Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/f3fb24-9a20-449e-af62-28f52052c1dd/1/3ax7qBQU-yiCEZSS5qkKIuls9Gk.roa
File:                     3ax7qBQU-yiCEZSS5qkKIuls9Gk.roa (raw, json)
Hash identifier:          P0kYi/sqhbIzqvrICTlpBNIUlv1UM0BwbJJSPI8G/yo=
Subject key identifier:   DD:AC:7B:A8:14:14:FB:28:82:11:94:92:E6:A9:0A:22:E9:6C:F4:69
Certificate issuer:       /CN=150183623fc16dc74cb775462c36d31016a40ac1
Certificate serial:       018CC5DC0F38FD47B72CBE3CEF8E35EAA8AB
Authority key identifier: 15:01:83:62:3F:C1:6D:C7:4C:B7:75:46:2C:36:D3:10:16:A4:0A:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FQGDYj_BbcdMt3VGLDbTEBakCsE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/f3fb24-9a20-449e-af62-28f52052c1dd/1/3ax7qBQU-yiCEZSS5qkKIuls9Gk.roa
Signing time:             Mon 01 Jan 2024 16:29:42 +0000
ROA not before:           Mon 01 Jan 2024 16:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207833
IP address blocks:        158.255.77.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/f3fb24-9a20-449e-af62-28f52052c1dd/1/FQGDYj_BbcdMt3VGLDbTEBakCsE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/f3fb24-9a20-449e-af62-28f52052c1dd/1/FQGDYj_BbcdMt3VGLDbTEBakCsE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FQGDYj_BbcdMt3VGLDbTEBakCsE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:0f:38:fd:47:b7:2c:be:3c:ef:8e:35:ea:a8:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=150183623fc16dc74cb775462c36d31016a40ac1
        Validity
            Not Before: Jan  1 16:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ddac7ba81414fb2882119492e6a90a22e96cf469
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:6f:17:e0:d9:30:65:be:fa:2a:24:13:f4:ed:
                    46:49:48:07:9c:b8:8c:2e:ff:03:44:c8:86:a3:e8:
                    ac:c5:33:80:2e:7f:3b:e5:bb:ee:52:aa:82:f9:3c:
                    4e:24:97:a6:42:29:85:61:27:5a:1b:4f:af:ee:92:
                    71:bb:22:66:39:ac:5f:51:a3:43:c0:c0:4d:f0:6a:
                    b2:ab:5e:32:11:45:0b:8d:a2:71:29:d8:76:dd:dd:
                    16:2b:78:21:d6:2c:61:b2:6f:5f:f1:c4:cd:08:91:
                    d9:77:e7:d9:55:02:c3:e7:8a:a7:ab:69:80:5a:48:
                    a2:3a:58:a6:b0:c3:6c:ac:2e:67:67:ee:4d:9e:ed:
                    bd:b2:e8:35:80:ea:24:8c:1a:0b:b8:41:37:d6:13:
                    ed:79:14:fc:7f:06:a0:53:9d:e7:2f:1f:be:25:82:
                    d1:75:80:b7:c5:24:a5:2a:3e:8c:25:ec:de:dd:c0:
                    4e:5b:19:f4:a9:36:ac:53:a3:4c:04:75:c3:c1:15:
                    7d:a1:59:c4:66:ce:88:74:7d:87:a3:c6:d7:0e:90:
                    65:b3:1f:ea:8c:ac:27:32:d8:f5:95:64:8a:ce:2d:
                    11:a8:61:0f:e7:f6:b6:8f:83:b5:93:72:0f:59:6d:
                    7a:3c:c5:2e:06:59:e8:0a:45:32:c7:47:a1:a6:b2:
                    50:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:AC:7B:A8:14:14:FB:28:82:11:94:92:E6:A9:0A:22:E9:6C:F4:69
            X509v3 Authority Key Identifier:
                keyid:15:01:83:62:3F:C1:6D:C7:4C:B7:75:46:2C:36:D3:10:16:A4:0A:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FQGDYj_BbcdMt3VGLDbTEBakCsE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/f3fb24-9a20-449e-af62-28f52052c1dd/1/3ax7qBQU-yiCEZSS5qkKIuls9Gk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/f3fb24-9a20-449e-af62-28f52052c1dd/1/FQGDYj_BbcdMt3VGLDbTEBakCsE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.255.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:8a:d0:b6:90:5a:a4:29:8e:b2:34:6b:04:1b:6a:7b:98:1f:
         69:fe:26:b3:60:15:11:f8:41:3a:3e:c6:1f:b7:ae:b0:e7:76:
         1f:27:cd:d9:c6:9a:cf:e5:55:09:c2:ab:1f:f9:94:51:d8:74:
         ac:ff:de:fa:5c:33:c4:1a:ed:8d:c2:16:95:a8:e5:7e:52:23:
         a1:5a:5b:59:fa:ec:d6:60:b7:ff:ef:13:62:5b:20:18:41:4c:
         76:bc:88:f5:c5:eb:9e:10:5e:8f:86:9f:71:b4:74:0f:0e:2c:
         22:58:1f:ae:29:49:20:aa:4b:6f:ae:c1:e9:e2:da:69:47:3a:
         35:86:3b:01:38:c7:ae:24:13:c1:26:6b:d5:0d:ee:d6:51:df:
         24:97:c2:1f:c3:74:6e:ba:3a:5e:8d:83:53:8c:e1:bb:b2:f0:
         b2:77:e7:59:1a:5b:bc:c9:83:52:61:7f:ef:e7:0d:e1:31:b7:
         dc:61:5b:de:ea:cd:6f:da:6c:9f:b6:f4:be:06:06:10:8a:88:
         47:f4:d1:34:d0:cd:a1:26:35:77:97:cf:19:8d:14:ac:1c:92:
         c7:04:df:30:8b:15:3f:58:b6:af:48:63:45:a7:f2:c7:03:7d:
         53:c0:43:49:99:50:40:b7:0b:1f:7f:d8:88:62:fa:51:35:93:
         02:bd:63:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3A84/Ue3LL4874416qirMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1MDE4MzYyM2ZjMTZkYzc0Y2I3NzU0NjJjMzZkMzEwMTZh
NDBhYzEwHhcNMjQwMTAxMTYyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGFjN2JhODE0MTRmYjI4ODIxMTk0OTJlNmE5MGEyMmU5NmNmNDY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5G8X4NkwZb76KiQT9O1GSUgHnLiM
Lv8DRMiGo+isxTOALn875bvuUqqC+TxOJJemQimFYSdaG0+v7pJxuyJmOaxfUaND
wMBN8Gqyq14yEUULjaJxKdh23d0WK3gh1ixhsm9f8cTNCJHZd+fZVQLD54qnq2mA
WkiiOlimsMNsrC5nZ+5Nnu29sug1gOokjBoLuEE31hPteRT8fwagU53nLx++JYLR
dYC3xSSlKj6MJeze3cBOWxn0qTasU6NMBHXDwRV9oVnEZs6IdH2Ho8bXDpBlsx/q
jKwnMtj1lWSKzi0RqGEP5/a2j4O1k3IPWW16PMUuBlnoCkUyx0ehprJQcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN2se6gUFPsoghGUkuapCiLpbPRpMB8GA1UdIwQY
MBaAFBUBg2I/wW3HTLd1Riw20xAWpArBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRlFHRFlqX0JiY2RNdDNWR0xEYlRFQmFrQ3NFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny9mM2ZiMjQtOWEyMC00NDllLWFmNjIt
MjhmNTIwNTJjMWRkLzEvM2F4N3FCUVUteWlDRVpTUzVxa0tJdWxzOUdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny9mM2ZiMjQtOWEyMC00NDllLWFmNjItMjhmNTIwNTJjMWRk
LzEvRlFHRFlqX0JiY2RNdDNWR0xEYlRFQmFrQ3NFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnv9NMA0G
CSqGSIb3DQEBCwUAA4IBAQB2itC2kFqkKY6yNGsEG2p7mB9p/iazYBUR+EE6PsYf
t66w53YfJ83ZxprP5VUJwqsf+ZRR2HSs/976XDPEGu2NwhaVqOV+UiOhWltZ+uzW
YLf/7xNiWyAYQUx2vIj1xeueEF6Php9xtHQPDiwiWB+uKUkgqktvrsHp4tppRzo1
hjsBOMeuJBPBJmvVDe7WUd8kl8Ifw3RuujpejYNTjOG7svCyd+dZGlu8yYNSYX/v
5w3hMbfcYVve6s1v2myftvS+BgYQiohH9NE00M2hJjV3l88ZjRSsHJLHBN8wixU/
WLavSGNFp/LHA31TwENJmVBAtwsff9iIYvpRNZMCvWNb
-----END CERTIFICATE-----