Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/2sLJBNI5DRBDmFHQo9NHuH0YdgY.roa
File:                     2sLJBNI5DRBDmFHQo9NHuH0YdgY.roa (raw, json)
Hash identifier:          NulK76zmY/XB1rNBZ0EJGrWs9IGbPyFIzscsawCfmjY=
Subject key identifier:   DA:C2:C9:04:D2:39:0D:10:43:98:51:D0:A3:D3:47:B8:7D:18:76:06
Certificate issuer:       /CN=5124fba1e401c03e5ba1cd77ae9ee39cfd631bfb
Certificate serial:       01934D95E70F2112EBC3FA26B2BAEFC8C294
Authority key identifier: 51:24:FB:A1:E4:01:C0:3E:5B:A1:CD:77:AE:9E:E3:9C:FD:63:1B:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/2sLJBNI5DRBDmFHQo9NHuH0YdgY.roa
Signing time:             Thu 21 Nov 2024 07:18:09 +0000
ROA not before:           Thu 21 Nov 2024 07:18:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16276
IP address blocks:        77.246.211.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 01:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:4d:95:e7:0f:21:12:eb:c3:fa:26:b2:ba:ef:c8:c2:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5124fba1e401c03e5ba1cd77ae9ee39cfd631bfb
        Validity
            Not Before: Nov 21 07:18:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dac2c904d2390d10439851d0a3d347b87d187606
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:92:07:db:e2:d4:68:f2:78:9d:e5:45:1e:e7:
                    8f:35:7b:c8:ca:ba:8c:f9:50:94:3f:cd:2f:eb:46:
                    6c:66:02:1a:6a:46:7f:ea:2c:4b:76:2c:10:42:88:
                    38:2e:91:a3:ee:d7:1e:48:44:fe:48:fe:cf:6d:ff:
                    c7:c1:15:f1:ac:dc:ed:39:f6:c2:2f:bb:54:e2:9c:
                    6d:4f:7d:6b:73:96:f5:b3:70:55:1f:4b:f7:37:c7:
                    b3:90:ca:e2:cb:6b:6f:87:03:f3:21:81:2a:e8:e8:
                    19:33:34:cc:68:b4:3f:f2:54:79:b9:30:72:88:38:
                    aa:08:d0:35:77:80:62:ca:f6:d9:46:1f:e6:fc:ad:
                    cc:c9:f3:ca:e3:fb:bd:41:13:a1:4c:90:d9:2f:b4:
                    a5:d1:a8:5b:a3:17:d6:8c:02:c5:56:ab:2f:47:a2:
                    a4:6c:69:7e:c5:74:28:8f:79:c4:ea:02:e5:2b:a1:
                    7a:45:32:ab:16:d1:c2:71:d8:a3:4a:35:93:55:18:
                    57:9b:b1:f9:43:fd:1e:c1:dc:e2:84:50:52:8e:0c:
                    39:be:e7:7e:6d:14:36:12:d8:56:ae:c8:36:6d:bf:
                    05:2c:3f:e2:69:96:27:f2:f9:ac:e8:39:d7:c4:3b:
                    42:36:fe:ae:fb:48:de:db:cf:16:be:2f:8a:4d:17:
                    ef:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:C2:C9:04:D2:39:0D:10:43:98:51:D0:A3:D3:47:B8:7D:18:76:06
            X509v3 Authority Key Identifier:
                keyid:51:24:FB:A1:E4:01:C0:3E:5B:A1:CD:77:AE:9E:E3:9C:FD:63:1B:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/2sLJBNI5DRBDmFHQo9NHuH0YdgY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.246.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:af:fc:af:02:58:a7:7f:85:65:39:74:7c:41:a4:e6:8f:14:
         07:94:64:32:7d:53:00:ff:0f:60:b0:1d:f1:43:b2:27:16:6e:
         7d:de:8a:17:c4:f5:5e:18:e9:2a:31:dd:71:32:5b:3a:21:5f:
         c3:75:12:be:52:d2:2f:44:92:21:a3:11:5b:a4:14:db:85:7c:
         c7:a7:e8:af:07:a1:bd:49:21:8f:9b:b5:94:4d:f9:83:90:8a:
         12:2d:97:40:af:1f:d0:1b:b1:80:93:99:dc:a7:fa:95:20:a6:
         15:7a:94:b0:71:98:96:c8:c4:c4:ad:ba:0b:a8:2f:14:cc:ca:
         2e:7a:72:83:f5:72:a1:e5:4d:7b:e2:d8:95:fe:4c:fa:d1:14:
         77:19:0a:ad:68:8a:b4:ae:99:f5:18:14:b8:72:b2:5a:50:13:
         35:fc:e0:05:9d:9e:4e:35:1c:39:0c:23:e2:21:d5:7c:db:d8:
         29:cf:4f:4c:fe:96:1b:08:11:42:b6:ee:56:61:02:c3:ae:f4:
         6d:8e:f6:ce:eb:a0:fc:a1:9c:3c:19:6c:aa:80:5c:fa:e5:32:
         15:65:dd:30:61:a8:f9:bb:24:94:ab:b0:a7:af:c9:7a:bf:8d:
         70:be:d1:d5:24:d4:15:94:c8:b2:27:70:0d:2a:88:04:ee:8c:
         0c:e4:31:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNNlecPIRLrw/omsrrvyMKUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxMjRmYmExZTQwMWMwM2U1YmExY2Q3N2FlOWVlMzljZmQ2
MzFiZmIwHhcNMjQxMTIxMDcxODA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWMyYzkwNGQyMzkwZDEwNDM5ODUxZDBhM2QzNDdiODdkMTg3NjA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArpIH2+LUaPJ4neVFHuePNXvIyrqM
+VCUP80v60ZsZgIaakZ/6ixLdiwQQog4LpGj7tceSET+SP7Pbf/HwRXxrNztOfbC
L7tU4pxtT31rc5b1s3BVH0v3N8ezkMriy2tvhwPzIYEq6OgZMzTMaLQ/8lR5uTBy
iDiqCNA1d4BiyvbZRh/m/K3MyfPK4/u9QROhTJDZL7Sl0ahboxfWjALFVqsvR6Kk
bGl+xXQoj3nE6gLlK6F6RTKrFtHCcdijSjWTVRhXm7H5Q/0ewdzihFBSjgw5vud+
bRQ2EthWrsg2bb8FLD/iaZYn8vms6DnXxDtCNv6u+0je288Wvi+KTRfvhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNrCyQTSOQ0QQ5hR0KPTR7h9GHYGMB8GA1UdIwQY
MBaAFFEk+6HkAcA+W6HNd66e45z9Yxv7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVNUN29lUUJ3RDVib2MxM3JwN2puUDFqR19zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9iNzE0YWQtMWY3OC00YTEwLThlNjEt
YWI4ZjFmMzM4N2VlLzEvMnNMSkJOSTVEUkJEbUZIUW85Tkh1SDBZZGdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9iNzE0YWQtMWY3OC00YTEwLThlNjEtYWI4ZjFmMzM4N2Vl
LzEvVVNUN29lUUJ3RDVib2MxM3JwN2puUDFqR19zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATfbTMA0G
CSqGSIb3DQEBCwUAA4IBAQBcr/yvAlinf4VlOXR8QaTmjxQHlGQyfVMA/w9gsB3x
Q7InFm593ooXxPVeGOkqMd1xMls6IV/DdRK+UtIvRJIhoxFbpBTbhXzHp+ivB6G9
SSGPm7WUTfmDkIoSLZdArx/QG7GAk5ncp/qVIKYVepSwcZiWyMTErboLqC8UzMou
enKD9XKh5U174tiV/kz60RR3GQqtaIq0rpn1GBS4crJaUBM1/OAFnZ5ONRw5DCPi
IdV829gpz09M/pYbCBFCtu5WYQLDrvRtjvbO66D8oZw8GWyqgFz65TIVZd0wYaj5
uySUq7Cnr8l6v41wvtHVJNQVlMiyJ3ANKogE7owM5DGq
-----END CERTIFICATE-----