Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/7c97cf-195c-4fc1-95a3-637fa14656de/1/DujQDMx3DXEUwl_S25-DE-FhKlg.roa
File:                     DujQDMx3DXEUwl_S25-DE-FhKlg.roa (raw, json)
Hash identifier:          kc2HgT2zi7ovcfO8xiQnJUXKfZ/NJb+y4s0qXknod8A=
Subject key identifier:   0E:E8:D0:0C:CC:77:0D:71:14:C2:5F:D2:DB:9F:83:13:E1:61:2A:58
Certificate issuer:       /CN=968a17e16196bb7a86718e6b2bd6a07e37b40c65
Certificate serial:       0194214384F36141241EBAD29A00CC3367E7
Authority key identifier: 96:8A:17:E1:61:96:BB:7A:86:71:8E:6B:2B:D6:A0:7E:37:B4:0C:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/looX4WGWu3qGcY5rK9agfje0DGU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/7c97cf-195c-4fc1-95a3-637fa14656de/1/DujQDMx3DXEUwl_S25-DE-FhKlg.roa
Signing time:             Wed 01 Jan 2025 09:47:40 +0000
ROA not before:           Wed 01 Jan 2025 09:47:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8978
IP address blocks:        212.77.0.0/19 maxlen: 19
                          2a01:b8::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/7c97cf-195c-4fc1-95a3-637fa14656de/1/looX4WGWu3qGcY5rK9agfje0DGU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/7c97cf-195c-4fc1-95a3-637fa14656de/1/looX4WGWu3qGcY5rK9agfje0DGU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/looX4WGWu3qGcY5rK9agfje0DGU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:84:f3:61:41:24:1e:ba:d2:9a:00:cc:33:67:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=968a17e16196bb7a86718e6b2bd6a07e37b40c65
        Validity
            Not Before: Jan  1 09:47:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0ee8d00ccc770d7114c25fd2db9f8313e1612a58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:08:22:eb:c2:fa:98:6e:61:34:78:d0:ba:25:
                    a7:0a:60:6d:29:8a:7a:24:4a:fe:f2:fc:9d:bc:88:
                    e9:78:0f:58:d1:72:13:76:e6:5e:67:21:28:98:0e:
                    b2:de:2f:be:ed:7f:51:94:35:da:f5:f6:80:fa:0e:
                    cd:03:53:61:9a:db:f5:6e:df:dc:c5:33:15:11:bd:
                    dc:32:23:ce:5f:f3:02:11:17:fb:71:65:a9:39:3c:
                    82:89:64:f3:59:f1:88:33:3d:77:88:cb:5e:1e:c7:
                    11:e7:8e:09:d2:f6:84:7c:dc:8c:56:3a:d1:cb:59:
                    93:0b:f8:9e:c4:4b:2e:bc:5f:a9:bd:e2:07:ed:d1:
                    4f:92:ae:8a:9f:a2:e1:4a:bb:89:39:62:0f:55:49:
                    c5:37:d3:c5:1a:6e:37:6d:d6:4c:e6:8c:53:b8:c3:
                    86:f1:68:e9:09:94:c2:d6:7e:68:26:d1:43:8e:d2:
                    f4:66:0d:14:b3:da:3e:7e:38:d2:d1:d7:dd:a8:d3:
                    ee:e1:5e:0e:f1:bb:af:9d:cd:5a:86:25:5b:26:12:
                    a1:1e:5f:7b:ec:c9:89:e8:4b:02:9e:28:7f:40:26:
                    ee:ae:57:68:94:0b:bf:25:e2:4d:97:e9:bd:68:4f:
                    fd:c8:be:98:ee:61:f0:f8:61:bc:a5:f0:81:ec:44:
                    f0:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:E8:D0:0C:CC:77:0D:71:14:C2:5F:D2:DB:9F:83:13:E1:61:2A:58
            X509v3 Authority Key Identifier:
                keyid:96:8A:17:E1:61:96:BB:7A:86:71:8E:6B:2B:D6:A0:7E:37:B4:0C:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/looX4WGWu3qGcY5rK9agfje0DGU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/7c97cf-195c-4fc1-95a3-637fa14656de/1/DujQDMx3DXEUwl_S25-DE-FhKlg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/7c97cf-195c-4fc1-95a3-637fa14656de/1/looX4WGWu3qGcY5rK9agfje0DGU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.77.0.0/19
                IPv6:
                  2a01:b8::/32

    Signature Algorithm: sha256WithRSAEncryption
         84:87:3c:e3:dd:fb:43:1c:6b:d6:86:be:d2:96:68:26:97:5b:
         50:e6:8c:0a:83:4d:f2:46:ce:be:e2:63:fa:4d:e8:8a:38:e2:
         8c:73:f9:4b:e9:32:a5:3e:cc:eb:0f:8c:99:7d:5f:ce:72:a0:
         ac:7e:8d:d4:a9:14:0c:83:b2:42:48:66:45:1b:bc:f7:d8:ed:
         ba:94:f0:a0:b7:b7:5a:1d:01:bd:0d:c3:b7:5a:f3:47:2c:28:
         15:c6:58:e4:c9:92:18:73:e2:b7:f9:52:84:df:8a:2c:09:6d:
         e1:23:35:4b:32:35:17:12:ef:a1:5c:c0:7f:a0:bf:5a:cd:bc:
         dd:7c:8f:3c:1b:f1:b1:40:e8:82:8a:4f:d8:70:8b:74:d4:a1:
         97:cd:ee:91:c1:5f:82:ec:c9:27:6b:79:c9:3d:25:25:8f:6c:
         a3:ad:53:98:de:bd:11:09:23:72:48:3b:6f:65:8e:06:c9:71:
         73:42:5a:b0:5b:64:bc:19:77:05:44:07:50:f8:94:fe:b7:0c:
         9b:20:b4:3d:6d:39:75:38:c7:64:8b:83:b1:93:1e:82:6c:69:
         d1:c1:e6:68:fd:c4:84:fc:10:d4:99:80:cd:53:18:4e:26:d3:
         e3:73:da:56:b2:81:7d:91:39:92:90:3c:77:6d:70:03:86:a6:
         f6:35:84:d1
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQhQ4TzYUEkHrrSmgDMM2fnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2OGExN2UxNjE5NmJiN2E4NjcxOGU2YjJiZDZhMDdlMzdi
NDBjNjUwHhcNMjUwMTAxMDk0NzQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZWU4ZDAwY2NjNzcwZDcxMTRjMjVmZDJkYjlmODMxM2UxNjEyYTU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Qgi68L6mG5hNHjQuiWnCmBtKYp6
JEr+8vydvIjpeA9Y0XITduZeZyEomA6y3i++7X9RlDXa9faA+g7NA1Nhmtv1bt/c
xTMVEb3cMiPOX/MCERf7cWWpOTyCiWTzWfGIMz13iMteHscR544J0vaEfNyMVjrR
y1mTC/iexEsuvF+pveIH7dFPkq6Kn6LhSruJOWIPVUnFN9PFGm43bdZM5oxTuMOG
8WjpCZTC1n5oJtFDjtL0Zg0Us9o+fjjS0dfdqNPu4V4O8buvnc1ahiVbJhKhHl97
7MmJ6EsCnih/QCburldolAu/JeJNl+m9aE/9yL6Y7mHw+GG8pfCB7ETwqQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFA7o0AzMdw1xFMJf0tufgxPhYSpYMB8GA1UdIwQY
MBaAFJaKF+Fhlrt6hnGOayvWoH43tAxlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbG9vWDRXR1d1M3FHY1k1cks5YWdmamUwREdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS83Yzk3Y2YtMTk1Yy00ZmMxLTk1YTMt
NjM3ZmExNDY1NmRlLzEvRHVqUURNeDNEWEVVd2xfUzI1LURFLUZoS2xnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS83Yzk3Y2YtMTk1Yy00ZmMxLTk1YTMtNjM3ZmExNDY1NmRl
LzEvbG9vWDRXR1d1M3FHY1k1cks5YWdmamUwREdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQF1E0AMA0E
AgACMAcDBQAqAQC4MA0GCSqGSIb3DQEBCwUAA4IBAQCEhzzj3ftDHGvWhr7Slmgm
l1tQ5owKg03yRs6+4mP6TeiKOOKMc/lL6TKlPszrD4yZfV/OcqCsfo3UqRQMg7JC
SGZFG7z32O26lPCgt7daHQG9DcO3WvNHLCgVxljkyZIYc+K3+VKE34osCW3hIzVL
MjUXEu+hXMB/oL9azbzdfI88G/GxQOiCik/YcIt01KGXze6RwV+C7Mkna3nJPSUl
j2yjrVOY3r0RCSNySDtvZY4GyXFzQlqwW2S8GXcFRAdQ+JT+twybILQ9bTl1OMdk
i4Oxkx6CbGnRweZo/cSE/BDUmYDNUxhOJtPjc9pWsoF9kTmSkDx3bXADhqb2NYTR
-----END CERTIFICATE-----