Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/3e9916-4f8a-4b08-89c9-b0c74b76e182/1/77kR0uenLneOf0_otMBTrdwkJ5I.roa
File:                     77kR0uenLneOf0_otMBTrdwkJ5I.roa (raw, json)
Hash identifier:          kFgic4lpP8Yb+Wik/VcFSyZzSPM0vnTo7v0lGbnx3eU=
Subject key identifier:   EF:B9:11:D2:E7:A7:2E:77:8E:7F:4F:E8:B4:C0:53:AD:DC:24:27:92
Certificate issuer:       /CN=3474210c28413e26284822abe83ad6d7c0f764fa
Certificate serial:       019423D707BD0A3F51C3CD78031F756E557A
Authority key identifier: 34:74:21:0C:28:41:3E:26:28:48:22:AB:E8:3A:D6:D7:C0:F7:64:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NHQhDChBPiYoSCKr6DrW18D3ZPo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/3e9916-4f8a-4b08-89c9-b0c74b76e182/1/77kR0uenLneOf0_otMBTrdwkJ5I.roa
Signing time:             Wed 01 Jan 2025 21:48:02 +0000
ROA not before:           Wed 01 Jan 2025 21:48:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6939
IP address blocks:        185.68.47.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/3e9916-4f8a-4b08-89c9-b0c74b76e182/1/NHQhDChBPiYoSCKr6DrW18D3ZPo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/3e9916-4f8a-4b08-89c9-b0c74b76e182/1/NHQhDChBPiYoSCKr6DrW18D3ZPo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NHQhDChBPiYoSCKr6DrW18D3ZPo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:07:bd:0a:3f:51:c3:cd:78:03:1f:75:6e:55:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3474210c28413e26284822abe83ad6d7c0f764fa
        Validity
            Not Before: Jan  1 21:48:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=efb911d2e7a72e778e7f4fe8b4c053addc242792
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:6f:1b:aa:10:d8:4b:aa:60:72:2f:db:c3:c5:
                    bd:3c:c9:25:a9:c2:4f:51:ec:a2:7e:43:0e:19:25:
                    aa:cc:2f:01:5d:4b:4e:eb:9f:68:d0:d2:fc:b1:b2:
                    f2:37:5a:bd:d3:c2:03:f1:68:2b:e9:5a:db:4a:26:
                    b6:7f:eb:78:b9:d6:69:8f:43:b9:3f:35:c0:24:83:
                    7c:c5:ba:c8:f9:04:f1:b2:31:b9:03:a2:58:44:63:
                    03:19:ca:10:fc:ff:0c:26:1c:10:e4:26:53:8d:44:
                    da:98:3f:3a:61:a3:cc:29:6a:ba:ef:a3:30:2f:70:
                    e9:45:58:55:1c:41:20:19:85:1e:ab:b2:e7:b8:52:
                    43:d4:fe:38:8d:d0:ab:d6:72:8e:b3:74:d7:78:bd:
                    22:80:38:6a:67:5a:34:b0:6e:3f:28:56:d4:ee:52:
                    b1:72:f9:9b:9d:89:c7:b7:89:e8:ab:60:c4:1d:f5:
                    34:d9:a5:85:35:68:1a:e0:d1:31:52:c0:e1:a3:42:
                    93:20:41:0d:1d:31:f6:11:59:24:2c:33:a2:b9:7b:
                    c2:b5:e9:7e:2c:b7:e3:b3:53:1e:b0:07:6d:78:3b:
                    74:24:e5:84:08:5b:a9:ef:54:be:55:b1:2e:81:b6:
                    9d:46:ee:b5:8e:35:6b:d1:ee:df:24:3b:aa:a9:19:
                    eb:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:B9:11:D2:E7:A7:2E:77:8E:7F:4F:E8:B4:C0:53:AD:DC:24:27:92
            X509v3 Authority Key Identifier:
                keyid:34:74:21:0C:28:41:3E:26:28:48:22:AB:E8:3A:D6:D7:C0:F7:64:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NHQhDChBPiYoSCKr6DrW18D3ZPo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/3e9916-4f8a-4b08-89c9-b0c74b76e182/1/77kR0uenLneOf0_otMBTrdwkJ5I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/3e9916-4f8a-4b08-89c9-b0c74b76e182/1/NHQhDChBPiYoSCKr6DrW18D3ZPo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.68.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:fb:c6:d5:8f:c3:50:67:6c:60:46:49:b3:27:97:c7:c2:6b:
         a8:50:df:e5:a8:39:1b:f2:8d:ec:df:f1:70:c2:6e:f4:34:48:
         34:f3:52:e6:2a:d2:f1:73:5b:7b:df:09:40:9c:1b:29:59:3e:
         15:ae:d0:0c:c9:a0:81:b8:86:7b:98:12:52:15:80:a4:4c:0c:
         9a:e6:e1:87:e7:19:39:35:d8:d1:30:ef:d8:2e:1e:a1:0f:be:
         fd:22:27:62:30:24:9a:ab:65:2a:e1:a5:bc:dd:40:fa:17:40:
         2d:fb:5f:7a:52:e3:e5:ca:cd:dc:ef:00:b7:97:df:04:60:57:
         c1:54:f8:c3:9c:c5:02:ba:0d:21:25:80:b5:e9:38:99:f3:07:
         08:40:ed:d4:2d:de:b7:a8:79:d9:b3:08:89:0e:c1:d1:28:3b:
         ee:f2:4b:58:7e:41:6b:cf:01:db:9a:67:c8:dc:47:05:20:f6:
         5e:13:77:a6:e4:68:b2:40:25:08:56:00:da:2c:98:52:b9:30:
         69:d3:4b:cb:fd:a6:d9:30:34:b9:18:c0:aa:34:a9:65:41:c2:
         d7:43:c6:d5:ff:f9:86:5f:f6:28:62:04:5c:95:c9:e4:c0:30:
         74:9a:d5:c8:3f:44:eb:9b:4e:f6:a3:fb:76:41:b7:2d:e5:d1:
         db:8f:ac:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1we9Cj9Rw814Ax91blV6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0NzQyMTBjMjg0MTNlMjYyODQ4MjJhYmU4M2FkNmQ3YzBm
NzY0ZmEwHhcNMjUwMTAxMjE0ODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZmI5MTFkMmU3YTcyZTc3OGU3ZjRmZThiNGMwNTNhZGRjMjQyNzkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqm8bqhDYS6pgci/bw8W9PMklqcJP
UeyifkMOGSWqzC8BXUtO659o0NL8sbLyN1q908ID8Wgr6VrbSia2f+t4udZpj0O5
PzXAJIN8xbrI+QTxsjG5A6JYRGMDGcoQ/P8MJhwQ5CZTjUTamD86YaPMKWq676Mw
L3DpRVhVHEEgGYUeq7LnuFJD1P44jdCr1nKOs3TXeL0igDhqZ1o0sG4/KFbU7lKx
cvmbnYnHt4noq2DEHfU02aWFNWga4NExUsDho0KTIEENHTH2EVkkLDOiuXvCtel+
LLfjs1MesAdteDt0JOWECFup71S+VbEugbadRu61jjVr0e7fJDuqqRnrDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO+5EdLnpy53jn9P6LTAU63cJCeSMB8GA1UdIwQY
MBaAFDR0IQwoQT4mKEgiq+g61tfA92T6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkhRaERDaEJQaVlvU0NLcjZEclcxOEQzWlBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My8zZTk5MTYtNGY4YS00YjA4LTg5Yzkt
YjBjNzRiNzZlMTgyLzEvNzdrUjB1ZW5MbmVPZjBfb3RNQlRyZHdrSjVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My8zZTk5MTYtNGY4YS00YjA4LTg5YzktYjBjNzRiNzZlMTgy
LzEvTkhRaERDaEJQaVlvU0NLcjZEclcxOEQzWlBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUQvMA0G
CSqGSIb3DQEBCwUAA4IBAQBL+8bVj8NQZ2xgRkmzJ5fHwmuoUN/lqDkb8o3s3/Fw
wm70NEg081LmKtLxc1t73wlAnBspWT4VrtAMyaCBuIZ7mBJSFYCkTAya5uGH5xk5
NdjRMO/YLh6hD779IidiMCSaq2Uq4aW83UD6F0At+196UuPlys3c7wC3l98EYFfB
VPjDnMUCug0hJYC16TiZ8wcIQO3ULd63qHnZswiJDsHRKDvu8ktYfkFrzwHbmmfI
3EcFIPZeE3em5GiyQCUIVgDaLJhSuTBp00vL/abZMDS5GMCqNKllQcLXQ8bV//mG
X/YoYgRclcnkwDB0mtXIP0Trm072o/t2Qbct5dHbj6xk
-----END CERTIFICATE-----