Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/c52293-0678-4b42-8ae0-4891653eeb67/1/y-JN5yrxdSL2NPfASPBg38Xqp0Y.roa
File:                     y-JN5yrxdSL2NPfASPBg38Xqp0Y.roa (raw, json)
Hash identifier:          NKNVbXPGT4OMzdCprZk8cDeF37Oap/9EZELbi8DB24Q=
Subject key identifier:   CB:E2:4D:E7:2A:F1:75:22:F6:34:F7:C0:48:F0:60:DF:C5:EA:A7:46
Certificate issuer:       /CN=e78ba5d98d48cebd5ad04c08bf09082b12a7e3ab
Certificate serial:       018CC3B731CBAB1BD381826E0F0D6DDD52FC
Authority key identifier: E7:8B:A5:D9:8D:48:CE:BD:5A:D0:4C:08:BF:09:08:2B:12:A7:E3:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/54ul2Y1Izr1a0EwIvwkIKxKn46s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/c52293-0678-4b42-8ae0-4891653eeb67/1/y-JN5yrxdSL2NPfASPBg38Xqp0Y.roa
Signing time:             Mon 01 Jan 2024 06:30:12 +0000
ROA not before:           Mon 01 Jan 2024 06:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        77.81.0.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/c52293-0678-4b42-8ae0-4891653eeb67/1/54ul2Y1Izr1a0EwIvwkIKxKn46s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/c52293-0678-4b42-8ae0-4891653eeb67/1/54ul2Y1Izr1a0EwIvwkIKxKn46s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/54ul2Y1Izr1a0EwIvwkIKxKn46s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:31:cb:ab:1b:d3:81:82:6e:0f:0d:6d:dd:52:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e78ba5d98d48cebd5ad04c08bf09082b12a7e3ab
        Validity
            Not Before: Jan  1 06:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cbe24de72af17522f634f7c048f060dfc5eaa746
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:48:34:3e:d4:f6:d6:45:62:70:8a:1d:ae:1a:
                    79:7f:12:8b:f5:07:36:3d:3e:89:da:29:16:7b:29:
                    6e:e0:f1:ab:0d:bc:ab:2a:62:bb:e4:4f:37:33:3c:
                    a4:5a:aa:e9:fb:47:df:74:b6:ea:5e:b5:af:d0:5d:
                    38:2f:ff:5f:58:e1:df:2d:ef:8e:78:23:c5:ba:25:
                    ee:7f:7d:5e:7d:19:2e:07:2c:f3:8f:c5:6a:67:00:
                    12:08:27:69:3f:e0:c4:68:e4:14:39:95:39:9b:93:
                    46:63:d9:d1:45:96:d9:a7:8d:6d:6e:96:e4:c8:6e:
                    ab:46:3e:bc:6a:f4:1d:84:ff:d6:3e:dc:6a:76:07:
                    5d:2a:b2:09:60:1f:94:8e:cb:04:2b:b2:4f:7a:f9:
                    fe:3c:77:1f:67:da:45:48:ce:bc:e1:17:86:c7:46:
                    58:30:24:dc:81:1f:b9:82:49:fb:1f:17:19:88:27:
                    cb:4f:16:49:cf:bd:66:00:20:43:dc:ad:13:4a:57:
                    42:f9:d0:14:c0:ce:58:bb:66:ee:2d:50:0a:16:0e:
                    be:28:2b:4b:2a:d4:c9:e0:3e:ee:3f:1c:b8:e2:c2:
                    cb:15:78:70:59:e4:f5:08:d2:76:78:05:86:34:4b:
                    21:7a:c8:35:36:75:fa:19:80:ad:2f:8f:20:ae:5d:
                    1e:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:E2:4D:E7:2A:F1:75:22:F6:34:F7:C0:48:F0:60:DF:C5:EA:A7:46
            X509v3 Authority Key Identifier:
                keyid:E7:8B:A5:D9:8D:48:CE:BD:5A:D0:4C:08:BF:09:08:2B:12:A7:E3:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/54ul2Y1Izr1a0EwIvwkIKxKn46s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/c52293-0678-4b42-8ae0-4891653eeb67/1/y-JN5yrxdSL2NPfASPBg38Xqp0Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/c52293-0678-4b42-8ae0-4891653eeb67/1/54ul2Y1Izr1a0EwIvwkIKxKn46s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.81.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:3d:37:e2:32:5b:c1:10:b9:fd:b5:2a:3a:bc:32:b4:d3:18:
         28:9d:27:91:fd:7a:d5:b2:33:a8:e0:c1:a2:7e:aa:8b:8b:a5:
         1a:30:be:67:47:91:05:96:b4:e7:5d:78:62:7b:ce:0d:b8:25:
         db:25:bd:38:c8:f6:4b:3c:b3:a8:32:48:b8:7a:f0:39:d4:a7:
         81:2c:30:0e:9b:77:49:6e:8a:78:54:28:12:d4:b5:3d:31:af:
         c3:b6:76:41:1e:04:be:75:15:86:7f:42:ca:3d:dd:c6:83:27:
         05:54:f7:81:19:90:82:10:a0:ca:8a:38:96:95:5d:66:2d:5d:
         40:83:8a:27:46:eb:a3:05:cd:65:06:7b:02:3c:ad:69:93:81:
         f3:99:94:83:38:8c:56:ab:66:32:e2:97:9d:07:72:1c:5e:5b:
         e0:0f:fd:fd:31:e8:df:ee:a3:75:a8:06:23:94:eb:52:82:8d:
         cd:69:29:40:92:0c:ea:25:66:eb:ec:9a:55:91:e0:6b:db:ce:
         c0:7f:58:51:91:d7:58:6a:ba:d5:58:ec:c2:23:6e:6e:4f:8f:
         ad:3e:1a:d3:40:e0:c0:e4:66:72:d7:b9:ea:82:11:b9:87:e5:
         7e:cb:f8:2c:ab:44:40:97:44:10:4c:72:44:30:0a:75:3a:bc:
         6d:ed:76:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtzHLqxvTgYJuDw1t3VL8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3OGJhNWQ5OGQ0OGNlYmQ1YWQwNGMwOGJmMDkwODJiMTJh
N2UzYWIwHhcNMjQwMTAxMDYzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmUyNGRlNzJhZjE3NTIyZjYzNGY3YzA0OGYwNjBkZmM1ZWFhNzQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkUg0PtT21kVicIodrhp5fxKL9Qc2
PT6J2ikWeylu4PGrDbyrKmK75E83MzykWqrp+0ffdLbqXrWv0F04L/9fWOHfLe+O
eCPFuiXuf31efRkuByzzj8VqZwASCCdpP+DEaOQUOZU5m5NGY9nRRZbZp41tbpbk
yG6rRj68avQdhP/WPtxqdgddKrIJYB+UjssEK7JPevn+PHcfZ9pFSM684ReGx0ZY
MCTcgR+5gkn7HxcZiCfLTxZJz71mACBD3K0TSldC+dAUwM5Yu2buLVAKFg6+KCtL
KtTJ4D7uPxy44sLLFXhwWeT1CNJ2eAWGNEshesg1NnX6GYCtL48grl0eDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMviTecq8XUi9jT3wEjwYN/F6qdGMB8GA1UdIwQY
MBaAFOeLpdmNSM69WtBMCL8JCCsSp+OrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTR1bDJZMUl6cjFhMEV3SXZ3a0lLeEtuNDZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC9jNTIyOTMtMDY3OC00YjQyLThhZTAt
NDg5MTY1M2VlYjY3LzEveS1KTjV5cnhkU0wyTlBmQVNQQmczOFhxcDBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC9jNTIyOTMtMDY3OC00YjQyLThhZTAtNDg5MTY1M2VlYjY3
LzEvNTR1bDJZMUl6cjFhMEV3SXZ3a0lLeEtuNDZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVEAMA0G
CSqGSIb3DQEBCwUAA4IBAQAPPTfiMlvBELn9tSo6vDK00xgonSeR/XrVsjOo4MGi
fqqLi6UaML5nR5EFlrTnXXhie84NuCXbJb04yPZLPLOoMki4evA51KeBLDAOm3dJ
bop4VCgS1LU9Ma/DtnZBHgS+dRWGf0LKPd3GgycFVPeBGZCCEKDKijiWlV1mLV1A
g4onRuujBc1lBnsCPK1pk4HzmZSDOIxWq2Yy4pedB3IcXlvgD/39Mejf7qN1qAYj
lOtSgo3NaSlAkgzqJWbr7JpVkeBr287Af1hRkddYarrVWOzCI25uT4+tPhrTQODA
5GZy17nqghG5h+V+y/gsq0RAl0QQTHJEMAp1Orxt7XbD
-----END CERTIFICATE-----