Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/f5c020-e1d7-4fe9-83c0-a3be63b8572f/1/VZQ278i8k24cvkENDzzfRHyvxjk.roa
File:                     VZQ278i8k24cvkENDzzfRHyvxjk.roa (raw, json)
Hash identifier:          q9gApGAIAtsM4BthoBPkgvVrTu0SiCkvAGcMsHbgOqY=
Subject key identifier:   55:94:36:EF:C8:BC:93:6E:1C:BE:41:0D:0F:3C:DF:44:7C:AF:C6:39
Certificate issuer:       /CN=6b85894a84baa0eca0e6ef44a992fc2ba00f5277
Certificate serial:       018CC8012938856615A2D3BB4F76AA54E8DE
Authority key identifier: 6B:85:89:4A:84:BA:A0:EC:A0:E6:EF:44:A9:92:FC:2B:A0:0F:52:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a4WJSoS6oOyg5u9EqZL8K6APUnc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/f5c020-e1d7-4fe9-83c0-a3be63b8572f/1/VZQ278i8k24cvkENDzzfRHyvxjk.roa
Signing time:             Tue 02 Jan 2024 02:29:28 +0000
ROA not before:           Tue 02 Jan 2024 02:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208617
IP address blocks:        77.79.121.0/24 maxlen: 24
                          77.79.122.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/f5c020-e1d7-4fe9-83c0-a3be63b8572f/1/a4WJSoS6oOyg5u9EqZL8K6APUnc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/f5c020-e1d7-4fe9-83c0-a3be63b8572f/1/a4WJSoS6oOyg5u9EqZL8K6APUnc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a4WJSoS6oOyg5u9EqZL8K6APUnc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:29:38:85:66:15:a2:d3:bb:4f:76:aa:54:e8:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b85894a84baa0eca0e6ef44a992fc2ba00f5277
        Validity
            Not Before: Jan  2 02:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=559436efc8bc936e1cbe410d0f3cdf447cafc639
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:0f:90:d0:ad:18:63:f4:31:8e:dc:b8:f4:9f:
                    98:6e:3f:85:d6:fe:5a:cc:37:62:48:fb:bd:61:fb:
                    22:5a:86:62:cf:ec:e4:ed:b1:c7:54:c5:0d:cd:3e:
                    96:51:36:49:f2:6b:d9:6d:1f:47:90:43:2c:c9:a2:
                    c3:e2:52:9b:d7:1a:8f:25:99:82:db:a1:69:72:88:
                    2c:7b:b0:0c:a3:ac:c9:6a:59:a9:22:eb:22:4a:f5:
                    fd:36:bb:55:f0:e6:2e:0e:d8:cf:97:74:a1:e0:93:
                    a4:e3:8d:26:c1:c0:09:ea:64:9c:48:0b:3c:c1:b7:
                    fb:36:fb:e7:4c:32:9a:81:3e:74:57:1c:d1:00:3c:
                    fc:43:44:c2:7c:04:0c:f2:cd:8c:ca:b6:68:01:b7:
                    ae:44:7e:7d:1f:95:68:a4:ac:35:a5:f9:c6:25:68:
                    6c:40:fc:f4:df:c9:f4:4b:12:8a:93:38:99:0d:90:
                    9b:f1:80:5d:7c:7f:a4:0c:a5:34:98:07:16:07:8f:
                    20:bd:c4:4f:2c:cd:68:c9:49:0a:34:89:49:ec:05:
                    28:65:70:43:12:00:fb:3e:39:25:42:05:4f:31:cf:
                    f9:97:5b:2e:9a:69:4a:e2:55:11:72:db:7d:07:39:
                    52:00:75:b5:d0:4a:ff:a9:a0:b6:18:17:11:32:7b:
                    4f:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:94:36:EF:C8:BC:93:6E:1C:BE:41:0D:0F:3C:DF:44:7C:AF:C6:39
            X509v3 Authority Key Identifier:
                keyid:6B:85:89:4A:84:BA:A0:EC:A0:E6:EF:44:A9:92:FC:2B:A0:0F:52:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4WJSoS6oOyg5u9EqZL8K6APUnc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/f5c020-e1d7-4fe9-83c0-a3be63b8572f/1/VZQ278i8k24cvkENDzzfRHyvxjk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/f5c020-e1d7-4fe9-83c0-a3be63b8572f/1/a4WJSoS6oOyg5u9EqZL8K6APUnc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.79.121.0-77.79.122.255

    Signature Algorithm: sha256WithRSAEncryption
         41:7b:da:7f:dc:bc:eb:29:22:d6:f3:85:ac:84:5e:84:f0:75:
         d3:a7:ff:7b:e8:21:72:43:9d:8c:3f:d8:11:c0:d5:37:b1:66:
         0c:c1:f8:2c:49:4b:6c:cc:63:67:ce:e0:2f:80:63:22:a5:eb:
         d1:b2:f7:44:d7:e1:88:95:97:51:34:66:c8:ab:a4:64:6c:b2:
         92:8c:94:6a:57:84:47:90:e7:e4:0a:3e:94:d9:cf:9a:7d:81:
         c3:34:eb:54:db:34:a5:c0:a9:d0:63:70:64:c8:0c:8c:1b:8e:
         41:0c:88:75:92:14:f4:c9:d5:bf:20:48:55:5e:83:0e:78:49:
         8e:58:11:8e:30:be:f2:e4:7c:5e:44:25:83:45:97:a3:e9:c1:
         ea:ae:0e:21:1d:2c:0c:be:d9:2b:98:d1:d7:69:9c:5a:69:ea:
         98:1f:61:7f:8e:f2:0a:6d:12:8c:8d:25:ec:42:af:17:0b:51:
         06:65:95:e1:10:4b:41:40:9a:60:75:24:ab:21:54:68:bb:52:
         91:5f:05:6a:bf:32:5d:73:f2:b9:35:91:b0:3a:70:2c:6f:ba:
         a5:b2:88:ec:e5:0c:73:c4:fc:0a:16:9b:85:9b:38:bd:73:34:
         a6:c5:d8:51:89:57:b8:a8:c1:e4:c9:2e:9f:18:f3:4a:fe:27:
         55:ae:87:c9
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzIASk4hWYVotO7T3aqVOjeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiODU4OTRhODRiYWEwZWNhMGU2ZWY0NGE5OTJmYzJiYTAw
ZjUyNzcwHhcNMjQwMTAyMDIyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTk0MzZlZmM4YmM5MzZlMWNiZTQxMGQwZjNjZGY0NDdjYWZjNjM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5w+Q0K0YY/Qxjty49J+Ybj+F1v5a
zDdiSPu9YfsiWoZiz+zk7bHHVMUNzT6WUTZJ8mvZbR9HkEMsyaLD4lKb1xqPJZmC
26Fpcogse7AMo6zJalmpIusiSvX9NrtV8OYuDtjPl3Sh4JOk440mwcAJ6mScSAs8
wbf7NvvnTDKagT50VxzRADz8Q0TCfAQM8s2MyrZoAbeuRH59H5VopKw1pfnGJWhs
QPz038n0SxKKkziZDZCb8YBdfH+kDKU0mAcWB48gvcRPLM1oyUkKNIlJ7AUoZXBD
EgD7PjklQgVPMc/5l1summlK4lURctt9BzlSAHW10Er/qaC2GBcRMntPhQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFFWUNu/IvJNuHL5BDQ8830R8r8Y5MB8GA1UdIwQY
MBaAFGuFiUqEuqDsoObvRKmS/CugD1J3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTRXSlNvUzZvT3lnNXU5RXFaTDhLNkFQVW5jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi9mNWMwMjAtZTFkNy00ZmU5LTgzYzAt
YTNiZTYzYjg1NzJmLzEvVlpRMjc4aThrMjRjdmtFTkR6emZSSHl2eGprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi9mNWMwMjAtZTFkNy00ZmU5LTgzYzAtYTNiZTYzYjg1NzJm
LzEvYTRXSlNvUzZvT3lnNXU5RXFaTDhLNkFQVW5jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABNT3kD
BABNT3owDQYJKoZIhvcNAQELBQADggEBAEF72n/cvOspItbzhayEXoTwddOn/3vo
IXJDnYw/2BHA1TexZgzB+CxJS2zMY2fO4C+AYyKl69Gy90TX4YiVl1E0ZsirpGRs
spKMlGpXhEeQ5+QKPpTZz5p9gcM061TbNKXAqdBjcGTIDIwbjkEMiHWSFPTJ1b8g
SFVegw54SY5YEY4wvvLkfF5EJYNFl6PpwequDiEdLAy+2SuY0ddpnFpp6pgfYX+O
8gptEoyNJexCrxcLUQZlleEQS0FAmmB1JKshVGi7UpFfBWq/Ml1z8rk1kbA6cCxv
uqWyiOzlDHPE/AoWm4WbOL1zNKbF2FGJV7ioweTJLp8Y80r+J1Wuh8k=
-----END CERTIFICATE-----