Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/94a1e0-c180-4baf-9ea0-f67e7078878e/1/bkl7BiLabjA8Kt3gR8NsKxm04-A.roa
File:                     bkl7BiLabjA8Kt3gR8NsKxm04-A.roa (raw, json)
Hash identifier:          oUVnoAyRVwr8cV6Qsp4rYpkp+k1lpYkaTJCUaGAMdY4=
Subject key identifier:   6E:49:7B:06:22:DA:6E:30:3C:2A:DD:E0:47:C3:6C:2B:19:B4:E3:E0
Certificate issuer:       /CN=f83272c0c32db004f078f874b99da9a0b7e63afd
Certificate serial:       018CC7934982AD9DF94AF4D61CE10A597077
Authority key identifier: F8:32:72:C0:C3:2D:B0:04:F0:78:F8:74:B9:9D:A9:A0:B7:E6:3A:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-DJywMMtsATwePh0uZ2poLfmOv0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/94a1e0-c180-4baf-9ea0-f67e7078878e/1/bkl7BiLabjA8Kt3gR8NsKxm04-A.roa
Signing time:             Tue 02 Jan 2024 00:29:27 +0000
ROA not before:           Tue 02 Jan 2024 00:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60501
IP address blocks:        77.72.87.0/24 maxlen: 24
                          2a11:dd00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/94a1e0-c180-4baf-9ea0-f67e7078878e/1/1-DJywMMtsATwePh0uZ2poLfmOv0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/94a1e0-c180-4baf-9ea0-f67e7078878e/1/1-DJywMMtsATwePh0uZ2poLfmOv0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-DJywMMtsATwePh0uZ2poLfmOv0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:49:82:ad:9d:f9:4a:f4:d6:1c:e1:0a:59:70:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f83272c0c32db004f078f874b99da9a0b7e63afd
        Validity
            Not Before: Jan  2 00:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6e497b0622da6e303c2adde047c36c2b19b4e3e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:00:58:d1:a6:73:dc:45:f5:34:48:0a:1e:48:
                    5d:61:17:8b:0a:4a:9c:bb:44:64:c0:28:6a:d0:57:
                    49:26:e5:dd:5b:0e:56:9b:82:bf:e6:4f:33:8d:4c:
                    98:24:47:a3:3d:55:43:89:aa:5c:4e:b7:ae:66:c7:
                    91:c4:9d:0c:a2:b2:4d:7b:12:13:54:d0:82:08:fd:
                    de:a0:a2:bd:a4:58:c5:9d:72:b4:ac:ad:25:06:c3:
                    f4:34:38:5b:e8:0d:1a:bd:46:af:76:c1:d8:e3:fd:
                    39:22:9f:d5:64:e0:9a:fd:b1:a9:a0:15:18:7e:69:
                    8b:23:a2:f1:88:f9:60:e7:85:02:40:6a:38:2a:b7:
                    d9:aa:34:40:a8:94:d3:2d:3f:30:32:82:23:d2:73:
                    99:7f:bb:17:be:e5:66:e5:a4:26:1d:b1:3f:84:5b:
                    e8:53:56:46:dc:dd:cf:60:e3:8c:3a:18:11:4e:91:
                    c9:8b:67:e9:2c:5f:59:7e:40:8d:39:9e:8e:43:99:
                    f3:1a:6d:e1:26:65:03:69:5d:4b:1e:0b:35:01:91:
                    87:db:aa:31:27:48:6e:22:67:7f:23:98:2f:48:34:
                    0f:fb:5b:07:04:01:96:75:36:ac:b4:64:0f:52:02:
                    7b:47:58:bf:e6:80:bb:17:06:2a:cb:52:59:e6:f8:
                    db:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:49:7B:06:22:DA:6E:30:3C:2A:DD:E0:47:C3:6C:2B:19:B4:E3:E0
            X509v3 Authority Key Identifier:
                keyid:F8:32:72:C0:C3:2D:B0:04:F0:78:F8:74:B9:9D:A9:A0:B7:E6:3A:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-DJywMMtsATwePh0uZ2poLfmOv0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/94a1e0-c180-4baf-9ea0-f67e7078878e/1/bkl7BiLabjA8Kt3gR8NsKxm04-A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/94a1e0-c180-4baf-9ea0-f67e7078878e/1/1-DJywMMtsATwePh0uZ2poLfmOv0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.72.87.0/24
                IPv6:
                  2a11:dd00::/29

    Signature Algorithm: sha256WithRSAEncryption
         61:a9:43:80:48:da:11:75:e0:28:85:d1:21:3f:6b:ff:35:b1:
         6b:07:d3:19:1c:e3:57:0c:3d:e9:03:03:59:cf:60:bd:32:02:
         93:5b:18:6b:39:60:ca:c9:51:07:91:1e:44:5c:cd:4e:5d:35:
         52:50:a9:ef:33:f1:7d:70:98:d6:16:fb:00:74:7b:57:16:60:
         17:db:2f:bf:3b:b6:4a:a0:7b:31:ed:6e:a3:12:13:75:91:d0:
         d2:4a:7c:7e:8e:bb:5c:eb:8b:1c:3b:1b:47:7f:4e:8f:cc:29:
         e9:32:bb:45:87:51:60:04:44:2c:78:90:c7:2a:9b:1b:48:67:
         a1:55:e2:39:58:49:8d:36:b4:05:78:63:0e:37:8a:d8:ad:e8:
         0d:11:9d:cb:88:22:18:bc:fc:25:29:e8:fc:85:a7:09:19:34:
         da:ea:1f:0e:f1:b7:fa:8e:a4:90:76:11:30:bd:a0:0d:c1:60:
         7b:5a:3d:53:7c:2e:6e:54:51:9c:77:da:d5:ba:93:b3:65:eb:
         88:0c:4c:d6:3f:54:dd:02:25:c3:66:43:5c:ea:84:e4:b8:1d:
         1e:88:cf:d0:e2:a4:d5:6e:a8:3a:68:3d:b2:a5:d1:b1:96:c9:
         0e:ef:95:6e:88:57:df:a9:9a:d7:0c:63:13:d1:11:e2:85:24:
         0c:0c:c7:02
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzHk0mCrZ35SvTWHOEKWXB3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4MzI3MmMwYzMyZGIwMDRmMDc4Zjg3NGI5OWRhOWEwYjdl
NjNhZmQwHhcNMjQwMTAyMDAyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTQ5N2IwNjIyZGE2ZTMwM2MyYWRkZTA0N2MzNmMyYjE5YjRlM2UwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjABY0aZz3EX1NEgKHkhdYReLCkqc
u0RkwChq0FdJJuXdWw5Wm4K/5k8zjUyYJEejPVVDiapcTreuZseRxJ0MorJNexIT
VNCCCP3eoKK9pFjFnXK0rK0lBsP0NDhb6A0avUavdsHY4/05Ip/VZOCa/bGpoBUY
fmmLI6LxiPlg54UCQGo4KrfZqjRAqJTTLT8wMoIj0nOZf7sXvuVm5aQmHbE/hFvo
U1ZG3N3PYOOMOhgRTpHJi2fpLF9ZfkCNOZ6OQ5nzGm3hJmUDaV1LHgs1AZGH26ox
J0huImd/I5gvSDQP+1sHBAGWdTastGQPUgJ7R1i/5oC7FwYqy1JZ5vjbuQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFG5JewYi2m4wPCrd4EfDbCsZtOPgMB8GA1UdIwQY
MBaAFPgycsDDLbAE8Hj4dLmdqaC35jr9MA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1ESnl3TU10c0FUd2VQaDB1WjJwb0xmbU92MC5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTMvOTRhMWUwLWMxODAtNGJhZi05ZWEw
LWY2N2U3MDc4ODc4ZS8xL2JrbDdCaUxhYmpBOEt0M2dSOE5zS3htMDQtQS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOTMvOTRhMWUwLWMxODAtNGJhZi05ZWEwLWY2N2U3MDc4ODc4
ZS8xLzEtREp5d01NdHNBVHdlUGgwdVoycG9MZm1PdjAuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwLgYIKwYBBQUHAQcBAf8EHzAdMAwEAgABMAYDBABNSFcw
DQQCAAIwBwMFAyoR3QAwDQYJKoZIhvcNAQELBQADggEBAGGpQ4BI2hF14CiF0SE/
a/81sWsH0xkc41cMPekDA1nPYL0yApNbGGs5YMrJUQeRHkRczU5dNVJQqe8z8X1w
mNYW+wB0e1cWYBfbL787tkqgezHtbqMSE3WR0NJKfH6Ou1zrixw7G0d/To/MKeky
u0WHUWAERCx4kMcqmxtIZ6FV4jlYSY02tAV4Yw43itit6A0RncuIIhi8/CUp6PyF
pwkZNNrqHw7xt/qOpJB2ETC9oA3BYHtaPVN8Lm5UUZx32tW6k7Nl64gMTNY/VN0C
JcNmQ1zqhOS4HR6Iz9DipNVuqDpoPbKl0bGWyQ7vlW6IV9+pmtcMYxPREeKFJAwM
xwI=
-----END CERTIFICATE-----