Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/d7zP9TXfrYF8qpX4UXTcUvueTHE.roa
File:                     d7zP9TXfrYF8qpX4UXTcUvueTHE.roa (raw, json)
Hash identifier:          GnYMOHRGczz6/viIUbQSMhrcurPwvtFIAB5OI91eVOA=
Subject key identifier:   77:BC:CF:F5:35:DF:AD:81:7C:AA:95:F8:51:74:DC:52:FB:9E:4C:71
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       018CC56E0BAC850E8819E27C246D1DA03BE6
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/d7zP9TXfrYF8qpX4UXTcUvueTHE.roa
Signing time:             Mon 01 Jan 2024 14:29:32 +0000
ROA not before:           Mon 01 Jan 2024 14:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     27717
IP address blocks:        217.26.191.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 00:09:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:0b:ac:85:0e:88:19:e2:7c:24:6d:1d:a0:3b:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jan  1 14:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=77bccff535dfad817caa95f85174dc52fb9e4c71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:a6:67:7f:45:6a:4d:c6:5c:a3:f4:cd:42:4c:
                    5f:cc:5a:35:8e:12:72:1a:dd:65:05:0d:c5:58:00:
                    11:b7:36:28:31:dd:1a:b7:4f:ca:16:9a:51:1d:00:
                    ec:38:e8:24:b4:43:1a:2c:75:86:c7:18:11:7f:7e:
                    96:2c:04:d2:f0:05:69:89:69:c4:dc:c5:db:5e:85:
                    71:19:f5:75:26:bf:eb:a8:76:6d:23:71:f7:cc:f4:
                    ca:e0:bc:6f:01:f9:c5:e3:39:61:49:35:5b:c9:11:
                    b6:b5:90:55:eb:2a:c7:a4:f5:a6:a5:54:97:ef:08:
                    7c:23:69:57:1b:fc:a9:45:15:d1:c7:1a:43:29:36:
                    dd:97:06:7c:bc:5c:2b:f5:18:84:00:e2:b6:46:c4:
                    50:8a:33:d8:67:7e:77:c8:df:2f:25:e2:9f:01:b6:
                    03:0b:2b:83:a8:1d:cf:bd:b8:04:bf:ae:c2:b0:cf:
                    be:59:de:d5:78:17:37:80:b8:3d:94:54:f4:63:6b:
                    02:c6:5c:df:c6:51:d4:07:be:a9:8d:6f:9f:07:79:
                    9b:63:f6:77:19:a2:47:20:e3:fa:85:7b:e4:60:b8:
                    83:6e:16:08:b1:54:e4:fa:15:cc:0a:3b:c0:29:6d:
                    19:68:85:ac:42:5a:84:d2:2c:76:f0:10:f8:b9:ea:
                    0d:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:BC:CF:F5:35:DF:AD:81:7C:AA:95:F8:51:74:DC:52:FB:9E:4C:71
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/d7zP9TXfrYF8qpX4UXTcUvueTHE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.26.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:58:ef:89:4e:65:9b:be:e4:e7:2f:ac:aa:e1:8c:0b:4c:0a:
         bd:60:7a:2b:5d:17:8a:11:72:a8:ca:b6:ba:ac:82:67:80:d7:
         1a:fb:8b:02:c5:1b:ee:81:67:ff:b8:ff:f3:b6:f1:9f:da:2d:
         36:4a:2f:e4:96:fa:79:8a:45:0f:81:52:39:08:11:e5:75:63:
         df:ef:6d:f8:aa:e1:1f:dd:12:cb:a1:bd:0b:30:81:aa:6f:c5:
         4b:99:a6:7a:0d:5d:dc:4f:1e:90:6a:b6:76:5a:a1:f6:6c:9b:
         34:46:60:78:ce:b5:d7:1b:2c:a2:38:0f:67:48:69:6a:79:9e:
         7e:e4:e5:a6:1b:85:9e:f6:43:28:78:98:ee:94:01:b1:82:ea:
         f9:27:fb:08:8c:32:b5:2e:75:aa:db:43:3e:75:c1:10:07:06:
         3f:61:2d:38:0a:54:67:82:9d:0c:99:c7:65:d0:b1:17:0d:f3:
         ca:79:da:45:a6:33:50:a7:16:5e:69:3a:b8:73:2e:bd:80:05:
         d4:b4:8f:f0:b6:ec:62:02:4f:18:70:7e:2d:93:83:56:85:5c:
         b1:a5:d1:af:31:bb:20:3c:a7:f1:ef:9c:ae:fd:a2:6f:03:5a:
         85:46:26:62:41:85:6d:d5:2c:92:94:2e:5b:1e:ff:74:57:fd:
         9e:ff:0a:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbgushQ6IGeJ8JG0doDvmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjQwMTAxMTQyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3N2JjY2ZmNTM1ZGZhZDgxN2NhYTk1Zjg1MTc0ZGM1MmZiOWU0YzcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmqZnf0VqTcZco/TNQkxfzFo1jhJy
Gt1lBQ3FWAARtzYoMd0at0/KFppRHQDsOOgktEMaLHWGxxgRf36WLATS8AVpiWnE
3MXbXoVxGfV1Jr/rqHZtI3H3zPTK4LxvAfnF4zlhSTVbyRG2tZBV6yrHpPWmpVSX
7wh8I2lXG/ypRRXRxxpDKTbdlwZ8vFwr9RiEAOK2RsRQijPYZ353yN8vJeKfAbYD
CyuDqB3PvbgEv67CsM++Wd7VeBc3gLg9lFT0Y2sCxlzfxlHUB76pjW+fB3mbY/Z3
GaJHIOP6hXvkYLiDbhYIsVTk+hXMCjvAKW0ZaIWsQlqE0ix28BD4ueoNtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHe8z/U1362BfKqV+FF03FL7nkxxMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvZDd6UDlUWGZyWUY4cXBYNFVYVGNVdnVlVEhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2Rq/MA0G
CSqGSIb3DQEBCwUAA4IBAQAPWO+JTmWbvuTnL6yq4YwLTAq9YHorXReKEXKoyra6
rIJngNca+4sCxRvugWf/uP/ztvGf2i02Si/klvp5ikUPgVI5CBHldWPf7234quEf
3RLLob0LMIGqb8VLmaZ6DV3cTx6QarZ2WqH2bJs0RmB4zrXXGyyiOA9nSGlqeZ5+
5OWmG4We9kMoeJjulAGxgur5J/sIjDK1LnWq20M+dcEQBwY/YS04ClRngp0Mmcdl
0LEXDfPKedpFpjNQpxZeaTq4cy69gAXUtI/wtuxiAk8YcH4tk4NWhVyxpdGvMbsg
PKfx75yu/aJvA1qFRiZiQYVt1SySlC5bHv90V/2e/wqN
-----END CERTIFICATE-----