Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/26a34e-2094-4e76-a1ea-1dedbe7b5baf/1/vM7X6ctK0ERBBqCtPukCyK4LtwY.roa
File:                     vM7X6ctK0ERBBqCtPukCyK4LtwY.roa (raw, json)
Hash identifier:          GCknsHtAfXp+vq6hqI74nK8Od6WwrSAo7lOg8haqjyI=
Subject key identifier:   BC:CE:D7:E9:CB:4A:D0:44:41:06:A0:AD:3E:E9:02:C8:AE:0B:B7:06
Certificate issuer:       /CN=77bdd75f2efc244f86a321b150e62936a14029db
Certificate serial:       018CC9BC77E83EBE2D71064FD47D6CDE3547
Authority key identifier: 77:BD:D7:5F:2E:FC:24:4F:86:A3:21:B1:50:E6:29:36:A1:40:29:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d73XXy78JE-GoyGxUOYpNqFAKds.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/26a34e-2094-4e76-a1ea-1dedbe7b5baf/1/vM7X6ctK0ERBBqCtPukCyK4LtwY.roa
Signing time:             Tue 02 Jan 2024 10:33:41 +0000
ROA not before:           Tue 02 Jan 2024 10:33:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        195.234.155.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/26a34e-2094-4e76-a1ea-1dedbe7b5baf/1/d73XXy78JE-GoyGxUOYpNqFAKds.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/26a34e-2094-4e76-a1ea-1dedbe7b5baf/1/d73XXy78JE-GoyGxUOYpNqFAKds.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d73XXy78JE-GoyGxUOYpNqFAKds.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 19:01:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:77:e8:3e:be:2d:71:06:4f:d4:7d:6c:de:35:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77bdd75f2efc244f86a321b150e62936a14029db
        Validity
            Not Before: Jan  2 10:33:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bcced7e9cb4ad0444106a0ad3ee902c8ae0bb706
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:06:ee:68:6e:f5:6f:60:46:88:78:48:87:bd:
                    b8:1e:c6:82:39:42:a7:f6:25:2a:ab:6c:67:07:27:
                    65:5b:7b:0d:76:5d:63:21:e0:37:ac:bf:a8:d0:b9:
                    dd:7f:6d:f0:b6:88:3c:e3:03:9a:88:bf:e4:d1:c1:
                    dd:40:1b:e2:9f:3c:d6:20:1a:25:7e:62:ee:a3:7d:
                    cc:01:5f:69:7a:44:3d:4e:6c:61:10:9e:09:06:b7:
                    fb:f5:4f:35:d5:e9:be:39:d7:dc:e4:e9:f9:06:55:
                    6e:7a:da:2f:b8:ce:16:5a:38:c8:dd:8a:72:22:13:
                    8d:28:1c:13:42:0d:59:27:3c:92:d5:d1:10:1d:54:
                    d0:9e:28:c4:57:aa:14:5c:52:61:bf:09:c8:c6:4e:
                    0c:45:0b:ad:ce:83:00:fd:fe:3d:c7:c3:0d:1e:48:
                    c3:69:0f:8c:04:21:34:0a:cb:1c:65:b9:0a:b3:37:
                    0f:f3:d0:1a:4d:bd:59:61:20:57:24:f3:37:5b:13:
                    63:c1:4e:49:32:86:05:d8:b8:f1:c7:31:f4:54:86:
                    c6:d9:1f:11:09:5b:21:8f:b2:08:9f:fd:a4:05:1d:
                    89:c8:fa:5c:0f:cf:32:31:03:2b:44:e6:cb:9f:41:
                    83:48:76:58:93:1c:71:3e:5e:3e:b5:8c:7a:24:83:
                    01:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:CE:D7:E9:CB:4A:D0:44:41:06:A0:AD:3E:E9:02:C8:AE:0B:B7:06
            X509v3 Authority Key Identifier:
                keyid:77:BD:D7:5F:2E:FC:24:4F:86:A3:21:B1:50:E6:29:36:A1:40:29:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d73XXy78JE-GoyGxUOYpNqFAKds.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/26a34e-2094-4e76-a1ea-1dedbe7b5baf/1/vM7X6ctK0ERBBqCtPukCyK4LtwY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/26a34e-2094-4e76-a1ea-1dedbe7b5baf/1/d73XXy78JE-GoyGxUOYpNqFAKds.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.234.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b8:29:e2:45:91:2b:5a:0f:e5:31:af:9e:28:f3:eb:1c:dc:8d:
         ed:f8:64:be:04:01:1c:96:9e:c1:1e:3f:31:bc:a9:68:e3:9d:
         cc:a5:d8:02:87:fc:8d:c6:6b:63:a8:b2:f3:10:59:98:67:cd:
         bd:6e:ac:77:6a:9f:33:5c:45:29:c7:71:6e:29:6e:61:f1:be:
         8f:90:dd:b4:e6:da:e6:21:f7:d7:ce:6f:83:87:7f:70:86:61:
         23:33:53:ff:61:47:e3:6e:dd:92:09:72:5b:e8:40:e1:ce:18:
         90:7c:f1:c3:d0:27:32:64:29:76:74:d8:39:c1:ca:7e:19:db:
         8f:0e:9f:01:dd:2b:11:57:d6:56:1b:68:7e:2f:c1:c5:83:c0:
         6d:c4:85:71:10:99:18:12:eb:a7:5b:c7:f0:c5:c0:7f:c8:48:
         a9:9c:32:b8:c4:08:4f:73:02:1e:59:b6:41:de:79:42:96:5b:
         dc:8a:fa:77:4d:eb:b3:2f:ea:cb:62:ed:2a:64:4c:be:18:00:
         0e:18:fa:cb:4d:f3:c3:7e:08:6c:c5:87:47:18:6b:c8:64:40:
         6e:e6:42:a8:9b:72:37:73:f2:cd:2e:5b:b7:b2:af:ed:31:c4:
         ee:98:e0:39:04:48:70:15:77:4e:77:2d:1c:7c:bf:3f:c9:95:
         2f:a0:43:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvHfoPr4tcQZP1H1s3jVHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3YmRkNzVmMmVmYzI0NGY4NmEzMjFiMTUwZTYyOTM2YTE0
MDI5ZGIwHhcNMjQwMTAyMTAzMzQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiY2NlZDdlOWNiNGFkMDQ0NDEwNmEwYWQzZWU5MDJjOGFlMGJiNzA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApwbuaG71b2BGiHhIh724HsaCOUKn
9iUqq2xnBydlW3sNdl1jIeA3rL+o0Lndf23wtog84wOaiL/k0cHdQBvinzzWIBol
fmLuo33MAV9pekQ9TmxhEJ4JBrf79U811em+Odfc5On5BlVuetovuM4WWjjI3Ypy
IhONKBwTQg1ZJzyS1dEQHVTQnijEV6oUXFJhvwnIxk4MRQutzoMA/f49x8MNHkjD
aQ+MBCE0CsscZbkKszcP89AaTb1ZYSBXJPM3WxNjwU5JMoYF2LjxxzH0VIbG2R8R
CVshj7IIn/2kBR2JyPpcD88yMQMrRObLn0GDSHZYkxxxPl4+tYx6JIMBkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLzO1+nLStBEQQagrT7pAsiuC7cGMB8GA1UdIwQY
MBaAFHe9118u/CRPhqMhsVDmKTahQCnbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZDczWFh5NzhKRS1Hb3lHeFVPWXBOcUZBS2RzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My8yNmEzNGUtMjA5NC00ZTc2LWExZWEt
MWRlZGJlN2I1YmFmLzEvdk03WDZjdEswRVJCQnFDdFB1a0N5SzRMdHdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My8yNmEzNGUtMjA5NC00ZTc2LWExZWEtMWRlZGJlN2I1YmFm
LzEvZDczWFh5NzhKRS1Hb3lHeFVPWXBOcUZBS2RzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw+qbMA0G
CSqGSIb3DQEBCwUAA4IBAQC4KeJFkStaD+Uxr54o8+sc3I3t+GS+BAEclp7BHj8x
vKlo453MpdgCh/yNxmtjqLLzEFmYZ829bqx3ap8zXEUpx3FuKW5h8b6PkN205trm
IffXzm+Dh39whmEjM1P/YUfjbt2SCXJb6EDhzhiQfPHD0CcyZCl2dNg5wcp+GduP
Dp8B3SsRV9ZWG2h+L8HFg8BtxIVxEJkYEuunW8fwxcB/yEipnDK4xAhPcwIeWbZB
3nlCllvcivp3TeuzL+rLYu0qZEy+GAAOGPrLTfPDfghsxYdHGGvIZEBu5kKom3I3
c/LNLlu3sq/tMcTumOA5BEhwFXdOdy0cfL8/yZUvoEMm
-----END CERTIFICATE-----