Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/rp5NQe_D3kW1-QJoPx6vifQktYM.roa
File:                     rp5NQe_D3kW1-QJoPx6vifQktYM.roa (raw, json)
Hash identifier:          b5eQz8FhqOUt9Z2FwyDc4M40BpyNr6KEwKadPALspmo=
Subject key identifier:   AE:9E:4D:41:EF:C3:DE:45:B5:F9:02:68:3F:1E:AF:89:F4:24:B5:83
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       018CC2DB62658370AF419AAFE252C8B65F81
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/rp5NQe_D3kW1-QJoPx6vifQktYM.roa
Signing time:             Mon 01 Jan 2024 02:30:06 +0000
ROA not before:           Mon 01 Jan 2024 02:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43991
IP address blocks:        77.243.83.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 13:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:62:65:83:70:af:41:9a:af:e2:52:c8:b6:5f:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: Jan  1 02:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ae9e4d41efc3de45b5f902683f1eaf89f424b583
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:5a:20:a1:38:f6:65:45:76:2c:f5:22:18:39:
                    23:15:79:9c:09:ee:e4:0f:f8:bc:ab:5a:4a:e3:42:
                    67:73:ea:4a:96:07:9d:15:7e:43:ef:02:be:af:b9:
                    a3:82:23:81:c4:01:64:d9:de:b1:e4:ff:22:5f:81:
                    80:24:20:27:66:30:09:d0:18:be:b1:9b:e9:a2:79:
                    f7:ad:00:c9:77:5c:85:0b:7d:1d:80:cc:09:d8:0d:
                    fb:06:4f:e8:18:69:13:ce:c5:7a:4a:de:95:23:46:
                    ce:2e:3e:13:c2:a2:08:91:38:7d:0d:3b:b4:d7:9c:
                    26:57:d6:b1:a9:8d:f2:9e:a0:3c:0e:e9:c4:4f:7e:
                    5f:0c:8e:4f:8f:1a:f5:f0:fd:27:fe:96:e4:27:a8:
                    c7:df:4a:75:9b:d8:95:50:7b:2c:19:41:98:92:64:
                    e5:c9:04:fa:21:a7:8f:6f:9f:06:cf:72:44:35:30:
                    50:eb:36:16:95:0d:77:0b:20:03:54:2c:1e:39:af:
                    18:bf:9b:3c:23:7b:b8:b2:3e:f8:52:b7:f8:e4:5f:
                    e8:1a:06:7e:15:7b:47:de:cb:f0:cf:0a:6f:28:58:
                    3a:39:43:9b:fd:89:5f:ab:ce:be:64:5c:89:36:d5:
                    59:a1:0d:06:30:e0:84:4d:f3:41:19:09:63:1d:27:
                    a0:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:9E:4D:41:EF:C3:DE:45:B5:F9:02:68:3F:1E:AF:89:F4:24:B5:83
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/rp5NQe_D3kW1-QJoPx6vifQktYM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.243.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:c2:57:af:35:dc:03:9a:4b:60:9b:23:65:94:f4:7b:fa:c9:
         9e:17:03:f7:69:73:54:db:3a:6a:ac:a7:e9:91:ed:e7:65:cc:
         3d:ab:ca:41:00:0c:04:78:3f:e6:36:6e:69:c7:91:ef:eb:db:
         e6:dd:cd:27:83:f7:38:7b:ab:ff:e0:a1:8a:0f:f7:d2:de:ec:
         42:21:e8:23:19:83:43:93:01:df:4c:38:c9:53:c8:6a:d7:0f:
         5b:23:2b:d1:6d:59:b0:86:d2:8b:08:19:1c:44:cb:53:01:32:
         0c:3d:33:98:23:6b:de:c2:47:eb:51:72:07:d3:08:cd:f3:dd:
         9f:94:05:2d:3e:2f:bf:b1:cd:97:c8:8b:d5:02:bc:9b:65:60:
         26:58:26:e1:83:41:fe:13:ed:15:5a:b9:65:2e:72:2d:dd:bc:
         6b:3a:95:81:60:b3:ce:44:6c:bb:55:dd:6c:b8:4f:79:04:1b:
         48:fe:f2:9d:8a:9e:bd:1a:96:d6:71:88:b3:70:f0:07:e3:dc:
         76:db:d4:38:ef:44:1d:f9:9f:84:4a:b4:de:e9:9e:81:6e:45:
         3f:51:dd:14:30:c5:15:76:67:d3:67:e1:e9:3a:3c:88:46:5f:
         d6:29:a9:5a:7c:1e:87:c5:22:db:0a:4a:94:73:0c:16:1b:0c:
         e1:9d:d2:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC22Jlg3CvQZqv4lLItl+BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjQwMTAxMDIzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTllNGQ0MWVmYzNkZTQ1YjVmOTAyNjgzZjFlYWY4OWY0MjRiNTgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2logoTj2ZUV2LPUiGDkjFXmcCe7k
D/i8q1pK40Jnc+pKlgedFX5D7wK+r7mjgiOBxAFk2d6x5P8iX4GAJCAnZjAJ0Bi+
sZvponn3rQDJd1yFC30dgMwJ2A37Bk/oGGkTzsV6St6VI0bOLj4TwqIIkTh9DTu0
15wmV9axqY3ynqA8DunET35fDI5Pjxr18P0n/pbkJ6jH30p1m9iVUHssGUGYkmTl
yQT6IaePb58Gz3JENTBQ6zYWlQ13CyADVCweOa8Yv5s8I3u4sj74Urf45F/oGgZ+
FXtH3svwzwpvKFg6OUOb/Ylfq86+ZFyJNtVZoQ0GMOCETfNBGQljHSegCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK6eTUHvw95FtfkCaD8er4n0JLWDMB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvcnA1TlFlX0Qza1cxLVFKb1B4NnZpZlFrdFlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATfNTMA0G
CSqGSIb3DQEBCwUAA4IBAQA1wlevNdwDmktgmyNllPR7+smeFwP3aXNU2zpqrKfp
ke3nZcw9q8pBAAwEeD/mNm5px5Hv69vm3c0ng/c4e6v/4KGKD/fS3uxCIegjGYND
kwHfTDjJU8hq1w9bIyvRbVmwhtKLCBkcRMtTATIMPTOYI2vewkfrUXIH0wjN892f
lAUtPi+/sc2XyIvVArybZWAmWCbhg0H+E+0VWrllLnIt3bxrOpWBYLPORGy7Vd1s
uE95BBtI/vKdip69GpbWcYizcPAH49x229Q470Qd+Z+ESrTe6Z6BbkU/Ud0UMMUV
dmfTZ+HpOjyIRl/WKalafB6HxSLbCkqUcwwWGwzhndJR
-----END CERTIFICATE-----