Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/a3c0a4-3191-4e51-8d80-478c2c8cb2a0/1/cF8aPLwBYlzSs2jar2EQFc8n4pg.roa
File:                     cF8aPLwBYlzSs2jar2EQFc8n4pg.roa (raw, json)
Hash identifier:          aSledVkEtPZhx3ueeiEc64iKivvsjbA4E+aXG+iUFrk=
Subject key identifier:   70:5F:1A:3C:BC:01:62:5C:D2:B3:68:DA:AF:61:10:15:CF:27:E2:98
Certificate issuer:       /CN=affa13f1ae053916280ec68ee1b0976f9ebd3ea8
Certificate serial:       018CC6B83BCC8045746B25F88198F7799E0C
Authority key identifier: AF:FA:13:F1:AE:05:39:16:28:0E:C6:8E:E1:B0:97:6F:9E:BD:3E:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r_oT8a4FORYoDsaO4bCXb569Pqg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/a3c0a4-3191-4e51-8d80-478c2c8cb2a0/1/cF8aPLwBYlzSs2jar2EQFc8n4pg.roa
Signing time:             Mon 01 Jan 2024 20:30:11 +0000
ROA not before:           Mon 01 Jan 2024 20:30:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50386
IP address blocks:        77.73.130.0/24 maxlen: 24
                          77.73.135.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/a3c0a4-3191-4e51-8d80-478c2c8cb2a0/1/r_oT8a4FORYoDsaO4bCXb569Pqg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/a3c0a4-3191-4e51-8d80-478c2c8cb2a0/1/r_oT8a4FORYoDsaO4bCXb569Pqg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r_oT8a4FORYoDsaO4bCXb569Pqg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:3b:cc:80:45:74:6b:25:f8:81:98:f7:79:9e:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=affa13f1ae053916280ec68ee1b0976f9ebd3ea8
        Validity
            Not Before: Jan  1 20:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=705f1a3cbc01625cd2b368daaf611015cf27e298
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:a9:d4:5c:aa:db:4a:76:62:cc:69:06:c6:c0:
                    88:43:44:da:e7:9b:c6:5b:61:e6:6c:30:d3:58:d6:
                    f8:8b:51:50:23:d9:2b:70:f3:7a:d6:03:27:c8:d9:
                    c5:13:9e:75:33:eb:9d:5d:7d:ac:b7:b0:6d:b1:ca:
                    c2:4d:ba:73:08:07:b3:0b:5c:73:80:e7:05:a2:de:
                    f7:f2:33:2e:0e:7e:08:91:d8:3d:de:cb:c5:c0:6a:
                    c8:4e:6d:98:b8:b5:e2:2d:06:69:12:97:a2:1e:53:
                    05:fe:e7:76:81:15:8f:ca:65:3b:19:15:1b:6a:77:
                    c0:b3:b4:ca:06:7a:ae:84:df:80:2f:56:af:22:bc:
                    40:b4:be:97:9c:ba:b4:48:14:30:28:8e:80:e8:7d:
                    53:56:57:77:d4:d7:29:55:eb:42:a0:db:b1:55:02:
                    f6:97:73:a2:52:64:e6:77:21:f7:56:9a:d2:92:6c:
                    74:3c:b0:2d:3d:3e:f8:c8:82:65:58:ae:c9:26:0d:
                    6d:a3:ef:32:5c:53:36:10:56:3b:89:01:db:81:ee:
                    d2:8b:7b:95:c1:e0:05:d9:ee:a5:1c:1a:d9:c1:27:
                    3a:ca:b7:21:9c:87:40:26:23:cc:71:45:6b:b3:c5:
                    c0:1a:e5:26:ea:34:3a:1e:92:5b:9d:78:a2:42:d5:
                    45:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:5F:1A:3C:BC:01:62:5C:D2:B3:68:DA:AF:61:10:15:CF:27:E2:98
            X509v3 Authority Key Identifier:
                keyid:AF:FA:13:F1:AE:05:39:16:28:0E:C6:8E:E1:B0:97:6F:9E:BD:3E:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r_oT8a4FORYoDsaO4bCXb569Pqg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/a3c0a4-3191-4e51-8d80-478c2c8cb2a0/1/cF8aPLwBYlzSs2jar2EQFc8n4pg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/a3c0a4-3191-4e51-8d80-478c2c8cb2a0/1/r_oT8a4FORYoDsaO4bCXb569Pqg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.73.130.0/24
                  77.73.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:ac:12:c2:e9:1c:7f:15:21:7e:f3:71:35:1c:2a:8e:c2:d4:
         6a:59:b6:a6:23:ff:ee:ae:b7:35:98:54:3c:f0:3f:77:75:2e:
         34:f5:ea:47:26:c5:aa:39:1a:d5:97:15:a3:25:11:45:8e:47:
         81:5f:96:d9:29:d7:9d:1a:35:4d:b8:8a:8a:ae:66:ee:41:28:
         17:a4:46:5a:af:ea:d5:80:1b:a5:aa:c1:19:0d:5a:30:80:43:
         10:19:ef:aa:6b:84:02:66:9e:19:0f:70:27:84:d5:3e:5d:e1:
         a2:a1:c0:fc:4a:d1:59:5c:40:bb:db:02:20:76:ae:b3:7e:3b:
         45:da:1c:44:96:80:e6:d4:ef:67:e8:86:d4:31:47:f0:d2:96:
         10:2f:49:47:c3:42:95:5c:d4:d0:65:59:3e:ee:c1:0a:ab:28:
         2d:d2:9c:f5:e2:c9:8b:4d:45:ca:76:df:9d:47:b1:92:89:de:
         4c:2f:b4:56:e5:c2:a1:b0:2d:ec:02:68:ba:64:2f:9f:d4:18:
         19:ac:86:35:6a:cd:95:ff:77:45:f6:c1:64:12:f7:52:71:7b:
         66:f9:ad:d9:c7:22:2a:f6:96:be:12:4e:40:3d:72:a1:21:a5:
         f8:67:e4:a9:4c:4c:8b:7c:d2:6d:c7:fd:e8:c7:1b:b6:03:5b:
         2c:36:88:7f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGuDvMgEV0ayX4gZj3eZ4MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmZmExM2YxYWUwNTM5MTYyODBlYzY4ZWUxYjA5NzZmOWVi
ZDNlYTgwHhcNMjQwMTAxMjAzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDVmMWEzY2JjMDE2MjVjZDJiMzY4ZGFhZjYxMTAxNWNmMjdlMjk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA36nUXKrbSnZizGkGxsCIQ0Ta55vG
W2HmbDDTWNb4i1FQI9krcPN61gMnyNnFE551M+udXX2st7BtscrCTbpzCAezC1xz
gOcFot738jMuDn4Ikdg93svFwGrITm2YuLXiLQZpEpeiHlMF/ud2gRWPymU7GRUb
anfAs7TKBnquhN+AL1avIrxAtL6XnLq0SBQwKI6A6H1TVld31NcpVetCoNuxVQL2
l3OiUmTmdyH3VprSkmx0PLAtPT74yIJlWK7JJg1to+8yXFM2EFY7iQHbge7Si3uV
weAF2e6lHBrZwSc6yrchnIdAJiPMcUVrs8XAGuUm6jQ6HpJbnXiiQtVFvwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHBfGjy8AWJc0rNo2q9hEBXPJ+KYMB8GA1UdIwQY
MBaAFK/6E/GuBTkWKA7GjuGwl2+evT6oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcl9vVDhhNEZPUllvRHNhTzRiQ1hiNTY5UHFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9hM2MwYTQtMzE5MS00ZTUxLThkODAt
NDc4YzJjOGNiMmEwLzEvY0Y4YVBMd0JZbHpTczJqYXIyRVFGYzhuNHBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9hM2MwYTQtMzE5MS00ZTUxLThkODAtNDc4YzJjOGNiMmEw
LzEvcl9vVDhhNEZPUllvRHNhTzRiQ1hiNTY5UHFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATUmCAwQA
TUmHMA0GCSqGSIb3DQEBCwUAA4IBAQAQrBLC6Rx/FSF+83E1HCqOwtRqWbamI//u
rrc1mFQ88D93dS409epHJsWqORrVlxWjJRFFjkeBX5bZKdedGjVNuIqKrmbuQSgX
pEZar+rVgBulqsEZDVowgEMQGe+qa4QCZp4ZD3AnhNU+XeGiocD8StFZXEC72wIg
dq6zfjtF2hxEloDm1O9n6IbUMUfw0pYQL0lHw0KVXNTQZVk+7sEKqygt0pz14smL
TUXKdt+dR7GSid5ML7RW5cKhsC3sAmi6ZC+f1BgZrIY1as2V/3dF9sFkEvdScXtm
+a3ZxyIq9pa+Ek5APXKhIaX4Z+SpTEyLfNJtx/3oxxu2A1ssNoh/
-----END CERTIFICATE-----