Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/f3fb24-9a20-449e-af62-28f52052c1dd/1/eB9BFoLu8JL0Dy2yhrXWXgheQKQ.roa
File:                     eB9BFoLu8JL0Dy2yhrXWXgheQKQ.roa (raw, json)
Hash identifier:          FsN+2Y4G/rvaX7dL6GAqq/hTsh+KJzrWsz0jO+iKnjU=
Subject key identifier:   78:1F:41:16:82:EE:F0:92:F4:0F:2D:B2:86:B5:D6:5E:08:5E:40:A4
Certificate issuer:       /CN=150183623fc16dc74cb775462c36d31016a40ac1
Certificate serial:       019427476EE38B538C0BF514AEC0EC8D6D5D
Authority key identifier: 15:01:83:62:3F:C1:6D:C7:4C:B7:75:46:2C:36:D3:10:16:A4:0A:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FQGDYj_BbcdMt3VGLDbTEBakCsE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/f3fb24-9a20-449e-af62-28f52052c1dd/1/eB9BFoLu8JL0Dy2yhrXWXgheQKQ.roa
Signing time:             Thu 02 Jan 2025 13:49:40 +0000
ROA not before:           Thu 02 Jan 2025 13:49:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57511
IP address blocks:        158.255.77.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/f3fb24-9a20-449e-af62-28f52052c1dd/1/FQGDYj_BbcdMt3VGLDbTEBakCsE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/f3fb24-9a20-449e-af62-28f52052c1dd/1/FQGDYj_BbcdMt3VGLDbTEBakCsE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FQGDYj_BbcdMt3VGLDbTEBakCsE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 15:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:6e:e3:8b:53:8c:0b:f5:14:ae:c0:ec:8d:6d:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=150183623fc16dc74cb775462c36d31016a40ac1
        Validity
            Not Before: Jan  2 13:49:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=781f411682eef092f40f2db286b5d65e085e40a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:5d:98:b1:61:80:3f:58:46:81:87:5a:32:50:
                    91:eb:40:a8:74:0f:1e:5b:97:82:bc:a4:ab:85:06:
                    26:fa:a1:99:7e:4c:2f:49:62:01:23:d3:67:7f:4c:
                    99:9f:46:01:df:88:f9:7b:ee:66:85:d5:e1:5a:de:
                    28:3a:b4:64:d1:2a:66:55:60:29:8b:b0:16:c1:1c:
                    80:10:95:cf:80:94:1a:62:35:3a:71:ee:30:79:17:
                    4d:3a:49:ac:05:29:90:f3:fe:70:31:0d:6f:6b:fe:
                    67:b1:ff:1b:ce:4c:e1:76:ae:3d:e4:45:94:e3:ee:
                    46:07:f0:16:bb:24:45:4d:50:8d:24:c3:7b:1c:e4:
                    21:15:f2:53:7d:02:82:77:51:72:83:25:6f:9a:6c:
                    8f:a3:89:24:a6:9f:31:7c:56:ad:a7:c3:87:32:c0:
                    c0:cf:e2:0d:e8:0b:5d:e6:6a:86:03:b3:a8:a6:15:
                    02:79:10:9d:18:83:39:26:d1:6b:54:1a:9d:7a:6c:
                    59:78:e7:84:7e:c4:41:a5:df:80:d1:19:68:31:63:
                    81:fd:ad:f7:f0:92:0c:4a:7d:ca:fc:9e:2c:76:39:
                    88:2a:91:3e:1e:bd:c6:69:0f:96:fe:74:e6:c7:15:
                    71:1e:0a:1e:c7:e1:e0:ff:47:a2:1b:48:74:a1:a4:
                    9e:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:1F:41:16:82:EE:F0:92:F4:0F:2D:B2:86:B5:D6:5E:08:5E:40:A4
            X509v3 Authority Key Identifier:
                keyid:15:01:83:62:3F:C1:6D:C7:4C:B7:75:46:2C:36:D3:10:16:A4:0A:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FQGDYj_BbcdMt3VGLDbTEBakCsE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/f3fb24-9a20-449e-af62-28f52052c1dd/1/eB9BFoLu8JL0Dy2yhrXWXgheQKQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/f3fb24-9a20-449e-af62-28f52052c1dd/1/FQGDYj_BbcdMt3VGLDbTEBakCsE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.255.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:5f:cd:9e:a3:f6:10:c3:95:e8:53:76:ef:22:be:2e:d9:df:
         4d:e8:30:51:38:2e:d3:56:24:56:17:01:36:bf:a7:47:ab:cf:
         9c:09:e4:c0:e8:68:b9:ca:d5:e8:e4:89:dd:20:0d:c9:32:5c:
         b0:3f:1d:15:6e:d3:84:f9:3b:45:b9:e7:8c:7f:85:50:f0:4a:
         26:7d:6f:42:de:89:61:0c:e2:64:1e:bd:b0:6c:db:b4:75:3d:
         8e:4e:3e:98:76:89:87:58:f0:68:2e:60:48:f4:36:d4:2b:9f:
         03:a6:23:74:af:fc:28:31:12:b7:0c:37:1e:86:8f:5c:62:05:
         9c:b9:fa:e8:3f:a9:67:59:13:de:08:82:ba:35:e0:c7:3d:7d:
         a4:6d:07:99:0a:ff:b5:f7:07:49:b9:e6:63:9b:02:40:e9:ea:
         b8:e7:4b:cb:1e:07:eb:23:14:19:3b:24:7f:ca:59:d7:ed:00:
         bd:07:f7:a4:c2:90:4d:90:58:8c:7b:ac:77:06:de:5b:89:38:
         a9:29:9f:c7:49:cc:82:da:7e:fb:2d:a5:1a:72:0a:c6:ea:0b:
         1c:48:ff:ba:d7:26:dd:a0:9f:ca:47:09:f3:e9:6a:25:c2:8d:
         cc:b9:c6:3b:a9:f1:44:4c:f5:f9:31:c5:12:4d:77:cb:f0:30:
         c3:fe:e0:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR27ji1OMC/UUrsDsjW1dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1MDE4MzYyM2ZjMTZkYzc0Y2I3NzU0NjJjMzZkMzEwMTZh
NDBhYzEwHhcNMjUwMTAyMTM0OTQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODFmNDExNjgyZWVmMDkyZjQwZjJkYjI4NmI1ZDY1ZTA4NWU0MGE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs12YsWGAP1hGgYdaMlCR60CodA8e
W5eCvKSrhQYm+qGZfkwvSWIBI9Nnf0yZn0YB34j5e+5mhdXhWt4oOrRk0SpmVWAp
i7AWwRyAEJXPgJQaYjU6ce4weRdNOkmsBSmQ8/5wMQ1va/5nsf8bzkzhdq495EWU
4+5GB/AWuyRFTVCNJMN7HOQhFfJTfQKCd1FygyVvmmyPo4kkpp8xfFatp8OHMsDA
z+IN6Atd5mqGA7OophUCeRCdGIM5JtFrVBqdemxZeOeEfsRBpd+A0RloMWOB/a33
8JIMSn3K/J4sdjmIKpE+Hr3GaQ+W/nTmxxVxHgoex+Hg/0eiG0h0oaSeDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHgfQRaC7vCS9A8tsoa11l4IXkCkMB8GA1UdIwQY
MBaAFBUBg2I/wW3HTLd1Riw20xAWpArBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRlFHRFlqX0JiY2RNdDNWR0xEYlRFQmFrQ3NFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny9mM2ZiMjQtOWEyMC00NDllLWFmNjIt
MjhmNTIwNTJjMWRkLzEvZUI5QkZvTHU4SkwwRHkyeWhyWFdYZ2hlUUtRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny9mM2ZiMjQtOWEyMC00NDllLWFmNjItMjhmNTIwNTJjMWRk
LzEvRlFHRFlqX0JiY2RNdDNWR0xEYlRFQmFrQ3NFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnv9NMA0G
CSqGSIb3DQEBCwUAA4IBAQAUX82eo/YQw5XoU3bvIr4u2d9N6DBROC7TViRWFwE2
v6dHq8+cCeTA6Gi5ytXo5IndIA3JMlywPx0VbtOE+TtFueeMf4VQ8EomfW9C3olh
DOJkHr2wbNu0dT2OTj6YdomHWPBoLmBI9DbUK58DpiN0r/woMRK3DDceho9cYgWc
ufroP6lnWRPeCIK6NeDHPX2kbQeZCv+19wdJueZjmwJA6eq450vLHgfrIxQZOyR/
ylnX7QC9B/ekwpBNkFiMe6x3Bt5biTipKZ/HScyC2n77LaUacgrG6gscSP+61ybd
oJ/KRwnz6Wolwo3MucY7qfFETPX5McUSTXfL8DDD/uAs
-----END CERTIFICATE-----