Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/9e0a67-0d44-429e-9f97-6cf682a185d4/1/kFX-uYTQe-hNv7R7b32AFNfIUMM.roa
File:                     kFX-uYTQe-hNv7R7b32AFNfIUMM.roa (raw, json)
Hash identifier:          dfEaZcwO+Rs/PwwE6piUHmyj/TNPDDXLzEVdyeyS3Ys=
Subject key identifier:   90:55:FE:B9:84:D0:7B:E8:4D:BF:B4:7B:6F:7D:80:14:D7:C8:50:C3
Certificate issuer:       /CN=4983e96ff270f4eca9701258081bb5cf818966c8
Certificate serial:       0194C02E4A0F1E191C077EC79518514DB06A
Authority key identifier: 49:83:E9:6F:F2:70:F4:EC:A9:70:12:58:08:1B:B5:CF:81:89:66:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SYPpb_Jw9OypcBJYCBu1z4GJZsg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/9e0a67-0d44-429e-9f97-6cf682a185d4/1/kFX-uYTQe-hNv7R7b32AFNfIUMM.roa
Signing time:             Sat 01 Feb 2025 06:24:06 +0000
ROA not before:           Sat 01 Feb 2025 06:24:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209836
IP address blocks:        77.74.202.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/9e0a67-0d44-429e-9f97-6cf682a185d4/1/SYPpb_Jw9OypcBJYCBu1z4GJZsg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/9e0a67-0d44-429e-9f97-6cf682a185d4/1/SYPpb_Jw9OypcBJYCBu1z4GJZsg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SYPpb_Jw9OypcBJYCBu1z4GJZsg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:c0:2e:4a:0f:1e:19:1c:07:7e:c7:95:18:51:4d:b0:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4983e96ff270f4eca9701258081bb5cf818966c8
        Validity
            Not Before: Feb  1 06:24:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9055feb984d07be84dbfb47b6f7d8014d7c850c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:0b:54:e2:87:25:14:f6:7b:9d:48:17:83:34:
                    df:bc:5a:6a:1d:9d:60:8e:02:73:f1:df:9e:1e:7a:
                    03:ed:a7:87:00:2e:ef:d6:a6:2d:0b:fc:f7:62:74:
                    7f:fe:b8:f1:c0:34:ca:19:e9:61:f3:d1:7a:89:67:
                    9c:e9:eb:50:d3:ac:a0:ea:43:56:63:0d:b4:b8:3f:
                    96:ff:58:2c:a3:cf:c1:ea:a6:f4:d2:da:3a:de:33:
                    e2:bb:7f:c9:e1:08:1d:77:1b:ae:b3:93:04:c6:0a:
                    b8:7e:bd:32:9f:4c:b8:3d:9d:3d:08:85:b7:ab:75:
                    9d:c0:c9:66:91:d3:31:ed:cc:b6:f8:ad:76:ac:c3:
                    ea:48:a2:0e:8f:0b:e3:df:27:6a:81:bd:5d:a5:50:
                    f7:f7:a3:8a:0f:80:0a:7f:99:bd:1e:75:71:87:97:
                    0e:78:ec:2a:0e:76:6f:f4:b2:5f:0f:f5:e8:7d:96:
                    c7:cd:79:08:b8:94:b1:e5:99:e8:a5:71:b8:27:da:
                    01:54:a2:1c:60:39:b7:3b:1e:47:f6:4e:46:39:aa:
                    8b:8d:4d:5f:a9:e1:e1:89:d4:75:15:b6:54:1c:6f:
                    d8:0e:d1:11:f0:6e:cd:ae:c2:f1:fb:2d:e9:4f:a7:
                    06:a5:44:8e:20:57:fd:a9:ed:b1:c1:e1:0c:8e:36:
                    0b:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:55:FE:B9:84:D0:7B:E8:4D:BF:B4:7B:6F:7D:80:14:D7:C8:50:C3
            X509v3 Authority Key Identifier:
                keyid:49:83:E9:6F:F2:70:F4:EC:A9:70:12:58:08:1B:B5:CF:81:89:66:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SYPpb_Jw9OypcBJYCBu1z4GJZsg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/9e0a67-0d44-429e-9f97-6cf682a185d4/1/kFX-uYTQe-hNv7R7b32AFNfIUMM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/9e0a67-0d44-429e-9f97-6cf682a185d4/1/SYPpb_Jw9OypcBJYCBu1z4GJZsg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.74.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:b8:e7:bd:7f:1b:2a:eb:29:b9:15:c1:60:a4:cc:db:2d:98:
         85:6c:59:97:78:70:c0:08:bc:7e:07:26:e0:10:f2:bf:3a:64:
         01:26:4e:a8:2a:7c:57:1b:a7:39:04:e8:3d:02:2c:40:ad:97:
         9a:b0:5c:1f:2b:6e:b4:ab:95:5c:a7:54:5f:45:f3:9d:5e:7d:
         e1:53:3a:15:96:eb:ff:2d:09:52:c6:97:6f:bb:21:70:d9:ad:
         99:f4:0d:32:32:f5:4f:47:93:fc:f0:b0:28:5c:39:82:0b:ac:
         89:6c:ec:16:73:11:e0:05:4b:e4:72:2d:a4:80:55:31:f8:4d:
         8b:e3:e3:35:22:0d:ef:65:be:9f:c7:df:57:b4:56:e8:5b:a5:
         05:ea:6b:c0:bd:8a:fa:a1:12:f7:3c:5c:f6:87:18:ad:2b:9c:
         30:ef:47:a4:00:7d:bb:40:89:3d:a2:22:43:11:3a:66:8e:ab:
         af:89:81:ce:86:e4:8f:eb:6c:06:4b:ea:76:c6:30:39:f7:65:
         b7:9b:82:86:c7:fe:22:b7:cf:3c:c0:2c:7c:10:07:56:e8:0e:
         87:f3:7a:bf:fa:89:c1:99:e3:fe:7c:59:a8:1c:48:9a:8e:1a:
         f9:e4:3e:6c:16:db:5f:6a:7b:e5:74:99:a6:f6:96:3b:b0:73:
         4c:63:2b:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZTALkoPHhkcB37HlRhRTbBqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ODNlOTZmZjI3MGY0ZWNhOTcwMTI1ODA4MWJiNWNmODE4
OTY2YzgwHhcNMjUwMjAxMDYyNDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDU1ZmViOTg0ZDA3YmU4NGRiZmI0N2I2ZjdkODAxNGQ3Yzg1MGMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzgtU4oclFPZ7nUgXgzTfvFpqHZ1g
jgJz8d+eHnoD7aeHAC7v1qYtC/z3YnR//rjxwDTKGelh89F6iWec6etQ06yg6kNW
Yw20uD+W/1gso8/B6qb00to63jPiu3/J4Qgddxuus5MExgq4fr0yn0y4PZ09CIW3
q3WdwMlmkdMx7cy2+K12rMPqSKIOjwvj3ydqgb1dpVD396OKD4AKf5m9HnVxh5cO
eOwqDnZv9LJfD/XofZbHzXkIuJSx5ZnopXG4J9oBVKIcYDm3Ox5H9k5GOaqLjU1f
qeHhidR1FbZUHG/YDtER8G7NrsLx+y3pT6cGpUSOIFf9qe2xweEMjjYL/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJBV/rmE0HvoTb+0e299gBTXyFDDMB8GA1UdIwQY
MBaAFEmD6W/ycPTsqXASWAgbtc+BiWbIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1lQcGJfSnc5T3lwY0JKWUNCdTF6NEdKWnNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy85ZTBhNjctMGQ0NC00MjllLTlmOTct
NmNmNjgyYTE4NWQ0LzEva0ZYLXVZVFFlLWhOdjdSN2IzMkFGTmZJVU1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy85ZTBhNjctMGQ0NC00MjllLTlmOTctNmNmNjgyYTE4NWQ0
LzEvU1lQcGJfSnc5T3lwY0JKWUNCdTF6NEdKWnNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATUrKMA0G
CSqGSIb3DQEBCwUAA4IBAQCBuOe9fxsq6ym5FcFgpMzbLZiFbFmXeHDACLx+Bybg
EPK/OmQBJk6oKnxXG6c5BOg9AixArZeasFwfK260q5Vcp1RfRfOdXn3hUzoVluv/
LQlSxpdvuyFw2a2Z9A0yMvVPR5P88LAoXDmCC6yJbOwWcxHgBUvkci2kgFUx+E2L
4+M1Ig3vZb6fx99XtFboW6UF6mvAvYr6oRL3PFz2hxitK5ww70ekAH27QIk9oiJD
ETpmjquviYHOhuSP62wGS+p2xjA592W3m4KGx/4it888wCx8EAdW6A6H83q/+onB
meP+fFmoHEiajhr55D5sFttfanvldJmm9pY7sHNMYysi
-----END CERTIFICATE-----