Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/36bb6d-fc73-4449-a527-55426381953c/1/zE2nCBuCP3GWKcrh09m8L6FV9yA.roa
File:                     zE2nCBuCP3GWKcrh09m8L6FV9yA.roa (raw, json)
Hash identifier:          iLVOHuiEHM03YeDql7RR17g8jhss2HwinXwx77EwMP8=
Subject key identifier:   CC:4D:A7:08:1B:82:3F:71:96:29:CA:E1:D3:D9:BC:2F:A1:55:F7:20
Certificate issuer:       /CN=9f2bc3c5564d434381cb78ba47ad58be4d3deaa8
Certificate serial:       01941F8C17AD1AFBDDABA23FF3B8FC3C0BB9
Authority key identifier: 9F:2B:C3:C5:56:4D:43:43:81:CB:78:BA:47:AD:58:BE:4D:3D:EA:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nyvDxVZNQ0OBy3i6R61Yvk096qg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/36bb6d-fc73-4449-a527-55426381953c/1/zE2nCBuCP3GWKcrh09m8L6FV9yA.roa
Signing time:             Wed 01 Jan 2025 01:47:42 +0000
ROA not before:           Wed 01 Jan 2025 01:47:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43024
IP address blocks:        77.95.16.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/36bb6d-fc73-4449-a527-55426381953c/1/nyvDxVZNQ0OBy3i6R61Yvk096qg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/36bb6d-fc73-4449-a527-55426381953c/1/nyvDxVZNQ0OBy3i6R61Yvk096qg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nyvDxVZNQ0OBy3i6R61Yvk096qg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:17:ad:1a:fb:dd:ab:a2:3f:f3:b8:fc:3c:0b:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9f2bc3c5564d434381cb78ba47ad58be4d3deaa8
        Validity
            Not Before: Jan  1 01:47:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cc4da7081b823f719629cae1d3d9bc2fa155f720
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:ef:10:f9:2b:ba:1f:2a:20:ae:35:54:f8:47:
                    af:13:55:24:05:7b:61:f8:ab:dd:dd:26:ef:bf:4e:
                    74:0a:c5:57:1a:5a:6c:a8:1d:6b:41:63:36:f2:67:
                    2b:91:9c:f1:34:f6:7e:64:06:d9:6b:7d:6b:3b:0b:
                    22:1e:d7:83:ee:79:af:3c:69:98:f7:bb:b7:af:a3:
                    99:7d:70:1e:fb:e4:f4:38:81:45:1f:45:50:c2:e8:
                    55:a1:d0:a9:ef:fd:d2:74:ff:7e:50:ca:df:22:e5:
                    e8:72:77:30:a5:54:70:7f:9f:4c:b9:55:7f:5d:a5:
                    32:0e:77:17:4c:56:86:cb:37:c6:67:ea:3b:33:20:
                    c1:7f:16:45:82:37:ec:0b:72:9d:4d:e4:2b:7d:27:
                    dd:dd:00:89:68:b0:77:73:0a:fc:62:a9:9e:9b:3b:
                    34:6a:e8:8a:ba:db:92:c0:3c:8c:e0:21:0d:24:cc:
                    d4:6b:46:fd:5a:5c:50:b3:51:48:3e:2a:eb:c6:6b:
                    b7:c2:25:45:26:b0:64:f1:57:33:9e:11:bb:f0:f8:
                    24:91:ba:d6:60:94:fd:79:2d:68:38:99:13:a2:cc:
                    a0:30:56:40:ae:d1:b9:9e:41:99:4a:81:df:78:7f:
                    8d:9a:17:8d:b7:db:f1:a4:71:20:6e:ce:c7:ef:44:
                    b7:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:4D:A7:08:1B:82:3F:71:96:29:CA:E1:D3:D9:BC:2F:A1:55:F7:20
            X509v3 Authority Key Identifier:
                keyid:9F:2B:C3:C5:56:4D:43:43:81:CB:78:BA:47:AD:58:BE:4D:3D:EA:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nyvDxVZNQ0OBy3i6R61Yvk096qg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/36bb6d-fc73-4449-a527-55426381953c/1/zE2nCBuCP3GWKcrh09m8L6FV9yA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/36bb6d-fc73-4449-a527-55426381953c/1/nyvDxVZNQ0OBy3i6R61Yvk096qg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.95.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         20:1e:7d:d5:b4:f0:57:6b:00:35:3c:a9:12:e1:0a:ae:a0:30:
         a4:9e:89:05:58:c2:39:21:b5:d9:de:72:18:e3:8b:ea:f8:f1:
         6d:25:c1:74:c4:4b:d5:50:11:f6:00:af:78:4e:ab:ea:7a:9a:
         52:52:ba:bf:41:14:ab:f3:28:35:74:86:b7:32:09:1d:59:7c:
         0a:1b:02:70:f9:b2:2a:75:8e:12:49:8e:25:0c:12:8c:43:71:
         57:a3:c7:89:1c:d2:54:46:a8:40:cd:5e:5f:6c:33:35:88:fd:
         d4:ec:18:d3:5f:a1:22:bd:31:dc:eb:0c:59:1f:df:b4:22:92:
         21:ac:eb:65:de:f9:ce:9e:1f:12:6c:91:b4:f0:07:5b:73:0c:
         69:f1:e0:3c:d1:38:e3:f7:d1:d6:84:03:b0:30:8f:c2:11:84:
         9f:d1:22:0c:69:a4:4a:d0:c6:ad:15:02:48:4e:78:b5:bb:41:
         c2:e0:0d:7d:ca:a9:63:4f:ed:f6:84:7d:59:d6:09:b3:f8:64:
         0a:96:ff:0a:12:d1:fb:b8:89:8c:6d:9b:05:23:62:7a:b5:18:
         a1:f9:74:c4:66:04:c7:6a:b6:49:a0:04:38:c5:33:e9:b7:58:
         f4:fe:13:cc:8c:66:8d:9f:c2:2f:cd:6d:e5:dc:de:b0:59:9b:
         04:ec:2e:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjBetGvvdq6I/87j8PAu5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmMmJjM2M1NTY0ZDQzNDM4MWNiNzhiYTQ3YWQ1OGJlNGQz
ZGVhYTgwHhcNMjUwMTAxMDE0NzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzRkYTcwODFiODIzZjcxOTYyOWNhZTFkM2Q5YmMyZmExNTVmNzIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoe8Q+Su6HyogrjVU+EevE1UkBXth
+Kvd3Sbvv050CsVXGlpsqB1rQWM28mcrkZzxNPZ+ZAbZa31rOwsiHteD7nmvPGmY
97u3r6OZfXAe++T0OIFFH0VQwuhVodCp7/3SdP9+UMrfIuXocncwpVRwf59MuVV/
XaUyDncXTFaGyzfGZ+o7MyDBfxZFgjfsC3KdTeQrfSfd3QCJaLB3cwr8Yqmemzs0
auiKutuSwDyM4CENJMzUa0b9WlxQs1FIPirrxmu3wiVFJrBk8VcznhG78PgkkbrW
YJT9eS1oOJkTosygMFZArtG5nkGZSoHfeH+NmheNt9vxpHEgbs7H70S3gwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMxNpwgbgj9xlinK4dPZvC+hVfcgMB8GA1UdIwQY
MBaAFJ8rw8VWTUNDgct4uketWL5NPeqoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnl2RHhWWk5RME9CeTNpNlI2MVl2azA5NnFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS8zNmJiNmQtZmM3My00NDQ5LWE1Mjct
NTU0MjYzODE5NTNjLzEvekUybkNCdUNQM0dXS2NyaDA5bThMNkZWOXlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS8zNmJiNmQtZmM3My00NDQ5LWE1MjctNTU0MjYzODE5NTNj
LzEvbnl2RHhWWk5RME9CeTNpNlI2MVl2azA5NnFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCTV8QMA0G
CSqGSIb3DQEBCwUAA4IBAQAgHn3VtPBXawA1PKkS4QquoDCknokFWMI5IbXZ3nIY
44vq+PFtJcF0xEvVUBH2AK94TqvqeppSUrq/QRSr8yg1dIa3MgkdWXwKGwJw+bIq
dY4SSY4lDBKMQ3FXo8eJHNJURqhAzV5fbDM1iP3U7BjTX6EivTHc6wxZH9+0IpIh
rOtl3vnOnh8SbJG08Adbcwxp8eA80Tjj99HWhAOwMI/CEYSf0SIMaaRK0MatFQJI
Tni1u0HC4A19yqljT+32hH1Z1gmz+GQKlv8KEtH7uImMbZsFI2J6tRih+XTEZgTH
arZJoAQ4xTPpt1j0/hPMjGaNn8IvzW3l3N6wWZsE7C5d
-----END CERTIFICATE-----