Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/95c3c8-6ab1-4951-8f59-65503a9306a0/1/O6hC_E85D-gML2iRrUU2b5ibO0s.roa
File:                     O6hC_E85D-gML2iRrUU2b5ibO0s.roa (raw, json)
Hash identifier:          F14l9yzbuoxNtXqq8ma/CyqbNDJtpPWFpWAVl55tljo=
Subject key identifier:   3B:A8:42:FC:4F:39:0F:E8:0C:2F:68:91:AD:45:36:6F:98:9B:3B:4B
Certificate issuer:       /CN=18d801de9fe8a6680758817823ae36ba065c610d
Certificate serial:       01942445A6377CC46B628FC1423F8E5E158E
Authority key identifier: 18:D8:01:DE:9F:E8:A6:68:07:58:81:78:23:AE:36:BA:06:5C:61:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GNgB3p_opmgHWIF4I642ugZcYQ0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/95c3c8-6ab1-4951-8f59-65503a9306a0/1/O6hC_E85D-gML2iRrUU2b5ibO0s.roa
Signing time:             Wed 01 Jan 2025 23:48:51 +0000
ROA not before:           Wed 01 Jan 2025 23:48:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209917
IP address blocks:        77.72.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/95c3c8-6ab1-4951-8f59-65503a9306a0/1/GNgB3p_opmgHWIF4I642ugZcYQ0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/95c3c8-6ab1-4951-8f59-65503a9306a0/1/GNgB3p_opmgHWIF4I642ugZcYQ0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GNgB3p_opmgHWIF4I642ugZcYQ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 05:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:a6:37:7c:c4:6b:62:8f:c1:42:3f:8e:5e:15:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18d801de9fe8a6680758817823ae36ba065c610d
        Validity
            Not Before: Jan  1 23:48:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3ba842fc4f390fe80c2f6891ad45366f989b3b4b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:85:9f:0d:b4:5c:06:71:0d:2d:7b:e4:c2:9c:
                    a4:25:56:bc:77:9e:6b:01:03:19:6c:4e:cf:af:5a:
                    99:68:96:8d:cf:da:ec:43:3c:07:b2:5d:71:cf:35:
                    44:ae:83:4b:79:f7:40:d3:9b:6d:67:be:0f:ce:c0:
                    ed:cf:d7:30:5f:c4:8e:e1:d9:d6:93:9f:be:ef:d5:
                    08:b6:ac:83:ca:98:fd:9c:6e:57:e4:e8:79:7a:35:
                    b8:4a:75:ce:e7:01:fd:65:be:b8:8a:50:55:59:7e:
                    a1:b8:9b:c7:1c:eb:b7:42:a9:8c:9b:31:3d:b5:36:
                    3b:e3:8c:8f:64:88:9f:db:ad:7f:bf:a3:2f:17:38:
                    8e:07:bc:54:34:bb:35:e4:47:d5:eb:a8:b8:6c:82:
                    dd:7c:bc:fa:f7:36:d8:24:82:69:4b:e9:74:54:50:
                    c1:c0:32:57:4e:f0:0e:f5:5a:01:91:2c:3d:1d:da:
                    86:19:20:a1:cc:dc:0c:fa:ab:e4:29:6c:b6:28:c6:
                    8c:e9:c9:cc:da:d9:6a:6d:3d:1a:15:9a:88:65:59:
                    84:f7:e5:b0:30:65:9c:24:0b:87:a7:cf:94:13:4e:
                    23:80:e5:e4:68:5a:58:b6:cf:f7:17:98:35:b2:03:
                    e2:02:30:46:0b:02:d5:b5:36:23:a0:57:c0:ba:f0:
                    1f:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:A8:42:FC:4F:39:0F:E8:0C:2F:68:91:AD:45:36:6F:98:9B:3B:4B
            X509v3 Authority Key Identifier:
                keyid:18:D8:01:DE:9F:E8:A6:68:07:58:81:78:23:AE:36:BA:06:5C:61:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GNgB3p_opmgHWIF4I642ugZcYQ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/95c3c8-6ab1-4951-8f59-65503a9306a0/1/O6hC_E85D-gML2iRrUU2b5ibO0s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/95c3c8-6ab1-4951-8f59-65503a9306a0/1/GNgB3p_opmgHWIF4I642ugZcYQ0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.72.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:2b:b9:5a:ab:1f:e7:fa:9e:7e:af:fe:b5:a6:09:e3:83:bd:
         9d:18:2f:c2:04:7c:11:3e:c3:38:e3:fb:e6:b1:74:58:9f:04:
         bd:a5:68:f6:ee:40:6c:98:b3:4d:1f:d1:14:c7:f7:51:af:b0:
         c2:8f:0d:a5:e6:02:38:2e:a9:31:a8:13:58:28:3e:e6:0f:57:
         0d:05:34:42:ab:38:32:f2:49:fb:a7:a8:a0:12:f7:04:c7:8e:
         d4:d7:61:2f:54:a9:62:34:b4:74:1b:2f:32:bc:c3:8c:01:a5:
         44:f3:9e:51:2d:8b:69:45:a6:d0:9a:3f:0b:c5:33:0f:73:ce:
         fa:69:4c:0b:4d:f9:8f:3e:be:cd:86:29:0e:db:65:1f:ee:99:
         8a:75:a3:ee:e5:7c:2f:eb:73:e5:d1:36:f1:17:ec:d6:7d:9b:
         05:03:63:d4:fc:31:6e:89:e2:dd:41:47:3b:87:9a:ba:3a:a7:
         22:3c:27:61:1f:0a:97:7c:5f:40:a4:c6:7a:bd:7c:fb:05:61:
         81:f3:91:5f:1f:74:13:4c:9a:6d:4b:19:f2:f8:f7:14:6c:e8:
         0c:7f:9a:0a:e6:ac:e0:ee:8f:b2:45:99:a0:ff:03:e5:3f:30:
         42:13:43:41:be:2f:51:b0:d8:18:a1:c4:22:74:18:2f:f3:a5:
         33:b6:5e:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRaY3fMRrYo/BQj+OXhWOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4ZDgwMWRlOWZlOGE2NjgwNzU4ODE3ODIzYWUzNmJhMDY1
YzYxMGQwHhcNMjUwMTAxMjM0ODUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmE4NDJmYzRmMzkwZmU4MGMyZjY4OTFhZDQ1MzY2Zjk4OWIzYjRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlYWfDbRcBnENLXvkwpykJVa8d55r
AQMZbE7Pr1qZaJaNz9rsQzwHsl1xzzVEroNLefdA05ttZ74PzsDtz9cwX8SO4dnW
k5++79UItqyDypj9nG5X5Oh5ejW4SnXO5wH9Zb64ilBVWX6huJvHHOu3QqmMmzE9
tTY744yPZIif261/v6MvFziOB7xUNLs15EfV66i4bILdfLz69zbYJIJpS+l0VFDB
wDJXTvAO9VoBkSw9HdqGGSChzNwM+qvkKWy2KMaM6cnM2tlqbT0aFZqIZVmE9+Ww
MGWcJAuHp8+UE04jgOXkaFpYts/3F5g1sgPiAjBGCwLVtTYjoFfAuvAf8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDuoQvxPOQ/oDC9oka1FNm+YmztLMB8GA1UdIwQY
MBaAFBjYAd6f6KZoB1iBeCOuNroGXGENMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR05nQjNwX29wbWdIV0lGNEk2NDJ1Z1pjWVEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS85NWMzYzgtNmFiMS00OTUxLThmNTkt
NjU1MDNhOTMwNmEwLzEvTzZoQ19FODVELWdNTDJpUnJVVTJiNWliTzBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS85NWMzYzgtNmFiMS00OTUxLThmNTktNjU1MDNhOTMwNmEw
LzEvR05nQjNwX29wbWdIV0lGNEk2NDJ1Z1pjWVEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATUjcMA0G
CSqGSIb3DQEBCwUAA4IBAQBTK7laqx/n+p5+r/61pgnjg72dGC/CBHwRPsM44/vm
sXRYnwS9pWj27kBsmLNNH9EUx/dRr7DCjw2l5gI4LqkxqBNYKD7mD1cNBTRCqzgy
8kn7p6igEvcEx47U12EvVKliNLR0Gy8yvMOMAaVE855RLYtpRabQmj8LxTMPc876
aUwLTfmPPr7NhikO22Uf7pmKdaPu5Xwv63Pl0TbxF+zWfZsFA2PU/DFuieLdQUc7
h5q6OqciPCdhHwqXfF9ApMZ6vXz7BWGB85FfH3QTTJptSxny+PcUbOgMf5oK5qzg
7o+yRZmg/wPlPzBCE0NBvi9RsNgYocQidBgv86Uztl6l
-----END CERTIFICATE-----