Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/a3c0a4-3191-4e51-8d80-478c2c8cb2a0/1/p2E_ScsQXXdT1MxZO55K6CtmzrY.roa
File:                     p2E_ScsQXXdT1MxZO55K6CtmzrY.roa (raw, json)
Hash identifier:          fGpe9OtsNeQytigT30u3aAc7sPj2sI9nW3eRudjFGNk=
Subject key identifier:   A7:61:3F:49:CB:10:5D:77:53:D4:CC:59:3B:9E:4A:E8:2B:66:CE:B6
Certificate issuer:       /CN=affa13f1ae053916280ec68ee1b0976f9ebd3ea8
Certificate serial:       018F3CFEB801A09A5790DF46B06C70A67573
Authority key identifier: AF:FA:13:F1:AE:05:39:16:28:0E:C6:8E:E1:B0:97:6F:9E:BD:3E:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r_oT8a4FORYoDsaO4bCXb569Pqg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/a3c0a4-3191-4e51-8d80-478c2c8cb2a0/1/p2E_ScsQXXdT1MxZO55K6CtmzrY.roa
Signing time:             Fri 03 May 2024 05:47:57 +0000
ROA not before:           Fri 03 May 2024 05:47:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207713
IP address blocks:        77.73.133.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/a3c0a4-3191-4e51-8d80-478c2c8cb2a0/1/r_oT8a4FORYoDsaO4bCXb569Pqg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/a3c0a4-3191-4e51-8d80-478c2c8cb2a0/1/r_oT8a4FORYoDsaO4bCXb569Pqg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r_oT8a4FORYoDsaO4bCXb569Pqg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:3c:fe:b8:01:a0:9a:57:90:df:46:b0:6c:70:a6:75:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=affa13f1ae053916280ec68ee1b0976f9ebd3ea8
        Validity
            Not Before: May  3 05:47:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a7613f49cb105d7753d4cc593b9e4ae82b66ceb6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:79:07:a7:5b:22:d6:fe:73:0d:82:6e:bf:03:
                    c8:a5:e3:d3:92:97:14:10:db:f0:34:b4:56:9f:6f:
                    3d:99:b9:24:98:14:04:33:a4:92:e1:3a:6b:a9:1d:
                    24:41:01:68:7e:b7:51:44:cb:82:5c:39:c7:46:85:
                    7c:b0:31:69:c5:0c:85:f8:df:1a:a0:52:3e:2d:c1:
                    f7:21:31:cb:9f:c7:8a:98:a4:aa:06:4f:3f:5a:c0:
                    a3:18:8b:ca:47:04:30:57:2a:28:93:03:f0:fc:f4:
                    95:0c:e2:44:32:50:2d:37:d3:b6:72:a8:3a:e9:d4:
                    aa:1e:d8:bd:d2:5e:74:c7:87:18:f4:fb:cf:3e:02:
                    80:3d:1f:57:6e:ea:81:91:11:49:b1:6c:1d:7b:a0:
                    33:bd:e2:9e:49:4d:47:8d:91:ba:69:3b:03:76:57:
                    57:a9:dd:2c:dd:79:57:ac:7d:2a:74:8f:99:8d:2f:
                    fe:61:c4:ce:97:96:17:d6:2e:c5:f8:ce:17:3f:12:
                    e0:eb:13:70:49:24:ae:28:5d:17:e3:08:53:42:b5:
                    30:b7:90:a7:85:b0:8a:bd:db:10:71:f9:2f:38:2b:
                    f3:c2:b1:21:fd:43:1f:0b:5d:2e:9d:e3:75:ff:35:
                    c4:b6:f7:89:8d:5a:e2:08:43:c3:17:bf:e3:28:a8:
                    2f:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:61:3F:49:CB:10:5D:77:53:D4:CC:59:3B:9E:4A:E8:2B:66:CE:B6
            X509v3 Authority Key Identifier:
                keyid:AF:FA:13:F1:AE:05:39:16:28:0E:C6:8E:E1:B0:97:6F:9E:BD:3E:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r_oT8a4FORYoDsaO4bCXb569Pqg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/a3c0a4-3191-4e51-8d80-478c2c8cb2a0/1/p2E_ScsQXXdT1MxZO55K6CtmzrY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/a3c0a4-3191-4e51-8d80-478c2c8cb2a0/1/r_oT8a4FORYoDsaO4bCXb569Pqg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.73.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:81:2a:c3:ba:19:c4:7b:52:4f:52:3a:5d:bc:7b:0f:1a:b7:
         1d:e7:bc:d0:e4:3e:d1:c2:9b:1e:bd:aa:af:12:9b:49:85:56:
         80:e4:a0:07:d6:7b:30:cd:3a:a8:94:86:bb:e5:03:4a:1e:79:
         3b:78:cd:ad:fd:c8:0b:43:1a:a5:d8:e8:b5:8f:73:f7:b7:a2:
         60:9c:03:44:68:ac:ed:04:c8:bb:10:af:3b:2f:51:0e:29:c9:
         49:a7:50:be:80:a7:7b:e1:23:d7:bf:82:3b:77:b0:48:87:28:
         a4:26:1c:0a:7d:04:06:c7:de:e6:5d:57:bb:34:de:32:0d:b4:
         6e:5c:69:65:8e:8f:ab:1c:4c:7d:0f:0e:3d:4f:de:74:29:89:
         bf:fc:a3:95:f2:41:78:47:e4:e4:b1:bd:59:b8:e8:65:e7:b6:
         10:b5:c5:ea:93:c1:c8:a8:8e:33:93:7e:42:5f:b3:bb:73:8c:
         b0:2d:66:3f:63:81:42:ea:e1:b4:6f:ae:ba:a1:0a:1e:e3:2a:
         45:a4:0f:48:19:f1:30:fd:0b:fb:f9:c5:04:0b:bd:2e:5c:3e:
         59:36:45:0e:b7:cd:a5:f8:13:33:81:51:57:23:dc:fc:45:0c:
         f2:6e:5e:75:bc:73:6b:89:da:70:a1:d6:c5:77:24:b0:68:8c:
         c4:d4:aa:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY88/rgBoJpXkN9GsGxwpnVzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmZmExM2YxYWUwNTM5MTYyODBlYzY4ZWUxYjA5NzZmOWVi
ZDNlYTgwHhcNMjQwNTAzMDU0NzU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzYxM2Y0OWNiMTA1ZDc3NTNkNGNjNTkzYjllNGFlODJiNjZjZWI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnXkHp1si1v5zDYJuvwPIpePTkpcU
ENvwNLRWn289mbkkmBQEM6SS4TprqR0kQQFofrdRRMuCXDnHRoV8sDFpxQyF+N8a
oFI+LcH3ITHLn8eKmKSqBk8/WsCjGIvKRwQwVyookwPw/PSVDOJEMlAtN9O2cqg6
6dSqHti90l50x4cY9PvPPgKAPR9XbuqBkRFJsWwde6AzveKeSU1HjZG6aTsDdldX
qd0s3XlXrH0qdI+ZjS/+YcTOl5YX1i7F+M4XPxLg6xNwSSSuKF0X4whTQrUwt5Cn
hbCKvdsQcfkvOCvzwrEh/UMfC10uneN1/zXEtveJjVriCEPDF7/jKKgvFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKdhP0nLEF13U9TMWTueSugrZs62MB8GA1UdIwQY
MBaAFK/6E/GuBTkWKA7GjuGwl2+evT6oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcl9vVDhhNEZPUllvRHNhTzRiQ1hiNTY5UHFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9hM2MwYTQtMzE5MS00ZTUxLThkODAt
NDc4YzJjOGNiMmEwLzEvcDJFX1Njc1FYWGRUMU14Wk81NUs2Q3RtenJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9hM2MwYTQtMzE5MS00ZTUxLThkODAtNDc4YzJjOGNiMmEw
LzEvcl9vVDhhNEZPUllvRHNhTzRiQ1hiNTY5UHFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATUmFMA0G
CSqGSIb3DQEBCwUAA4IBAQAHgSrDuhnEe1JPUjpdvHsPGrcd57zQ5D7Rwpsevaqv
EptJhVaA5KAH1nswzTqolIa75QNKHnk7eM2t/cgLQxql2Oi1j3P3t6JgnANEaKzt
BMi7EK87L1EOKclJp1C+gKd74SPXv4I7d7BIhyikJhwKfQQGx97mXVe7NN4yDbRu
XGlljo+rHEx9Dw49T950KYm//KOV8kF4R+Tksb1ZuOhl57YQtcXqk8HIqI4zk35C
X7O7c4ywLWY/Y4FC6uG0b666oQoe4ypFpA9IGfEw/Qv7+cUEC70uXD5ZNkUOt82l
+BMzgVFXI9z8RQzybl51vHNridpwodbFdySwaIzE1KrK
-----END CERTIFICATE-----