Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/eLugRLDui958XmylSjkxP3wnTMY.roa
File:                     eLugRLDui958XmylSjkxP3wnTMY.roa (raw, json)
Hash identifier:          PBCwpuzp3sL6oE89Qyaa4YR3Aa/1ZZavbG6JwYcrhzA=
Subject key identifier:   78:BB:A0:44:B0:EE:8B:DE:7C:5E:6C:A5:4A:39:31:3F:7C:27:4C:C6
Certificate issuer:       /CN=a0ef5fbbfca7a93cfee965eeb6bdee6fb43c403e
Certificate serial:       01942823CCA9498B0D37767E2A1E83CA571B
Authority key identifier: A0:EF:5F:BB:FC:A7:A9:3C:FE:E9:65:EE:B6:BD:EE:6F:B4:3C:40:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oO9fu_ynqTz-6WXutr3ub7Q8QD4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/eLugRLDui958XmylSjkxP3wnTMY.roa
Signing time:             Thu 02 Jan 2025 17:50:22 +0000
ROA not before:           Thu 02 Jan 2025 17:50:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21450
IP address blocks:        77.137.128.0/18 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/oO9fu_ynqTz-6WXutr3ub7Q8QD4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/oO9fu_ynqTz-6WXutr3ub7Q8QD4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oO9fu_ynqTz-6WXutr3ub7Q8QD4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 04:01:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:cc:a9:49:8b:0d:37:76:7e:2a:1e:83:ca:57:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a0ef5fbbfca7a93cfee965eeb6bdee6fb43c403e
        Validity
            Not Before: Jan  2 17:50:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=78bba044b0ee8bde7c5e6ca54a39313f7c274cc6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:55:28:de:f6:3e:bc:b1:ad:ed:a7:bc:52:dc:
                    8a:2f:e2:11:86:15:5f:8d:6a:2e:69:33:d6:d6:2d:
                    25:08:86:45:14:ef:9b:4c:e4:c8:2b:62:de:bd:1e:
                    3f:dc:07:fe:a2:b0:76:14:a8:00:34:e4:9e:c3:a2:
                    59:e8:d5:a6:f9:c0:ae:44:dc:55:15:5a:74:1a:fa:
                    6a:51:15:58:4d:ed:39:23:47:b1:b2:03:35:fe:be:
                    12:8c:34:19:3a:4c:9c:70:e9:0c:a4:d7:3c:8b:c0:
                    c7:7a:a2:db:14:8c:e7:18:a0:ab:d1:48:8e:e0:fb:
                    60:9c:13:94:ef:5e:a9:1f:ad:6f:00:02:1d:c9:2a:
                    6b:6b:cf:38:55:b9:29:ed:69:db:cb:ab:fe:37:20:
                    a3:dc:66:10:04:64:ca:59:e3:2d:27:05:84:91:93:
                    d2:17:bb:cc:0a:61:26:38:1f:a4:45:60:a8:6c:d2:
                    db:92:41:bf:c7:2f:ca:cb:ef:1a:41:d9:6e:e1:8e:
                    fa:a5:08:b4:ee:d9:72:25:dd:55:db:31:bb:2f:2c:
                    9a:95:8d:5c:3e:53:f1:ee:47:17:cd:40:23:8f:79:
                    d6:ff:49:b1:8a:64:78:ba:c1:5e:86:61:5e:44:a2:
                    ab:c9:34:fb:ad:93:0c:36:69:30:9a:2d:8d:ac:27:
                    aa:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:BB:A0:44:B0:EE:8B:DE:7C:5E:6C:A5:4A:39:31:3F:7C:27:4C:C6
            X509v3 Authority Key Identifier:
                keyid:A0:EF:5F:BB:FC:A7:A9:3C:FE:E9:65:EE:B6:BD:EE:6F:B4:3C:40:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oO9fu_ynqTz-6WXutr3ub7Q8QD4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/eLugRLDui958XmylSjkxP3wnTMY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/oO9fu_ynqTz-6WXutr3ub7Q8QD4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.137.128.0/18

    Signature Algorithm: sha256WithRSAEncryption
         43:f4:80:7a:d8:bf:de:d7:15:b0:c8:54:46:1b:5c:8a:c9:9c:
         34:88:63:5f:59:c3:2f:ef:b6:0b:ce:b1:67:7b:2a:7a:58:15:
         a5:25:8e:ab:a3:64:83:00:3f:a9:0e:f3:d6:11:38:38:44:47:
         55:02:e4:4a:81:04:32:68:bd:5e:8b:76:29:17:74:70:2a:fb:
         49:db:a0:60:7c:0f:97:8b:2d:95:2d:7f:a6:81:db:7d:9c:3f:
         a1:7b:ee:28:36:21:40:3e:8e:11:23:a5:87:21:ee:c7:50:41:
         6a:33:3a:9c:24:9c:36:ad:20:24:90:f1:a3:d2:f6:0a:38:20:
         f9:1f:e4:42:69:85:84:70:de:1d:d6:62:c4:97:e8:e0:00:a7:
         23:09:89:16:b3:1b:ec:dd:0b:be:57:65:af:08:e3:5e:ae:30:
         9e:61:7e:6e:84:90:31:b3:fe:90:2c:5c:42:90:2d:d9:10:03:
         00:82:88:19:ff:e2:e4:34:89:70:44:3f:a6:e3:58:f9:66:44:
         19:91:cb:00:64:fa:cb:26:19:0f:c0:d3:a8:38:e2:15:ec:4f:
         bc:48:b5:b9:b2:ee:16:b6:4f:c7:b8:86:9d:cf:5a:df:84:dc:
         f4:a1:b4:94:07:8f:4a:ec:de:f8:33:0e:01:03:30:d9:30:50:
         89:7c:70:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoI8ypSYsNN3Z+Kh6DylcbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwZWY1ZmJiZmNhN2E5M2NmZWU5NjVlZWI2YmRlZTZmYjQz
YzQwM2UwHhcNMjUwMTAyMTc1MDIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OGJiYTA0NGIwZWU4YmRlN2M1ZTZjYTU0YTM5MzEzZjdjMjc0Y2M2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtlUo3vY+vLGt7ae8UtyKL+IRhhVf
jWouaTPW1i0lCIZFFO+bTOTIK2LevR4/3Af+orB2FKgANOSew6JZ6NWm+cCuRNxV
FVp0GvpqURVYTe05I0exsgM1/r4SjDQZOkyccOkMpNc8i8DHeqLbFIznGKCr0UiO
4PtgnBOU716pH61vAAIdySpra884Vbkp7Wnby6v+NyCj3GYQBGTKWeMtJwWEkZPS
F7vMCmEmOB+kRWCobNLbkkG/xy/Ky+8aQdlu4Y76pQi07tlyJd1V2zG7LyyalY1c
PlPx7kcXzUAjj3nW/0mximR4usFehmFeRKKryTT7rZMMNmkwmi2NrCeqBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHi7oESw7ovefF5spUo5MT98J0zGMB8GA1UdIwQY
MBaAFKDvX7v8p6k8/ull7ra97m+0PEA+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb085ZnVfeW5xVHotNldYdXRyM3ViN1E4UUQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi9mZTkxNWMtYmY3MC00NjAyLThhM2Mt
MDI5MmIwMjAxNTBhLzEvZUx1Z1JMRHVpOTU4WG15bFNqa3hQM3duVE1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi9mZTkxNWMtYmY3MC00NjAyLThhM2MtMDI5MmIwMjAxNTBh
LzEvb085ZnVfeW5xVHotNldYdXRyM3ViN1E4UUQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQGTYmAMA0G
CSqGSIb3DQEBCwUAA4IBAQBD9IB62L/e1xWwyFRGG1yKyZw0iGNfWcMv77YLzrFn
eyp6WBWlJY6ro2SDAD+pDvPWETg4REdVAuRKgQQyaL1ei3YpF3RwKvtJ26BgfA+X
iy2VLX+mgdt9nD+he+4oNiFAPo4RI6WHIe7HUEFqMzqcJJw2rSAkkPGj0vYKOCD5
H+RCaYWEcN4d1mLEl+jgAKcjCYkWsxvs3Qu+V2WvCONerjCeYX5uhJAxs/6QLFxC
kC3ZEAMAgogZ/+LkNIlwRD+m41j5ZkQZkcsAZPrLJhkPwNOoOOIV7E+8SLW5su4W
tk/HuIadz1rfhNz0obSUB49K7N74Mw4BAzDZMFCJfHCr
-----END CERTIFICATE-----