Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/nDKGQ3EtYAnkRGPpDip5ZwR942E.roa
File:                     nDKGQ3EtYAnkRGPpDip5ZwR942E.roa (raw, json)
Hash identifier:          6m7qLGhEU4pemxqSNwDdGlSZ8Xogv8QqReZpK2qTpr4=
Subject key identifier:   9C:32:86:43:71:2D:60:09:E4:44:63:E9:0E:2A:79:67:04:7D:E3:61
Certificate issuer:       /CN=5124fba1e401c03e5ba1cd77ae9ee39cfd631bfb
Certificate serial:       018CC8DF93C9F0F5846E0CE8FEA4E23555A4
Authority key identifier: 51:24:FB:A1:E4:01:C0:3E:5B:A1:CD:77:AE:9E:E3:9C:FD:63:1B:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/nDKGQ3EtYAnkRGPpDip5ZwR942E.roa
Signing time:             Tue 02 Jan 2024 06:32:24 +0000
ROA not before:           Tue 02 Jan 2024 06:32:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60447
IP address blocks:        77.246.208.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 11:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:93:c9:f0:f5:84:6e:0c:e8:fe:a4:e2:35:55:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5124fba1e401c03e5ba1cd77ae9ee39cfd631bfb
        Validity
            Not Before: Jan  2 06:32:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9c328643712d6009e44463e90e2a7967047de361
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:8c:de:52:09:25:19:67:ce:e3:f9:73:8e:e2:
                    e6:c3:34:1f:f0:7a:59:3b:9b:e9:a3:cf:2f:c0:e4:
                    34:c3:a7:d8:bc:59:24:48:50:76:61:77:ed:e0:dc:
                    76:a7:f1:62:f0:d2:5c:07:b6:28:43:5a:87:6a:b2:
                    60:4b:b4:85:80:b2:b0:31:3b:63:c9:b5:19:c8:44:
                    70:99:dc:fc:38:c3:e0:24:4d:39:4f:3e:fd:3f:68:
                    24:7d:81:ad:d5:29:61:da:10:58:68:37:22:97:8c:
                    41:a4:75:20:05:e9:69:93:af:94:f2:bf:63:20:37:
                    aa:31:33:9f:49:2d:f1:77:cb:48:09:92:a4:1e:86:
                    82:fe:07:27:22:3d:72:2f:c8:b5:f8:e0:1d:9a:07:
                    15:af:31:15:de:c0:a9:2e:16:43:01:c9:47:d9:10:
                    28:52:74:02:a3:53:d2:41:a2:1c:e8:ae:28:0e:2e:
                    48:8d:f1:df:91:a8:e9:50:83:0e:d1:33:dc:95:43:
                    c0:c4:ab:c7:3c:c1:47:f2:9d:1c:d3:f1:83:f6:29:
                    34:57:b7:56:e4:ff:56:f7:a3:8c:ca:b6:73:58:1f:
                    ea:3f:37:d0:60:52:8d:00:59:2e:e2:a7:ce:28:a6:
                    b9:a6:4a:3f:d2:46:6d:0c:4f:21:a0:a6:b4:f1:04:
                    c0:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:32:86:43:71:2D:60:09:E4:44:63:E9:0E:2A:79:67:04:7D:E3:61
            X509v3 Authority Key Identifier:
                keyid:51:24:FB:A1:E4:01:C0:3E:5B:A1:CD:77:AE:9E:E3:9C:FD:63:1B:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/nDKGQ3EtYAnkRGPpDip5ZwR942E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.246.208.0/23

    Signature Algorithm: sha256WithRSAEncryption
         51:f1:c5:91:d8:59:25:a1:a0:cc:c8:aa:07:75:ec:14:b3:34:
         e9:3d:69:6a:32:95:f6:36:7b:47:17:fa:d8:5e:8d:c5:51:34:
         69:d2:67:4a:da:c6:4c:d4:34:4c:81:74:a0:0a:bc:3f:a6:a5:
         be:86:a2:fd:42:8d:fb:54:a1:ff:a8:b5:86:83:a7:b9:62:23:
         e6:51:ed:fe:8f:95:26:17:9e:46:61:78:fc:b1:21:aa:16:1c:
         0e:7f:d2:33:d5:e1:14:ba:d0:e3:1f:ca:f6:ba:bc:dd:2c:8f:
         17:e9:70:a2:cd:18:b9:a9:7a:db:7b:f0:e7:33:b4:a0:81:32:
         ed:78:d1:05:fb:01:40:c3:26:6d:b8:d4:1f:40:f4:41:ac:8e:
         a8:46:d2:29:a7:f0:65:e2:7d:e6:89:d6:a1:38:e4:20:4c:f9:
         f8:56:be:5b:41:d9:4b:2c:9a:02:01:56:71:87:42:2c:99:ee:
         68:ee:c5:12:83:08:20:91:a9:86:34:1f:5b:7c:c1:7c:b1:73:
         5f:7b:ae:04:7d:80:87:e4:07:84:c1:cc:e2:7b:ba:ab:cb:41:
         70:0f:5c:97:9d:cb:bb:18:d0:da:a4:0e:69:8e:1c:fa:d6:22:
         21:92:74:cc:8e:e2:2e:b8:14:45:b7:25:17:f4:85:7a:bb:ed:
         91:3f:b9:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI35PJ8PWEbgzo/qTiNVWkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxMjRmYmExZTQwMWMwM2U1YmExY2Q3N2FlOWVlMzljZmQ2
MzFiZmIwHhcNMjQwMTAyMDYzMjI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzMyODY0MzcxMmQ2MDA5ZTQ0NDYzZTkwZTJhNzk2NzA0N2RlMzYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxYzeUgklGWfO4/lzjuLmwzQf8HpZ
O5vpo88vwOQ0w6fYvFkkSFB2YXft4Nx2p/Fi8NJcB7YoQ1qHarJgS7SFgLKwMTtj
ybUZyERwmdz8OMPgJE05Tz79P2gkfYGt1Slh2hBYaDcil4xBpHUgBelpk6+U8r9j
IDeqMTOfSS3xd8tICZKkHoaC/gcnIj1yL8i1+OAdmgcVrzEV3sCpLhZDAclH2RAo
UnQCo1PSQaIc6K4oDi5IjfHfkajpUIMO0TPclUPAxKvHPMFH8p0c0/GD9ik0V7dW
5P9W96OMyrZzWB/qPzfQYFKNAFku4qfOKKa5pko/0kZtDE8hoKa08QTAXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJwyhkNxLWAJ5ERj6Q4qeWcEfeNhMB8GA1UdIwQY
MBaAFFEk+6HkAcA+W6HNd66e45z9Yxv7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVNUN29lUUJ3RDVib2MxM3JwN2puUDFqR19zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9iNzE0YWQtMWY3OC00YTEwLThlNjEt
YWI4ZjFmMzM4N2VlLzEvbkRLR1EzRXRZQW5rUkdQcERpcDVad1I5NDJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9iNzE0YWQtMWY3OC00YTEwLThlNjEtYWI4ZjFmMzM4N2Vl
LzEvVVNUN29lUUJ3RDVib2MxM3JwN2puUDFqR19zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBTfbQMA0G
CSqGSIb3DQEBCwUAA4IBAQBR8cWR2FkloaDMyKoHdewUszTpPWlqMpX2NntHF/rY
Xo3FUTRp0mdK2sZM1DRMgXSgCrw/pqW+hqL9Qo37VKH/qLWGg6e5YiPmUe3+j5Um
F55GYXj8sSGqFhwOf9Iz1eEUutDjH8r2urzdLI8X6XCizRi5qXrbe/DnM7SggTLt
eNEF+wFAwyZtuNQfQPRBrI6oRtIpp/Bl4n3midahOOQgTPn4Vr5bQdlLLJoCAVZx
h0Isme5o7sUSgwggkamGNB9bfMF8sXNfe64EfYCH5AeEwczie7qry0FwD1yXncu7
GNDapA5pjhz61iIhknTMjuIuuBRFtyUX9IV6u+2RP7kU
-----END CERTIFICATE-----