Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/746410-026b-45c9-81cd-f12835f0247b/1/uW6obTMGdZw9nDQJZFt61WNnCbw.roa
File:                     uW6obTMGdZw9nDQJZFt61WNnCbw.roa (raw, json)
Hash identifier:          zXF2LGb2WkbWFIte1dxgPrTBfmXsbISwI5JJ4JJtSYc=
Subject key identifier:   B9:6E:A8:6D:33:06:75:9C:3D:9C:34:09:64:5B:7A:D5:63:67:09:BC
Certificate issuer:       /CN=85d0e763f935c171694f172056eb44209db2e2cd
Certificate serial:       01914532D7192060E2EEC158586BEF1A356E
Authority key identifier: 85:D0:E7:63:F9:35:C1:71:69:4F:17:20:56:EB:44:20:9D:B2:E2:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hdDnY_k1wXFpTxcgVutEIJ2y4s0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/746410-026b-45c9-81cd-f12835f0247b/1/uW6obTMGdZw9nDQJZFt61WNnCbw.roa
Signing time:             Mon 12 Aug 2024 06:07:25 +0000
ROA not before:           Mon 12 Aug 2024 06:07:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204004
IP address blocks:        77.241.58.0/24 maxlen: 24
                          176.222.69.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/746410-026b-45c9-81cd-f12835f0247b/1/hdDnY_k1wXFpTxcgVutEIJ2y4s0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/746410-026b-45c9-81cd-f12835f0247b/1/hdDnY_k1wXFpTxcgVutEIJ2y4s0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hdDnY_k1wXFpTxcgVutEIJ2y4s0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:45:32:d7:19:20:60:e2:ee:c1:58:58:6b:ef:1a:35:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=85d0e763f935c171694f172056eb44209db2e2cd
        Validity
            Not Before: Aug 12 06:07:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b96ea86d3306759c3d9c3409645b7ad5636709bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:c9:b0:20:bd:1d:1c:52:94:4d:d4:e6:15:d9:
                    fd:28:11:dc:9d:b4:13:9c:f1:6e:72:81:3d:4d:a5:
                    67:ec:73:a7:b1:94:92:e7:4c:03:42:f8:24:c8:6e:
                    86:df:87:19:ac:2a:7c:3a:e4:88:31:32:48:28:c0:
                    c8:86:67:7f:62:34:d6:45:37:f2:59:17:53:da:26:
                    e1:11:93:1a:e7:2f:a6:68:2e:15:15:27:c3:73:2e:
                    d0:37:57:71:bf:0a:81:9a:0d:35:3b:3c:20:07:d1:
                    da:b7:20:3c:ca:08:bb:7b:dc:47:17:64:65:30:23:
                    2d:ea:0f:a5:55:c6:3a:97:85:52:b0:ee:60:0c:1e:
                    80:3c:1c:af:d9:ab:e1:3c:3e:c5:e5:42:3f:6b:17:
                    1a:4c:b5:b9:6e:ac:a6:f0:e2:ce:07:4a:c2:7a:a2:
                    f7:44:1d:f5:c9:a3:4f:9e:0b:0d:1e:88:2b:4c:1e:
                    16:3b:ab:3a:a3:50:54:45:dc:43:47:02:30:1d:7a:
                    e2:9f:d4:12:d4:77:6f:48:bf:79:2e:4d:44:8e:dc:
                    18:50:0f:dd:65:70:01:5e:48:17:9a:1b:94:68:17:
                    52:b3:cb:d2:21:93:41:e7:bd:40:2e:5e:1c:f9:a4:
                    9e:b8:ab:97:fc:ab:44:2a:a4:35:fb:ef:f3:d8:d7:
                    45:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:6E:A8:6D:33:06:75:9C:3D:9C:34:09:64:5B:7A:D5:63:67:09:BC
            X509v3 Authority Key Identifier:
                keyid:85:D0:E7:63:F9:35:C1:71:69:4F:17:20:56:EB:44:20:9D:B2:E2:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hdDnY_k1wXFpTxcgVutEIJ2y4s0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/746410-026b-45c9-81cd-f12835f0247b/1/uW6obTMGdZw9nDQJZFt61WNnCbw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/746410-026b-45c9-81cd-f12835f0247b/1/hdDnY_k1wXFpTxcgVutEIJ2y4s0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.241.58.0/24
                  176.222.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:0c:08:80:98:b9:d8:35:d2:ad:67:81:e0:c2:7b:fa:db:86:
         f9:95:bd:1a:9a:69:57:aa:bb:2c:62:9c:6c:d6:70:cc:c2:9e:
         d1:d7:15:a4:05:d5:e4:f2:6b:2d:f9:04:3b:ef:c5:9e:57:a7:
         9e:2c:36:fd:53:9f:34:09:6a:f0:a0:73:a4:87:ca:43:55:cf:
         c9:01:d1:ad:51:4e:1e:1b:51:fb:f8:66:9e:c2:b2:fa:15:c0:
         e5:70:52:6c:15:7e:3a:ab:97:e6:f8:d9:53:6c:b8:3f:9c:f0:
         22:85:10:28:aa:ec:ca:26:7c:16:30:b6:37:47:3f:29:64:cf:
         58:1b:8a:c9:9b:fc:db:6a:6e:1f:b9:39:a0:60:0d:b9:3d:12:
         93:f2:5e:7b:9b:bc:f8:13:c9:55:c2:52:7c:72:ed:54:d1:21:
         93:41:2f:f9:9f:d6:1d:0b:57:6d:cc:e9:df:13:c2:71:9f:d9:
         55:e3:5e:bd:52:89:32:2f:5d:2b:67:21:ca:bf:b8:a4:f1:b2:
         58:6d:8e:3f:08:15:40:16:67:0b:e4:a4:b5:fe:33:2d:bd:1e:
         34:a7:30:93:30:f8:bd:d6:7a:de:ce:5d:d8:d5:84:a7:1f:6d:
         82:d6:26:f9:9c:6e:3e:37:52:43:59:f4:1e:59:4c:60:d0:97:
         7f:4e:4d:a6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZFFMtcZIGDi7sFYWGvvGjVuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1ZDBlNzYzZjkzNWMxNzE2OTRmMTcyMDU2ZWI0NDIwOWRi
MmUyY2QwHhcNMjQwODEyMDYwNzI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTZlYTg2ZDMzMDY3NTljM2Q5YzM0MDk2NDViN2FkNTYzNjcwOWJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuMmwIL0dHFKUTdTmFdn9KBHcnbQT
nPFucoE9TaVn7HOnsZSS50wDQvgkyG6G34cZrCp8OuSIMTJIKMDIhmd/YjTWRTfy
WRdT2ibhEZMa5y+maC4VFSfDcy7QN1dxvwqBmg01OzwgB9HatyA8ygi7e9xHF2Rl
MCMt6g+lVcY6l4VSsO5gDB6APByv2avhPD7F5UI/axcaTLW5bqym8OLOB0rCeqL3
RB31yaNPngsNHogrTB4WO6s6o1BURdxDRwIwHXrin9QS1HdvSL95Lk1EjtwYUA/d
ZXABXkgXmhuUaBdSs8vSIZNB571ALl4c+aSeuKuX/KtEKqQ1++/z2NdFwQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLluqG0zBnWcPZw0CWRbetVjZwm8MB8GA1UdIwQY
MBaAFIXQ52P5NcFxaU8XIFbrRCCdsuLNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGREbllfazF3WEZwVHhjZ1Z1dEVJSjJ5NHMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi83NDY0MTAtMDI2Yi00NWM5LTgxY2Qt
ZjEyODM1ZjAyNDdiLzEvdVc2b2JUTUdkWnc5bkRRSlpGdDYxV05uQ2J3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi83NDY0MTAtMDI2Yi00NWM5LTgxY2QtZjEyODM1ZjAyNDdi
LzEvaGREbllfazF3WEZwVHhjZ1Z1dEVJSjJ5NHMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATfE6AwQA
sN5FMA0GCSqGSIb3DQEBCwUAA4IBAQAaDAiAmLnYNdKtZ4Hgwnv624b5lb0ammlX
qrssYpxs1nDMwp7R1xWkBdXk8mst+QQ778WeV6eeLDb9U580CWrwoHOkh8pDVc/J
AdGtUU4eG1H7+GaewrL6FcDlcFJsFX46q5fm+NlTbLg/nPAihRAoquzKJnwWMLY3
Rz8pZM9YG4rJm/zbam4fuTmgYA25PRKT8l57m7z4E8lVwlJ8cu1U0SGTQS/5n9Yd
C1dtzOnfE8Jxn9lV4169UokyL10rZyHKv7ik8bJYbY4/CBVAFmcL5KS1/jMtvR40
pzCTMPi91nrezl3Y1YSnH22C1ib5nG4+N1JDWfQeWUxg0Jd/Tk2m
-----END CERTIFICATE-----