Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/5c6f3f-0bab-4fd0-bf94-7656da6ede09/1/9Tzpg50LpD3TwCy6Oow2u7o9fTI.roa
File:                     9Tzpg50LpD3TwCy6Oow2u7o9fTI.roa (raw, json)
Hash identifier:          Lni4OmhSGxJHFHP/YENVq2i9IQyr5tMPDbKM9vokaCY=
Subject key identifier:   F5:3C:E9:83:9D:0B:A4:3D:D3:C0:2C:BA:3A:8C:36:BB:BA:3D:7D:32
Certificate issuer:       /CN=cd979ccf10aff5f773694d9f43e5d5db472d6485
Certificate serial:       018CC649C34CFE68F404FF243826FF10DFB9
Authority key identifier: CD:97:9C:CF:10:AF:F5:F7:73:69:4D:9F:43:E5:D5:DB:47:2D:64:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zZeczxCv9fdzaU2fQ-XV20ctZIU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/5c6f3f-0bab-4fd0-bf94-7656da6ede09/1/9Tzpg50LpD3TwCy6Oow2u7o9fTI.roa
Signing time:             Mon 01 Jan 2024 18:29:32 +0000
ROA not before:           Mon 01 Jan 2024 18:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200701
IP address blocks:        77.244.0.0/20 maxlen: 20
                          185.212.24.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/5c6f3f-0bab-4fd0-bf94-7656da6ede09/1/zZeczxCv9fdzaU2fQ-XV20ctZIU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/5c6f3f-0bab-4fd0-bf94-7656da6ede09/1/zZeczxCv9fdzaU2fQ-XV20ctZIU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zZeczxCv9fdzaU2fQ-XV20ctZIU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 04:03:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:c3:4c:fe:68:f4:04:ff:24:38:26:ff:10:df:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd979ccf10aff5f773694d9f43e5d5db472d6485
        Validity
            Not Before: Jan  1 18:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f53ce9839d0ba43dd3c02cba3a8c36bbba3d7d32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:22:df:df:ff:a4:e7:6d:ac:42:9b:b4:11:cc:
                    14:14:e1:5c:bd:25:86:46:a4:4a:55:de:28:b1:6c:
                    15:00:f9:2c:2d:7a:a7:b3:84:57:e6:c4:aa:0f:80:
                    02:24:f7:f9:05:de:d9:27:98:be:49:a4:b7:ce:61:
                    39:fa:0c:e1:88:9c:05:4c:35:d7:74:a7:13:b7:1d:
                    fc:24:c6:7b:95:95:58:72:b1:27:6b:62:e3:a0:23:
                    21:81:df:48:eb:a0:b1:cf:29:ae:ec:a3:81:c0:4b:
                    d5:2f:f1:e3:eb:0d:e3:66:11:90:97:5b:75:36:11:
                    13:e6:88:21:f1:ed:72:4d:cc:62:53:a5:88:b2:7d:
                    ea:44:e8:69:28:24:b0:5d:91:cb:75:fe:81:66:51:
                    83:62:4f:09:6f:fd:b7:4c:59:9e:b1:b4:43:92:4a:
                    ac:cd:79:d2:7c:ee:4e:67:90:ff:1d:42:0d:4e:55:
                    0c:4f:ad:d8:69:51:c4:67:d6:e1:38:94:fb:7d:33:
                    5b:cb:aa:0e:c9:c3:27:a2:00:64:7b:c2:33:ab:0a:
                    32:74:1e:46:4c:73:8b:91:2e:4c:f6:7c:cf:75:b5:
                    39:83:11:14:32:fd:65:66:5b:63:28:bc:ed:89:05:
                    33:76:87:d7:20:d6:14:15:8f:14:6a:a8:b7:96:3f:
                    3f:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:3C:E9:83:9D:0B:A4:3D:D3:C0:2C:BA:3A:8C:36:BB:BA:3D:7D:32
            X509v3 Authority Key Identifier:
                keyid:CD:97:9C:CF:10:AF:F5:F7:73:69:4D:9F:43:E5:D5:DB:47:2D:64:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zZeczxCv9fdzaU2fQ-XV20ctZIU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/5c6f3f-0bab-4fd0-bf94-7656da6ede09/1/9Tzpg50LpD3TwCy6Oow2u7o9fTI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/5c6f3f-0bab-4fd0-bf94-7656da6ede09/1/zZeczxCv9fdzaU2fQ-XV20ctZIU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.244.0.0/20
                  185.212.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         78:7d:d0:e8:47:bb:15:8e:c5:d6:2c:0a:1e:0f:ac:87:49:4c:
         0f:c5:28:2c:89:1e:9b:c3:80:86:8e:74:10:a9:67:34:bb:09:
         13:21:e1:d3:f4:6b:28:3d:b7:a1:32:41:fc:33:c7:12:72:b4:
         33:3f:43:1b:d7:49:71:5c:42:15:45:43:95:de:d5:e6:0a:49:
         98:a4:7d:4f:d2:b8:d5:7b:d5:7e:90:15:47:fa:b5:e8:24:85:
         f8:21:92:d2:d0:72:e4:6c:1f:6a:be:02:10:8a:e1:04:cc:86:
         7b:79:f6:e3:ce:d0:22:f2:c2:2f:5a:66:70:5f:01:bd:e0:00:
         aa:3a:0c:70:c4:2e:49:17:1b:a9:43:d2:1f:c1:07:ac:a1:a9:
         6c:db:df:cd:e6:d3:7f:00:e7:50:db:63:48:d6:3c:22:83:b4:
         3f:08:c4:5a:f1:05:4d:6a:52:d8:fe:8a:11:a2:f4:71:5f:e0:
         53:9d:c2:61:7e:c0:8c:95:06:95:91:6d:80:e1:1b:56:1c:31:
         69:da:b1:bb:39:5f:e7:8f:68:3b:d4:74:c9:db:ec:19:b4:ac:
         55:93:b1:53:a6:73:04:c5:f3:9a:09:52:b0:86:c1:77:c8:9b:
         b5:c6:69:18:d6:87:09:47:88:7d:1c:9b:98:67:63:43:28:97:
         5a:99:f4:79
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGScNM/mj0BP8kOCb/EN+5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkOTc5Y2NmMTBhZmY1Zjc3MzY5NGQ5ZjQzZTVkNWRiNDcy
ZDY0ODUwHhcNMjQwMTAxMTgyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTNjZTk4MzlkMGJhNDNkZDNjMDJjYmEzYThjMzZiYmJhM2Q3ZDMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlCLf3/+k522sQpu0EcwUFOFcvSWG
RqRKVd4osWwVAPksLXqns4RX5sSqD4ACJPf5Bd7ZJ5i+SaS3zmE5+gzhiJwFTDXX
dKcTtx38JMZ7lZVYcrEna2LjoCMhgd9I66Cxzymu7KOBwEvVL/Hj6w3jZhGQl1t1
NhET5ogh8e1yTcxiU6WIsn3qROhpKCSwXZHLdf6BZlGDYk8Jb/23TFmesbRDkkqs
zXnSfO5OZ5D/HUINTlUMT63YaVHEZ9bhOJT7fTNby6oOycMnogBke8IzqwoydB5G
THOLkS5M9nzPdbU5gxEUMv1lZltjKLztiQUzdofXINYUFY8Uaqi3lj8/ZwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPU86YOdC6Q908AsujqMNru6PX0yMB8GA1UdIwQY
MBaAFM2XnM8Qr/X3c2lNn0Pl1dtHLWSFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelplY3p4Q3Y5ZmR6YVUyZlEtWFYyMGN0WklVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi81YzZmM2YtMGJhYi00ZmQwLWJmOTQt
NzY1NmRhNmVkZTA5LzEvOVR6cGc1MExwRDNUd0N5Nk9vdzJ1N285ZlRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi81YzZmM2YtMGJhYi00ZmQwLWJmOTQtNzY1NmRhNmVkZTA5
LzEvelplY3p4Q3Y5ZmR6YVUyZlEtWFYyMGN0WklVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQETfQAAwQC
udQYMA0GCSqGSIb3DQEBCwUAA4IBAQB4fdDoR7sVjsXWLAoeD6yHSUwPxSgsiR6b
w4CGjnQQqWc0uwkTIeHT9GsoPbehMkH8M8cScrQzP0Mb10lxXEIVRUOV3tXmCkmY
pH1P0rjVe9V+kBVH+rXoJIX4IZLS0HLkbB9qvgIQiuEEzIZ7efbjztAi8sIvWmZw
XwG94ACqOgxwxC5JFxupQ9IfwQesoals29/N5tN/AOdQ22NI1jwig7Q/CMRa8QVN
alLY/ooRovRxX+BTncJhfsCMlQaVkW2A4RtWHDFp2rG7OV/nj2g71HTJ2+wZtKxV
k7FTpnMExfOaCVKwhsF3yJu1xmkY1ocJR4h9HJuYZ2NDKJdamfR5
-----END CERTIFICATE-----