Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/_oRCFbhpXa3iOh2WZ6IPHnranZ0.roa
File:                     _oRCFbhpXa3iOh2WZ6IPHnranZ0.roa (raw, json)
Hash identifier:          4++pQdw92thj5L3YGu7Uvintp6zqvREHWC5ox2FcELg=
Subject key identifier:   FE:84:42:15:B8:69:5D:AD:E2:3A:1D:96:67:A2:0F:1E:7A:DA:9D:9D
Certificate issuer:       /CN=1773db17795d2bf1b4b5345c5b29390dbaf4523e
Certificate serial:       01944AAA407C35473B9F11C5218AA90C628F
Authority key identifier: 17:73:DB:17:79:5D:2B:F1:B4:B5:34:5C:5B:29:39:0D:BA:F4:52:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/_oRCFbhpXa3iOh2WZ6IPHnranZ0.roa
Signing time:             Thu 09 Jan 2025 10:44:19 +0000
ROA not before:           Thu 09 Jan 2025 10:44:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39686
IP address blocks:        145.77.128.0/19 maxlen: 19
                          145.77.240.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 04:01:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:4a:aa:40:7c:35:47:3b:9f:11:c5:21:8a:a9:0c:62:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1773db17795d2bf1b4b5345c5b29390dbaf4523e
        Validity
            Not Before: Jan  9 10:44:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fe844215b8695dade23a1d9667a20f1e7ada9d9d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:5a:78:ca:64:37:de:4f:2f:e3:f9:a0:8b:e6:
                    f2:22:d4:0e:f3:bd:c7:8d:14:9f:3d:f8:e0:2a:d2:
                    58:59:17:b6:f7:24:0c:c2:eb:d5:da:49:08:43:55:
                    16:5a:0b:e8:5f:94:5a:88:e0:f2:3e:c1:c1:83:f3:
                    fd:f0:02:26:b0:5e:75:b6:35:28:fc:6b:a1:8a:9f:
                    75:33:d0:2c:5e:20:da:41:8f:80:27:ef:9f:d3:7c:
                    a7:fd:2a:28:8e:cf:48:fa:e0:7b:86:6b:1c:3a:91:
                    eb:1d:21:a2:ed:bc:ba:d0:a1:52:48:53:db:18:ae:
                    19:fa:95:d9:03:eb:d3:e4:4c:54:ac:42:d0:b1:ec:
                    a7:e9:36:72:ca:f0:76:b8:a3:97:6a:86:47:60:7f:
                    90:a1:a2:ab:08:e5:23:91:49:af:5b:e7:a1:a7:eb:
                    13:65:43:a3:e9:39:55:d2:ed:d0:fd:09:1e:2e:ab:
                    f7:f7:7a:5a:7c:85:8c:44:df:b3:6c:76:00:57:5f:
                    10:44:c0:92:34:8e:2a:23:21:cb:53:0e:66:b9:43:
                    99:ad:67:9b:b8:3e:01:9a:3c:49:eb:e4:4b:87:d6:
                    39:d0:80:d6:1d:16:b5:8f:5e:8e:02:ba:0a:59:be:
                    de:ed:6b:89:7d:e7:8e:2d:8a:9e:51:c6:6b:a5:0c:
                    d4:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:84:42:15:B8:69:5D:AD:E2:3A:1D:96:67:A2:0F:1E:7A:DA:9D:9D
            X509v3 Authority Key Identifier:
                keyid:17:73:DB:17:79:5D:2B:F1:B4:B5:34:5C:5B:29:39:0D:BA:F4:52:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/_oRCFbhpXa3iOh2WZ6IPHnranZ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.77.128.0/19
                  145.77.240.0/20

    Signature Algorithm: sha256WithRSAEncryption
         25:19:6c:9c:e9:ca:67:38:b6:4b:45:3a:08:4b:68:a5:69:9f:
         37:fe:fb:ee:61:53:d3:97:46:97:35:8d:b1:09:17:a1:03:12:
         3b:86:19:29:aa:be:1d:9a:56:c0:51:2a:b4:6d:0d:e1:ee:b1:
         d0:fa:a9:42:02:22:28:71:99:96:3d:57:9f:59:70:b4:82:ea:
         30:43:6f:e1:86:6f:e8:cb:8d:f0:09:89:b0:8b:52:2b:e3:41:
         8e:f2:a1:06:16:35:66:0b:9d:b5:02:48:ce:78:a9:d6:31:70:
         8f:2f:02:57:75:e3:7d:84:66:d4:a0:eb:e3:15:31:4e:5f:dc:
         10:86:88:9c:b4:d5:4d:96:92:ff:36:fb:57:d5:40:90:8b:24:
         e7:b2:35:8f:12:2d:27:d0:8a:98:a9:f6:21:12:e9:46:95:5f:
         5b:ba:b2:e5:b2:a8:23:ba:8d:94:fb:32:fd:6c:ca:a8:f2:44:
         fe:72:9a:49:ce:92:72:b8:be:f5:ea:49:ba:ac:30:2d:f6:99:
         cf:93:20:b1:e7:bd:ae:0d:e5:7d:48:b4:09:58:b1:48:30:69:
         b1:68:a5:64:e2:4e:e1:f9:5e:68:60:91:ef:cf:8b:65:bf:2c:
         6e:f0:39:e1:3e:37:89:58:c7:1d:f6:6b:92:e3:b2:2e:aa:1c:
         93:52:b9:ad
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZRKqkB8NUc7nxHFIYqpDGKPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3NzNkYjE3Nzk1ZDJiZjFiNGI1MzQ1YzViMjkzOTBkYmFm
NDUyM2UwHhcNMjUwMTA5MTA0NDE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTg0NDIxNWI4Njk1ZGFkZTIzYTFkOTY2N2EyMGYxZTdhZGE5ZDlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAolp4ymQ33k8v4/mgi+byItQO873H
jRSfPfjgKtJYWRe29yQMwuvV2kkIQ1UWWgvoX5RaiODyPsHBg/P98AImsF51tjUo
/Guhip91M9AsXiDaQY+AJ++f03yn/Soojs9I+uB7hmscOpHrHSGi7by60KFSSFPb
GK4Z+pXZA+vT5ExUrELQseyn6TZyyvB2uKOXaoZHYH+QoaKrCOUjkUmvW+ehp+sT
ZUOj6TlV0u3Q/QkeLqv393pafIWMRN+zbHYAV18QRMCSNI4qIyHLUw5muUOZrWeb
uD4BmjxJ6+RLh9Y50IDWHRa1j16OAroKWb7e7WuJfeeOLYqeUcZrpQzUvQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFP6EQhW4aV2t4jodlmeiDx562p2dMB8GA1UdIwQY
MBaAFBdz2xd5XSvxtLU0XFspOQ269FI+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjNQYkYzbGRLX0cwdFRSY1d5azVEYnIwVWo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC9mNzdjYmQtODkzYi00NjE2LTlkNzYt
NTQ4NjFmMjMyNDlkLzEvX29SQ0ZiaHBYYTNpT2gyV1o2SVBIbnJhblowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC9mNzdjYmQtODkzYi00NjE2LTlkNzYtNTQ4NjFmMjMyNDlk
LzEvRjNQYkYzbGRLX0cwdFRSY1d5azVEYnIwVWo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQFkU2AAwQE
kU3wMA0GCSqGSIb3DQEBCwUAA4IBAQAlGWyc6cpnOLZLRToIS2ilaZ83/vvuYVPT
l0aXNY2xCRehAxI7hhkpqr4dmlbAUSq0bQ3h7rHQ+qlCAiIocZmWPVefWXC0guow
Q2/hhm/oy43wCYmwi1Ir40GO8qEGFjVmC521AkjOeKnWMXCPLwJXdeN9hGbUoOvj
FTFOX9wQhoictNVNlpL/NvtX1UCQiyTnsjWPEi0n0IqYqfYhEulGlV9burLlsqgj
uo2U+zL9bMqo8kT+cppJzpJyuL716km6rDAt9pnPkyCx572uDeV9SLQJWLFIMGmx
aKVk4k7h+V5oYJHvz4tlvyxu8DnhPjeJWMcd9muS47IuqhyTUrmt
-----END CERTIFICATE-----