Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/6c2736-ab02-4897-9568-77f6e94e3dcc/1/cyt5czd_RS-8xW_1uqRQ1OQAjM0.roa
File:                     cyt5czd_RS-8xW_1uqRQ1OQAjM0.roa (raw, json)
Hash identifier:          opZalT2/qUnwaHM7i9VhSM1Mthf0xEZYsRHXS3WR8V8=
Subject key identifier:   73:2B:79:73:37:7F:45:2F:BC:C5:6F:F5:BA:A4:50:D4:E4:00:8C:CD
Certificate issuer:       /CN=77f8e7fbd4ab69507fb1fe3579af343a56639086
Certificate serial:       018D8EB75362AE4A1D5F76C83795FA4201C3
Authority key identifier: 77:F8:E7:FB:D4:AB:69:50:7F:B1:FE:35:79:AF:34:3A:56:63:90:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d_jn-9SraVB_sf41ea80OlZjkIY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/6c2736-ab02-4897-9568-77f6e94e3dcc/1/cyt5czd_RS-8xW_1uqRQ1OQAjM0.roa
Signing time:             Fri 09 Feb 2024 16:33:15 +0000
ROA not before:           Fri 09 Feb 2024 16:33:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43648
IP address blocks:        109.107.138.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/6c2736-ab02-4897-9568-77f6e94e3dcc/1/d_jn-9SraVB_sf41ea80OlZjkIY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/6c2736-ab02-4897-9568-77f6e94e3dcc/1/d_jn-9SraVB_sf41ea80OlZjkIY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d_jn-9SraVB_sf41ea80OlZjkIY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 03:05:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:8e:b7:53:62:ae:4a:1d:5f:76:c8:37:95:fa:42:01:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77f8e7fbd4ab69507fb1fe3579af343a56639086
        Validity
            Not Before: Feb  9 16:33:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=732b7973377f452fbcc56ff5baa450d4e4008ccd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:1a:6c:e1:de:62:c5:62:3a:77:8d:13:5f:4f:
                    06:cd:4a:e9:37:6a:38:a4:49:ad:52:28:34:9a:30:
                    5f:10:3b:4f:dc:a0:1e:3c:b4:76:78:c7:d1:91:5d:
                    10:05:16:3d:c6:6e:c4:a5:36:ff:f4:45:c1:b9:3d:
                    92:04:f2:a6:ba:d6:f0:32:b1:8e:a1:f4:dc:3d:67:
                    94:c9:d8:a7:39:d5:c6:7d:07:38:7a:f3:05:5a:fb:
                    c8:65:17:9f:70:55:20:2a:08:5c:b9:44:17:16:5d:
                    98:1a:70:7e:84:82:b4:2b:5e:72:30:b4:c6:5a:f4:
                    27:da:23:7a:d1:34:fd:ed:b7:54:b0:f3:16:a4:1b:
                    0f:fa:cb:b2:af:2b:97:cc:42:46:6e:76:c1:97:c2:
                    2c:2a:df:b2:f8:0e:ee:49:48:b1:4d:53:57:f1:b3:
                    e6:89:e8:de:d1:ed:8a:93:35:23:c8:df:a0:6e:ea:
                    1b:7d:d8:96:1f:53:d4:78:96:70:06:81:0b:b3:5c:
                    64:2e:65:8f:e9:a7:ab:2a:eb:3f:86:e2:44:d2:5e:
                    0c:64:73:17:e0:c9:7d:5b:44:8f:90:6a:fd:08:1f:
                    6d:31:c8:b4:36:8f:07:2a:2b:22:6c:74:24:46:57:
                    a3:75:b8:a8:37:e9:91:e2:40:ed:15:af:f1:31:49:
                    05:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:2B:79:73:37:7F:45:2F:BC:C5:6F:F5:BA:A4:50:D4:E4:00:8C:CD
            X509v3 Authority Key Identifier:
                keyid:77:F8:E7:FB:D4:AB:69:50:7F:B1:FE:35:79:AF:34:3A:56:63:90:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d_jn-9SraVB_sf41ea80OlZjkIY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/6c2736-ab02-4897-9568-77f6e94e3dcc/1/cyt5czd_RS-8xW_1uqRQ1OQAjM0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/6c2736-ab02-4897-9568-77f6e94e3dcc/1/d_jn-9SraVB_sf41ea80OlZjkIY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.107.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:4c:45:ec:6d:67:55:0c:58:60:ac:bc:0d:3d:6f:94:57:d2:
         5f:0b:14:25:58:e1:47:16:ea:70:e1:52:33:12:5b:40:35:8f:
         3e:0b:9b:28:b7:61:60:67:e8:7c:2a:05:bd:c2:2c:14:53:c9:
         df:4b:d6:35:93:86:9e:17:b3:92:8b:31:dc:cf:7c:1c:83:1a:
         fd:d8:bb:0c:c8:a5:d0:8b:96:aa:8b:1f:78:10:d8:94:93:f5:
         64:38:f8:86:09:da:d2:77:2d:4b:09:aa:2c:17:82:5c:f1:0c:
         dc:31:95:82:85:3c:cf:59:ac:36:46:7a:9f:87:30:6f:ed:44:
         82:22:2d:6c:48:76:f7:c7:de:f3:8e:37:3b:60:7a:c1:79:6e:
         07:99:92:cb:2c:2d:e2:e2:e2:ae:41:cf:75:56:ff:f1:27:9a:
         98:46:aa:96:28:63:6e:90:46:dc:61:54:33:92:9c:78:fa:1b:
         d9:8d:47:56:47:d4:70:57:d2:0d:ca:fd:49:06:bb:bd:7a:27:
         2c:37:b7:80:91:a8:d2:fc:ab:ac:d0:0d:61:6a:40:e0:df:91:
         a4:f4:3b:d4:d9:7d:09:97:74:04:e7:dc:d6:54:e3:6a:b4:28:
         af:44:93:af:b4:99:7e:d0:28:36:93:4f:db:59:e4:af:14:8f:
         39:c0:35:3b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2Ot1NirkodX3bIN5X6QgHDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3ZjhlN2ZiZDRhYjY5NTA3ZmIxZmUzNTc5YWYzNDNhNTY2
MzkwODYwHhcNMjQwMjA5MTYzMzE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzJiNzk3MzM3N2Y0NTJmYmNjNTZmZjViYWE0NTBkNGU0MDA4Y2NkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhhps4d5ixWI6d40TX08GzUrpN2o4
pEmtUig0mjBfEDtP3KAePLR2eMfRkV0QBRY9xm7EpTb/9EXBuT2SBPKmutbwMrGO
ofTcPWeUydinOdXGfQc4evMFWvvIZRefcFUgKghcuUQXFl2YGnB+hIK0K15yMLTG
WvQn2iN60TT97bdUsPMWpBsP+suyryuXzEJGbnbBl8IsKt+y+A7uSUixTVNX8bPm
ieje0e2KkzUjyN+gbuobfdiWH1PUeJZwBoELs1xkLmWP6aerKus/huJE0l4MZHMX
4Ml9W0SPkGr9CB9tMci0No8HKisibHQkRlejdbioN+mR4kDtFa/xMUkFfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHMreXM3f0UvvMVv9bqkUNTkAIzNMB8GA1UdIwQY
MBaAFHf45/vUq2lQf7H+NXmvNDpWY5CGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZF9qbi05U3JhVkJfc2Y0MWVhODBPbFpqa0lZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC82YzI3MzYtYWIwMi00ODk3LTk1Njgt
NzdmNmU5NGUzZGNjLzEvY3l0NWN6ZF9SUy04eFdfMXVxUlExT1FBak0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC82YzI3MzYtYWIwMi00ODk3LTk1NjgtNzdmNmU5NGUzZGNj
LzEvZF9qbi05U3JhVkJfc2Y0MWVhODBPbFpqa0lZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbWuKMA0G
CSqGSIb3DQEBCwUAA4IBAQCHTEXsbWdVDFhgrLwNPW+UV9JfCxQlWOFHFupw4VIz
EltANY8+C5sot2FgZ+h8KgW9wiwUU8nfS9Y1k4aeF7OSizHcz3wcgxr92LsMyKXQ
i5aqix94ENiUk/VkOPiGCdrSdy1LCaosF4Jc8QzcMZWChTzPWaw2RnqfhzBv7USC
Ii1sSHb3x97zjjc7YHrBeW4HmZLLLC3i4uKuQc91Vv/xJ5qYRqqWKGNukEbcYVQz
kpx4+hvZjUdWR9RwV9INyv1JBru9eicsN7eAkajS/Kus0A1hakDg35Gk9DvU2X0J
l3QE59zWVONqtCivRJOvtJl+0Cg2k0/bWeSvFI85wDU7
-----END CERTIFICATE-----