Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/a3c0a4-3191-4e51-8d80-478c2c8cb2a0/1/7DO8E30RGY4vAe7tIWHKTeq95P8.roa
File:                     7DO8E30RGY4vAe7tIWHKTeq95P8.roa (raw, json)
Hash identifier:          wO6AvUEPcj/+yaf4lye0oLqn75BJbLzeCB1mL+qhuus=
Subject key identifier:   EC:33:BC:13:7D:11:19:8E:2F:01:EE:ED:21:61:CA:4D:EA:BD:E4:FF
Certificate issuer:       /CN=affa13f1ae053916280ec68ee1b0976f9ebd3ea8
Certificate serial:       0194266BD78D6DCE13CF8DD8E98A465C32ED
Authority key identifier: AF:FA:13:F1:AE:05:39:16:28:0E:C6:8E:E1:B0:97:6F:9E:BD:3E:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r_oT8a4FORYoDsaO4bCXb569Pqg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/a3c0a4-3191-4e51-8d80-478c2c8cb2a0/1/7DO8E30RGY4vAe7tIWHKTeq95P8.roa
Signing time:             Thu 02 Jan 2025 09:49:49 +0000
ROA not before:           Thu 02 Jan 2025 09:49:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212496
IP address blocks:        77.73.134.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/a3c0a4-3191-4e51-8d80-478c2c8cb2a0/1/r_oT8a4FORYoDsaO4bCXb569Pqg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/a3c0a4-3191-4e51-8d80-478c2c8cb2a0/1/r_oT8a4FORYoDsaO4bCXb569Pqg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r_oT8a4FORYoDsaO4bCXb569Pqg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:d7:8d:6d:ce:13:cf:8d:d8:e9:8a:46:5c:32:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=affa13f1ae053916280ec68ee1b0976f9ebd3ea8
        Validity
            Not Before: Jan  2 09:49:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ec33bc137d11198e2f01eeed2161ca4deabde4ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:39:20:ec:16:ae:77:04:c0:3c:93:f0:20:10:
                    ae:71:51:27:21:7f:8a:47:ed:b9:40:de:13:b6:b5:
                    19:c7:89:da:23:0f:32:7d:cd:c8:41:ba:66:91:31:
                    41:77:b5:08:d1:64:36:92:1a:be:29:fb:f0:dd:d5:
                    e6:c7:17:b6:a2:0f:15:e8:6b:8a:6e:24:0c:45:d3:
                    95:96:4c:8c:45:c9:96:65:1a:1f:b9:74:2c:63:48:
                    8f:08:38:a1:ff:10:01:07:7e:f4:53:c7:8f:42:97:
                    71:f0:da:d2:d1:97:18:75:1a:2e:39:03:98:63:88:
                    c4:ba:75:07:01:df:42:dc:54:2e:3d:2d:78:4a:c0:
                    7e:cb:56:c1:46:e4:01:c6:a6:18:6c:53:9a:1a:b4:
                    d7:de:c7:5b:64:42:3d:b3:80:dc:4f:d8:bb:db:4c:
                    cd:3e:71:56:2c:1a:ee:87:0b:47:10:2e:1f:d2:ab:
                    90:1f:11:84:b4:69:96:c9:33:ad:ea:ce:65:a6:66:
                    dc:e7:f0:b2:46:78:0f:e3:0c:d4:ee:ab:f8:06:6d:
                    34:cd:c3:eb:0b:74:b2:46:e5:5e:cf:56:35:49:ad:
                    1e:fb:b2:a8:66:05:56:c7:fe:9e:8e:4e:57:b2:c0:
                    bc:d2:06:8e:b1:64:0c:11:83:a5:e6:c1:69:ba:90:
                    6e:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:33:BC:13:7D:11:19:8E:2F:01:EE:ED:21:61:CA:4D:EA:BD:E4:FF
            X509v3 Authority Key Identifier:
                keyid:AF:FA:13:F1:AE:05:39:16:28:0E:C6:8E:E1:B0:97:6F:9E:BD:3E:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r_oT8a4FORYoDsaO4bCXb569Pqg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/a3c0a4-3191-4e51-8d80-478c2c8cb2a0/1/7DO8E30RGY4vAe7tIWHKTeq95P8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/a3c0a4-3191-4e51-8d80-478c2c8cb2a0/1/r_oT8a4FORYoDsaO4bCXb569Pqg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.73.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:0a:f3:96:cc:8c:c2:b8:31:6a:38:52:35:12:4a:89:d1:49:
         04:9f:68:b5:86:7a:33:34:6f:7d:41:58:63:4b:df:18:87:ed:
         84:7b:0f:7d:72:67:04:c7:d1:04:f5:68:21:20:51:15:8d:df:
         83:a1:b8:5b:2a:c9:42:c5:72:cc:76:b3:2a:c6:23:0c:fd:86:
         8d:4e:b0:e6:29:12:8a:de:c1:10:75:b2:c7:5c:2e:c7:ab:6f:
         3c:b0:eb:57:d9:e8:ea:67:f5:53:8f:65:41:eb:c3:c8:f3:d7:
         08:86:0d:99:5b:82:c4:ea:35:2e:67:f3:e7:85:21:66:19:8b:
         05:30:30:0b:6d:53:fe:d7:5b:f3:c9:ac:2f:d4:71:dd:7b:06:
         5e:54:66:6c:40:ea:ec:6b:2b:11:02:c2:5d:1a:48:7c:e0:bb:
         56:27:c2:6e:22:1c:b3:e6:78:26:32:d1:ad:ed:ce:c8:ab:22:
         2d:60:a7:9d:ee:47:76:5a:60:9c:7f:59:50:f4:5c:d7:a2:36:
         2b:f6:03:09:86:f8:83:80:6f:97:fd:09:4d:6f:b0:1a:ee:e2:
         f4:5d:3d:74:f9:62:13:d3:44:18:f6:b8:b5:ea:8f:09:ed:30:
         65:e4:c1:9d:26:9e:3d:d6:bd:58:d5:d9:dd:02:29:60:71:58:
         b0:6b:ae:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma9eNbc4Tz43Y6YpGXDLtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmZmExM2YxYWUwNTM5MTYyODBlYzY4ZWUxYjA5NzZmOWVi
ZDNlYTgwHhcNMjUwMTAyMDk0OTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzMzYmMxMzdkMTExOThlMmYwMWVlZWQyMTYxY2E0ZGVhYmRlNGZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyjkg7BaudwTAPJPwIBCucVEnIX+K
R+25QN4TtrUZx4naIw8yfc3IQbpmkTFBd7UI0WQ2khq+Kfvw3dXmxxe2og8V6GuK
biQMRdOVlkyMRcmWZRofuXQsY0iPCDih/xABB370U8ePQpdx8NrS0ZcYdRouOQOY
Y4jEunUHAd9C3FQuPS14SsB+y1bBRuQBxqYYbFOaGrTX3sdbZEI9s4DcT9i720zN
PnFWLBruhwtHEC4f0quQHxGEtGmWyTOt6s5lpmbc5/CyRngP4wzU7qv4Bm00zcPr
C3SyRuVez1Y1Sa0e+7KoZgVWx/6ejk5XssC80gaOsWQMEYOl5sFpupBucQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOwzvBN9ERmOLwHu7SFhyk3qveT/MB8GA1UdIwQY
MBaAFK/6E/GuBTkWKA7GjuGwl2+evT6oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcl9vVDhhNEZPUllvRHNhTzRiQ1hiNTY5UHFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9hM2MwYTQtMzE5MS00ZTUxLThkODAt
NDc4YzJjOGNiMmEwLzEvN0RPOEUzMFJHWTR2QWU3dElXSEtUZXE5NVA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9hM2MwYTQtMzE5MS00ZTUxLThkODAtNDc4YzJjOGNiMmEw
LzEvcl9vVDhhNEZPUllvRHNhTzRiQ1hiNTY5UHFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATUmGMA0G
CSqGSIb3DQEBCwUAA4IBAQAiCvOWzIzCuDFqOFI1EkqJ0UkEn2i1hnozNG99QVhj
S98Yh+2Eew99cmcEx9EE9WghIFEVjd+DobhbKslCxXLMdrMqxiMM/YaNTrDmKRKK
3sEQdbLHXC7Hq288sOtX2ejqZ/VTj2VB68PI89cIhg2ZW4LE6jUuZ/PnhSFmGYsF
MDALbVP+11vzyawv1HHdewZeVGZsQOrsaysRAsJdGkh84LtWJ8JuIhyz5ngmMtGt
7c7IqyItYKed7kd2WmCcf1lQ9FzXojYr9gMJhviDgG+X/QlNb7Aa7uL0XT10+WIT
00QY9ri16o8J7TBl5MGdJp491r1Y1dndAilgcViwa668
-----END CERTIFICATE-----