Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/df0d37-4f65-439d-a531-057d7af0aef4/1/IBxHLexGPIDYbWmV2bbwOY0sNu0.roa
File:                     IBxHLexGPIDYbWmV2bbwOY0sNu0.roa (raw, json)
Hash identifier:          KJ2WIgJohuhqKFXfbVuKAlsgVN1DO6ZcQKcVdFbmsQs=
Subject key identifier:   20:1C:47:2D:EC:46:3C:80:D8:6D:69:95:D9:B6:F0:39:8D:2C:36:ED
Certificate issuer:       /CN=2edec9a2096dec103bae2d7c3796e0d47085c202
Certificate serial:       018E61532EEBCE6C29B67F26FA21EDACA9D8
Authority key identifier: 2E:DE:C9:A2:09:6D:EC:10:3B:AE:2D:7C:37:96:E0:D4:70:85:C2:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Lt7Joglt7BA7ri18N5bg1HCFwgI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/df0d37-4f65-439d-a531-057d7af0aef4/1/IBxHLexGPIDYbWmV2bbwOY0sNu0.roa
Signing time:             Thu 21 Mar 2024 14:03:45 +0000
ROA not before:           Thu 21 Mar 2024 14:03:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57619
IP address blocks:        77.71.112.0/24 maxlen: 24
                          77.71.113.0/24 maxlen: 24
                          77.71.114.0/24 maxlen: 24
                          77.71.115.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/df0d37-4f65-439d-a531-057d7af0aef4/1/Lt7Joglt7BA7ri18N5bg1HCFwgI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/df0d37-4f65-439d-a531-057d7af0aef4/1/Lt7Joglt7BA7ri18N5bg1HCFwgI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Lt7Joglt7BA7ri18N5bg1HCFwgI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:61:53:2e:eb:ce:6c:29:b6:7f:26:fa:21:ed:ac:a9:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2edec9a2096dec103bae2d7c3796e0d47085c202
        Validity
            Not Before: Mar 21 14:03:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=201c472dec463c80d86d6995d9b6f0398d2c36ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:0c:8a:4f:73:7b:dc:6b:38:a5:8f:db:e2:71:
                    8d:a6:35:31:12:9e:4e:e9:e7:f8:07:fe:de:28:d6:
                    26:0c:f2:e4:3e:a8:68:65:09:20:3c:3e:37:eb:f1:
                    76:91:37:5b:59:a8:25:c1:8b:ca:63:5f:64:67:a0:
                    cf:fa:9b:78:4c:05:8c:90:9e:62:93:6c:27:4e:49:
                    51:d1:78:39:35:fc:f9:a5:09:2c:5b:3e:0e:84:e0:
                    a7:6c:6e:e6:7f:53:9f:52:36:dc:64:7a:d9:e4:11:
                    c3:29:a2:66:c1:f2:72:c8:66:b0:97:21:30:46:9c:
                    d0:07:d6:9d:26:d5:91:37:c4:1b:cb:bc:c6:74:12:
                    11:38:82:f4:d1:26:01:bc:c8:15:a8:49:50:c3:2f:
                    c9:fa:f4:39:03:64:63:a8:b8:3a:3e:e5:90:97:37:
                    a5:e4:57:9b:b6:ba:f6:6f:04:b7:17:02:72:ca:bd:
                    a4:eb:d2:e9:1b:9e:29:e2:ee:47:3c:d0:58:12:69:
                    42:68:97:20:7c:90:f6:48:ab:80:16:26:1e:35:76:
                    15:2c:47:30:eb:00:11:11:a4:11:9e:d6:a2:a3:b0:
                    7a:5b:02:c3:bd:3e:df:b3:bf:5b:31:d5:14:37:66:
                    41:3d:15:0f:8d:50:5e:21:d9:44:5e:f1:62:f3:46:
                    bf:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:1C:47:2D:EC:46:3C:80:D8:6D:69:95:D9:B6:F0:39:8D:2C:36:ED
            X509v3 Authority Key Identifier:
                keyid:2E:DE:C9:A2:09:6D:EC:10:3B:AE:2D:7C:37:96:E0:D4:70:85:C2:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Lt7Joglt7BA7ri18N5bg1HCFwgI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/df0d37-4f65-439d-a531-057d7af0aef4/1/IBxHLexGPIDYbWmV2bbwOY0sNu0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/df0d37-4f65-439d-a531-057d7af0aef4/1/Lt7Joglt7BA7ri18N5bg1HCFwgI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.71.112.0/22

    Signature Algorithm: sha256WithRSAEncryption
         17:d2:c5:14:a0:6b:51:84:0c:e5:ee:9c:b6:5f:08:ca:5f:48:
         32:01:5b:55:b4:17:cd:0c:e8:6c:a2:cd:d5:93:1c:be:21:99:
         6e:80:5f:f1:88:34:15:0e:e0:0f:58:ed:fe:f8:f2:20:a2:dd:
         6b:9d:02:eb:74:85:94:fc:59:df:bd:46:6e:97:38:61:58:38:
         9b:81:6b:cd:fd:1e:83:cc:e9:f0:36:47:5b:b8:f9:f2:89:3e:
         4d:d9:df:dd:f9:29:96:80:fe:50:d6:e1:bc:c1:0d:cb:c6:83:
         57:c9:4e:4d:35:70:b0:0e:65:37:81:be:8a:40:7e:6d:3f:62:
         96:75:cf:a3:9e:21:3c:d0:53:a8:6c:8c:ba:31:e0:25:14:04:
         1c:d1:e8:5a:59:70:ee:87:05:d1:02:b8:70:31:45:ea:3b:39:
         2d:d7:fb:69:7d:7e:a4:b0:29:72:be:44:b6:3f:c5:22:a0:b3:
         66:7b:93:ac:68:a7:c4:74:31:8f:61:98:33:1a:33:3d:04:60:
         95:48:1d:c8:af:77:26:f4:4c:6a:a1:81:f5:84:46:21:b4:74:
         2b:ca:cd:df:57:c4:aa:29:41:13:00:2c:d4:91:47:3b:83:36:
         b7:a8:94:30:da:dd:f3:c8:35:55:88:55:38:c3:45:c1:11:67:
         e4:a3:ed:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5hUy7rzmwptn8m+iHtrKnYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlZGVjOWEyMDk2ZGVjMTAzYmFlMmQ3YzM3OTZlMGQ0NzA4
NWMyMDIwHhcNMjQwMzIxMTQwMzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDFjNDcyZGVjNDYzYzgwZDg2ZDY5OTVkOWI2ZjAzOThkMmMzNmVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxwyKT3N73Gs4pY/b4nGNpjUxEp5O
6ef4B/7eKNYmDPLkPqhoZQkgPD436/F2kTdbWaglwYvKY19kZ6DP+pt4TAWMkJ5i
k2wnTklR0Xg5Nfz5pQksWz4OhOCnbG7mf1OfUjbcZHrZ5BHDKaJmwfJyyGawlyEw
RpzQB9adJtWRN8Qby7zGdBIROIL00SYBvMgVqElQwy/J+vQ5A2RjqLg6PuWQlzel
5Febtrr2bwS3FwJyyr2k69LpG54p4u5HPNBYEmlCaJcgfJD2SKuAFiYeNXYVLEcw
6wAREaQRntaio7B6WwLDvT7fs79bMdUUN2ZBPRUPjVBeIdlEXvFi80a/9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCAcRy3sRjyA2G1pldm28DmNLDbtMB8GA1UdIwQY
MBaAFC7eyaIJbewQO64tfDeW4NRwhcICMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHQ3Sm9nbHQ3QkE3cmkxOE41YmcxSENGd2dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9kZjBkMzctNGY2NS00MzlkLWE1MzEt
MDU3ZDdhZjBhZWY0LzEvSUJ4SExleEdQSURZYldtVjJiYndPWTBzTnUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9kZjBkMzctNGY2NS00MzlkLWE1MzEtMDU3ZDdhZjBhZWY0
LzEvTHQ3Sm9nbHQ3QkE3cmkxOE41YmcxSENGd2dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCTUdwMA0G
CSqGSIb3DQEBCwUAA4IBAQAX0sUUoGtRhAzl7py2XwjKX0gyAVtVtBfNDOhsos3V
kxy+IZlugF/xiDQVDuAPWO3++PIgot1rnQLrdIWU/FnfvUZulzhhWDibgWvN/R6D
zOnwNkdbuPnyiT5N2d/d+SmWgP5Q1uG8wQ3LxoNXyU5NNXCwDmU3gb6KQH5tP2KW
dc+jniE80FOobIy6MeAlFAQc0ehaWXDuhwXRArhwMUXqOzkt1/tpfX6ksClyvkS2
P8UioLNme5OsaKfEdDGPYZgzGjM9BGCVSB3Ir3cm9ExqoYH1hEYhtHQrys3fV8Sq
KUETACzUkUc7gza3qJQw2t3zyDVViFU4w0XBEWfko+2+
-----END CERTIFICATE-----