJ-LcOu2E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:bf:10:45:9f:c6:2d:eb:4c:7d:26:d1:96:78:56:c1:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=71c1690ef57afcffae73bdb9934309f8b70ebb61
        Validity
            Not Before: Sep  4 22:03:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=80061d49945967f423b867d74a47f03e92dc4115
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:ac:8d:31:85:7f:f3:80:b2:62:a0:19:15:f3:
                    c9:a1:7a:82:30:f9:66:c1:4b:e7:a6:4b:6d:88:dd:
                    91:1f:10:df:c3:69:54:4d:31:a9:8b:b4:1a:bc:de:
                    8e:fe:05:27:c4:60:e1:b7:5f:b7:25:91:34:20:30:
                    f6:ad:40:cb:59:72:31:a3:70:da:73:f0:8a:31:bf:
                    a7:7e:fb:76:53:8e:07:22:1d:fc:52:42:f9:d7:b7:
                    79:2f:b2:ba:41:5e:0b:b9:e5:ea:e5:ce:96:7a:f6:
                    1b:3c:b7:27:04:ba:ac:83:9c:25:72:88:4e:2c:6b:
                    e2:98:b0:88:02:23:f0:e2:b8:39:1c:6a:2d:a0:8c:
                    9e:2b:d3:61:be:a5:3a:c6:3d:2b:04:6d:13:7b:47:
                    60:bf:ff:6f:ee:d3:f5:cc:f3:e4:a0:d0:b5:85:78:
                    47:b3:38:be:fe:2e:5a:ed:0c:b2:c8:cd:6d:d3:54:
                    63:cb:d9:26:4d:4d:72:cd:54:59:ea:c8:40:42:d9:
                    f2:17:be:af:dd:a4:00:41:c4:fa:d7:ab:37:a5:7f:
                    4e:db:89:10:55:b4:41:98:cc:22:ef:fb:8f:6c:a3:
                    c0:35:82:e5:63:9f:83:c8:6e:f7:a0:9f:c4:59:7d:
                    79:b0:33:c5:22:a4:4a:3a:1f:13:a0:c9:34:93:c0:
                    10:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:06:1D:49:94:59:67:F4:23:B8:67:D7:4A:47:F0:3E:92:DC:41:15
            X509v3 Authority Key Identifier:
                keyid:71:C1:69:0E:F5:7A:FC:FF:AE:73:BD:B9:93:43:09:F8:B7:0E:BB:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ccFpDvV6_P-uc725k0MJ-LcOu2E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/9c70e9-3df3-4bc7-82e6-006e9bb8ed59/1/gAYdSZRZZ_QjuGfXSkfwPpLcQRU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/9c70e9-3df3-4bc7-82e6-006e9bb8ed59/1/ccFpDvV6_P-uc725k0MJ-LcOu2E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.87.77.0/24
                  91.189.32.0/21
                  195.22.126.0/23

    Signature Algorithm: sha256WithRSAEncryption
         20:05:7e:17:26:61:11:a3:a1:0b:b7:23:70:84:fa:fc:5a:cd:
         dd:51:b9:c0:ad:a2:47:3a:40:4e:87:45:71:f5:95:28:d1:05:
         2b:05:f0:37:81:ec:e2:c3:fe:07:51:42:f1:b0:ce:93:94:1d:
         ab:1a:32:b3:ac:af:02:00:25:52:c6:e8:01:b8:7f:b6:ff:6b:
         54:74:18:19:67:61:09:ef:0f:fd:e1:46:89:38:66:20:c4:2d:
         0c:a1:25:8f:1b:1e:09:32:e5:b2:02:32:e8:66:8d:bd:5f:78:
         22:b7:ca:3d:51:07:ca:0a:29:05:ca:74:e3:48:bf:7a:dd:59:
         9e:db:c4:de:e1:ea:66:e3:24:77:99:0b:29:8d:27:5e:c2:22:
         b4:58:12:52:23:a0:e0:43:6e:ea:52:b2:d2:12:d0:97:39:67:
         84:2f:2c:e9:09:91:16:35:d6:76:5e:71:c4:43:8c:66:e2:6f:
         05:7f:89:bd:68:08:0c:88:18:85:6a:06:1f:e6:c2:2e:f1:61:
         09:62:74:1c:93:be:94:6c:ad:45:c6:4f:d8:f7:62:ff:1a:ae:
         d4:bd:15:24:7c:4f:93:ba:0f:cf:a8:81:9a:0a:4c:a2:c9:d2:
         4c:92:7d:e4:e7:d1:19:8e:d9:76:1e:b8:ff:63:e4:8d:fc:50:
         76:c7:f3:63
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZG/EEWfxi3rTH0m0ZZ4VsEnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcxYzE2OTBlZjU3YWZjZmZhZTczYmRiOTkzNDMwOWY4Yjcw
ZWJiNjEwHhcNMjQwOTA0MjIwMzIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDA2MWQ0OTk0NTk2N2Y0MjNiODY3ZDc0YTQ3ZjAzZTkyZGM0MTE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz6yNMYV/84CyYqAZFfPJoXqCMPlm
wUvnpkttiN2RHxDfw2lUTTGpi7QavN6O/gUnxGDht1+3JZE0IDD2rUDLWXIxo3Da
c/CKMb+nfvt2U44HIh38UkL517d5L7K6QV4LueXq5c6WevYbPLcnBLqsg5wlcohO
LGvimLCIAiPw4rg5HGotoIyeK9NhvqU6xj0rBG0Te0dgv/9v7tP1zPPkoNC1hXhH
szi+/i5a7QyyyM1t01Rjy9kmTU1yzVRZ6shAQtnyF76v3aQAQcT616s3pX9O24kQ
VbRBmMwi7/uPbKPANYLlY5+DyG73oJ/EWX15sDPFIqRKOh8ToMk0k8AQKQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFIAGHUmUWWf0I7hn10pH8D6S3EEVMB8GA1UdIwQY
MBaAFHHBaQ71evz/rnO9uZNDCfi3DrthMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2NGcER2VjZfUC11YzcyNWswTUotTGNPdTJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS85YzcwZTktM2RmMy00YmM3LTgyZTYt
MDA2ZTliYjhlZDU5LzEvZ0FZZFNaUlpaX1FqdUdmWFNrZndQcExjUVJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS85YzcwZTktM2RmMy00YmM3LTgyZTYtMDA2ZTliYjhlZDU5
LzEvY2NGcER2VjZfUC11YzcyNWswTUotTGNPdTJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQATVdNAwQD
W70gAwQBwxZ+MA0GCSqGSIb3DQEBCwUAA4IBAQAgBX4XJmERo6ELtyNwhPr8Ws3d
UbnAraJHOkBOh0Vx9ZUo0QUrBfA3geziw/4HUULxsM6TlB2rGjKzrK8CACVSxugB
uH+2/2tUdBgZZ2EJ7w/94UaJOGYgxC0MoSWPGx4JMuWyAjLoZo29X3git8o9UQfK
CikFynTjSL963Vme28Te4epm4yR3mQspjSdewiK0WBJSI6DgQ27qUrLSEtCXOWeE
LyzpCZEWNdZ2XnHEQ4xm4m8Ff4m9aAgMiBiFagYf5sIu8WEJYnQck76UbK1Fxk/Y
92L/Gq7UvRUkfE+Tug/PqIGaCkyiydJMkn3k59EZjtl2Hrj/Y+SN/FB2x/Nj
-----END CERTIFICATE-----