Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/roxXwaFrf3KkjRm0sygAv7oGPuc.roa
File:                     roxXwaFrf3KkjRm0sygAv7oGPuc.roa (raw, json)
Hash identifier:          +XL9L+dok2bHXelVksLQxh9+U/cP9zrebc0SlrcIfKY=
Subject key identifier:   AE:8C:57:C1:A1:6B:7F:72:A4:8D:19:B4:B3:28:00:BF:BA:06:3E:E7
Certificate issuer:       /CN=8eb441dadbbecb6965d4ea1f046cc5c8e28817fc
Certificate serial:       019424B3E4E7EFE24022DCE30DA50C541E90
Authority key identifier: 8E:B4:41:DA:DB:BE:CB:69:65:D4:EA:1F:04:6C:C5:C8:E2:88:17:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/roxXwaFrf3KkjRm0sygAv7oGPuc.roa
Signing time:             Thu 02 Jan 2025 01:49:16 +0000
ROA not before:           Thu 02 Jan 2025 01:49:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56835
IP address blocks:        77.83.188.0/23 maxlen: 23
                          77.83.190.0/23 maxlen: 23
                          185.143.146.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:e4:e7:ef:e2:40:22:dc:e3:0d:a5:0c:54:1e:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8eb441dadbbecb6965d4ea1f046cc5c8e28817fc
        Validity
            Not Before: Jan  2 01:49:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ae8c57c1a16b7f72a48d19b4b32800bfba063ee7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:e2:c0:ec:8d:6e:01:41:c7:33:f9:03:86:af:
                    26:5f:9d:1f:27:fa:45:bb:ad:72:54:b4:7e:5d:8a:
                    b5:84:f0:c6:bf:01:49:e9:13:0d:b1:6e:5b:f6:11:
                    14:34:78:95:e8:83:47:1d:33:6f:ef:a5:3b:d8:2a:
                    56:b6:b6:33:e7:35:f9:7f:16:b7:6c:3e:39:cb:a7:
                    c9:e8:f4:e0:6f:52:ae:9d:34:8d:0f:ef:b0:7b:fc:
                    66:68:19:83:cc:2f:c6:f1:fe:5e:80:56:68:a0:bd:
                    11:bb:bc:e7:9a:32:fc:03:18:a3:ff:4d:6a:b3:f6:
                    d5:4c:c3:a2:d8:f6:e5:f1:c8:b6:58:9f:1a:8f:73:
                    8b:e6:f4:63:fe:4d:9c:83:54:18:ae:d2:a6:be:be:
                    5b:d9:37:ed:74:ef:4f:cd:2a:d7:64:db:ec:06:ec:
                    9e:01:dd:ab:dd:21:39:10:87:d4:50:7c:4c:f8:c3:
                    e6:80:3b:03:b7:17:b6:6e:e5:aa:5b:89:ba:81:78:
                    20:07:58:7a:d7:51:1d:2d:c8:82:2e:f5:a9:a7:25:
                    f1:fa:bf:bf:f3:1b:3e:cb:7e:d3:38:b0:28:b1:dc:
                    4f:70:7a:14:0d:2b:25:db:bd:e5:de:33:14:52:ff:
                    97:b9:39:f9:e2:dc:8c:00:f2:10:61:fb:df:3e:a9:
                    c8:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:8C:57:C1:A1:6B:7F:72:A4:8D:19:B4:B3:28:00:BF:BA:06:3E:E7
            X509v3 Authority Key Identifier:
                keyid:8E:B4:41:DA:DB:BE:CB:69:65:D4:EA:1F:04:6C:C5:C8:E2:88:17:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/roxXwaFrf3KkjRm0sygAv7oGPuc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.83.188.0/22
                  185.143.146.0/23

    Signature Algorithm: sha256WithRSAEncryption
         95:be:30:6c:a7:a1:f9:bc:fc:37:7a:6e:fb:40:fa:e4:c9:76:
         f0:7b:bc:b2:e7:a6:2b:cb:cc:af:e5:0c:0c:d4:3c:7e:cd:26:
         32:24:55:cd:c4:c4:18:a0:4b:f6:ae:f5:58:9f:d0:e6:13:bb:
         a4:c1:f6:55:b5:f0:25:e3:22:6a:0b:c9:55:65:0b:12:d7:d9:
         bd:49:58:d5:04:a3:d9:8d:33:54:f3:14:19:dc:68:5e:19:d0:
         9c:11:21:e4:de:72:14:7d:6b:dd:04:52:97:4c:87:48:7b:09:
         b3:4b:b9:3f:7b:14:54:e8:62:03:1e:a6:27:b7:ae:e0:13:b3:
         fd:f5:42:25:ee:0d:0a:b1:f5:a8:9b:bd:ce:da:bc:bb:98:7c:
         f4:c7:8a:a4:c9:18:64:70:b0:81:c1:27:6e:47:f1:8b:de:ce:
         f3:36:f2:d7:59:be:db:ff:02:3f:3a:d4:fe:dc:7a:e0:72:bf:
         bc:8b:15:e2:21:44:5c:15:50:ac:27:8d:3e:b4:90:7f:a1:93:
         90:97:ae:f8:a8:64:8d:a7:69:36:f0:3e:c3:5c:95:7d:bd:93:
         48:ab:c1:55:d3:67:31:67:88:1b:ec:1d:f9:ed:6c:51:05:70:
         d3:c1:7c:16:44:f5:41:d6:08:fc:f3:95:67:ef:88:7e:77:fc:
         54:3b:21:76
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQks+Tn7+JAItzjDaUMVB6QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlYjQ0MWRhZGJiZWNiNjk2NWQ0ZWExZjA0NmNjNWM4ZTI4
ODE3ZmMwHhcNMjUwMTAyMDE0OTE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZThjNTdjMWExNmI3ZjcyYTQ4ZDE5YjRiMzI4MDBiZmJhMDYzZWU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6+LA7I1uAUHHM/kDhq8mX50fJ/pF
u61yVLR+XYq1hPDGvwFJ6RMNsW5b9hEUNHiV6INHHTNv76U72CpWtrYz5zX5fxa3
bD45y6fJ6PTgb1KunTSND++we/xmaBmDzC/G8f5egFZooL0Ru7znmjL8Axij/01q
s/bVTMOi2Pbl8ci2WJ8aj3OL5vRj/k2cg1QYrtKmvr5b2TftdO9PzSrXZNvsBuye
Ad2r3SE5EIfUUHxM+MPmgDsDtxe2buWqW4m6gXggB1h611EdLciCLvWppyXx+r+/
8xs+y37TOLAosdxPcHoUDSsl273l3jMUUv+XuTn54tyMAPIQYfvfPqnIjwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFK6MV8Gha39ypI0ZtLMoAL+6Bj7nMB8GA1UdIwQY
MBaAFI60QdrbvstpZdTqHwRsxcjiiBf8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanJSQjJ0dS15MmxsMU9vZkJHekZ5T0tJRl93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS85NzhkMGYtOTI5Ny00YzcxLTljZmIt
NDZiOTQ5MDkyY2JlLzEvcm94WHdhRnJmM0tralJtMHN5Z0F2N29HUHVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS85NzhkMGYtOTI5Ny00YzcxLTljZmItNDZiOTQ5MDkyY2Jl
LzEvanJSQjJ0dS15MmxsMU9vZkJHekZ5T0tJRl93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCTVO8AwQB
uY+SMA0GCSqGSIb3DQEBCwUAA4IBAQCVvjBsp6H5vPw3em77QPrkyXbwe7yy56Yr
y8yv5QwM1Dx+zSYyJFXNxMQYoEv2rvVYn9DmE7ukwfZVtfAl4yJqC8lVZQsS19m9
SVjVBKPZjTNU8xQZ3GheGdCcESHk3nIUfWvdBFKXTIdIewmzS7k/exRU6GIDHqYn
t67gE7P99UIl7g0KsfWom73O2ry7mHz0x4qkyRhkcLCBwSduR/GL3s7zNvLXWb7b
/wI/OtT+3Hrgcr+8ixXiIURcFVCsJ40+tJB/oZOQl674qGSNp2k28D7DXJV9vZNI
q8FV02cxZ4gb7B357WxRBXDTwXwWRPVB1gj885Vn74h+d/xUOyF2
-----END CERTIFICATE-----