Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/edffbb-1082-4482-8a08-65f8247ffa91/1/lXBTU27eFgshokh8vJE1nAMtb5w.roa
File:                     lXBTU27eFgshokh8vJE1nAMtb5w.roa (raw, json)
Hash identifier:          NEupPq3eJMQCmbLwLLNgcOioC5JlQp0zgqS90i9G8cQ=
Subject key identifier:   95:70:53:53:6E:DE:16:0B:21:A2:48:7C:BC:91:35:9C:03:2D:6F:9C
Certificate issuer:       /CN=a322f229edc2f314a2fa5ef0d7af1dddb499ea31
Certificate serial:       018CC7933338842B09DF6352C5A7F0A1CAC9
Authority key identifier: A3:22:F2:29:ED:C2:F3:14:A2:FA:5E:F0:D7:AF:1D:DD:B4:99:EA:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oyLyKe3C8xSi-l7w168d3bSZ6jE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/edffbb-1082-4482-8a08-65f8247ffa91/1/lXBTU27eFgshokh8vJE1nAMtb5w.roa
Signing time:             Tue 02 Jan 2024 00:29:21 +0000
ROA not before:           Tue 02 Jan 2024 00:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42309
IP address blocks:        77.240.208.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/edffbb-1082-4482-8a08-65f8247ffa91/1/oyLyKe3C8xSi-l7w168d3bSZ6jE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/edffbb-1082-4482-8a08-65f8247ffa91/1/oyLyKe3C8xSi-l7w168d3bSZ6jE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oyLyKe3C8xSi-l7w168d3bSZ6jE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jul 2024 08:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:33:38:84:2b:09:df:63:52:c5:a7:f0:a1:ca:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a322f229edc2f314a2fa5ef0d7af1dddb499ea31
        Validity
            Not Before: Jan  2 00:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=957053536ede160b21a2487cbc91359c032d6f9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:f0:e5:b3:d7:3f:16:47:1e:2b:6a:bc:6b:a9:
                    ae:ed:5a:2e:44:83:73:2a:2d:8b:57:33:db:c9:d4:
                    b9:35:a9:a8:47:e1:c5:b2:7b:4a:27:68:8e:bb:43:
                    f3:fe:63:e4:1d:9e:3d:d1:5e:a9:41:d9:e9:7d:e1:
                    12:af:21:e5:32:05:bc:bd:8a:dc:b7:a8:24:2f:35:
                    bf:89:ac:31:23:8b:5f:8d:9d:24:e0:6d:b9:cb:35:
                    64:5f:22:42:43:9e:a6:0d:1b:d3:d2:5e:0c:2b:94:
                    2f:1b:56:de:81:6e:d7:31:79:6b:3e:12:af:ef:37:
                    6d:7d:71:55:92:89:c2:29:46:8a:5c:10:47:6a:f0:
                    b5:48:17:23:52:e8:b0:bb:e2:73:c2:da:6b:8f:2c:
                    68:62:2b:c0:af:a7:3f:ad:26:bd:c6:ce:51:4b:e6:
                    03:4c:4b:72:92:3a:32:f7:55:a7:63:7b:d3:1d:cc:
                    92:8e:46:a2:6e:29:d9:f3:f5:d4:7d:14:0b:20:26:
                    a5:a3:f2:dd:8c:f5:54:30:ed:1c:c9:89:ee:3f:8a:
                    8f:07:4f:36:d3:19:6e:79:80:de:18:6e:18:4c:1a:
                    8f:37:c8:81:3f:52:32:28:dd:bc:8f:44:e8:7b:fa:
                    e1:04:56:d1:49:b0:f0:19:16:5e:99:aa:29:29:20:
                    a7:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:70:53:53:6E:DE:16:0B:21:A2:48:7C:BC:91:35:9C:03:2D:6F:9C
            X509v3 Authority Key Identifier:
                keyid:A3:22:F2:29:ED:C2:F3:14:A2:FA:5E:F0:D7:AF:1D:DD:B4:99:EA:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oyLyKe3C8xSi-l7w168d3bSZ6jE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/edffbb-1082-4482-8a08-65f8247ffa91/1/lXBTU27eFgshokh8vJE1nAMtb5w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/edffbb-1082-4482-8a08-65f8247ffa91/1/oyLyKe3C8xSi-l7w168d3bSZ6jE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.240.208.0/20

    Signature Algorithm: sha256WithRSAEncryption
         81:79:11:85:ef:5c:23:a4:1b:11:c7:9e:f0:88:66:03:8d:b8:
         5c:7d:4d:19:d8:24:6d:a0:68:f1:3d:5e:8f:ab:c4:1a:90:3b:
         99:0f:97:97:8b:35:94:b3:59:f9:dc:de:ae:d1:35:c8:47:81:
         d6:a9:12:94:6e:8b:14:d8:18:59:0f:37:ba:06:f8:fb:ed:cf:
         52:34:b8:6e:aa:46:1a:60:55:fb:4b:40:74:a3:58:5c:93:0c:
         15:6f:1f:9b:49:b4:f2:98:ef:80:0c:c2:b0:08:51:8f:9e:af:
         bc:d3:03:b0:42:af:86:e4:c6:d2:a3:e6:d8:68:9c:07:c5:87:
         ea:04:ad:e2:bc:7d:58:3f:03:64:65:40:1f:f3:26:26:8c:3e:
         10:9d:23:b6:64:7e:03:14:60:21:a6:aa:fc:e4:6f:65:fa:71:
         7d:2d:52:76:81:f1:0d:f7:98:4e:b2:5e:46:36:2e:6a:da:52:
         28:a4:22:62:92:c0:60:d5:aa:0b:00:5c:41:66:1f:26:95:3a:
         60:3d:c9:d6:0d:92:80:c9:aa:64:10:16:0f:e2:dd:47:21:20:
         24:48:1f:cb:4f:77:0d:92:1e:32:27:e1:3e:61:15:84:10:5c:
         a2:f2:36:d2:ae:e3:9c:17:75:22:ca:c1:05:6d:66:09:38:59:
         bc:6f:f5:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHkzM4hCsJ32NSxafwocrJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzMjJmMjI5ZWRjMmYzMTRhMmZhNWVmMGQ3YWYxZGRkYjQ5
OWVhMzEwHhcNMjQwMTAyMDAyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTcwNTM1MzZlZGUxNjBiMjFhMjQ4N2NiYzkxMzU5YzAzMmQ2ZjljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArvDls9c/FkceK2q8a6mu7VouRINz
Ki2LVzPbydS5NamoR+HFsntKJ2iOu0Pz/mPkHZ490V6pQdnpfeESryHlMgW8vYrc
t6gkLzW/iawxI4tfjZ0k4G25yzVkXyJCQ56mDRvT0l4MK5QvG1begW7XMXlrPhKv
7zdtfXFVkonCKUaKXBBHavC1SBcjUuiwu+JzwtprjyxoYivAr6c/rSa9xs5RS+YD
TEtykjoy91WnY3vTHcySjkaibinZ8/XUfRQLICalo/LdjPVUMO0cyYnuP4qPB082
0xlueYDeGG4YTBqPN8iBP1IyKN28j0Toe/rhBFbRSbDwGRZemaopKSCnywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJVwU1Nu3hYLIaJIfLyRNZwDLW+cMB8GA1UdIwQY
MBaAFKMi8intwvMUovpe8NevHd20meoxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3lMeUtlM0M4eFNpLWw3dzE2OGQzYlNaNmpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC9lZGZmYmItMTA4Mi00NDgyLThhMDgt
NjVmODI0N2ZmYTkxLzEvbFhCVFUyN2VGZ3Nob2toOHZKRTFuQU10YjV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC9lZGZmYmItMTA4Mi00NDgyLThhMDgtNjVmODI0N2ZmYTkx
LzEvb3lMeUtlM0M4eFNpLWw3dzE2OGQzYlNaNmpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQETfDQMA0G
CSqGSIb3DQEBCwUAA4IBAQCBeRGF71wjpBsRx57wiGYDjbhcfU0Z2CRtoGjxPV6P
q8QakDuZD5eXizWUs1n53N6u0TXIR4HWqRKUbosU2BhZDze6Bvj77c9SNLhuqkYa
YFX7S0B0o1hckwwVbx+bSbTymO+ADMKwCFGPnq+80wOwQq+G5MbSo+bYaJwHxYfq
BK3ivH1YPwNkZUAf8yYmjD4QnSO2ZH4DFGAhpqr85G9l+nF9LVJ2gfEN95hOsl5G
Ni5q2lIopCJiksBg1aoLAFxBZh8mlTpgPcnWDZKAyapkEBYP4t1HISAkSB/LT3cN
kh4yJ+E+YRWEEFyi8jbSruOcF3UiysEFbWYJOFm8b/WI
-----END CERTIFICATE-----