Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/93901a-043b-49c8-ad37-ac7f21b6b74d/1/U9TChuEsKrileu5LPlClTPiblHw.roa
File:                     U9TChuEsKrileu5LPlClTPiblHw.roa (raw, json)
Hash identifier:          iW3rj/qTsfRQaeDi2vFF7FLZOCFmBBPXZ/tRsBWwt4A=
Subject key identifier:   53:D4:C2:86:E1:2C:2A:B8:A5:7A:EE:4B:3E:50:A5:4C:F8:9B:94:7C
Certificate issuer:       /CN=8f2ae45c509041a796a968953581f51d45bfce55
Certificate serial:       019421B1EFE135BC1FAD2BDBE8CB5ACF98DC
Authority key identifier: 8F:2A:E4:5C:50:90:41:A7:96:A9:68:95:35:81:F5:1D:45:BF:CE:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jyrkXFCQQaeWqWiVNYH1HUW_zlU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/93901a-043b-49c8-ad37-ac7f21b6b74d/1/U9TChuEsKrileu5LPlClTPiblHw.roa
Signing time:             Wed 01 Jan 2025 11:48:16 +0000
ROA not before:           Wed 01 Jan 2025 11:48:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42917
IP address blocks:        77.75.112.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/93901a-043b-49c8-ad37-ac7f21b6b74d/1/jyrkXFCQQaeWqWiVNYH1HUW_zlU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/93901a-043b-49c8-ad37-ac7f21b6b74d/1/jyrkXFCQQaeWqWiVNYH1HUW_zlU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jyrkXFCQQaeWqWiVNYH1HUW_zlU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 20:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:ef:e1:35:bc:1f:ad:2b:db:e8:cb:5a:cf:98:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f2ae45c509041a796a968953581f51d45bfce55
        Validity
            Not Before: Jan  1 11:48:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=53d4c286e12c2ab8a57aee4b3e50a54cf89b947c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:de:d5:9c:9b:65:33:e5:4b:0a:e6:69:c5:17:
                    a8:06:cd:60:61:cf:53:61:b6:81:fc:d5:fa:b2:33:
                    ba:4b:f8:85:69:ca:f6:d1:34:f4:53:2b:12:ef:d7:
                    92:bc:0e:a5:57:fc:89:e6:8a:5f:4a:83:36:61:21:
                    74:c1:90:82:14:d3:8b:5a:3d:26:0f:90:d1:ac:41:
                    10:7b:e3:4d:c8:65:5a:2b:2a:b8:4c:84:19:68:9e:
                    9e:07:07:2e:e9:db:8f:7a:39:34:80:33:0a:e2:2d:
                    3c:e0:dd:f5:49:5c:19:d3:df:67:e8:5f:7e:1e:c7:
                    b3:c6:ab:31:9e:88:b6:9f:d7:64:67:31:88:23:ab:
                    6c:ad:d5:44:16:62:86:13:b8:d7:9b:da:05:26:f2:
                    cb:14:5d:e2:38:a5:1c:b4:2d:bf:c1:38:61:82:84:
                    bf:9f:ab:ff:f3:83:08:0c:9a:d0:0a:12:b0:be:9c:
                    2d:c9:b6:d3:84:87:f0:9e:d0:b8:d7:e4:9a:92:3f:
                    e8:d9:66:6b:d5:fb:31:15:24:e9:eb:08:cc:85:ba:
                    d8:81:69:39:e8:ba:cf:64:63:0a:7c:43:88:0b:7d:
                    fc:01:5f:21:5b:9f:d7:6c:75:fb:6f:ce:72:38:e6:
                    c5:83:71:5c:1b:07:05:ab:c7:a1:f7:af:05:1d:ef:
                    7d:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:D4:C2:86:E1:2C:2A:B8:A5:7A:EE:4B:3E:50:A5:4C:F8:9B:94:7C
            X509v3 Authority Key Identifier:
                keyid:8F:2A:E4:5C:50:90:41:A7:96:A9:68:95:35:81:F5:1D:45:BF:CE:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jyrkXFCQQaeWqWiVNYH1HUW_zlU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/93901a-043b-49c8-ad37-ac7f21b6b74d/1/U9TChuEsKrileu5LPlClTPiblHw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/93901a-043b-49c8-ad37-ac7f21b6b74d/1/jyrkXFCQQaeWqWiVNYH1HUW_zlU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.75.112.0/21

    Signature Algorithm: sha256WithRSAEncryption
         42:a0:b7:e0:de:df:a0:3d:85:94:ee:69:cb:a7:82:19:bb:a1:
         e8:8e:78:9b:9b:59:57:6b:6a:52:56:bc:89:e4:ab:71:21:ae:
         c6:82:6d:ca:42:7c:4b:87:93:ee:d4:25:fc:31:95:5c:0f:fb:
         67:0d:3d:7a:17:8b:26:69:13:eb:3f:c0:41:7a:e7:78:76:4d:
         41:a9:ed:61:a9:f6:c6:fa:5f:87:66:8a:eb:d5:bf:b0:e2:68:
         7e:38:7a:f7:d3:e0:76:e8:5e:36:70:f8:26:f2:5b:45:a4:4f:
         24:57:46:7c:15:c8:b2:8c:3e:a9:a8:75:d9:53:7f:c5:77:16:
         e8:da:3a:79:41:f7:98:90:5f:b7:5e:bd:00:ac:b3:65:88:7a:
         e1:48:ad:21:91:60:2d:28:30:58:8e:93:c9:d9:78:fc:13:bc:
         4d:8a:73:43:e9:85:dc:31:10:e6:8c:a3:12:2b:3f:59:81:d8:
         e6:d6:f9:dd:c7:5e:6d:19:69:ae:0b:e1:5a:62:1e:ea:f0:6e:
         49:02:90:9c:48:86:28:24:71:46:3b:15:b9:67:59:11:19:52:
         8a:29:98:1b:f8:9b:fb:2a:f4:90:3d:13:5b:bb:8d:60:6b:a6:
         2a:38:a7:8b:9e:7a:82:e0:99:4c:e7:b1:eb:7d:33:89:ad:a1:
         2d:cc:36:3d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhse/hNbwfrSvb6Mtaz5jcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmMmFlNDVjNTA5MDQxYTc5NmE5Njg5NTM1ODFmNTFkNDVi
ZmNlNTUwHhcNMjUwMTAxMTE0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2Q0YzI4NmUxMmMyYWI4YTU3YWVlNGIzZTUwYTU0Y2Y4OWI5NDdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv97VnJtlM+VLCuZpxReoBs1gYc9T
YbaB/NX6sjO6S/iFacr20TT0UysS79eSvA6lV/yJ5opfSoM2YSF0wZCCFNOLWj0m
D5DRrEEQe+NNyGVaKyq4TIQZaJ6eBwcu6duPejk0gDMK4i084N31SVwZ099n6F9+
Hsezxqsxnoi2n9dkZzGII6tsrdVEFmKGE7jXm9oFJvLLFF3iOKUctC2/wThhgoS/
n6v/84MIDJrQChKwvpwtybbThIfwntC41+Sakj/o2WZr1fsxFSTp6wjMhbrYgWk5
6LrPZGMKfEOIC338AV8hW5/XbHX7b85yOObFg3FcGwcFq8eh968FHe99PwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFPUwobhLCq4pXruSz5QpUz4m5R8MB8GA1UdIwQY
MBaAFI8q5FxQkEGnlqlolTWB9R1Fv85VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanlya1hGQ1FRYWVXcVdpVk5ZSDFIVVdfemxVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni85MzkwMWEtMDQzYi00OWM4LWFkMzct
YWM3ZjIxYjZiNzRkLzEvVTlUQ2h1RXNLcmlsZXU1TFBsQ2xUUGlibEh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni85MzkwMWEtMDQzYi00OWM4LWFkMzctYWM3ZjIxYjZiNzRk
LzEvanlya1hGQ1FRYWVXcVdpVk5ZSDFIVVdfemxVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDTUtwMA0G
CSqGSIb3DQEBCwUAA4IBAQBCoLfg3t+gPYWU7mnLp4IZu6Hojnibm1lXa2pSVryJ
5KtxIa7Ggm3KQnxLh5Pu1CX8MZVcD/tnDT16F4smaRPrP8BBeud4dk1Bqe1hqfbG
+l+HZorr1b+w4mh+OHr30+B26F42cPgm8ltFpE8kV0Z8FciyjD6pqHXZU3/Fdxbo
2jp5QfeYkF+3Xr0ArLNliHrhSK0hkWAtKDBYjpPJ2Xj8E7xNinND6YXcMRDmjKMS
Kz9Zgdjm1vndx15tGWmuC+FaYh7q8G5JApCcSIYoJHFGOxW5Z1kRGVKKKZgb+Jv7
KvSQPRNbu41ga6YqOKeLnnqC4JlM57HrfTOJraEtzDY9
-----END CERTIFICATE-----