Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/e58e27-cafd-417c-95d0-870544caafab/1/AISIiFU7ojKk8ZnCm6J_NwGCG4o.roa
File:                     AISIiFU7ojKk8ZnCm6J_NwGCG4o.roa (raw, json)
Hash identifier:          aM0GTUOzYh+1nbNDr9TAQ5eubBPDeTCS1oiYwg5mxes=
Subject key identifier:   00:84:88:88:55:3B:A2:32:A4:F1:99:C2:9B:A2:7F:37:01:82:1B:8A
Certificate issuer:       /CN=614e19a2275816a28e5e80c8f9a28cc5a1d9c0d5
Certificate serial:       018E312AB0A0A43D12D55D79301911FE1697
Authority key identifier: 61:4E:19:A2:27:58:16:A2:8E:5E:80:C8:F9:A2:8C:C5:A1:D9:C0:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YU4ZoidYFqKOXoDI-aKMxaHZwNU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/e58e27-cafd-417c-95d0-870544caafab/1/AISIiFU7ojKk8ZnCm6J_NwGCG4o.roa
Signing time:             Tue 12 Mar 2024 05:37:45 +0000
ROA not before:           Tue 12 Mar 2024 05:37:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200551
IP address blocks:        77.73.95.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/e58e27-cafd-417c-95d0-870544caafab/1/YU4ZoidYFqKOXoDI-aKMxaHZwNU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/e58e27-cafd-417c-95d0-870544caafab/1/YU4ZoidYFqKOXoDI-aKMxaHZwNU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YU4ZoidYFqKOXoDI-aKMxaHZwNU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 14:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:31:2a:b0:a0:a4:3d:12:d5:5d:79:30:19:11:fe:16:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=614e19a2275816a28e5e80c8f9a28cc5a1d9c0d5
        Validity
            Not Before: Mar 12 05:37:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=00848888553ba232a4f199c29ba27f3701821b8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:42:94:15:6e:f5:65:b9:f8:20:03:f4:31:ae:
                    f6:45:b0:24:73:53:ac:15:04:a0:ea:4f:bf:53:32:
                    b6:16:a5:68:8a:c8:d1:40:ec:9d:b5:e6:ca:a1:d4:
                    d1:3c:b9:10:54:7e:9d:46:74:54:81:fd:d3:6d:41:
                    5c:2a:82:f8:96:7d:33:ad:42:0f:10:ae:bb:ce:83:
                    47:51:8e:5e:aa:d2:4b:26:ba:a4:bd:ab:c2:f2:49:
                    07:a7:fb:57:50:83:30:52:d2:b4:fc:59:5a:68:55:
                    e7:12:9f:5d:5c:3f:b0:d7:75:24:2d:7f:5b:17:01:
                    54:ca:22:3f:34:e2:37:a5:20:66:ed:34:08:05:18:
                    32:33:f5:00:e5:b2:67:2b:34:05:ea:b2:3a:3d:39:
                    ef:97:bd:98:b7:b7:6b:76:75:06:bb:4b:25:b4:25:
                    3f:1e:4a:b9:89:24:48:88:56:b9:25:39:61:ac:c2:
                    01:b5:76:7b:ad:8c:c6:37:22:4c:6f:13:1a:b8:47:
                    6e:6f:6c:2b:0a:22:e6:c6:27:74:f3:00:29:04:59:
                    18:b5:68:6b:df:20:71:80:dc:54:9e:dc:f6:d1:e5:
                    68:82:0c:8d:0f:47:e0:51:d9:0a:a0:08:b5:e2:fa:
                    34:15:d2:fd:79:8f:2f:24:2a:0f:7c:dd:71:4c:c9:
                    f6:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:84:88:88:55:3B:A2:32:A4:F1:99:C2:9B:A2:7F:37:01:82:1B:8A
            X509v3 Authority Key Identifier:
                keyid:61:4E:19:A2:27:58:16:A2:8E:5E:80:C8:F9:A2:8C:C5:A1:D9:C0:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YU4ZoidYFqKOXoDI-aKMxaHZwNU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/e58e27-cafd-417c-95d0-870544caafab/1/AISIiFU7ojKk8ZnCm6J_NwGCG4o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/e58e27-cafd-417c-95d0-870544caafab/1/YU4ZoidYFqKOXoDI-aKMxaHZwNU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.73.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:da:b0:68:af:78:f7:ab:a9:c1:01:54:9e:55:6a:df:6a:9f:
         b8:5f:40:9f:e8:91:11:88:0e:b7:0d:e3:b9:ab:0d:36:84:d0:
         e0:39:a1:58:c1:66:e0:c8:b2:a7:a7:93:58:9d:3d:44:13:96:
         8e:24:90:f2:d6:82:9a:42:53:d0:eb:70:18:68:7f:fd:b7:74:
         ed:1b:ac:05:cc:09:78:38:32:e2:77:01:c7:84:14:02:90:7b:
         27:35:af:99:86:a4:48:69:76:47:33:38:4f:9e:8f:22:86:a7:
         05:2d:b7:a5:5d:bc:43:63:2c:2c:39:44:a0:06:06:50:1d:80:
         f8:eb:1e:1f:69:84:e9:bd:1e:fb:57:8e:68:c8:8a:37:ff:ac:
         e0:d6:96:75:ef:a1:16:7f:ab:91:ee:17:42:a7:62:59:1b:38:
         df:a4:90:0c:0d:51:ff:d6:06:fb:ea:8d:da:e1:f3:81:19:4b:
         7c:8e:1a:30:aa:45:08:bf:f4:98:88:19:c0:eb:e1:b2:48:7a:
         a3:6b:0c:7b:0a:65:76:ab:74:7f:bf:04:17:4a:85:38:79:64:
         83:f7:29:0f:72:5d:23:5d:33:33:23:b8:7d:20:ea:a8:9f:1b:
         fd:cd:9c:05:79:25:7b:bd:f4:02:ed:9f:78:f0:0d:45:09:d9:
         6c:f1:d5:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4xKrCgpD0S1V15MBkR/haXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxNGUxOWEyMjc1ODE2YTI4ZTVlODBjOGY5YTI4Y2M1YTFk
OWMwZDUwHhcNMjQwMzEyMDUzNzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDg0ODg4ODU1M2JhMjMyYTRmMTk5YzI5YmEyN2YzNzAxODIxYjhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhkKUFW71Zbn4IAP0Ma72RbAkc1Os
FQSg6k+/UzK2FqVoisjRQOydtebKodTRPLkQVH6dRnRUgf3TbUFcKoL4ln0zrUIP
EK67zoNHUY5eqtJLJrqkvavC8kkHp/tXUIMwUtK0/FlaaFXnEp9dXD+w13UkLX9b
FwFUyiI/NOI3pSBm7TQIBRgyM/UA5bJnKzQF6rI6PTnvl72Yt7drdnUGu0sltCU/
Hkq5iSRIiFa5JTlhrMIBtXZ7rYzGNyJMbxMauEdub2wrCiLmxid08wApBFkYtWhr
3yBxgNxUntz20eVoggyND0fgUdkKoAi14vo0FdL9eY8vJCoPfN1xTMn2nQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFACEiIhVO6IypPGZwpuifzcBghuKMB8GA1UdIwQY
MBaAFGFOGaInWBaijl6AyPmijMWh2cDVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVU0Wm9pZFlGcUtPWG9ESS1hS014YUhad05VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My9lNThlMjctY2FmZC00MTdjLTk1ZDAt
ODcwNTQ0Y2FhZmFiLzEvQUlTSWlGVTdvaktrOFpuQ202Sl9Od0dDRzRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My9lNThlMjctY2FmZC00MTdjLTk1ZDAtODcwNTQ0Y2FhZmFi
LzEvWVU0Wm9pZFlGcUtPWG9ESS1hS014YUhad05VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATUlfMA0G
CSqGSIb3DQEBCwUAA4IBAQBP2rBor3j3q6nBAVSeVWrfap+4X0Cf6JERiA63DeO5
qw02hNDgOaFYwWbgyLKnp5NYnT1EE5aOJJDy1oKaQlPQ63AYaH/9t3TtG6wFzAl4
ODLidwHHhBQCkHsnNa+ZhqRIaXZHMzhPno8ihqcFLbelXbxDYywsOUSgBgZQHYD4
6x4faYTpvR77V45oyIo3/6zg1pZ176EWf6uR7hdCp2JZGzjfpJAMDVH/1gb76o3a
4fOBGUt8jhowqkUIv/SYiBnA6+GySHqjawx7CmV2q3R/vwQXSoU4eWSD9ykPcl0j
XTMzI7h9IOqonxv9zZwFeSV7vfQC7Z948A1FCdls8dUc
-----END CERTIFICATE-----