Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/a3c0a4-3191-4e51-8d80-478c2c8cb2a0/1/xmfrzoBs6Rhbg64vPzeCbbD4I6U.roa
File:                     xmfrzoBs6Rhbg64vPzeCbbD4I6U.roa (raw, json)
Hash identifier:          X1lH5bbTPug3DKbEg/bKjT6QG10Inw9lELIZLmoF2Qg=
Subject key identifier:   C6:67:EB:CE:80:6C:E9:18:5B:83:AE:2F:3F:37:82:6D:B0:F8:23:A5
Certificate issuer:       /CN=affa13f1ae053916280ec68ee1b0976f9ebd3ea8
Certificate serial:       0194266BD6902B215D8DC3D1E3BBC6EAC649
Authority key identifier: AF:FA:13:F1:AE:05:39:16:28:0E:C6:8E:E1:B0:97:6F:9E:BD:3E:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r_oT8a4FORYoDsaO4bCXb569Pqg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/a3c0a4-3191-4e51-8d80-478c2c8cb2a0/1/xmfrzoBs6Rhbg64vPzeCbbD4I6U.roa
Signing time:             Thu 02 Jan 2025 09:49:48 +0000
ROA not before:           Thu 02 Jan 2025 09:49:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207967
IP address blocks:        77.73.128.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/a3c0a4-3191-4e51-8d80-478c2c8cb2a0/1/r_oT8a4FORYoDsaO4bCXb569Pqg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/a3c0a4-3191-4e51-8d80-478c2c8cb2a0/1/r_oT8a4FORYoDsaO4bCXb569Pqg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r_oT8a4FORYoDsaO4bCXb569Pqg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:d6:90:2b:21:5d:8d:c3:d1:e3:bb:c6:ea:c6:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=affa13f1ae053916280ec68ee1b0976f9ebd3ea8
        Validity
            Not Before: Jan  2 09:49:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c667ebce806ce9185b83ae2f3f37826db0f823a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:0f:4e:2c:c5:5a:ed:ac:8d:56:7d:58:f6:c7:
                    f0:48:63:71:21:53:84:15:7d:b0:fa:ae:0a:2d:98:
                    5a:c0:42:c4:0c:e3:ec:f0:00:f6:e2:79:0f:9e:40:
                    f6:ec:01:37:7c:0c:a8:9c:c2:bf:b7:90:36:0c:f2:
                    c4:77:7e:26:49:20:dd:e1:90:b3:a7:df:30:bd:0f:
                    14:9e:fc:89:cf:45:98:42:30:41:dd:d5:5a:db:93:
                    87:4c:cf:62:dd:a9:dd:20:95:89:e2:6c:bd:dc:0f:
                    2e:9f:67:3e:41:ee:88:17:e8:b8:b0:75:3d:47:08:
                    1e:f4:0a:b4:ab:65:1f:54:0a:d3:3e:45:62:dd:a3:
                    08:fe:8c:48:a6:3a:ab:20:83:5e:a6:c4:70:38:02:
                    a6:e2:27:42:5c:10:ab:8d:f4:88:fb:8a:b5:4c:f5:
                    0b:79:fc:d3:06:c6:ea:15:4b:33:c7:50:bb:4e:12:
                    c3:f7:56:0b:eb:4d:ee:89:61:2c:49:7e:95:47:7f:
                    66:38:0f:2e:d3:81:28:3c:78:77:59:da:53:d1:7e:
                    7c:24:e0:85:a4:d6:29:8d:e8:dc:03:ec:11:b5:10:
                    b6:d1:64:ef:4e:7d:da:1f:49:3b:53:93:e8:77:42:
                    07:8c:c5:93:5a:ae:1c:f2:a5:2e:63:0a:fa:d0:c6:
                    a0:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:67:EB:CE:80:6C:E9:18:5B:83:AE:2F:3F:37:82:6D:B0:F8:23:A5
            X509v3 Authority Key Identifier:
                keyid:AF:FA:13:F1:AE:05:39:16:28:0E:C6:8E:E1:B0:97:6F:9E:BD:3E:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r_oT8a4FORYoDsaO4bCXb569Pqg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/a3c0a4-3191-4e51-8d80-478c2c8cb2a0/1/xmfrzoBs6Rhbg64vPzeCbbD4I6U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/a3c0a4-3191-4e51-8d80-478c2c8cb2a0/1/r_oT8a4FORYoDsaO4bCXb569Pqg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.73.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:51:3a:16:38:e3:73:72:b0:6d:7b:28:91:d0:47:03:17:5f:
         b0:b8:eb:a7:33:52:97:32:2e:61:b4:6a:aa:60:da:6d:cf:07:
         40:79:2c:bc:7b:a6:fc:1c:92:05:b2:71:67:02:95:34:61:c1:
         d2:90:82:de:1a:37:3c:fb:09:7a:0d:52:8e:88:41:1c:57:fb:
         c6:9e:74:84:2a:b7:8f:3e:dd:a9:95:d4:80:5d:50:ea:ac:ca:
         c2:0f:ae:33:ce:c7:df:ea:9f:59:2b:8d:be:5d:91:87:3b:54:
         7b:6e:bf:bf:83:91:af:80:d7:c2:0b:c3:17:60:94:10:1a:1b:
         7c:7d:97:4d:2d:8b:88:e1:54:c6:50:15:75:9c:d3:bb:8f:15:
         52:c5:d6:b8:e3:85:2e:e2:cd:9a:23:98:0f:77:64:49:87:f5:
         26:d6:36:85:90:31:f4:fc:9f:49:13:9c:39:d6:3e:3c:87:1c:
         2d:92:2b:c2:04:f3:33:92:02:98:cb:71:f1:8d:ee:d9:f6:3c:
         22:65:20:62:94:6c:2c:8a:7f:67:5a:68:a2:c3:a2:c1:0c:dc:
         43:c9:56:72:c1:ea:c1:99:d6:15:5d:74:7b:8a:59:27:93:e2:
         a8:b6:b7:7c:d3:87:22:54:8c:7d:6e:69:e3:fe:c9:37:c4:54:
         0f:bd:82:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma9aQKyFdjcPR47vG6sZJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmZmExM2YxYWUwNTM5MTYyODBlYzY4ZWUxYjA5NzZmOWVi
ZDNlYTgwHhcNMjUwMTAyMDk0OTQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjY3ZWJjZTgwNmNlOTE4NWI4M2FlMmYzZjM3ODI2ZGIwZjgyM2E1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAug9OLMVa7ayNVn1Y9sfwSGNxIVOE
FX2w+q4KLZhawELEDOPs8AD24nkPnkD27AE3fAyonMK/t5A2DPLEd34mSSDd4ZCz
p98wvQ8UnvyJz0WYQjBB3dVa25OHTM9i3andIJWJ4my93A8un2c+Qe6IF+i4sHU9
Rwge9Aq0q2UfVArTPkVi3aMI/oxIpjqrIINepsRwOAKm4idCXBCrjfSI+4q1TPUL
efzTBsbqFUszx1C7ThLD91YL603uiWEsSX6VR39mOA8u04EoPHh3WdpT0X58JOCF
pNYpjejcA+wRtRC20WTvTn3aH0k7U5Pod0IHjMWTWq4c8qUuYwr60MagmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMZn686AbOkYW4OuLz83gm2w+COlMB8GA1UdIwQY
MBaAFK/6E/GuBTkWKA7GjuGwl2+evT6oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcl9vVDhhNEZPUllvRHNhTzRiQ1hiNTY5UHFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9hM2MwYTQtMzE5MS00ZTUxLThkODAt
NDc4YzJjOGNiMmEwLzEveG1mcnpvQnM2UmhiZzY0dlB6ZUNiYkQ0STZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9hM2MwYTQtMzE5MS00ZTUxLThkODAtNDc4YzJjOGNiMmEw
LzEvcl9vVDhhNEZPUllvRHNhTzRiQ1hiNTY5UHFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATUmAMA0G
CSqGSIb3DQEBCwUAA4IBAQBCUToWOONzcrBteyiR0EcDF1+wuOunM1KXMi5htGqq
YNptzwdAeSy8e6b8HJIFsnFnApU0YcHSkILeGjc8+wl6DVKOiEEcV/vGnnSEKreP
Pt2pldSAXVDqrMrCD64zzsff6p9ZK42+XZGHO1R7br+/g5GvgNfCC8MXYJQQGht8
fZdNLYuI4VTGUBV1nNO7jxVSxda444Uu4s2aI5gPd2RJh/Um1jaFkDH0/J9JE5w5
1j48hxwtkivCBPMzkgKYy3Hxje7Z9jwiZSBilGwsin9nWmiiw6LBDNxDyVZywerB
mdYVXXR7ilknk+Kotrd804ciVIx9bmnj/sk3xFQPvYKe
-----END CERTIFICATE-----