Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/fb212a-7a76-42e2-8989-965529f20d11/1/d5yI5opT0Cbkk44zYMREu8p8iB4.roa
File:                     d5yI5opT0Cbkk44zYMREu8p8iB4.roa (raw, json)
Hash identifier:          hR+I1R/G1iKdcizDw6xImco1zYNp3GZJwFK5bj7CMsw=
Subject key identifier:   77:9C:88:E6:8A:53:D0:26:E4:93:8E:33:60:C4:44:BB:CA:7C:88:1E
Certificate issuer:       /CN=80f9a24bd26cc8217518a11f598e6372025e8ae9
Certificate serial:       018CCA2A3110BBBD349DBE7CC05D475A442B
Authority key identifier: 80:F9:A2:4B:D2:6C:C8:21:75:18:A1:1F:59:8E:63:72:02:5E:8A:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gPmiS9JsyCF1GKEfWY5jcgJeiuk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/fb212a-7a76-42e2-8989-965529f20d11/1/d5yI5opT0Cbkk44zYMREu8p8iB4.roa
Signing time:             Tue 02 Jan 2024 12:33:31 +0000
ROA not before:           Tue 02 Jan 2024 12:33:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49725
IP address blocks:        95.143.144.0/20 maxlen: 20
                          2a00:1da8::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/fb212a-7a76-42e2-8989-965529f20d11/1/gPmiS9JsyCF1GKEfWY5jcgJeiuk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/fb212a-7a76-42e2-8989-965529f20d11/1/gPmiS9JsyCF1GKEfWY5jcgJeiuk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gPmiS9JsyCF1GKEfWY5jcgJeiuk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:31:10:bb:bd:34:9d:be:7c:c0:5d:47:5a:44:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=80f9a24bd26cc8217518a11f598e6372025e8ae9
        Validity
            Not Before: Jan  2 12:33:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=779c88e68a53d026e4938e3360c444bbca7c881e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:2e:2b:87:c7:1e:0f:12:b5:5c:c6:f4:16:54:
                    6c:91:ab:73:2f:4a:6c:80:9f:9a:a3:fa:80:21:32:
                    83:c2:f0:95:49:bb:4f:65:19:3f:d8:31:62:2d:d5:
                    eb:b5:d4:8b:89:53:66:55:b5:f6:4f:f1:77:f6:1a:
                    86:3e:5c:1c:fd:d3:f7:c6:d2:c5:d3:e1:a2:22:1b:
                    4f:20:2c:66:cc:07:e8:52:ba:2b:91:b6:e5:aa:43:
                    79:51:bf:63:e1:a1:e8:12:2b:6c:4d:4f:3a:8d:36:
                    16:fe:97:78:24:82:f8:61:f1:47:b7:63:99:c9:0a:
                    40:90:d6:c9:4a:43:45:53:16:89:e8:1a:22:48:88:
                    aa:83:fb:95:5c:7e:87:cc:de:fd:39:20:5f:0e:65:
                    0e:71:0f:cc:98:b6:fc:27:48:6f:66:11:82:e2:06:
                    f6:61:fa:85:3d:03:9b:bd:04:67:a7:e3:7d:eb:14:
                    cb:c2:09:16:98:fb:85:59:c8:f6:41:89:f4:8f:16:
                    42:c7:74:f2:d7:61:3e:3f:d0:5a:95:d6:ac:89:d4:
                    f2:d7:cb:0d:46:04:0f:b4:4a:a5:9d:d6:1c:a3:89:
                    eb:fc:8d:24:36:d5:bf:da:ff:66:bb:bd:aa:90:f5:
                    75:68:b4:e3:a8:ac:f2:d9:8c:9b:8a:d0:7c:d7:3d:
                    56:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:9C:88:E6:8A:53:D0:26:E4:93:8E:33:60:C4:44:BB:CA:7C:88:1E
            X509v3 Authority Key Identifier:
                keyid:80:F9:A2:4B:D2:6C:C8:21:75:18:A1:1F:59:8E:63:72:02:5E:8A:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gPmiS9JsyCF1GKEfWY5jcgJeiuk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/fb212a-7a76-42e2-8989-965529f20d11/1/d5yI5opT0Cbkk44zYMREu8p8iB4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/fb212a-7a76-42e2-8989-965529f20d11/1/gPmiS9JsyCF1GKEfWY5jcgJeiuk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.143.144.0/20
                IPv6:
                  2a00:1da8::/32

    Signature Algorithm: sha256WithRSAEncryption
         17:4e:f1:a7:72:72:ed:83:ff:3e:88:d2:81:93:8d:0a:a1:ef:
         bd:97:27:59:b4:3b:fa:5d:f2:13:6a:e5:de:78:78:2e:3c:04:
         1c:8d:97:db:fa:89:0b:a6:e4:c6:0c:d1:5e:94:8a:d6:c0:10:
         b5:c0:5b:e5:66:6e:3b:eb:cb:9b:72:1c:76:d0:2b:00:0b:46:
         d9:42:d5:2d:6f:43:12:f5:21:d7:c4:95:33:63:84:af:58:b0:
         2b:d7:52:ce:c4:ed:5a:54:c0:e6:57:95:78:91:4d:ba:4d:7d:
         58:09:fd:51:18:87:1a:76:2b:95:1a:2f:28:0e:f1:bd:98:de:
         9c:a1:7a:1c:bb:30:f5:0f:c8:16:bf:39:dc:fb:b9:25:81:b8:
         ac:70:d1:15:e7:33:7e:96:a6:04:07:18:3f:e0:ce:8e:e2:b7:
         1f:f8:a7:3a:fd:23:41:c8:0f:71:df:99:82:2a:93:e8:1c:e8:
         64:6d:a6:98:80:f2:6b:f9:e7:71:a6:87:68:0f:9b:d4:ee:5f:
         ca:12:ac:a3:d5:5e:39:02:cc:de:18:3b:99:ff:49:81:5a:36:
         42:c6:7b:b7:08:f2:d5:b5:8d:e2:f3:6f:95:f8:e3:4c:5d:9b:
         0a:c9:80:58:2e:0a:ad:eb:a0:0a:f7:e8:c4:c6:32:b3:6f:87:
         97:44:5e:e1
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzKKjEQu700nb58wF1HWkQrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwZjlhMjRiZDI2Y2M4MjE3NTE4YTExZjU5OGU2MzcyMDI1
ZThhZTkwHhcNMjQwMTAyMTIzMzMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzljODhlNjhhNTNkMDI2ZTQ5MzhlMzM2MGM0NDRiYmNhN2M4ODFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAli4rh8ceDxK1XMb0FlRskatzL0ps
gJ+ao/qAITKDwvCVSbtPZRk/2DFiLdXrtdSLiVNmVbX2T/F39hqGPlwc/dP3xtLF
0+GiIhtPICxmzAfoUrorkbblqkN5Ub9j4aHoEitsTU86jTYW/pd4JIL4YfFHt2OZ
yQpAkNbJSkNFUxaJ6BoiSIiqg/uVXH6HzN79OSBfDmUOcQ/MmLb8J0hvZhGC4gb2
YfqFPQObvQRnp+N96xTLwgkWmPuFWcj2QYn0jxZCx3Ty12E+P9BaldasidTy18sN
RgQPtEqlndYco4nr/I0kNtW/2v9mu72qkPV1aLTjqKzy2YybitB81z1WnQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHeciOaKU9Am5JOOM2DERLvKfIgeMB8GA1UdIwQY
MBaAFID5okvSbMghdRihH1mOY3ICXorpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1BtaVM5SnN5Q0YxR0tFZldZNWpjZ0plaXVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny9mYjIxMmEtN2E3Ni00MmUyLTg5ODkt
OTY1NTI5ZjIwZDExLzEvZDV5STVvcFQwQ2JrazQ0ellNUkV1OHA4aUI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny9mYjIxMmEtN2E3Ni00MmUyLTg5ODktOTY1NTI5ZjIwZDEx
LzEvZ1BtaVM5SnN5Q0YxR0tFZldZNWpjZ0plaXVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQEX4+QMA0E
AgACMAcDBQAqAB2oMA0GCSqGSIb3DQEBCwUAA4IBAQAXTvGncnLtg/8+iNKBk40K
oe+9lydZtDv6XfITauXeeHguPAQcjZfb+okLpuTGDNFelIrWwBC1wFvlZm4768ub
chx20CsAC0bZQtUtb0MS9SHXxJUzY4SvWLAr11LOxO1aVMDmV5V4kU26TX1YCf1R
GIcadiuVGi8oDvG9mN6coXocuzD1D8gWvznc+7klgbiscNEV5zN+lqYEBxg/4M6O
4rcf+Kc6/SNByA9x35mCKpPoHOhkbaaYgPJr+edxpodoD5vU7l/KEqyj1V45Asze
GDuZ/0mBWjZCxnu3CPLVtY3i82+V+ONMXZsKyYBYLgqt66AK9+jExjKzb4eXRF7h
-----END CERTIFICATE-----