Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/237106-d08d-4aa0-ac82-f60af2a82060/1/77LOUy6j2cIEWICrNczLZLaV_FM.roa
File:                     77LOUy6j2cIEWICrNczLZLaV_FM.roa (raw, json)
Hash identifier:          wi+Hh1QbfgZzBkuoDy/nvQB/ufP5s6yS7BaEZc5X6jg=
Subject key identifier:   EF:B2:CE:53:2E:A3:D9:C2:04:58:80:AB:35:CC:CB:64:B6:95:FC:53
Certificate issuer:       /CN=39732dcd0c35426144f9f026754179dfaebe8958
Certificate serial:       018CC8DFA04342F86AC47C9E73FD670F2D01
Authority key identifier: 39:73:2D:CD:0C:35:42:61:44:F9:F0:26:75:41:79:DF:AE:BE:89:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OXMtzQw1QmFE-fAmdUF5366-iVg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/237106-d08d-4aa0-ac82-f60af2a82060/1/77LOUy6j2cIEWICrNczLZLaV_FM.roa
Signing time:             Tue 02 Jan 2024 06:32:27 +0000
ROA not before:           Tue 02 Jan 2024 06:32:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201240
IP address blocks:        192.166.240.0/24 maxlen: 24
                          2a07:eec0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/237106-d08d-4aa0-ac82-f60af2a82060/1/OXMtzQw1QmFE-fAmdUF5366-iVg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/237106-d08d-4aa0-ac82-f60af2a82060/1/OXMtzQw1QmFE-fAmdUF5366-iVg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OXMtzQw1QmFE-fAmdUF5366-iVg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 21 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:a0:43:42:f8:6a:c4:7c:9e:73:fd:67:0f:2d:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39732dcd0c35426144f9f026754179dfaebe8958
        Validity
            Not Before: Jan  2 06:32:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=efb2ce532ea3d9c2045880ab35cccb64b695fc53
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:fd:50:e2:64:b1:e8:2a:c2:5a:7f:4a:c5:db:
                    60:82:0b:94:48:79:37:2b:9d:df:f1:f9:c6:aa:70:
                    7a:7c:e5:94:5f:25:e9:37:cf:5a:c6:0e:bc:9f:f3:
                    be:f3:44:7d:62:38:a5:06:f1:1a:1f:93:19:6a:55:
                    9c:dd:a5:17:bc:8c:4f:f0:32:34:f9:e7:6c:f9:71:
                    ca:d8:26:7e:ee:86:cc:e8:69:03:61:9b:ad:23:03:
                    79:a0:b0:af:00:8b:7d:ef:11:01:e7:d0:7b:4d:90:
                    6f:f1:c2:1f:12:4e:37:64:ed:a3:c5:a6:4d:af:f7:
                    9d:6f:24:34:85:a3:5a:14:d9:39:ab:58:b9:28:a9:
                    77:5d:79:48:64:de:1d:84:1c:3d:25:2a:b5:66:ef:
                    aa:e4:ca:cd:31:2c:de:d2:a6:6d:6e:ff:90:13:be:
                    9d:21:0d:5c:82:ff:f8:b8:1b:1b:bf:92:69:95:6e:
                    28:ed:fd:87:d7:d8:a2:f4:32:2a:44:75:c7:e3:9b:
                    83:0b:87:aa:ac:34:59:ad:93:6e:0c:0c:f3:b6:8b:
                    62:6c:dd:48:25:9b:be:fc:53:10:b6:c1:75:62:af:
                    0b:ab:d1:6c:6f:64:72:19:f3:92:1e:a5:5d:e8:b4:
                    69:85:1a:3a:b9:e5:ae:75:3f:9c:41:78:db:ca:05:
                    7d:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:B2:CE:53:2E:A3:D9:C2:04:58:80:AB:35:CC:CB:64:B6:95:FC:53
            X509v3 Authority Key Identifier:
                keyid:39:73:2D:CD:0C:35:42:61:44:F9:F0:26:75:41:79:DF:AE:BE:89:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OXMtzQw1QmFE-fAmdUF5366-iVg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/237106-d08d-4aa0-ac82-f60af2a82060/1/77LOUy6j2cIEWICrNczLZLaV_FM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/237106-d08d-4aa0-ac82-f60af2a82060/1/OXMtzQw1QmFE-fAmdUF5366-iVg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.166.240.0/24
                IPv6:
                  2a07:eec0::/29

    Signature Algorithm: sha256WithRSAEncryption
         60:2a:44:af:7c:4e:75:23:f7:ab:1f:31:8d:3f:84:ea:d9:5c:
         68:7e:cd:15:35:eb:93:f9:82:e3:61:3c:6d:f8:ab:74:4c:8e:
         48:99:0b:07:73:c3:ee:5e:27:1c:0e:cc:f3:e6:18:7c:e1:9d:
         7e:f1:9f:4a:b1:3e:ec:60:c4:3c:bc:88:97:1d:03:c5:21:b3:
         a6:29:c4:cb:0e:4d:64:67:71:cd:91:41:dd:83:99:44:d1:34:
         67:65:ca:63:b4:d6:94:ef:5a:64:1e:3d:eb:c9:98:e7:65:59:
         21:da:92:00:1d:46:87:b9:5d:a1:db:80:44:3d:3e:36:e1:47:
         e9:01:0b:f3:25:77:42:2a:55:c0:41:2e:69:69:4e:88:f3:f0:
         2b:50:b7:c9:42:f0:29:5c:67:24:59:cd:a7:04:58:9b:95:14:
         bd:50:60:14:62:2b:d7:ff:02:c4:43:cd:77:10:57:91:fa:d7:
         bf:d0:69:61:b4:2b:ac:53:95:0f:5c:a8:73:f7:09:62:45:af:
         87:fb:87:67:71:70:6b:d4:75:bd:31:06:ae:69:ad:fe:a7:f1:
         51:a9:91:40:80:68:c8:d1:b9:5e:10:01:a0:17:b1:ea:5a:36:
         86:b5:6b:19:9e:73:23:38:82:9a:55:6e:14:3d:f1:1d:23:69:
         8d:bd:76:50
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzI36BDQvhqxHyec/1nDy0BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5NzMyZGNkMGMzNTQyNjE0NGY5ZjAyNjc1NDE3OWRmYWVi
ZTg5NTgwHhcNMjQwMTAyMDYzMjI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZmIyY2U1MzJlYTNkOWMyMDQ1ODgwYWIzNWNjY2I2NGI2OTVmYzUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkP1Q4mSx6CrCWn9KxdtggguUSHk3
K53f8fnGqnB6fOWUXyXpN89axg68n/O+80R9YjilBvEaH5MZalWc3aUXvIxP8DI0
+eds+XHK2CZ+7obM6GkDYZutIwN5oLCvAIt97xEB59B7TZBv8cIfEk43ZO2jxaZN
r/edbyQ0haNaFNk5q1i5KKl3XXlIZN4dhBw9JSq1Zu+q5MrNMSze0qZtbv+QE76d
IQ1cgv/4uBsbv5JplW4o7f2H19ii9DIqRHXH45uDC4eqrDRZrZNuDAzztotibN1I
JZu+/FMQtsF1Yq8Lq9Fsb2RyGfOSHqVd6LRphRo6ueWudT+cQXjbygV9RwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFO+yzlMuo9nCBFiAqzXMy2S2lfxTMB8GA1UdIwQY
MBaAFDlzLc0MNUJhRPnwJnVBed+uvolYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1hNdHpRdzFRbUZFLWZBbWRVRjUzNjYtaVZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy8yMzcxMDYtZDA4ZC00YWEwLWFjODIt
ZjYwYWYyYTgyMDYwLzEvNzdMT1V5NmoyY0lFV0lDck5jekxaTGFWX0ZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy8yMzcxMDYtZDA4ZC00YWEwLWFjODItZjYwYWYyYTgyMDYw
LzEvT1hNdHpRdzFRbUZFLWZBbWRVRjUzNjYtaVZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwKbwMA0E
AgACMAcDBQMqB+7AMA0GCSqGSIb3DQEBCwUAA4IBAQBgKkSvfE51I/erHzGNP4Tq
2Vxofs0VNeuT+YLjYTxt+Kt0TI5ImQsHc8PuXiccDszz5hh84Z1+8Z9KsT7sYMQ8
vIiXHQPFIbOmKcTLDk1kZ3HNkUHdg5lE0TRnZcpjtNaU71pkHj3ryZjnZVkh2pIA
HUaHuV2h24BEPT424UfpAQvzJXdCKlXAQS5paU6I8/ArULfJQvApXGckWc2nBFib
lRS9UGAUYivX/wLEQ813EFeR+te/0GlhtCusU5UPXKhz9wliRa+H+4dncXBr1HW9
MQauaa3+p/FRqZFAgGjI0bleEAGgF7HqWjaGtWsZnnMjOIKaVW4UPfEdI2mNvXZQ
-----END CERTIFICATE-----