Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/OYxjnTh8G4BZuFqlquaXF1y0ihg.roa
File:                     OYxjnTh8G4BZuFqlquaXF1y0ihg.roa (raw, json)
Hash identifier:          UtES/R52ZduA27NAU9HW94QwsrEVrCAfFggZqeKusM8=
Subject key identifier:   39:8C:63:9D:38:7C:1B:80:59:B8:5A:A5:AA:E6:97:17:5C:B4:8A:18
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       01942369AE6252F184CE9A845F69283E8710
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/OYxjnTh8G4BZuFqlquaXF1y0ihg.roa
Signing time:             Wed 01 Jan 2025 19:48:36 +0000
ROA not before:           Wed 01 Jan 2025 19:48:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60403
IP address blocks:        77.81.97.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:ae:62:52:f1:84:ce:9a:84:5f:69:28:3e:87:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Jan  1 19:48:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=398c639d387c1b8059b85aa5aae697175cb48a18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:40:a2:9d:9d:29:11:ac:07:26:a7:85:e2:1a:
                    23:a9:f3:d2:ed:5e:a3:5e:b7:11:d1:a4:71:e4:90:
                    08:93:f0:2f:d7:91:1d:ad:35:ce:c6:80:fc:7e:61:
                    a8:e3:f5:86:7d:1d:03:f4:07:88:e5:a2:c7:03:2c:
                    b5:cf:02:17:93:68:f9:e3:6c:f4:23:d8:0f:7e:62:
                    d4:ed:64:61:76:d3:f6:f1:ea:5b:0a:13:ec:06:04:
                    32:f9:f0:8b:4b:a7:62:a3:52:4e:fe:3b:23:f4:9a:
                    22:de:1d:00:87:62:f1:ca:66:aa:0a:1d:71:78:15:
                    0e:20:24:aa:51:e2:b1:1c:0e:12:a9:ac:ef:77:1d:
                    fc:82:5e:3b:eb:50:00:74:ea:3e:af:80:41:4a:f8:
                    64:54:32:40:0b:bf:ed:a5:59:08:e0:90:2a:cd:63:
                    34:55:c2:40:71:36:1f:b8:66:b9:66:59:42:6c:9d:
                    18:98:db:44:c9:07:fd:57:ae:dc:be:e6:71:9f:a3:
                    63:17:2d:9e:35:c6:29:13:33:a1:76:c7:57:96:7f:
                    c2:02:a9:f9:fe:09:4b:c4:77:ed:ab:00:6f:21:7a:
                    89:09:ba:92:75:24:68:05:42:7b:14:2f:8a:83:5e:
                    20:1d:5f:6a:64:f7:f2:99:3e:59:03:54:88:59:6f:
                    2c:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:8C:63:9D:38:7C:1B:80:59:B8:5A:A5:AA:E6:97:17:5C:B4:8A:18
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/OYxjnTh8G4BZuFqlquaXF1y0ihg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.81.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:b6:2e:9d:7c:6f:dc:bd:ef:8d:c7:6c:a0:44:fb:c1:ae:05:
         44:bc:f4:04:76:22:9b:fb:21:68:86:11:b5:e7:7a:eb:a0:8d:
         e1:4e:5d:b5:10:e0:58:80:4b:4a:9f:83:2a:5f:e1:37:32:de:
         5f:0a:a3:53:d4:66:af:d0:63:46:39:17:9b:90:98:ea:88:17:
         4b:30:78:31:8f:2f:40:a0:a6:d8:89:8e:0a:69:ed:01:8a:81:
         8b:41:b3:70:87:87:fd:3c:96:7c:9c:44:38:b4:f4:8e:68:51:
         77:cf:6d:88:8d:23:8d:73:25:ab:42:5b:b0:c1:f8:e2:f1:87:
         6a:71:de:10:64:9b:2a:02:19:77:ce:ca:b3:40:f2:87:a9:fe:
         81:cf:51:c5:a3:17:57:ce:e2:50:67:b6:4d:df:ef:84:1d:0b:
         3c:23:65:b9:12:c4:24:d9:e4:81:d9:e2:15:26:98:5d:ae:38:
         7e:8b:99:22:87:4a:80:ed:ec:fa:35:07:f6:8a:31:25:40:e4:
         9d:91:52:fd:52:82:03:79:40:51:b6:f7:d8:d8:e7:8e:f8:8c:
         e0:d6:0f:27:c2:36:fd:cf:f4:ff:c0:24:4f:40:87:96:11:49:
         42:7a:8e:3e:a2:c5:19:ce:a3:be:aa:fc:b3:9e:fc:47:98:2d:
         69:25:7d:cf
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQjaa5iUvGEzpqEX2koPocQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjUwMTAxMTk0ODM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOThjNjM5ZDM4N2MxYjgwNTliODVhYTVhYWU2OTcxNzVjYjQ4YTE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApkCinZ0pEawHJqeF4hojqfPS7V6j
XrcR0aRx5JAIk/Av15EdrTXOxoD8fmGo4/WGfR0D9AeI5aLHAyy1zwIXk2j542z0
I9gPfmLU7WRhdtP28epbChPsBgQy+fCLS6dio1JO/jsj9Joi3h0Ah2LxymaqCh1x
eBUOICSqUeKxHA4Sqazvdx38gl4761AAdOo+r4BBSvhkVDJAC7/tpVkI4JAqzWM0
VcJAcTYfuGa5ZllCbJ0YmNtEyQf9V67cvuZxn6NjFy2eNcYpEzOhdsdXln/CAqn5
/glLxHftqwBvIXqJCbqSdSRoBUJ7FC+Kg14gHV9qZPfymT5ZA1SIWW8sQQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFDmMY504fBuAWbhaparmlxdctIoYMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL09ZeGpuVGg4RzRCWnVGcWxxdWFYRjF5MGloZy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABNUWEw
DQYJKoZIhvcNAQELBQADggEBACC2Lp18b9y9743HbKBE+8GuBUS89AR2Ipv7IWiG
EbXneuugjeFOXbUQ4FiAS0qfgypf4Tcy3l8Ko1PUZq/QY0Y5F5uQmOqIF0sweDGP
L0CgptiJjgpp7QGKgYtBs3CHh/08lnycRDi09I5oUXfPbYiNI41zJatCW7DB+OLx
h2px3hBkmyoCGXfOyrNA8oep/oHPUcWjF1fO4lBntk3f74QdCzwjZbkSxCTZ5IHZ
4hUmmF2uOH6LmSKHSoDt7Po1B/aKMSVA5J2RUv1SggN5QFG299jY5474jODWDyfC
Nv3P9P/AJE9Ah5YRSUJ6jj6ixRnOo76q/LOe/EeYLWklfc8=
-----END CERTIFICATE-----