Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/moCjhy9MjqXiFgMnAR9Fy5SDHgo.roa
File:                     moCjhy9MjqXiFgMnAR9Fy5SDHgo.roa (raw, json)
Hash identifier:          LUnUKR1Zotqdb56mM7OX5qPTEb698XgNZZiSiK3MEOQ=
Subject key identifier:   9A:80:A3:87:2F:4C:8E:A5:E2:16:03:27:01:1F:45:CB:94:83:1E:0A
Certificate issuer:       /CN=1b2c219f3c297b775880c3b651a2003f9be6de5e
Certificate serial:       0196E824D5DBCB93BE8DE4D38E9AD2A4A6DA
Authority key identifier: 1B:2C:21:9F:3C:29:7B:77:58:80:C3:B6:51:A2:00:3F:9B:E6:DE:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gywhnzwpe3dYgMO2UaIAP5vm3l4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/moCjhy9MjqXiFgMnAR9Fy5SDHgo.roa
Signing time:             Mon 19 May 2025 10:44:10 +0000
ROA not before:           Mon 19 May 2025 10:44:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216024
IP address blocks:        77.221.145.0/24 maxlen: 24
                          176.98.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/Gywhnzwpe3dYgMO2UaIAP5vm3l4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/Gywhnzwpe3dYgMO2UaIAP5vm3l4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gywhnzwpe3dYgMO2UaIAP5vm3l4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 00:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:e8:24:d5:db:cb:93:be:8d:e4:d3:8e:9a:d2:a4:a6:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b2c219f3c297b775880c3b651a2003f9be6de5e
        Validity
            Not Before: May 19 10:44:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9a80a3872f4c8ea5e2160327011f45cb94831e0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:5b:ca:33:48:b5:62:82:83:a4:01:2b:70:aa:
                    19:07:9b:f5:84:e0:c5:6c:ef:bd:a5:75:03:04:a6:
                    ce:5e:68:d7:aa:1a:a9:1f:5f:ad:9e:9a:a9:47:87:
                    c8:45:63:0a:96:49:c1:11:61:ed:e8:91:a6:2c:8c:
                    cf:b9:74:12:ca:51:b7:bc:a8:70:c2:dc:d6:f9:ed:
                    39:34:ab:59:92:60:46:5f:5a:2a:fe:e1:75:ad:b0:
                    c2:a1:f6:4b:ff:fd:b6:97:61:e2:3b:69:bf:f1:34:
                    22:3c:2a:20:3b:c8:6f:ef:32:c7:5f:40:ed:35:a8:
                    5b:a8:24:9d:c8:52:98:98:57:59:2c:22:72:85:73:
                    eb:99:de:94:98:9a:16:b1:3a:3a:d0:3e:de:52:f5:
                    98:b7:4b:73:6b:18:e3:f0:7c:f4:3f:f0:07:e8:85:
                    36:ab:4f:97:22:ac:ef:b3:84:63:86:f6:bb:1e:01:
                    cc:d0:b6:3f:71:28:15:63:03:9f:1b:97:44:a9:ab:
                    ce:87:21:56:1b:41:80:1d:6f:82:10:45:ae:a9:f0:
                    34:5c:14:2e:b1:b2:33:47:2d:7e:15:b5:61:dc:1a:
                    15:5a:a6:16:29:52:1b:ed:a8:be:ed:0c:8b:d2:4f:
                    56:9d:e1:50:c7:c5:d2:ff:df:34:7a:64:55:ad:81:
                    93:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:80:A3:87:2F:4C:8E:A5:E2:16:03:27:01:1F:45:CB:94:83:1E:0A
            X509v3 Authority Key Identifier:
                keyid:1B:2C:21:9F:3C:29:7B:77:58:80:C3:B6:51:A2:00:3F:9B:E6:DE:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gywhnzwpe3dYgMO2UaIAP5vm3l4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/moCjhy9MjqXiFgMnAR9Fy5SDHgo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/Gywhnzwpe3dYgMO2UaIAP5vm3l4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.221.145.0/24
                  176.98.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:a6:67:da:b3:d3:22:7d:a0:7e:03:20:d7:2b:90:3f:44:6c:
         2a:a9:a3:17:4b:d7:14:22:92:61:ee:bf:09:35:93:54:8b:17:
         9e:f2:da:56:e5:04:e5:85:1d:0d:a3:d8:c4:d8:01:af:89:60:
         18:c4:b8:a7:39:78:28:de:5c:81:65:8f:38:40:e5:9e:44:19:
         67:a5:72:69:72:b4:bc:0e:d6:35:24:f0:b6:ce:58:46:1a:8a:
         19:5a:92:5e:b6:98:43:1a:b5:66:70:cb:38:ed:21:34:f2:22:
         9c:c9:59:09:f0:31:9e:c7:be:48:99:e6:80:59:a7:c6:d8:1e:
         87:f6:03:b3:87:81:7b:cc:2a:fb:0b:9b:3b:b5:37:78:3a:38:
         b2:cd:6d:44:58:cd:8f:3a:d8:3b:ef:91:39:7e:16:6e:66:39:
         8f:c2:00:6b:ff:a4:95:a4:bd:ef:9a:1f:cb:2e:67:b4:0f:d0:
         63:2c:0a:91:6e:d8:53:d5:f9:e5:6e:78:36:0c:7f:1c:2d:bc:
         a1:e2:63:5c:1b:ff:bd:20:55:19:e5:22:9b:42:7e:1e:99:b5:
         47:93:bc:38:1f:1e:44:1a:75:a1:9b:28:d2:39:76:a8:92:87:
         a1:66:20:39:5e:7f:29:58:fb:2a:38:85:18:57:1c:f9:62:84:
         c9:57:b7:01
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZboJNXby5O+jeTTjprSpKbaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMmMyMTlmM2MyOTdiNzc1ODgwYzNiNjUxYTIwMDNmOWJl
NmRlNWUwHhcNMjUwNTE5MTA0NDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTgwYTM4NzJmNGM4ZWE1ZTIxNjAzMjcwMTFmNDVjYjk0ODMxZTBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw1vKM0i1YoKDpAErcKoZB5v1hODF
bO+9pXUDBKbOXmjXqhqpH1+tnpqpR4fIRWMKlknBEWHt6JGmLIzPuXQSylG3vKhw
wtzW+e05NKtZkmBGX1oq/uF1rbDCofZL//22l2HiO2m/8TQiPCogO8hv7zLHX0Dt
NahbqCSdyFKYmFdZLCJyhXPrmd6UmJoWsTo60D7eUvWYt0tzaxjj8Hz0P/AH6IU2
q0+XIqzvs4Rjhva7HgHM0LY/cSgVYwOfG5dEqavOhyFWG0GAHW+CEEWuqfA0XBQu
sbIzRy1+FbVh3BoVWqYWKVIb7ai+7QyL0k9WneFQx8XS/980emRVrYGT5wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJqAo4cvTI6l4hYDJwEfRcuUgx4KMB8GA1UdIwQY
MBaAFBssIZ88KXt3WIDDtlGiAD+b5t5eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3l3aG56d3BlM2RZZ01PMlVhSUFQNXZtM2w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi9iMTFhNDAtNDhlOS00ZTA2LWJmMTEt
OTJjODFmMjJlNzEyLzEvbW9Damh5OU1qcVhpRmdNbkFSOUZ5NVNESGdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi9iMTFhNDAtNDhlOS00ZTA2LWJmMTEtOTJjODFmMjJlNzEy
LzEvR3l3aG56d3BlM2RZZ01PMlVhSUFQNXZtM2w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATd2RAwQA
sGK/MA0GCSqGSIb3DQEBCwUAA4IBAQCDpmfas9MifaB+AyDXK5A/RGwqqaMXS9cU
IpJh7r8JNZNUixee8tpW5QTlhR0No9jE2AGviWAYxLinOXgo3lyBZY84QOWeRBln
pXJpcrS8DtY1JPC2zlhGGooZWpJetphDGrVmcMs47SE08iKcyVkJ8DGex75ImeaA
WafG2B6H9gOzh4F7zCr7C5s7tTd4OjiyzW1EWM2POtg775E5fhZuZjmPwgBr/6SV
pL3vmh/LLme0D9BjLAqRbthT1fnlbng2DH8cLbyh4mNcG/+9IFUZ5SKbQn4embVH
k7w4Hx5EGnWhmyjSOXaokoehZiA5Xn8pWPsqOIUYVxz5YoTJV7cB
-----END CERTIFICATE-----