Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/cTnfFbgTaKyPWI9GZeGwAF1Gv80.roa
File:                     cTnfFbgTaKyPWI9GZeGwAF1Gv80.roa (raw, json)
Hash identifier:          Vn8aVzGDHWLzIIpKzlk+uxiex30cn3x1C8Hf9zKkE9M=
Subject key identifier:   71:39:DF:15:B8:13:68:AC:8F:58:8F:46:65:E1:B0:00:5D:46:BF:CD
Certificate issuer:       /CN=febf30201f12a040d386d2b4eed4484623e4d11b
Certificate serial:       018CC6B93EADCA3DE92336249C55736921F0
Authority key identifier: FE:BF:30:20:1F:12:A0:40:D3:86:D2:B4:EE:D4:48:46:23:E4:D1:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/cTnfFbgTaKyPWI9GZeGwAF1Gv80.roa
Signing time:             Mon 01 Jan 2024 20:31:18 +0000
ROA not before:           Mon 01 Jan 2024 20:31:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197647
IP address blocks:        77.78.159.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 04:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:3e:ad:ca:3d:e9:23:36:24:9c:55:73:69:21:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=febf30201f12a040d386d2b4eed4484623e4d11b
        Validity
            Not Before: Jan  1 20:31:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7139df15b81368ac8f588f4665e1b0005d46bfcd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:c4:62:8c:cc:a8:8d:84:5e:ec:ed:1c:2c:59:
                    8b:5c:28:72:e5:dc:26:f3:7a:af:10:d2:0c:a7:f9:
                    de:90:2f:e0:04:2a:92:fa:80:ee:13:55:1a:cd:4a:
                    10:37:eb:a8:1a:3d:19:55:17:ee:21:07:d2:d9:b1:
                    92:1a:50:96:bf:83:a4:df:0b:3e:e4:c7:1d:a0:cc:
                    3d:51:a4:0c:2c:19:94:22:94:bf:53:a7:80:7f:b9:
                    18:be:0c:3f:e6:b0:b2:9e:73:11:41:a4:42:31:e9:
                    2d:68:2f:06:24:c8:52:c3:c3:bd:b1:eb:cf:ea:ca:
                    e4:ee:89:15:cb:8a:7c:d7:81:e0:80:f6:04:0e:d2:
                    b0:25:da:53:cc:55:1a:70:29:c7:54:9e:b3:b3:1e:
                    3f:45:27:c5:b5:3a:ef:c0:6a:f7:49:fd:e0:a5:e6:
                    95:40:1c:88:68:0f:36:97:90:ae:a7:de:48:a4:7b:
                    14:c6:eb:c8:0a:25:8b:87:56:3a:dc:54:aa:c3:7d:
                    02:0c:73:ad:63:49:1b:48:02:f2:f9:65:5a:c9:62:
                    80:94:f9:f0:83:a8:6f:67:d1:15:13:2a:71:17:78:
                    1b:b2:52:7d:84:86:e1:a1:62:a6:c5:95:86:e5:16:
                    3f:ac:d8:bb:a3:df:c2:ac:c3:e9:d3:77:a2:6b:26:
                    f2:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:39:DF:15:B8:13:68:AC:8F:58:8F:46:65:E1:B0:00:5D:46:BF:CD
            X509v3 Authority Key Identifier:
                keyid:FE:BF:30:20:1F:12:A0:40:D3:86:D2:B4:EE:D4:48:46:23:E4:D1:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/cTnfFbgTaKyPWI9GZeGwAF1Gv80.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.78.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:fb:a6:82:2c:58:7b:02:61:53:19:37:c2:b5:f4:3f:93:fd:
         21:48:9b:3c:2a:0c:22:97:06:04:43:50:eb:01:28:cf:a7:35:
         81:92:29:69:dd:7a:b8:58:3f:27:e4:50:b5:04:0e:2d:0e:a3:
         2c:43:d1:f8:79:68:48:e1:a9:5b:c0:d1:f1:a8:18:00:b4:44:
         65:c5:a7:0d:8e:9e:4a:60:60:13:bc:c7:2c:2c:90:a3:03:4f:
         e9:48:d5:ce:80:06:fa:ac:79:4d:c2:3f:e0:cd:58:26:5b:bb:
         aa:1e:26:b0:d7:f2:ec:e5:7b:c7:a3:4c:fb:c6:d0:ee:bc:2d:
         2a:78:03:d6:3e:00:5b:09:75:e9:4d:8c:c3:a5:ff:f1:85:a9:
         07:c4:c4:2c:ba:75:3a:47:9f:dd:73:f4:88:a7:ba:4b:f1:ab:
         6f:78:60:36:d2:7b:7e:b0:cf:ac:5e:ce:61:ec:37:ea:12:ef:
         de:f7:1f:77:92:42:cd:1a:ab:85:85:62:99:06:f7:77:00:53:
         e6:d7:40:52:cd:c1:8a:15:3e:d2:1d:aa:98:34:ec:67:83:69:
         b6:5a:9c:1a:21:24:1c:40:88:cd:62:66:a2:5b:37:e7:2b:48:
         2f:71:5e:a4:67:03:26:38:07:3e:e9:69:1c:25:0e:ce:61:81:
         6d:18:9c:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuT6tyj3pIzYknFVzaSHwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlYmYzMDIwMWYxMmEwNDBkMzg2ZDJiNGVlZDQ0ODQ2MjNl
NGQxMWIwHhcNMjQwMTAxMjAzMTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTM5ZGYxNWI4MTM2OGFjOGY1ODhmNDY2NWUxYjAwMDVkNDZiZmNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjcRijMyojYRe7O0cLFmLXChy5dwm
83qvENIMp/nekC/gBCqS+oDuE1UazUoQN+uoGj0ZVRfuIQfS2bGSGlCWv4Ok3ws+
5McdoMw9UaQMLBmUIpS/U6eAf7kYvgw/5rCynnMRQaRCMektaC8GJMhSw8O9sevP
6srk7okVy4p814HggPYEDtKwJdpTzFUacCnHVJ6zsx4/RSfFtTrvwGr3Sf3gpeaV
QByIaA82l5Cup95IpHsUxuvICiWLh1Y63FSqw30CDHOtY0kbSALy+WVayWKAlPnw
g6hvZ9EVEypxF3gbslJ9hIbhoWKmxZWG5RY/rNi7o9/CrMPp03eiaybyqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHE53xW4E2isj1iPRmXhsABdRr/NMB8GA1UdIwQY
MBaAFP6/MCAfEqBA04bStO7USEYj5NEbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3I4d0lCOFNvRURUaHRLMDd0UklSaVBrMFJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy9mOGM0YTItOTZhYy00YjRlLWExOTUt
YTk3YzBkYzBhNzQ5LzEvY1RuZkZiZ1RhS3lQV0k5R1plR3dBRjFHdjgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy9mOGM0YTItOTZhYy00YjRlLWExOTUtYTk3YzBkYzBhNzQ5
LzEvX3I4d0lCOFNvRURUaHRLMDd0UklSaVBrMFJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATU6fMA0G
CSqGSIb3DQEBCwUAA4IBAQAj+6aCLFh7AmFTGTfCtfQ/k/0hSJs8KgwilwYEQ1Dr
ASjPpzWBkilp3Xq4WD8n5FC1BA4tDqMsQ9H4eWhI4albwNHxqBgAtERlxacNjp5K
YGATvMcsLJCjA0/pSNXOgAb6rHlNwj/gzVgmW7uqHiaw1/Ls5XvHo0z7xtDuvC0q
eAPWPgBbCXXpTYzDpf/xhakHxMQsunU6R5/dc/SIp7pL8atveGA20nt+sM+sXs5h
7DfqEu/e9x93kkLNGquFhWKZBvd3AFPm10BSzcGKFT7SHaqYNOxng2m2WpwaISQc
QIjNYmaiWzfnK0gvcV6kZwMmOAc+6WkcJQ7OYYFtGJys
-----END CERTIFICATE-----