Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/7ca3de-92c8-49fb-acae-9f1a5dbb41d6/1/yvpjWtz46zsun1W2QybrjRRakTk.roa
File:                     yvpjWtz46zsun1W2QybrjRRakTk.roa (raw, json)
Hash identifier:          XQWdrjR0LoFDKoLC95zC6F9aO6E2j9FpmMx9mFkAAi0=
Subject key identifier:   CA:FA:63:5A:DC:F8:EB:3B:2E:9F:55:B6:43:26:EB:8D:14:5A:91:39
Certificate issuer:       /CN=02d6e8273f9051ac31cb95792cb51400dab714aa
Certificate serial:       018CC8DFACB76554873A424368C89EABF493
Authority key identifier: 02:D6:E8:27:3F:90:51:AC:31:CB:95:79:2C:B5:14:00:DA:B7:14:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AtboJz-QUawxy5V5LLUUANq3FKo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/7ca3de-92c8-49fb-acae-9f1a5dbb41d6/1/yvpjWtz46zsun1W2QybrjRRakTk.roa
Signing time:             Tue 02 Jan 2024 06:32:31 +0000
ROA not before:           Tue 02 Jan 2024 06:32:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51918
IP address blocks:        77.73.170.0/23 maxlen: 23
                          77.73.172.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/7ca3de-92c8-49fb-acae-9f1a5dbb41d6/1/AtboJz-QUawxy5V5LLUUANq3FKo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/7ca3de-92c8-49fb-acae-9f1a5dbb41d6/1/AtboJz-QUawxy5V5LLUUANq3FKo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AtboJz-QUawxy5V5LLUUANq3FKo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:ac:b7:65:54:87:3a:42:43:68:c8:9e:ab:f4:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=02d6e8273f9051ac31cb95792cb51400dab714aa
        Validity
            Not Before: Jan  2 06:32:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cafa635adcf8eb3b2e9f55b64326eb8d145a9139
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:93:7f:1f:54:0b:d2:a0:99:bc:1e:ff:f1:2a:
                    74:44:22:6c:d1:76:76:d4:16:b7:ab:d3:dc:9d:43:
                    cb:57:fc:e7:ed:7e:b6:f2:fb:57:47:6e:da:46:04:
                    45:0a:36:d7:97:57:78:9c:4b:be:39:73:0b:3a:4f:
                    d2:5f:d1:ed:3f:bf:e2:a9:88:c4:c1:17:b4:45:ca:
                    5c:3a:2e:8b:e0:e9:9c:13:d1:a3:25:aa:b8:e3:1e:
                    12:46:cb:1a:65:6d:7a:55:74:2a:c1:82:2d:56:6b:
                    64:aa:64:d9:14:8d:c5:eb:dd:0e:b3:3c:bc:1c:42:
                    66:e3:7f:c3:f6:70:2b:e4:84:02:46:51:59:2c:35:
                    1b:ee:a2:e7:9b:cb:d1:fc:b6:cd:b8:73:fe:bf:d8:
                    9f:44:7e:db:83:a4:c8:7c:47:7c:d8:be:ee:71:a6:
                    ee:6d:92:38:eb:20:17:0e:7e:f4:e0:c4:30:f5:4c:
                    6d:1e:3d:b2:22:3b:42:20:a8:2d:ad:22:30:f6:ba:
                    82:05:ae:4b:cd:60:fa:cd:21:54:48:89:2b:44:25:
                    a7:96:f2:c2:9c:b5:2e:48:9e:af:4e:15:92:a7:29:
                    95:9e:c8:93:75:d6:48:ac:e5:c9:3c:ad:33:65:38:
                    61:19:68:e8:15:24:e5:23:b4:26:d4:84:e5:4a:fc:
                    4d:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:FA:63:5A:DC:F8:EB:3B:2E:9F:55:B6:43:26:EB:8D:14:5A:91:39
            X509v3 Authority Key Identifier:
                keyid:02:D6:E8:27:3F:90:51:AC:31:CB:95:79:2C:B5:14:00:DA:B7:14:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AtboJz-QUawxy5V5LLUUANq3FKo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/7ca3de-92c8-49fb-acae-9f1a5dbb41d6/1/yvpjWtz46zsun1W2QybrjRRakTk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/7ca3de-92c8-49fb-acae-9f1a5dbb41d6/1/AtboJz-QUawxy5V5LLUUANq3FKo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.73.170.0-77.73.172.255

    Signature Algorithm: sha256WithRSAEncryption
         a5:25:b5:60:b2:7c:d7:5d:16:3c:5c:5a:a7:90:ce:52:e9:03:
         41:6c:26:ff:87:d0:e1:ec:9d:61:71:52:68:41:0b:38:14:c8:
         ce:ea:37:18:b9:51:da:85:cb:c3:48:f9:4d:68:fa:ad:10:4c:
         39:73:73:1a:33:82:68:6d:71:26:bf:c8:c9:b1:58:e9:72:92:
         38:bc:77:97:3e:eb:58:50:d4:c7:46:6d:62:a2:3d:e9:e3:83:
         c0:36:11:4e:c1:44:3a:0e:89:20:c2:3a:5f:7d:99:98:de:79:
         a9:f1:b6:c8:5b:74:4c:d4:3d:4a:c1:28:6b:57:ef:9a:34:cd:
         d6:a1:65:23:f7:e6:2d:6f:e1:03:c4:30:ed:ef:38:1b:7b:7e:
         d0:64:7f:78:95:fe:e7:46:fe:15:5c:01:ae:0c:53:ff:79:11:
         ed:c0:bd:66:5a:19:78:71:06:76:23:98:59:02:b6:da:7d:f0:
         27:80:8c:ad:e4:2b:4e:76:f9:d3:32:be:42:11:40:8d:df:48:
         1c:fe:81:71:4b:28:b5:45:c5:ae:b8:ee:bf:d4:2a:d4:4b:3d:
         c7:ae:e8:47:c0:f1:8c:0c:3d:60:13:c9:29:a5:3b:3f:3b:55:
         4f:a6:ff:dd:f0:cb:d1:b6:25:87:e6:e1:f7:f5:56:5c:80:82:
         f2:ad:44:97
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzI36y3ZVSHOkJDaMieq/STMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyZDZlODI3M2Y5MDUxYWMzMWNiOTU3OTJjYjUxNDAwZGFi
NzE0YWEwHhcNMjQwMTAyMDYzMjMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWZhNjM1YWRjZjhlYjNiMmU5ZjU1YjY0MzI2ZWI4ZDE0NWE5MTM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjJN/H1QL0qCZvB7/8Sp0RCJs0XZ2
1Ba3q9PcnUPLV/zn7X628vtXR27aRgRFCjbXl1d4nEu+OXMLOk/SX9HtP7/iqYjE
wRe0RcpcOi6L4OmcE9GjJaq44x4SRssaZW16VXQqwYItVmtkqmTZFI3F690Oszy8
HEJm43/D9nAr5IQCRlFZLDUb7qLnm8vR/LbNuHP+v9ifRH7bg6TIfEd82L7ucabu
bZI46yAXDn704MQw9UxtHj2yIjtCIKgtrSIw9rqCBa5LzWD6zSFUSIkrRCWnlvLC
nLUuSJ6vThWSpymVnsiTddZIrOXJPK0zZThhGWjoFSTlI7Qm1ITlSvxNpQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFMr6Y1rc+Os7Lp9VtkMm640UWpE5MB8GA1UdIwQY
MBaAFALW6Cc/kFGsMcuVeSy1FADatxSqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQXRib0p6LVFVYXd4eTVWNUxMVVVBTnEzRktvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC83Y2EzZGUtOTJjOC00OWZiLWFjYWUt
OWYxYTVkYmI0MWQ2LzEveXZwald0ejQ2enN1bjFXMlF5YnJqUlJha1RrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC83Y2EzZGUtOTJjOC00OWZiLWFjYWUtOWYxYTVkYmI0MWQ2
LzEvQXRib0p6LVFVYXd4eTVWNUxMVVVBTnEzRktvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAFNSaoD
BABNSawwDQYJKoZIhvcNAQELBQADggEBAKUltWCyfNddFjxcWqeQzlLpA0FsJv+H
0OHsnWFxUmhBCzgUyM7qNxi5UdqFy8NI+U1o+q0QTDlzcxozgmhtcSa/yMmxWOly
kji8d5c+61hQ1MdGbWKiPenjg8A2EU7BRDoOiSDCOl99mZjeeanxtshbdEzUPUrB
KGtX75o0zdahZSP35i1v4QPEMO3vOBt7ftBkf3iV/udG/hVcAa4MU/95Ee3AvWZa
GXhxBnYjmFkCttp98CeAjK3kK052+dMyvkIRQI3fSBz+gXFLKLVFxa647r/UKtRL
Pceu6EfA8YwMPWATySmlOz87VU+m/93wy9G2JYfm4ff1VlyAgvKtRJc=
-----END CERTIFICATE-----