Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/9ee980-67a2-4d3c-b6ca-fde073588f0f/1/9dW7K3lOxKQprhanyGmDAf7AqgM.roa
File:                     9dW7K3lOxKQprhanyGmDAf7AqgM.roa (raw, json)
Hash identifier:          /pjpvtioHkymWH/uBfh7jveH7e/YSNm97ZPz4PoZi0Q=
Subject key identifier:   F5:D5:BB:2B:79:4E:C4:A4:29:AE:16:A7:C8:69:83:01:FE:C0:AA:03
Certificate issuer:       /CN=b59909ed171b38c1fdc4362229e78d69851de11c
Certificate serial:       018CC6B783D08F07F5060872435B591192AA
Authority key identifier: B5:99:09:ED:17:1B:38:C1:FD:C4:36:22:29:E7:8D:69:85:1D:E1:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tZkJ7RcbOMH9xDYiKeeNaYUd4Rw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/9ee980-67a2-4d3c-b6ca-fde073588f0f/1/9dW7K3lOxKQprhanyGmDAf7AqgM.roa
Signing time:             Mon 01 Jan 2024 20:29:24 +0000
ROA not before:           Mon 01 Jan 2024 20:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49072
IP address blocks:        77.246.217.0/24 maxlen: 24
                          77.246.218.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/9ee980-67a2-4d3c-b6ca-fde073588f0f/1/tZkJ7RcbOMH9xDYiKeeNaYUd4Rw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/9ee980-67a2-4d3c-b6ca-fde073588f0f/1/tZkJ7RcbOMH9xDYiKeeNaYUd4Rw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tZkJ7RcbOMH9xDYiKeeNaYUd4Rw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:83:d0:8f:07:f5:06:08:72:43:5b:59:11:92:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b59909ed171b38c1fdc4362229e78d69851de11c
        Validity
            Not Before: Jan  1 20:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f5d5bb2b794ec4a429ae16a7c8698301fec0aa03
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:72:05:e0:03:46:06:0c:b9:e2:00:2f:90:7f:
                    dc:7c:59:35:e2:72:1e:74:1f:a0:6e:2d:a8:4f:3d:
                    99:e8:6a:0d:38:dc:fa:34:89:87:e8:18:1d:73:36:
                    84:e0:7a:4b:7d:c8:9f:62:6d:77:67:ab:cf:94:77:
                    a6:ce:6b:d1:94:3c:03:8d:08:da:72:30:3c:c5:f1:
                    0d:24:f5:76:f8:c3:ed:c6:4e:67:a2:fa:74:73:56:
                    a0:10:99:4f:20:e0:94:40:05:35:8f:a0:72:6d:69:
                    3e:7b:e5:e4:c2:79:3d:70:47:60:a9:51:7c:1f:40:
                    c2:b8:0b:93:0c:2d:79:a8:b1:d6:98:ee:fa:40:aa:
                    e6:2e:36:ad:6a:5f:a7:0b:5e:1e:a4:ab:e8:27:00:
                    d4:b2:85:95:a8:63:71:4a:10:45:90:06:60:d1:5e:
                    e0:24:b1:69:51:c2:c4:97:e3:da:8d:47:02:1f:aa:
                    59:a3:ea:a9:6d:e8:ce:3e:c3:39:f5:48:8c:ec:0f:
                    c6:fd:27:ce:40:a4:4e:dc:22:fb:cf:d4:ff:93:45:
                    4c:4c:fb:f8:9e:b6:22:5e:88:bc:54:14:d2:ea:e0:
                    6b:2f:1f:5d:2c:a7:d8:6d:ee:7e:b5:53:b7:5d:09:
                    86:19:50:44:6f:6f:79:08:3f:6e:9d:cd:cc:c5:6c:
                    95:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:D5:BB:2B:79:4E:C4:A4:29:AE:16:A7:C8:69:83:01:FE:C0:AA:03
            X509v3 Authority Key Identifier:
                keyid:B5:99:09:ED:17:1B:38:C1:FD:C4:36:22:29:E7:8D:69:85:1D:E1:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tZkJ7RcbOMH9xDYiKeeNaYUd4Rw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/9ee980-67a2-4d3c-b6ca-fde073588f0f/1/9dW7K3lOxKQprhanyGmDAf7AqgM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/9ee980-67a2-4d3c-b6ca-fde073588f0f/1/tZkJ7RcbOMH9xDYiKeeNaYUd4Rw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.246.217.0-77.246.218.255

    Signature Algorithm: sha256WithRSAEncryption
         9d:e4:d6:48:17:b2:8a:47:7a:5d:a8:82:e3:01:27:5c:cd:cb:
         2a:2d:1c:7b:f3:f3:2a:7a:43:bc:11:23:be:4f:05:35:b3:1f:
         2f:57:4d:c4:34:12:d7:79:bc:99:94:2a:cc:c6:36:b3:cd:db:
         87:47:4a:15:a8:4f:b6:40:4f:30:dc:bf:b0:ed:b6:a4:f0:f7:
         fc:9b:75:1a:45:ae:5c:0d:b1:82:ff:81:a3:50:45:e7:d3:c8:
         2f:42:e0:83:c2:aa:3f:32:34:5e:9c:b3:69:65:43:74:b8:3d:
         dd:00:e0:49:5c:43:58:39:21:4e:91:b4:66:87:34:5c:13:21:
         6e:1e:22:86:70:db:55:51:9c:3d:46:9d:47:a6:45:3a:9e:6c:
         8f:e1:92:fe:fb:b6:60:21:a6:53:f7:29:e3:88:07:6c:0b:f7:
         da:6d:9e:94:95:5c:ee:d6:39:35:1c:44:37:de:28:f1:44:1b:
         25:a9:70:73:f4:60:3a:4b:82:b9:e5:a2:ae:34:a2:01:45:48:
         15:d6:1d:a3:85:51:4b:1e:6d:41:8a:7e:fa:d4:c4:61:f7:ee:
         59:1e:64:e5:3d:6e:ff:f6:6e:f5:06:a4:a2:b1:b9:c8:59:8a:
         d5:48:69:26:c1:da:23:89:33:82:46:28:5b:37:f9:a4:fa:0b:
         51:6b:3f:27
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzGt4PQjwf1BghyQ1tZEZKqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1OTkwOWVkMTcxYjM4YzFmZGM0MzYyMjI5ZTc4ZDY5ODUx
ZGUxMWMwHhcNMjQwMTAxMjAyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNWQ1YmIyYjc5NGVjNGE0MjlhZTE2YTdjODY5ODMwMWZlYzBhYTAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtHIF4ANGBgy54gAvkH/cfFk14nIe
dB+gbi2oTz2Z6GoNONz6NImH6BgdczaE4HpLfcifYm13Z6vPlHemzmvRlDwDjQja
cjA8xfENJPV2+MPtxk5novp0c1agEJlPIOCUQAU1j6BybWk+e+Xkwnk9cEdgqVF8
H0DCuAuTDC15qLHWmO76QKrmLjatal+nC14epKvoJwDUsoWVqGNxShBFkAZg0V7g
JLFpUcLEl+PajUcCH6pZo+qpbejOPsM59UiM7A/G/SfOQKRO3CL7z9T/k0VMTPv4
nrYiXoi8VBTS6uBrLx9dLKfYbe5+tVO3XQmGGVBEb295CD9unc3MxWyVpQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFPXVuyt5TsSkKa4Wp8hpgwH+wKoDMB8GA1UdIwQY
MBaAFLWZCe0XGzjB/cQ2IinnjWmFHeEcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFprSjdSY2JPTUg5eERZaUtlZU5hWVVkNFJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi85ZWU5ODAtNjdhMi00ZDNjLWI2Y2Et
ZmRlMDczNTg4ZjBmLzEvOWRXN0szbE94S1FwcmhhbnlHbURBZjdBcWdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi85ZWU5ODAtNjdhMi00ZDNjLWI2Y2EtZmRlMDczNTg4ZjBm
LzEvdFprSjdSY2JPTUg5eERZaUtlZU5hWVVkNFJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABN9tkD
BABN9towDQYJKoZIhvcNAQELBQADggEBAJ3k1kgXsopHel2oguMBJ1zNyyotHHvz
8yp6Q7wRI75PBTWzHy9XTcQ0Etd5vJmUKszGNrPN24dHShWoT7ZATzDcv7DttqTw
9/ybdRpFrlwNsYL/gaNQRefTyC9C4IPCqj8yNF6cs2llQ3S4Pd0A4ElcQ1g5IU6R
tGaHNFwTIW4eIoZw21VRnD1GnUemRTqebI/hkv77tmAhplP3KeOIB2wL99ptnpSV
XO7WOTUcRDfeKPFEGyWpcHP0YDpLgrnloq40ogFFSBXWHaOFUUsebUGKfvrUxGH3
7lkeZOU9bv/2bvUGpKKxuchZitVIaSbB2iOJM4JGKFs3+aT6C1FrPyc=
-----END CERTIFICATE-----