Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/zAe2N0TXvIS1IDP94e96Hf8hHL8.roa
File:                     zAe2N0TXvIS1IDP94e96Hf8hHL8.roa (raw, json)
Hash identifier:          rXZcU+7612S2OB6YGYNVTmzaqJtpMtZz7diIrSUZrOQ=
Subject key identifier:   CC:07:B6:37:44:D7:BC:84:B5:20:33:FD:E1:EF:7A:1D:FF:21:1C:BF
Certificate issuer:       /CN=ada25aafe3a9870e9524afa0265987ed5a5a4da3
Certificate serial:       018CC5DC2FD0B87DDAC81500924A71E97BE8
Authority key identifier: AD:A2:5A:AF:E3:A9:87:0E:95:24:AF:A0:26:59:87:ED:5A:5A:4D:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/raJar-Ophw6VJK-gJlmH7VpaTaM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/zAe2N0TXvIS1IDP94e96Hf8hHL8.roa
Signing time:             Mon 01 Jan 2024 16:29:50 +0000
ROA not before:           Mon 01 Jan 2024 16:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49453
IP address blocks:        77.83.153.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/raJar-Ophw6VJK-gJlmH7VpaTaM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/raJar-Ophw6VJK-gJlmH7VpaTaM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/raJar-Ophw6VJK-gJlmH7VpaTaM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 07:02:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:2f:d0:b8:7d:da:c8:15:00:92:4a:71:e9:7b:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ada25aafe3a9870e9524afa0265987ed5a5a4da3
        Validity
            Not Before: Jan  1 16:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cc07b63744d7bc84b52033fde1ef7a1dff211cbf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:41:3b:52:7c:c6:9d:7d:b4:c4:c7:97:61:b8:
                    93:c5:a4:f8:e1:ad:ac:e0:9b:88:ee:20:ae:d0:c1:
                    f7:19:30:ad:08:5c:2f:91:8d:06:19:8f:c2:f8:61:
                    b5:db:ab:4f:02:8e:79:de:98:65:1e:26:b7:1c:5e:
                    69:4e:bf:6c:3b:30:f2:08:71:89:8f:45:ac:f9:79:
                    09:59:9d:e3:1a:5d:f7:e8:f1:30:0a:b7:fa:26:0e:
                    bc:b1:7e:2f:f0:1f:5a:22:25:f4:29:1b:f2:8f:85:
                    a7:cd:09:c0:7f:4c:6f:c5:e1:a7:0d:b1:cf:d8:4d:
                    02:ba:de:9d:09:e0:8a:89:8a:00:11:d1:52:4f:d5:
                    ea:6e:1e:06:3e:97:b1:73:b2:3e:60:6a:ab:72:1e:
                    cc:58:d5:85:c4:7f:7f:85:da:99:a0:8e:ab:42:17:
                    8e:96:0a:ae:6c:a8:6d:93:85:f5:74:fa:55:71:15:
                    ca:9d:fd:62:38:72:d6:58:1f:cc:cf:80:cd:f4:f8:
                    d1:c9:69:ab:64:70:33:e9:c6:74:38:37:d6:3a:e1:
                    2a:5a:a7:99:4f:66:84:64:2c:77:9b:fe:7f:e0:d0:
                    73:3e:92:d8:95:47:8c:72:96:87:fe:33:1e:db:fe:
                    78:7f:89:64:79:09:95:2b:34:1b:15:18:c4:d8:36:
                    98:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:07:B6:37:44:D7:BC:84:B5:20:33:FD:E1:EF:7A:1D:FF:21:1C:BF
            X509v3 Authority Key Identifier:
                keyid:AD:A2:5A:AF:E3:A9:87:0E:95:24:AF:A0:26:59:87:ED:5A:5A:4D:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/raJar-Ophw6VJK-gJlmH7VpaTaM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/zAe2N0TXvIS1IDP94e96Hf8hHL8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/raJar-Ophw6VJK-gJlmH7VpaTaM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.83.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:d6:1e:f5:19:81:b5:bf:18:fe:de:e9:bd:98:dc:bd:6f:b0:
         8b:6f:fc:4a:45:b2:8a:a6:08:4e:c7:fc:d4:d2:64:57:c7:76:
         7f:9d:02:2e:2a:a8:19:d2:bd:74:bf:46:59:7f:11:cf:ac:f1:
         f3:13:8e:8b:13:95:b8:fc:fe:44:26:27:44:f2:f7:79:f5:1f:
         9b:25:df:2f:77:b4:22:d3:57:6a:7a:b5:bb:24:59:5f:53:6a:
         cf:b3:06:3a:ad:60:61:2c:19:94:0e:fc:de:d7:7d:dd:69:b2:
         3a:82:39:e7:eb:20:f9:43:b7:e1:a7:c8:3d:b3:2d:f9:f3:01:
         6c:d2:40:e1:b5:92:0b:bc:3e:77:e4:7a:f9:8b:e2:a1:8b:e0:
         93:c1:db:0a:aa:26:83:50:7e:c1:f6:6b:c6:a6:c6:1b:9b:37:
         3e:05:1b:fb:70:87:c5:d2:26:9c:e9:58:c9:e7:c3:b0:55:6a:
         03:99:70:b5:66:c4:f4:1c:0e:74:d1:ed:f2:40:09:51:83:04:
         f9:25:46:a7:5b:39:f6:d2:64:06:12:48:1d:e9:0a:cd:3c:8a:
         46:ef:87:86:eb:3c:e6:a5:57:39:04:9b:12:d0:ef:f8:20:d6:
         c5:06:f0:a3:41:1d:a8:e1:58:78:44:dd:bc:1f:40:cc:43:1f:
         68:f1:af:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3C/QuH3ayBUAkkpx6XvoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkYTI1YWFmZTNhOTg3MGU5NTI0YWZhMDI2NTk4N2VkNWE1
YTRkYTMwHhcNMjQwMTAxMTYyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzA3YjYzNzQ0ZDdiYzg0YjUyMDMzZmRlMWVmN2ExZGZmMjExY2JmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1UE7UnzGnX20xMeXYbiTxaT44a2s
4JuI7iCu0MH3GTCtCFwvkY0GGY/C+GG126tPAo553phlHia3HF5pTr9sOzDyCHGJ
j0Ws+XkJWZ3jGl336PEwCrf6Jg68sX4v8B9aIiX0KRvyj4WnzQnAf0xvxeGnDbHP
2E0Cut6dCeCKiYoAEdFST9Xqbh4GPpexc7I+YGqrch7MWNWFxH9/hdqZoI6rQheO
lgqubKhtk4X1dPpVcRXKnf1iOHLWWB/Mz4DN9PjRyWmrZHAz6cZ0ODfWOuEqWqeZ
T2aEZCx3m/5/4NBzPpLYlUeMcpaH/jMe2/54f4lkeQmVKzQbFRjE2DaYzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMwHtjdE17yEtSAz/eHveh3/IRy/MB8GA1UdIwQY
MBaAFK2iWq/jqYcOlSSvoCZZh+1aWk2jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmFKYXItT3BodzZWSkstZ0psbUg3VnBhVGFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS84MTBkMjQtYWNiZS00Y2IyLTlhYzUt
OWQ1ODc1ZDg2MzczLzEvekFlMk4wVFh2SVMxSURQOTRlOTZIZjhoSEw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS84MTBkMjQtYWNiZS00Y2IyLTlhYzUtOWQ1ODc1ZDg2Mzcz
LzEvcmFKYXItT3BodzZWSkstZ0psbUg3VnBhVGFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVOZMA0G
CSqGSIb3DQEBCwUAA4IBAQBv1h71GYG1vxj+3um9mNy9b7CLb/xKRbKKpghOx/zU
0mRXx3Z/nQIuKqgZ0r10v0ZZfxHPrPHzE46LE5W4/P5EJidE8vd59R+bJd8vd7Qi
01dqerW7JFlfU2rPswY6rWBhLBmUDvze133dabI6gjnn6yD5Q7fhp8g9sy358wFs
0kDhtZILvD535Hr5i+Khi+CTwdsKqiaDUH7B9mvGpsYbmzc+BRv7cIfF0iac6VjJ
58OwVWoDmXC1ZsT0HA500e3yQAlRgwT5JUanWzn20mQGEkgd6QrNPIpG74eG6zzm
pVc5BJsS0O/4INbFBvCjQR2o4Vh4RN28H0DMQx9o8a8d
-----END CERTIFICATE-----