Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/63509c-5676-4eaf-99d4-eecd28e28e35/1/hFiYcjc5T-AOtTGLXhWbkO_SGl8.roa
File:                     hFiYcjc5T-AOtTGLXhWbkO_SGl8.roa (raw, json)
Hash identifier:          gFdJtltQDkQCEX9Ma0dTe94IPk5E2PTpxFFNtTgaiyc=
Subject key identifier:   84:58:98:72:37:39:4F:E0:0E:B5:31:8B:5E:15:9B:90:EF:D2:1A:5F
Certificate issuer:       /CN=ee8ba8824c5c8d207326a4a3ab893ebb8f5096ad
Certificate serial:       018CC26D7F9296FB2B8997B36C579DBA8903
Authority key identifier: EE:8B:A8:82:4C:5C:8D:20:73:26:A4:A3:AB:89:3E:BB:8F:50:96:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7ouogkxcjSBzJqSjq4k-u49Qlq0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/63509c-5676-4eaf-99d4-eecd28e28e35/1/hFiYcjc5T-AOtTGLXhWbkO_SGl8.roa
Signing time:             Mon 01 Jan 2024 00:30:05 +0000
ROA not before:           Mon 01 Jan 2024 00:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     32787
IP address blocks:        77.232.97.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/63509c-5676-4eaf-99d4-eecd28e28e35/1/7ouogkxcjSBzJqSjq4k-u49Qlq0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/63509c-5676-4eaf-99d4-eecd28e28e35/1/7ouogkxcjSBzJqSjq4k-u49Qlq0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7ouogkxcjSBzJqSjq4k-u49Qlq0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 13:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:7f:92:96:fb:2b:89:97:b3:6c:57:9d:ba:89:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee8ba8824c5c8d207326a4a3ab893ebb8f5096ad
        Validity
            Not Before: Jan  1 00:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8458987237394fe00eb5318b5e159b90efd21a5f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:fa:39:79:6f:d0:a5:13:78:0b:82:03:16:2f:
                    23:55:04:5d:a0:83:cb:6b:18:7f:5d:19:29:a9:bd:
                    9c:37:75:79:78:c4:43:c8:9b:da:d0:58:4c:94:0d:
                    8d:1e:6e:7f:7b:ed:47:f5:3d:48:2a:18:28:50:38:
                    e0:c1:7b:f3:34:21:bb:cc:c3:eb:16:e5:7e:bd:10:
                    dc:f0:bd:ec:5d:a7:29:b0:41:f1:af:e1:37:5e:86:
                    3a:20:22:8d:29:22:af:3b:c5:50:a1:d9:8f:72:fb:
                    28:0e:54:c4:dc:e8:ee:4f:38:f4:56:56:a3:ca:81:
                    38:a0:af:99:85:73:e0:dd:48:97:dd:0b:bd:aa:1f:
                    bf:1e:cc:88:3e:e9:e1:e3:d9:d0:5c:3b:10:3f:54:
                    a4:8d:06:a6:e5:1e:3c:9a:15:e3:3d:19:71:a5:70:
                    5a:a4:e3:1f:10:fa:89:30:a0:a6:c7:2b:9d:be:e7:
                    21:cf:05:84:eb:f5:d8:1b:56:7f:f4:04:8e:48:87:
                    a2:4b:0a:92:1a:aa:96:91:e2:89:6d:fd:3e:c7:94:
                    44:31:f0:c9:7c:03:42:c0:f2:35:df:53:0b:f9:34:
                    a1:48:03:12:ed:08:b6:22:65:df:6c:79:a3:f6:38:
                    2d:e2:57:ef:9a:31:0f:e8:81:f1:9e:fc:41:73:5b:
                    44:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:58:98:72:37:39:4F:E0:0E:B5:31:8B:5E:15:9B:90:EF:D2:1A:5F
            X509v3 Authority Key Identifier:
                keyid:EE:8B:A8:82:4C:5C:8D:20:73:26:A4:A3:AB:89:3E:BB:8F:50:96:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7ouogkxcjSBzJqSjq4k-u49Qlq0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/63509c-5676-4eaf-99d4-eecd28e28e35/1/hFiYcjc5T-AOtTGLXhWbkO_SGl8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/63509c-5676-4eaf-99d4-eecd28e28e35/1/7ouogkxcjSBzJqSjq4k-u49Qlq0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.232.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:4c:91:cb:5b:13:ca:74:c0:85:2f:45:1b:4d:f2:04:c2:90:
         46:c9:9d:1e:ba:3b:72:af:bc:eb:32:e2:a4:e2:8c:cc:aa:fa:
         e9:0a:25:e1:dd:34:ce:05:d9:b6:ad:e2:cf:0a:52:25:09:e8:
         b8:74:b8:72:f1:f6:9e:70:57:24:ce:8d:90:7a:c0:30:e4:3f:
         4f:c3:c8:9c:3f:37:b0:30:98:66:3c:88:0e:fb:09:2c:77:55:
         38:5b:b2:f4:63:33:21:03:0d:0e:f7:08:81:2c:a9:81:8f:8b:
         d1:9a:1c:67:0d:79:24:19:70:bd:27:10:05:b1:0d:55:89:76:
         7d:8a:cc:b3:ec:1a:3a:62:6a:89:85:b5:c4:6d:65:c4:45:75:
         9f:97:c8:50:d6:97:0f:b2:09:32:d5:dc:8a:5c:2d:36:2b:29:
         b6:21:e4:c0:c4:c6:49:2a:59:63:49:c3:7a:eb:2c:bf:25:d7:
         41:18:c4:d1:c8:82:a8:0e:9f:56:76:0d:51:44:67:71:ee:4d:
         93:2d:86:1f:15:80:2a:f1:36:ed:30:0a:90:c2:2d:98:26:56:
         75:2a:64:b5:77:cf:fa:9e:de:ef:68:c1:3e:fb:f2:47:49:81:
         a9:7d:0e:d9:e9:10:06:d6:fc:8a:c4:14:0c:8b:d9:d6:5a:a5:
         c5:3c:53:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbX+SlvsriZezbFeduokDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlOGJhODgyNGM1YzhkMjA3MzI2YTRhM2FiODkzZWJiOGY1
MDk2YWQwHhcNMjQwMTAxMDAzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDU4OTg3MjM3Mzk0ZmUwMGViNTMxOGI1ZTE1OWI5MGVmZDIxYTVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsfo5eW/QpRN4C4IDFi8jVQRdoIPL
axh/XRkpqb2cN3V5eMRDyJva0FhMlA2NHm5/e+1H9T1IKhgoUDjgwXvzNCG7zMPr
FuV+vRDc8L3sXacpsEHxr+E3XoY6ICKNKSKvO8VQodmPcvsoDlTE3OjuTzj0Vlaj
yoE4oK+ZhXPg3UiX3Qu9qh+/HsyIPunh49nQXDsQP1SkjQam5R48mhXjPRlxpXBa
pOMfEPqJMKCmxyudvuchzwWE6/XYG1Z/9ASOSIeiSwqSGqqWkeKJbf0+x5REMfDJ
fANCwPI131ML+TShSAMS7Qi2ImXfbHmj9jgt4lfvmjEP6IHxnvxBc1tEQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIRYmHI3OU/gDrUxi14Vm5Dv0hpfMB8GA1UdIwQY
MBaAFO6LqIJMXI0gcyako6uJPruPUJatMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN291b2dreGNqU0J6SnFTanE0ay11NDlRbHEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC82MzUwOWMtNTY3Ni00ZWFmLTk5ZDQt
ZWVjZDI4ZTI4ZTM1LzEvaEZpWWNqYzVULUFPdFRHTFhoV2JrT19TR2w4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC82MzUwOWMtNTY3Ni00ZWFmLTk5ZDQtZWVjZDI4ZTI4ZTM1
LzEvN291b2dreGNqU0J6SnFTanE0ay11NDlRbHEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATehhMA0G
CSqGSIb3DQEBCwUAA4IBAQA4TJHLWxPKdMCFL0UbTfIEwpBGyZ0eujtyr7zrMuKk
4ozMqvrpCiXh3TTOBdm2reLPClIlCei4dLhy8faecFckzo2QesAw5D9Pw8icPzew
MJhmPIgO+wksd1U4W7L0YzMhAw0O9wiBLKmBj4vRmhxnDXkkGXC9JxAFsQ1ViXZ9
isyz7Bo6YmqJhbXEbWXERXWfl8hQ1pcPsgky1dyKXC02Kym2IeTAxMZJKlljScN6
6yy/JddBGMTRyIKoDp9Wdg1RRGdx7k2TLYYfFYAq8TbtMAqQwi2YJlZ1KmS1d8/6
nt7vaME++/JHSYGpfQ7Z6RAG1vyKxBQMi9nWWqXFPFMh
-----END CERTIFICATE-----