Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/mc1ObXiaU2KbYJEc9hu0N7N-DxU.roa
File:                     mc1ObXiaU2KbYJEc9hu0N7N-DxU.roa (raw, json)
Hash identifier:          7ysry98LM81hl5FRompC1jRLTdmfAAjaLc3+ATtTeUA=
Subject key identifier:   99:CD:4E:6D:78:9A:53:62:9B:60:91:1C:F6:1B:B4:37:B3:7E:0F:15
Certificate issuer:       /CN=92d7c2a1072d73507adbf6507de68aaac01785c0
Certificate serial:       0194228D2D268E4CF133730FEF2A40C2131B
Authority key identifier: 92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/mc1ObXiaU2KbYJEc9hu0N7N-DxU.roa
Signing time:             Wed 01 Jan 2025 15:47:44 +0000
ROA not before:           Wed 01 Jan 2025 15:47:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39266
IP address blocks:        77.242.14.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 20:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:2d:26:8e:4c:f1:33:73:0f:ef:2a:40:c2:13:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92d7c2a1072d73507adbf6507de68aaac01785c0
        Validity
            Not Before: Jan  1 15:47:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=99cd4e6d789a53629b60911cf61bb437b37e0f15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:06:ae:a1:03:b7:35:5c:24:dd:0f:c4:f3:e4:
                    06:3a:24:04:01:6c:72:21:56:01:68:c2:2f:cc:39:
                    81:c0:58:60:52:d1:41:d2:54:91:18:a8:0a:91:b2:
                    58:21:50:82:b1:b2:6f:c8:7b:49:82:b1:30:cb:20:
                    ed:6d:a8:3f:ee:8a:8b:f4:5a:6a:99:f3:1c:7d:7e:
                    84:66:5d:3c:29:3b:0c:8a:a5:a4:d0:1c:cf:59:14:
                    04:63:78:11:64:26:5f:79:97:c8:99:78:de:ee:9f:
                    de:33:0f:d2:fd:91:19:26:6a:5e:c3:30:3d:73:7b:
                    8c:fc:f0:89:ff:16:05:cc:36:66:71:91:21:ca:d6:
                    64:24:dc:17:69:9f:04:67:0a:f1:2a:5c:b4:3a:ed:
                    fc:53:e5:1b:aa:eb:78:3d:9a:ec:c6:62:2c:e0:ec:
                    c4:c8:d9:a4:fa:f0:f9:7d:74:a0:17:a0:44:7f:6e:
                    c8:37:cb:b3:4a:8a:0a:57:34:83:0b:4e:b8:db:48:
                    16:e0:12:3f:e0:6a:5c:d4:b1:0e:d7:b4:ca:1b:8b:
                    dc:a5:61:d1:9e:c0:fe:6a:c9:8f:96:37:e6:4a:81:
                    67:2b:69:e0:8b:05:81:8f:52:0e:6b:59:38:e4:aa:
                    86:cb:5f:b8:37:10:7f:e9:0d:ac:14:79:18:ef:4f:
                    b2:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:CD:4E:6D:78:9A:53:62:9B:60:91:1C:F6:1B:B4:37:B3:7E:0F:15
            X509v3 Authority Key Identifier:
                keyid:92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/mc1ObXiaU2KbYJEc9hu0N7N-DxU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.242.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:ff:33:8e:0f:b7:d1:75:5b:35:f5:9c:3c:14:62:82:78:76:
         5d:9a:b3:f6:85:60:4e:20:45:e4:ef:a4:b5:4d:cf:bc:79:0e:
         c2:43:81:6e:5a:31:c8:09:99:60:20:66:39:cf:14:08:3f:55:
         94:31:5c:f7:c6:fa:59:0e:9c:d6:03:ef:a0:d3:66:6a:90:8a:
         16:d4:bf:7d:bd:3e:55:96:1f:bf:df:ae:85:38:94:93:ba:72:
         0b:7d:e5:1c:7c:a4:5a:dd:79:0a:1b:74:25:d3:71:ac:1f:77:
         c7:41:57:74:10:8f:66:6f:2a:5c:de:15:d4:f6:f6:5f:c9:7f:
         ac:ce:6e:39:41:d6:6c:b8:bb:0a:b1:6a:5f:ef:51:da:03:f2:
         3f:e6:7e:04:57:b6:49:56:a6:0f:e0:54:62:32:e6:03:8e:ad:
         22:db:86:2e:bc:b5:85:c8:9d:50:58:77:fc:1d:a0:d9:7c:52:
         a0:61:b9:94:49:72:7e:4f:f6:2d:8d:c8:e8:57:c6:6d:2f:76:
         b5:10:3f:ac:4c:80:e0:f3:b0:ed:5b:bc:15:90:57:25:99:c4:
         5b:4c:c4:4d:14:eb:a5:a7:33:33:21:e1:da:a0:0d:81:78:0d:
         8c:79:8e:da:09:68:8a:b7:37:49:e8:f8:16:bb:2a:5b:33:ef:
         b7:6b:59:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijS0mjkzxM3MP7ypAwhMbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZDdjMmExMDcyZDczNTA3YWRiZjY1MDdkZTY4YWFhYzAx
Nzg1YzAwHhcNMjUwMTAxMTU0NzQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OWNkNGU2ZDc4OWE1MzYyOWI2MDkxMWNmNjFiYjQzN2IzN2UwZjE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsgauoQO3NVwk3Q/E8+QGOiQEAWxy
IVYBaMIvzDmBwFhgUtFB0lSRGKgKkbJYIVCCsbJvyHtJgrEwyyDtbag/7oqL9Fpq
mfMcfX6EZl08KTsMiqWk0BzPWRQEY3gRZCZfeZfImXje7p/eMw/S/ZEZJmpewzA9
c3uM/PCJ/xYFzDZmcZEhytZkJNwXaZ8EZwrxKly0Ou38U+Ubqut4PZrsxmIs4OzE
yNmk+vD5fXSgF6BEf27IN8uzSooKVzSDC06420gW4BI/4Gpc1LEO17TKG4vcpWHR
nsD+asmPljfmSoFnK2ngiwWBj1IOa1k45KqGy1+4NxB/6Q2sFHkY70+yEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJnNTm14mlNim2CRHPYbtDezfg8VMB8GA1UdIwQY
MBaAFJLXwqEHLXNQetv2UH3miqrAF4XAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTct
ODllNTZjODBkMWQwLzEvbWMxT2JYaWFVMktiWUpFYzlodTBON04tRHhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTctODllNTZjODBkMWQw
LzEva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATfIOMA0G
CSqGSIb3DQEBCwUAA4IBAQCC/zOOD7fRdVs19Zw8FGKCeHZdmrP2hWBOIEXk76S1
Tc+8eQ7CQ4FuWjHICZlgIGY5zxQIP1WUMVz3xvpZDpzWA++g02ZqkIoW1L99vT5V
lh+/366FOJSTunILfeUcfKRa3XkKG3Ql03GsH3fHQVd0EI9mbypc3hXU9vZfyX+s
zm45QdZsuLsKsWpf71HaA/I/5n4EV7ZJVqYP4FRiMuYDjq0i24YuvLWFyJ1QWHf8
HaDZfFKgYbmUSXJ+T/YtjcjoV8ZtL3a1ED+sTIDg87DtW7wVkFclmcRbTMRNFOul
pzMzIeHaoA2BeA2MeY7aCWiKtzdJ6PgWuypbM++3a1kH
-----END CERTIFICATE-----