Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/mloZgsTp31pDJeebtyv94uSwJ6c.roa
File:                     mloZgsTp31pDJeebtyv94uSwJ6c.roa (raw, json)
Hash identifier:          m0nnlXwCJF4p9t73u7gvP2dRRim8pPRt3OaJSN1z56U=
Subject key identifier:   9A:5A:19:82:C4:E9:DF:5A:43:25:E7:9B:B7:2B:FD:E2:E4:B0:27:A7
Certificate issuer:       /CN=7df132df13e4be53d8250c8c48420264eef6c14c
Certificate serial:       0191272FDC897DCCA5FC0BECC7C82691D9C4
Authority key identifier: 7D:F1:32:DF:13:E4:BE:53:D8:25:0C:8C:48:42:02:64:EE:F6:C1:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/mloZgsTp31pDJeebtyv94uSwJ6c.roa
Signing time:             Tue 06 Aug 2024 10:15:33 +0000
ROA not before:           Tue 06 Aug 2024 10:15:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41055
IP address blocks:        77.81.190.0/24 maxlen: 24
                          89.38.27.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/ffEy3xPkvlPYJQyMSEICZO72wUw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/ffEy3xPkvlPYJQyMSEICZO72wUw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:27:2f:dc:89:7d:cc:a5:fc:0b:ec:c7:c8:26:91:d9:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7df132df13e4be53d8250c8c48420264eef6c14c
        Validity
            Not Before: Aug  6 10:15:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9a5a1982c4e9df5a4325e79bb72bfde2e4b027a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:a0:6b:b7:98:e6:5c:d0:81:fc:9d:56:e0:44:
                    10:cc:b2:6d:19:04:23:a8:b9:0a:99:6a:de:82:4e:
                    c5:71:0c:f5:fd:6b:67:5f:c7:c6:a6:fe:95:5e:39:
                    b1:7b:fb:46:a6:9f:88:51:4b:98:2d:6b:86:3b:b4:
                    24:83:ac:ad:ec:0c:34:f5:54:a8:5a:75:41:3c:b9:
                    c0:c0:be:58:8d:2d:39:3b:b4:7f:04:ff:84:99:f7:
                    1c:27:71:88:6b:34:87:15:21:a3:aa:23:2f:96:aa:
                    21:5c:82:2a:ba:37:29:a5:60:0f:7e:78:81:49:be:
                    c4:a8:d9:4a:73:cb:2e:43:c8:68:bd:db:42:c8:9b:
                    f4:be:ee:21:c7:dc:00:a2:ae:cc:fe:41:fa:1b:65:
                    5b:61:01:3c:3c:ff:9a:3d:b4:91:4b:a3:dc:4a:8d:
                    37:fb:12:28:bb:a6:f5:e5:8a:83:ee:e0:80:99:b1:
                    ef:d4:fb:3f:4c:6d:fe:eb:4b:4c:22:d8:d8:38:e5:
                    72:eb:1b:03:57:e2:a2:12:e4:35:14:83:45:10:0e:
                    7d:1e:c2:01:45:6d:e4:88:dd:14:f6:99:4a:b0:d8:
                    e3:9c:97:6b:b6:1c:d1:4c:36:e0:7c:99:c4:ea:44:
                    9e:f4:a0:bf:2b:3c:89:75:bb:79:92:fb:81:3b:4b:
                    7d:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:5A:19:82:C4:E9:DF:5A:43:25:E7:9B:B7:2B:FD:E2:E4:B0:27:A7
            X509v3 Authority Key Identifier:
                keyid:7D:F1:32:DF:13:E4:BE:53:D8:25:0C:8C:48:42:02:64:EE:F6:C1:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/mloZgsTp31pDJeebtyv94uSwJ6c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/ffEy3xPkvlPYJQyMSEICZO72wUw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.81.190.0/24
                  89.38.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:d5:43:22:68:45:7f:a9:ec:7f:dd:c2:4a:c2:8e:e7:64:98:
         d7:fe:c9:be:07:7e:27:b0:b7:fb:68:0c:fc:cb:ca:83:2d:6c:
         1b:c5:ff:37:58:f8:0d:8f:ef:63:48:9d:02:4a:3f:d6:91:87:
         f7:62:0a:e7:08:57:d6:f4:cb:87:db:b2:bc:c2:0c:88:83:57:
         5f:25:57:6c:14:a8:29:59:8c:c6:a1:2f:cd:6b:16:95:d3:47:
         8e:52:9a:c3:de:62:84:a5:55:43:b0:93:90:b4:9a:0b:64:e3:
         ba:a2:ec:a1:62:06:eb:16:ad:23:36:e5:a0:57:54:52:61:c4:
         05:ae:e3:02:be:ef:60:9a:10:e0:6f:15:92:e1:45:14:70:8b:
         c4:7d:7f:37:0a:03:7f:5f:40:de:74:2c:ec:78:a0:c0:a8:2a:
         ab:48:d4:d3:d8:e2:07:6f:2b:cf:9a:d5:88:1c:d8:66:e2:a8:
         1d:ab:16:5a:cd:9f:12:a3:92:36:84:52:2a:74:a8:c0:6a:0d:
         36:7a:01:09:51:fa:d8:f6:39:3b:a6:f5:62:5c:60:2b:09:ce:
         87:63:86:27:fb:11:9f:0c:24:b2:ca:ec:04:6b:94:1b:9e:85:
         8c:b7:95:04:4f:d0:fa:da:7a:84:4c:5c:d6:5b:2a:8f:f3:8d:
         a6:3a:62:c9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZEnL9yJfcyl/Avsx8gmkdnEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkZjEzMmRmMTNlNGJlNTNkODI1MGM4YzQ4NDIwMjY0ZWVm
NmMxNGMwHhcNMjQwODA2MTAxNTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTVhMTk4MmM0ZTlkZjVhNDMyNWU3OWJiNzJiZmRlMmU0YjAyN2E3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi6Brt5jmXNCB/J1W4EQQzLJtGQQj
qLkKmWregk7FcQz1/WtnX8fGpv6VXjmxe/tGpp+IUUuYLWuGO7Qkg6yt7Aw09VSo
WnVBPLnAwL5YjS05O7R/BP+EmfccJ3GIazSHFSGjqiMvlqohXIIqujcppWAPfniB
Sb7EqNlKc8suQ8hovdtCyJv0vu4hx9wAoq7M/kH6G2VbYQE8PP+aPbSRS6PcSo03
+xIou6b15YqD7uCAmbHv1Ps/TG3+60tMItjYOOVy6xsDV+KiEuQ1FINFEA59HsIB
RW3kiN0U9plKsNjjnJdrthzRTDbgfJnE6kSe9KC/KzyJdbt5kvuBO0t9CwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJpaGYLE6d9aQyXnm7cr/eLksCenMB8GA1UdIwQY
MBaAFH3xMt8T5L5T2CUMjEhCAmTu9sFMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmZFeTN4UGt2bFBZSlF5TVNFSUNaTzcyd1V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS9jMzc0OTctNjM3Ni00NjFlLTkzYzYt
OTc3ODY3NGVkYzk3LzEvbWxvWmdzVHAzMXBESmVlYnR5djk0dVN3SjZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS9jMzc0OTctNjM3Ni00NjFlLTkzYzYtOTc3ODY3NGVkYzk3
LzEvZmZFeTN4UGt2bFBZSlF5TVNFSUNaTzcyd1V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATVG+AwQA
WSYbMA0GCSqGSIb3DQEBCwUAA4IBAQCf1UMiaEV/qex/3cJKwo7nZJjX/sm+B34n
sLf7aAz8y8qDLWwbxf83WPgNj+9jSJ0CSj/WkYf3YgrnCFfW9MuH27K8wgyIg1df
JVdsFKgpWYzGoS/NaxaV00eOUprD3mKEpVVDsJOQtJoLZOO6ouyhYgbrFq0jNuWg
V1RSYcQFruMCvu9gmhDgbxWS4UUUcIvEfX83CgN/X0DedCzseKDAqCqrSNTT2OIH
byvPmtWIHNhm4qgdqxZazZ8So5I2hFIqdKjAag02egEJUfrY9jk7pvViXGArCc6H
Y4Yn+xGfDCSyyuwEa5QbnoWMt5UET9D62nqETFzWWyqP842mOmLJ
-----END CERTIFICATE-----