Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/HD9kcrEP7U4PMxwMZJa6QqrBK5k.roa
File:                     HD9kcrEP7U4PMxwMZJa6QqrBK5k.roa (raw, json)
Hash identifier:          Eu3NZQHQYqcF7RvdVYswrcAidNOqbPsMPIoGdfw1B4g=
Subject key identifier:   1C:3F:64:72:B1:0F:ED:4E:0F:33:1C:0C:64:96:BA:42:AA:C1:2B:99
Certificate issuer:       /CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
Certificate serial:       018CC86FD5AC28ACD3A33AD51834B62212B2
Authority key identifier: F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/HD9kcrEP7U4PMxwMZJa6QqrBK5k.roa
Signing time:             Tue 02 Jan 2024 04:30:21 +0000
ROA not before:           Tue 02 Jan 2024 04:30:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62119
IP address blocks:        194.147.97.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 13:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:d5:ac:28:ac:d3:a3:3a:d5:18:34:b6:22:12:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
        Validity
            Not Before: Jan  2 04:30:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1c3f6472b10fed4e0f331c0c6496ba42aac12b99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:33:f8:9a:20:e8:0a:e9:d8:53:4b:c7:0b:8f:
                    77:98:9d:4d:91:76:91:e4:27:37:33:da:95:95:35:
                    10:1f:00:95:78:5c:2e:bb:d4:0e:36:9b:c8:dc:b4:
                    b9:e4:58:ea:7b:49:82:26:bb:b1:0d:ed:b9:d0:2b:
                    b8:13:65:1d:63:5c:db:75:ae:36:fe:a4:ea:2d:da:
                    24:85:7c:91:51:c5:2c:f6:fb:e5:36:fc:be:53:0f:
                    e8:c7:ec:66:f2:4e:c9:30:f4:9e:5a:6a:3d:7e:e7:
                    78:ed:8f:b6:d7:03:b6:48:25:c4:4d:80:4e:d2:c3:
                    89:6f:24:25:e2:c5:23:b1:9c:08:ad:27:05:70:69:
                    7f:83:73:73:09:37:11:7c:f4:f8:89:86:fd:be:1e:
                    4a:bf:8e:31:e8:18:21:e9:ab:a1:af:fb:0b:f2:cd:
                    3f:03:77:f9:83:41:ab:5f:91:af:6c:1d:92:02:bc:
                    20:f4:c3:fc:af:32:bc:e1:e8:cb:17:b6:6b:98:30:
                    93:3f:8a:7a:43:a0:c6:7d:59:8e:07:79:da:10:30:
                    8f:23:a0:26:29:79:09:70:7a:d4:36:b6:e5:8a:e1:
                    d9:d3:39:10:fa:7e:04:0c:87:c8:ca:21:9c:63:53:
                    85:70:a4:7b:c2:f3:81:d3:e2:e5:0c:d7:c0:60:f7:
                    d9:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:3F:64:72:B1:0F:ED:4E:0F:33:1C:0C:64:96:BA:42:AA:C1:2B:99
            X509v3 Authority Key Identifier:
                keyid:F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/HD9kcrEP7U4PMxwMZJa6QqrBK5k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.147.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:c9:6b:d3:2f:8c:1b:31:99:9f:17:ab:6c:6f:9b:8f:78:f8:
         81:ac:5c:69:e0:93:20:ad:1d:d1:ef:a7:9b:58:fd:58:e9:0d:
         e1:ab:4d:b4:1c:66:ce:b4:b5:db:92:63:eb:bb:12:75:4b:ae:
         f1:0b:79:fb:37:3c:c4:d2:fa:cb:14:ce:11:35:37:f9:b6:50:
         3d:3a:d1:57:81:ae:af:69:ae:1f:25:0e:0c:4f:fb:ae:76:df:
         fe:af:c9:1d:7f:be:8a:e3:6e:0a:ba:9c:09:99:61:77:ed:18:
         16:f5:90:79:a5:c4:a5:0d:10:36:ec:08:1c:bf:ab:fa:27:b3:
         e2:6f:0a:26:f6:d2:42:06:c6:f2:09:7a:a9:50:27:8f:67:42:
         4d:d8:a1:99:71:31:01:bc:9d:ac:36:32:17:45:74:42:cd:d0:
         58:68:d2:87:63:a1:7b:43:5f:55:28:68:02:51:7b:84:5d:ab:
         52:6a:bb:e2:fb:2d:73:08:b1:1f:f3:2f:64:80:9b:93:c1:f7:
         be:cd:1d:5c:8d:5f:7c:ea:4b:b6:a2:f2:53:ab:d0:4c:ad:23:
         22:73:28:5a:6b:96:e4:5c:30:bf:ad:61:2f:27:8b:47:66:bb:
         ab:c1:a5:d5:0e:5b:1d:0b:79:28:83:2d:d4:b7:c4:4a:91:6c:
         d4:3e:3b:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb9WsKKzTozrVGDS2IhKyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NzcwNWU4OWJiNjViNDcyZTRlMDE4NGQ2ZmU5YmZiOGM1
ODYzNWEwHhcNMjQwMTAyMDQzMDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzNmNjQ3MmIxMGZlZDRlMGYzMzFjMGM2NDk2YmE0MmFhYzEyYjk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtjP4miDoCunYU0vHC493mJ1NkXaR
5Cc3M9qVlTUQHwCVeFwuu9QONpvI3LS55Fjqe0mCJruxDe250Cu4E2UdY1zbda42
/qTqLdokhXyRUcUs9vvlNvy+Uw/ox+xm8k7JMPSeWmo9fud47Y+21wO2SCXETYBO
0sOJbyQl4sUjsZwIrScFcGl/g3NzCTcRfPT4iYb9vh5Kv44x6Bgh6auhr/sL8s0/
A3f5g0GrX5GvbB2SArwg9MP8rzK84ejLF7ZrmDCTP4p6Q6DGfVmOB3naEDCPI6Am
KXkJcHrUNrbliuHZ0zkQ+n4EDIfIyiGcY1OFcKR7wvOB0+LlDNfAYPfZ4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBw/ZHKxD+1ODzMcDGSWukKqwSuZMB8GA1UdIwQY
MBaAFPd3BeibtltHLk4BhNb+m/uMWGNaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYt
NmNiODk3OTFkN2ZkLzEvSEQ5a2NyRVA3VTRQTXh3TVpKYTZRcXJCSzVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYtNmNiODk3OTFkN2Zk
LzEvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpNhMA0G
CSqGSIb3DQEBCwUAA4IBAQBSyWvTL4wbMZmfF6tsb5uPePiBrFxp4JMgrR3R76eb
WP1Y6Q3hq020HGbOtLXbkmPruxJ1S67xC3n7NzzE0vrLFM4RNTf5tlA9OtFXga6v
aa4fJQ4MT/uudt/+r8kdf76K424KupwJmWF37RgW9ZB5pcSlDRA27Agcv6v6J7Pi
bwom9tJCBsbyCXqpUCePZ0JN2KGZcTEBvJ2sNjIXRXRCzdBYaNKHY6F7Q19VKGgC
UXuEXatSarvi+y1zCLEf8y9kgJuTwfe+zR1cjV986ku2ovJTq9BMrSMicyhaa5bk
XDC/rWEvJ4tHZrurwaXVDlsdC3kogy3Ut8RKkWzUPjtF
-----END CERTIFICATE-----