Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/TZYvrCx1JpGuu7o5zc1V37RDzbo.roa
File:                     TZYvrCx1JpGuu7o5zc1V37RDzbo.roa (raw, json)
Hash identifier:          AQbPU1WuxuUX6/tIo1DuFU8i+Jtg2uRMSr7kjSt90lo=
Subject key identifier:   4D:96:2F:AC:2C:75:26:91:AE:BB:BA:39:CD:CD:55:DF:B4:43:CD:BA
Certificate issuer:       /CN=7df132df13e4be53d8250c8c48420264eef6c14c
Certificate serial:       01941FFA342422C18478B334CEC56AEC2999
Authority key identifier: 7D:F1:32:DF:13:E4:BE:53:D8:25:0C:8C:48:42:02:64:EE:F6:C1:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/TZYvrCx1JpGuu7o5zc1V37RDzbo.roa
Signing time:             Wed 01 Jan 2025 03:47:58 +0000
ROA not before:           Wed 01 Jan 2025 03:47:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41055
IP address blocks:        77.81.190.0/24 maxlen: 24
                          89.38.27.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/ffEy3xPkvlPYJQyMSEICZO72wUw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/ffEy3xPkvlPYJQyMSEICZO72wUw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 03:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:34:24:22:c1:84:78:b3:34:ce:c5:6a:ec:29:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7df132df13e4be53d8250c8c48420264eef6c14c
        Validity
            Not Before: Jan  1 03:47:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4d962fac2c752691aebbba39cdcd55dfb443cdba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:57:cf:ae:65:2d:0c:79:a4:82:a6:05:3a:73:
                    90:68:e7:b2:1a:55:cd:e4:5f:87:1f:07:dd:f7:3c:
                    77:a8:3e:f9:41:21:bc:3f:f1:cd:83:1a:f8:e7:d8:
                    38:41:80:a5:6e:38:c6:66:97:4c:70:06:b6:60:29:
                    44:fa:a6:6a:c9:e6:c8:a4:af:7e:dd:3e:92:22:e7:
                    af:a6:26:fe:e8:78:9b:4a:5a:c6:42:35:4c:41:36:
                    06:2b:1e:10:c2:bf:5f:2b:eb:65:b3:89:74:f5:30:
                    8e:29:d7:4d:d6:03:ef:26:41:bb:4a:45:53:ed:cc:
                    ae:ff:fe:a9:94:e5:f3:a4:f1:c6:c9:34:50:81:33:
                    1d:9a:19:36:ea:cf:fe:a8:6c:94:ff:56:a4:57:24:
                    35:52:1b:74:47:b2:42:e5:5f:2f:e4:3b:8a:c8:95:
                    e9:02:dd:f6:26:f3:98:14:93:a3:96:e8:5d:b1:70:
                    fc:00:c2:14:c6:31:90:86:a7:b2:66:dd:bd:3e:51:
                    18:67:43:bf:cc:d2:25:ce:47:b6:3c:66:85:de:b2:
                    97:47:39:db:ec:28:43:c7:67:01:c4:81:71:86:0f:
                    80:1e:15:46:44:2f:f9:2c:9a:e7:86:e1:41:05:41:
                    65:79:c8:92:3d:94:b5:5b:03:8c:35:ee:58:ac:07:
                    e7:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:96:2F:AC:2C:75:26:91:AE:BB:BA:39:CD:CD:55:DF:B4:43:CD:BA
            X509v3 Authority Key Identifier:
                keyid:7D:F1:32:DF:13:E4:BE:53:D8:25:0C:8C:48:42:02:64:EE:F6:C1:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/TZYvrCx1JpGuu7o5zc1V37RDzbo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/ffEy3xPkvlPYJQyMSEICZO72wUw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.81.190.0/24
                  89.38.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:45:a1:b0:96:fc:bd:1c:ab:e8:8d:f4:ac:11:81:af:69:c6:
         7f:98:b6:c9:26:62:9c:d7:21:cd:13:02:d3:10:21:a3:1b:16:
         5c:37:f5:b9:6d:59:c4:60:eb:08:a4:23:d0:19:8e:b3:84:96:
         07:5a:a1:26:10:5c:01:67:e5:79:18:07:78:dc:2e:e9:2f:68:
         d1:cf:a9:a7:bd:7f:03:07:89:7f:5f:14:70:f2:c6:a3:6a:76:
         26:f0:aa:4d:6d:69:d4:f8:9e:ee:7f:71:ca:75:0f:c5:ad:40:
         f1:34:50:42:a0:54:1d:52:af:5c:05:16:ae:0a:7c:4c:b9:33:
         30:65:76:9b:37:42:ac:f6:8e:3c:a4:09:84:b1:24:d6:b5:ef:
         42:b8:15:b4:20:fb:82:f7:68:2a:d2:d5:a6:a0:2d:60:cc:6f:
         e6:86:88:91:63:ad:53:ae:0b:fa:25:0b:f4:39:5f:11:df:b5:
         bc:47:c6:38:d7:5c:11:b5:ac:63:27:a7:7a:2c:53:61:13:fc:
         65:3a:6a:6c:24:6a:77:5f:0b:ec:dc:4a:94:25:e6:a8:65:aa:
         61:c4:91:9c:b9:17:20:76:94:a8:dc:af:e0:3c:97:d0:21:05:
         54:bf:1a:a1:7d:c0:4f:c5:1c:ca:40:f7:52:f5:54:6c:22:2b:
         5c:40:8c:75
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQf+jQkIsGEeLM0zsVq7CmZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkZjEzMmRmMTNlNGJlNTNkODI1MGM4YzQ4NDIwMjY0ZWVm
NmMxNGMwHhcNMjUwMTAxMDM0NzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDk2MmZhYzJjNzUyNjkxYWViYmJhMzljZGNkNTVkZmI0NDNjZGJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAslfPrmUtDHmkgqYFOnOQaOeyGlXN
5F+HHwfd9zx3qD75QSG8P/HNgxr459g4QYClbjjGZpdMcAa2YClE+qZqyebIpK9+
3T6SIuevpib+6HibSlrGQjVMQTYGKx4Qwr9fK+tls4l09TCOKddN1gPvJkG7SkVT
7cyu//6plOXzpPHGyTRQgTMdmhk26s/+qGyU/1akVyQ1Uht0R7JC5V8v5DuKyJXp
At32JvOYFJOjluhdsXD8AMIUxjGQhqeyZt29PlEYZ0O/zNIlzke2PGaF3rKXRznb
7ChDx2cBxIFxhg+AHhVGRC/5LJrnhuFBBUFleciSPZS1WwOMNe5YrAfnMwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFE2WL6wsdSaRrru6Oc3NVd+0Q826MB8GA1UdIwQY
MBaAFH3xMt8T5L5T2CUMjEhCAmTu9sFMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmZFeTN4UGt2bFBZSlF5TVNFSUNaTzcyd1V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS9jMzc0OTctNjM3Ni00NjFlLTkzYzYt
OTc3ODY3NGVkYzk3LzEvVFpZdnJDeDFKcEd1dTdvNXpjMVYzN1JEemJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS9jMzc0OTctNjM3Ni00NjFlLTkzYzYtOTc3ODY3NGVkYzk3
LzEvZmZFeTN4UGt2bFBZSlF5TVNFSUNaTzcyd1V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATVG+AwQA
WSYbMA0GCSqGSIb3DQEBCwUAA4IBAQAuRaGwlvy9HKvojfSsEYGvacZ/mLbJJmKc
1yHNEwLTECGjGxZcN/W5bVnEYOsIpCPQGY6zhJYHWqEmEFwBZ+V5GAd43C7pL2jR
z6mnvX8DB4l/XxRw8sajanYm8KpNbWnU+J7uf3HKdQ/FrUDxNFBCoFQdUq9cBRau
CnxMuTMwZXabN0Ks9o48pAmEsSTWte9CuBW0IPuC92gq0tWmoC1gzG/mhoiRY61T
rgv6JQv0OV8R37W8R8Y411wRtaxjJ6d6LFNhE/xlOmpsJGp3Xwvs3EqUJeaoZaph
xJGcuRcgdpSo3K/gPJfQIQVUvxqhfcBPxRzKQPdS9VRsIitcQIx1
-----END CERTIFICATE-----