Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/195893-699b-45b4-a03d-0db50bff944a/1/FU1o4K68ASMHjxslt5agTXMw1Z4.roa
File:                     FU1o4K68ASMHjxslt5agTXMw1Z4.roa (raw, json)
Hash identifier:          cFpnMXx4SNy55YthuxgRWkF2I8U6u41jmzS8UiT8Yts=
Subject key identifier:   15:4D:68:E0:AE:BC:01:23:07:8F:1B:25:B7:96:A0:4D:73:30:D5:9E
Certificate issuer:       /CN=c969dcbc33e8010438129282d37ad4e8bf84b81f
Certificate serial:       0194221F7693D096BC1AC839F1B55AAC3DC9
Authority key identifier: C9:69:DC:BC:33:E8:01:04:38:12:92:82:D3:7A:D4:E8:BF:84:B8:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yWncvDPoAQQ4EpKC03rU6L-EuB8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c9/195893-699b-45b4-a03d-0db50bff944a/1/FU1o4K68ASMHjxslt5agTXMw1Z4.roa
Signing time:             Wed 01 Jan 2025 13:47:54 +0000
ROA not before:           Wed 01 Jan 2025 13:47:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42818
IP address blocks:        77.244.80.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c9/195893-699b-45b4-a03d-0db50bff944a/1/yWncvDPoAQQ4EpKC03rU6L-EuB8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c9/195893-699b-45b4-a03d-0db50bff944a/1/yWncvDPoAQQ4EpKC03rU6L-EuB8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yWncvDPoAQQ4EpKC03rU6L-EuB8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:76:93:d0:96:bc:1a:c8:39:f1:b5:5a:ac:3d:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c969dcbc33e8010438129282d37ad4e8bf84b81f
        Validity
            Not Before: Jan  1 13:47:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=154d68e0aebc0123078f1b25b796a04d7330d59e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:0b:3a:ab:33:07:a2:ec:dc:29:8e:94:e5:e5:
                    e0:a3:07:68:f9:be:13:92:90:6a:fa:28:a4:39:9e:
                    d2:70:8f:0c:bd:72:9a:f7:ad:25:b4:b7:ab:89:41:
                    cc:bc:83:40:b5:77:5c:5e:b2:07:e3:26:60:17:29:
                    71:89:f6:f9:d1:ff:ca:88:b3:99:4a:e8:38:a3:a0:
                    c4:68:ca:2a:5f:93:74:42:11:de:5d:56:c0:19:eb:
                    99:7e:6a:e6:c6:5d:5d:15:34:fa:a7:12:fe:bd:96:
                    9b:19:46:f7:48:19:a3:48:ff:61:cd:5f:c1:8e:7d:
                    c1:49:53:ca:2b:06:60:8f:cb:40:68:38:0c:92:61:
                    84:da:d9:98:f9:f9:50:08:57:c6:c3:9b:6d:1d:ce:
                    f2:92:99:71:d5:e6:a1:af:26:9f:90:b4:1b:c2:1a:
                    b3:94:df:d6:24:0d:f9:a9:a7:32:28:c7:e3:ab:45:
                    88:77:c6:21:1d:10:4b:79:85:6a:de:80:18:c6:93:
                    f2:3f:b9:f8:80:1a:a2:1d:03:02:e2:8a:07:10:9e:
                    e2:ab:80:c4:89:00:c3:b9:a9:7e:71:22:e4:69:2d:
                    e5:ef:11:0d:00:6c:0d:c9:5d:05:9d:6e:88:6a:44:
                    40:c9:50:a5:a9:ba:64:ba:53:53:53:5f:6c:0a:33:
                    fe:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:4D:68:E0:AE:BC:01:23:07:8F:1B:25:B7:96:A0:4D:73:30:D5:9E
            X509v3 Authority Key Identifier:
                keyid:C9:69:DC:BC:33:E8:01:04:38:12:92:82:D3:7A:D4:E8:BF:84:B8:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yWncvDPoAQQ4EpKC03rU6L-EuB8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/195893-699b-45b4-a03d-0db50bff944a/1/FU1o4K68ASMHjxslt5agTXMw1Z4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/195893-699b-45b4-a03d-0db50bff944a/1/yWncvDPoAQQ4EpKC03rU6L-EuB8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.244.80.0/20

    Signature Algorithm: sha256WithRSAEncryption
         79:be:2f:91:17:c8:41:aa:d6:1e:3f:11:13:d2:af:28:40:ae:
         fa:c3:19:76:8d:53:49:ec:64:a9:d9:33:67:09:fd:a3:46:7c:
         db:aa:41:89:d8:f2:9d:99:b7:29:94:09:04:17:52:83:c9:ce:
         11:f3:8a:5e:15:c3:d6:d7:7d:41:c3:4a:7e:9f:2c:17:bd:b1:
         00:84:73:e8:64:5d:ed:5f:d3:20:46:88:f7:4b:80:d8:c4:03:
         ce:b8:67:b4:f2:0a:15:84:04:17:27:aa:aa:ee:bd:63:3e:70:
         1b:5e:70:32:0e:a1:a8:2d:83:2b:b2:0b:a3:09:fa:a8:cb:85:
         e4:85:b5:1d:14:7f:f4:89:0e:34:fc:a9:a4:10:2e:27:86:6d:
         bf:cd:2f:b0:d4:40:4c:b7:ae:50:a3:24:08:a9:08:1a:cc:94:
         ea:e0:37:26:bc:8b:0d:32:fb:e6:39:58:df:45:73:aa:e1:95:
         63:96:f6:ee:71:2a:70:8b:be:cc:32:83:7d:c3:a0:f6:f8:17:
         fb:c5:33:f4:7d:dc:02:f8:c6:bd:d8:8d:0e:72:e9:bc:06:f9:
         6f:fb:39:4f:66:55:b6:14:d3:be:b7:33:e8:a0:0d:e3:c9:99:
         4c:bc:86:71:20:67:e0:f9:16:21:a7:7a:a9:fe:8c:63:9d:dc:
         bc:67:98:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH3aT0Ja8Gsg58bVarD3JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5NjlkY2JjMzNlODAxMDQzODEyOTI4MmQzN2FkNGU4YmY4
NGI4MWYwHhcNMjUwMTAxMTM0NzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTRkNjhlMGFlYmMwMTIzMDc4ZjFiMjViNzk2YTA0ZDczMzBkNTllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ws6qzMHouzcKY6U5eXgowdo+b4T
kpBq+iikOZ7ScI8MvXKa960ltLeriUHMvINAtXdcXrIH4yZgFylxifb50f/KiLOZ
Sug4o6DEaMoqX5N0QhHeXVbAGeuZfmrmxl1dFTT6pxL+vZabGUb3SBmjSP9hzV/B
jn3BSVPKKwZgj8tAaDgMkmGE2tmY+flQCFfGw5ttHc7ykplx1eahryafkLQbwhqz
lN/WJA35qacyKMfjq0WId8YhHRBLeYVq3oAYxpPyP7n4gBqiHQMC4ooHEJ7iq4DE
iQDDual+cSLkaS3l7xENAGwNyV0FnW6IakRAyVClqbpkulNTU19sCjP+rwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBVNaOCuvAEjB48bJbeWoE1zMNWeMB8GA1UdIwQY
MBaAFMlp3Lwz6AEEOBKSgtN61Oi/hLgfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveVduY3ZEUG9BUVE0RXBLQzAzclU2TC1FdUI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS8xOTU4OTMtNjk5Yi00NWI0LWEwM2Qt
MGRiNTBiZmY5NDRhLzEvRlUxbzRLNjhBU01IanhzbHQ1YWdUWE13MVo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS8xOTU4OTMtNjk5Yi00NWI0LWEwM2QtMGRiNTBiZmY5NDRh
LzEveVduY3ZEUG9BUVE0RXBLQzAzclU2TC1FdUI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQETfRQMA0G
CSqGSIb3DQEBCwUAA4IBAQB5vi+RF8hBqtYePxET0q8oQK76wxl2jVNJ7GSp2TNn
Cf2jRnzbqkGJ2PKdmbcplAkEF1KDyc4R84peFcPW131Bw0p+nywXvbEAhHPoZF3t
X9MgRoj3S4DYxAPOuGe08goVhAQXJ6qq7r1jPnAbXnAyDqGoLYMrsgujCfqoy4Xk
hbUdFH/0iQ40/KmkEC4nhm2/zS+w1EBMt65QoyQIqQgazJTq4DcmvIsNMvvmOVjf
RXOq4ZVjlvbucSpwi77MMoN9w6D2+Bf7xTP0fdwC+Ma92I0Ocum8Bvlv+zlPZlW2
FNO+tzPooA3jyZlMvIZxIGfg+RYhp3qp/oxjndy8Z5iZ
-----END CERTIFICATE-----