Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/e754d6-0dac-4246-9fd6-202a0980c176/1/p77SPlJfr5hdynyo1-aYg7mwX6Q.roa
File:                     p77SPlJfr5hdynyo1-aYg7mwX6Q.roa (raw, json)
Hash identifier:          M4uw08jcylIHJrhaqPalcewrj6MHnE9iUt75txloZy4=
Subject key identifier:   A7:BE:D2:3E:52:5F:AF:98:5D:CA:7C:A8:D7:E6:98:83:B9:B0:5F:A4
Certificate issuer:       /CN=d895bee5605630f7048b1ffb3f003b39d29e47a0
Certificate serial:       018DB1C4815C9E6BEA4364DACCA0EF6B5AED
Authority key identifier: D8:95:BE:E5:60:56:30:F7:04:8B:1F:FB:3F:00:3B:39:D2:9E:47:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2JW-5WBWMPcEix_7PwA7OdKeR6A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/e754d6-0dac-4246-9fd6-202a0980c176/1/p77SPlJfr5hdynyo1-aYg7mwX6Q.roa
Signing time:             Fri 16 Feb 2024 11:54:21 +0000
ROA not before:           Fri 16 Feb 2024 11:54:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43260
IP address blocks:        91.217.241.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/e754d6-0dac-4246-9fd6-202a0980c176/1/2JW-5WBWMPcEix_7PwA7OdKeR6A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/e754d6-0dac-4246-9fd6-202a0980c176/1/2JW-5WBWMPcEix_7PwA7OdKeR6A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2JW-5WBWMPcEix_7PwA7OdKeR6A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 22:03:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:b1:c4:81:5c:9e:6b:ea:43:64:da:cc:a0:ef:6b:5a:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d895bee5605630f7048b1ffb3f003b39d29e47a0
        Validity
            Not Before: Feb 16 11:54:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a7bed23e525faf985dca7ca8d7e69883b9b05fa4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:4b:7f:eb:e2:52:d2:5f:ed:26:44:3a:e2:70:
                    f5:06:8c:b8:50:19:c1:97:4f:dd:05:b4:88:fa:51:
                    af:e9:e0:b0:11:0c:91:c0:30:2d:1a:9f:22:59:87:
                    7c:3c:8f:83:09:80:4d:8c:0d:12:d4:85:0d:34:ff:
                    57:ff:5b:f0:9f:34:5a:02:ed:6b:f6:27:26:bc:60:
                    8e:7d:1d:63:8a:e4:12:18:41:c0:fc:54:ed:37:96:
                    b6:b4:86:27:8d:8a:c6:03:81:01:35:66:6d:93:7b:
                    dc:df:1f:38:7c:b8:d3:40:bb:c1:e7:3e:3b:52:51:
                    89:13:53:c9:64:c4:cc:aa:ef:05:ad:e5:82:a6:94:
                    44:9a:9e:2a:43:78:a5:a3:27:e9:c0:6c:0f:58:da:
                    3d:a4:d9:82:3e:d8:bc:13:7e:ac:f6:c4:8c:32:19:
                    da:89:14:1e:90:39:95:3d:33:05:20:d4:0c:78:4b:
                    52:3a:b3:aa:c0:88:a1:33:8b:10:8a:c2:3d:9e:42:
                    d4:6d:66:83:cb:80:63:8a:21:c2:53:1e:1e:7c:5e:
                    1f:54:9c:b9:06:15:60:dd:e6:10:7e:d5:a8:47:62:
                    19:d8:1c:ba:e1:3d:fb:fb:b0:60:62:da:40:1c:36:
                    7a:eb:1c:cb:42:0f:b6:e7:49:f3:79:fa:e7:de:c2:
                    50:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:BE:D2:3E:52:5F:AF:98:5D:CA:7C:A8:D7:E6:98:83:B9:B0:5F:A4
            X509v3 Authority Key Identifier:
                keyid:D8:95:BE:E5:60:56:30:F7:04:8B:1F:FB:3F:00:3B:39:D2:9E:47:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2JW-5WBWMPcEix_7PwA7OdKeR6A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/e754d6-0dac-4246-9fd6-202a0980c176/1/p77SPlJfr5hdynyo1-aYg7mwX6Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/e754d6-0dac-4246-9fd6-202a0980c176/1/2JW-5WBWMPcEix_7PwA7OdKeR6A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.217.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:98:f4:f1:e0:9d:91:3f:da:37:a2:dc:62:90:7f:91:a0:e7:
         2c:42:d7:fc:18:0a:e6:76:01:a6:da:48:bd:e4:f2:d6:75:70:
         1e:7c:10:2f:6a:41:04:13:9d:34:f3:9b:05:85:2e:b7:b6:6f:
         f9:f6:d9:80:5f:9d:6a:98:16:b6:fc:a3:a7:80:25:1b:ea:9c:
         c5:1c:ad:33:2d:89:21:43:08:ec:fe:4b:5f:8a:7e:94:26:58:
         99:5e:5d:ee:7b:59:7c:84:59:f6:c5:00:64:f6:67:94:59:d5:
         8a:e3:e0:18:50:e0:2d:30:f5:fb:42:9b:92:6d:67:fe:db:9b:
         4f:9c:81:5f:07:be:d3:b7:0b:c6:53:5f:ec:b3:97:7d:37:80:
         76:91:29:ea:57:1c:de:3e:4e:f9:60:0e:f5:8e:0e:8e:7c:8b:
         9d:c5:fe:e4:53:f8:64:3b:8d:06:56:84:f0:94:e5:81:4b:15:
         7e:88:f9:c9:02:c8:88:37:a0:97:82:91:b8:fa:a9:0c:67:db:
         f9:64:d5:6b:e7:79:1b:95:5a:0a:c4:69:b2:df:3b:e6:51:4d:
         3c:40:13:0f:4b:b6:e0:9a:af:1c:d8:99:44:cb:3f:cf:e8:f1:
         89:11:ba:66:e8:78:1b:1e:bf:12:47:84:ae:b3:e4:cf:b1:83:
         6f:03:21:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2xxIFcnmvqQ2TazKDva1rtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4OTViZWU1NjA1NjMwZjcwNDhiMWZmYjNmMDAzYjM5ZDI5
ZTQ3YTAwHhcNMjQwMjE2MTE1NDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhN2JlZDIzZTUyNWZhZjk4NWRjYTdjYThkN2U2OTg4M2I5YjA1ZmE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyEt/6+JS0l/tJkQ64nD1Boy4UBnB
l0/dBbSI+lGv6eCwEQyRwDAtGp8iWYd8PI+DCYBNjA0S1IUNNP9X/1vwnzRaAu1r
9icmvGCOfR1jiuQSGEHA/FTtN5a2tIYnjYrGA4EBNWZtk3vc3x84fLjTQLvB5z47
UlGJE1PJZMTMqu8FreWCppREmp4qQ3iloyfpwGwPWNo9pNmCPti8E36s9sSMMhna
iRQekDmVPTMFINQMeEtSOrOqwIihM4sQisI9nkLUbWaDy4BjiiHCUx4efF4fVJy5
BhVg3eYQftWoR2IZ2By64T37+7BgYtpAHDZ66xzLQg+250nzefrn3sJQXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKe+0j5SX6+YXcp8qNfmmIO5sF+kMB8GA1UdIwQY
MBaAFNiVvuVgVjD3BIsf+z8AOznSnkegMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkpXLTVXQldNUGNFaXhfN1B3QTdPZEtlUjZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi9lNzU0ZDYtMGRhYy00MjQ2LTlmZDYt
MjAyYTA5ODBjMTc2LzEvcDc3U1BsSmZyNWhkeW55bzEtYVlnN213WDZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi9lNzU0ZDYtMGRhYy00MjQ2LTlmZDYtMjAyYTA5ODBjMTc2
LzEvMkpXLTVXQldNUGNFaXhfN1B3QTdPZEtlUjZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9nxMA0G
CSqGSIb3DQEBCwUAA4IBAQAkmPTx4J2RP9o3otxikH+RoOcsQtf8GArmdgGm2ki9
5PLWdXAefBAvakEEE50085sFhS63tm/59tmAX51qmBa2/KOngCUb6pzFHK0zLYkh
Qwjs/ktfin6UJliZXl3ue1l8hFn2xQBk9meUWdWK4+AYUOAtMPX7QpuSbWf+25tP
nIFfB77TtwvGU1/ss5d9N4B2kSnqVxzePk75YA71jg6OfIudxf7kU/hkO40GVoTw
lOWBSxV+iPnJAsiIN6CXgpG4+qkMZ9v5ZNVr53kblVoKxGmy3zvmUU08QBMPS7bg
mq8c2JlEyz/P6PGJEbpm6HgbHr8SR4Sus+TPsYNvAyHJ
-----END CERTIFICATE-----