Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/36bb6d-fc73-4449-a527-55426381953c/1/Hy5XhvOpa-CdHRMZUNTe2r-iqLI.roa
File:                     Hy5XhvOpa-CdHRMZUNTe2r-iqLI.roa (raw, json)
Hash identifier:          FbTa6/5XBGzcgPs1X3jABifU50jbvaTPa5C8jl9DAcU=
Subject key identifier:   1F:2E:57:86:F3:A9:6B:E0:9D:1D:13:19:50:D4:DE:DA:BF:A2:A8:B2
Certificate issuer:       /CN=9f2bc3c5564d434381cb78ba47ad58be4d3deaa8
Certificate serial:       018CC64B6F4E237E9AB20F7FA1E43CF4619F
Authority key identifier: 9F:2B:C3:C5:56:4D:43:43:81:CB:78:BA:47:AD:58:BE:4D:3D:EA:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nyvDxVZNQ0OBy3i6R61Yvk096qg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/36bb6d-fc73-4449-a527-55426381953c/1/Hy5XhvOpa-CdHRMZUNTe2r-iqLI.roa
Signing time:             Mon 01 Jan 2024 18:31:21 +0000
ROA not before:           Mon 01 Jan 2024 18:31:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43024
IP address blocks:        77.95.16.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/36bb6d-fc73-4449-a527-55426381953c/1/nyvDxVZNQ0OBy3i6R61Yvk096qg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/36bb6d-fc73-4449-a527-55426381953c/1/nyvDxVZNQ0OBy3i6R61Yvk096qg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nyvDxVZNQ0OBy3i6R61Yvk096qg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:6f:4e:23:7e:9a:b2:0f:7f:a1:e4:3c:f4:61:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9f2bc3c5564d434381cb78ba47ad58be4d3deaa8
        Validity
            Not Before: Jan  1 18:31:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1f2e5786f3a96be09d1d131950d4dedabfa2a8b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:02:3d:96:18:20:64:34:be:cf:1a:6e:fe:79:
                    b8:14:ff:48:be:ad:2c:4c:55:48:a3:4d:2b:5f:22:
                    30:c5:e9:98:2d:f8:40:fe:28:5e:74:2a:c2:b4:6c:
                    f4:c6:53:f7:06:85:8e:90:fd:2c:27:ec:39:9d:0b:
                    89:17:b5:e3:f8:a2:65:27:30:9f:b0:ae:f0:8d:c9:
                    b2:19:7b:be:3b:ec:3b:f0:cb:7c:4e:cc:ee:c1:4e:
                    5f:b1:5e:7e:57:14:19:0d:7c:68:ef:ce:89:a3:d1:
                    c6:57:78:9f:1f:92:31:2e:d2:d6:23:af:cc:7c:48:
                    2b:52:e0:1a:b5:2f:00:cc:2a:1d:f1:10:e8:c1:cb:
                    b8:ea:2a:f5:15:45:d6:c6:3d:ea:e0:2d:87:d6:42:
                    22:d7:ff:cf:2e:68:c6:8b:ed:a4:ad:5c:f1:0c:1e:
                    26:9f:d8:bb:fe:24:61:b5:b1:73:25:df:3d:90:d5:
                    53:1d:71:fb:23:69:0b:13:1b:9f:80:fe:e5:69:e9:
                    c8:d6:18:07:ab:66:10:5d:25:0c:af:83:f0:a5:0a:
                    69:b3:56:74:2c:7d:ec:47:78:8f:00:96:af:13:c2:
                    51:8c:ae:59:c4:ae:36:a9:19:87:8e:7a:58:1e:56:
                    ca:41:a4:cd:d8:08:db:83:2d:db:af:aa:86:ca:1f:
                    c5:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:2E:57:86:F3:A9:6B:E0:9D:1D:13:19:50:D4:DE:DA:BF:A2:A8:B2
            X509v3 Authority Key Identifier:
                keyid:9F:2B:C3:C5:56:4D:43:43:81:CB:78:BA:47:AD:58:BE:4D:3D:EA:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nyvDxVZNQ0OBy3i6R61Yvk096qg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/36bb6d-fc73-4449-a527-55426381953c/1/Hy5XhvOpa-CdHRMZUNTe2r-iqLI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/36bb6d-fc73-4449-a527-55426381953c/1/nyvDxVZNQ0OBy3i6R61Yvk096qg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.95.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         66:42:d4:63:b6:82:d3:e4:92:88:9f:37:5b:06:c1:c7:fd:b8:
         96:89:0d:a4:6e:c2:e3:02:78:82:a9:25:98:a9:9f:da:5f:43:
         7f:fe:52:c9:0e:a8:ef:12:75:78:b8:73:65:fd:c9:fd:4a:91:
         7e:3b:a9:3c:de:63:46:47:5f:d0:98:8f:d5:e7:83:59:82:84:
         2c:b2:ef:00:b6:a9:42:99:a2:41:2e:9f:b9:c9:c8:6b:52:ac:
         13:ba:5d:8f:e7:56:1e:d3:c8:b4:09:88:e7:22:5d:ac:98:cd:
         5e:c2:19:7d:e6:4e:33:f5:6c:2e:51:95:cb:81:8c:8e:1e:64:
         55:73:c1:ac:ae:ba:f6:96:e5:71:0f:7f:b9:b6:20:3d:f9:41:
         a0:62:59:f0:ac:8a:69:7d:67:92:84:5c:9a:df:57:e5:37:7f:
         d5:ed:3d:42:a4:e8:d6:be:80:be:d5:f9:90:fd:3c:57:8e:cd:
         34:9f:ed:26:21:13:42:b6:23:c8:0b:26:fd:62:f5:11:79:a6:
         71:a8:98:c9:99:26:ad:89:dd:d1:10:1f:75:6f:13:54:75:98:
         2d:97:32:30:de:37:98:57:6b:8b:3b:eb:f5:37:d1:aa:e1:ea:
         98:5c:c2:9e:71:a2:e5:8f:7a:ef:81:d3:b4:a4:7c:35:2c:9d:
         75:c5:b2:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS29OI36asg9/oeQ89GGfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmMmJjM2M1NTY0ZDQzNDM4MWNiNzhiYTQ3YWQ1OGJlNGQz
ZGVhYTgwHhcNMjQwMTAxMTgzMTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjJlNTc4NmYzYTk2YmUwOWQxZDEzMTk1MGQ0ZGVkYWJmYTJhOGIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3AI9lhggZDS+zxpu/nm4FP9Ivq0s
TFVIo00rXyIwxemYLfhA/ihedCrCtGz0xlP3BoWOkP0sJ+w5nQuJF7Xj+KJlJzCf
sK7wjcmyGXu+O+w78Mt8TszuwU5fsV5+VxQZDXxo786Jo9HGV3ifH5IxLtLWI6/M
fEgrUuAatS8AzCod8RDowcu46ir1FUXWxj3q4C2H1kIi1//PLmjGi+2krVzxDB4m
n9i7/iRhtbFzJd89kNVTHXH7I2kLExufgP7laenI1hgHq2YQXSUMr4PwpQpps1Z0
LH3sR3iPAJavE8JRjK5ZxK42qRmHjnpYHlbKQaTN2Ajbgy3br6qGyh/FcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB8uV4bzqWvgnR0TGVDU3tq/oqiyMB8GA1UdIwQY
MBaAFJ8rw8VWTUNDgct4uketWL5NPeqoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnl2RHhWWk5RME9CeTNpNlI2MVl2azA5NnFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS8zNmJiNmQtZmM3My00NDQ5LWE1Mjct
NTU0MjYzODE5NTNjLzEvSHk1WGh2T3BhLUNkSFJNWlVOVGUyci1pcUxJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS8zNmJiNmQtZmM3My00NDQ5LWE1MjctNTU0MjYzODE5NTNj
LzEvbnl2RHhWWk5RME9CeTNpNlI2MVl2azA5NnFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCTV8QMA0G
CSqGSIb3DQEBCwUAA4IBAQBmQtRjtoLT5JKInzdbBsHH/biWiQ2kbsLjAniCqSWY
qZ/aX0N//lLJDqjvEnV4uHNl/cn9SpF+O6k83mNGR1/QmI/V54NZgoQssu8AtqlC
maJBLp+5ychrUqwTul2P51Ye08i0CYjnIl2smM1ewhl95k4z9WwuUZXLgYyOHmRV
c8Gsrrr2luVxD3+5tiA9+UGgYlnwrIppfWeShFya31flN3/V7T1CpOjWvoC+1fmQ
/TxXjs00n+0mIRNCtiPICyb9YvUReaZxqJjJmSatid3REB91bxNUdZgtlzIw3jeY
V2uLO+v1N9Gq4eqYXMKecaLlj3rvgdO0pHw1LJ11xbJC
-----END CERTIFICATE-----