Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/ef9221-c354-4e67-a32f-84e596a3c121/1/dyFFSVUO7ahG8-RbQ7vDLoQGCHg.roa
File:                     dyFFSVUO7ahG8-RbQ7vDLoQGCHg.roa (raw, json)
Hash identifier:          nfoqkWt3NU8b9t8TarEbMnddQF65S9shku+Dnj4BFYY=
Subject key identifier:   77:21:45:49:55:0E:ED:A8:46:F3:E4:5B:43:BB:C3:2E:84:06:08:78
Certificate issuer:       /CN=39e4059e519e7cad0536bd54d91bc97875644cdb
Certificate serial:       018CC5000BEFFEEF446CF3DC827C0F6CF893
Authority key identifier: 39:E4:05:9E:51:9E:7C:AD:05:36:BD:54:D9:1B:C9:78:75:64:4C:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OeQFnlGefK0FNr1U2RvJeHVkTNs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/ef9221-c354-4e67-a32f-84e596a3c121/1/dyFFSVUO7ahG8-RbQ7vDLoQGCHg.roa
Signing time:             Mon 01 Jan 2024 12:29:23 +0000
ROA not before:           Mon 01 Jan 2024 12:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2200
IP address blocks:        145.238.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/ef9221-c354-4e67-a32f-84e596a3c121/1/OeQFnlGefK0FNr1U2RvJeHVkTNs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/ef9221-c354-4e67-a32f-84e596a3c121/1/OeQFnlGefK0FNr1U2RvJeHVkTNs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OeQFnlGefK0FNr1U2RvJeHVkTNs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:0b:ef:fe:ef:44:6c:f3:dc:82:7c:0f:6c:f8:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39e4059e519e7cad0536bd54d91bc97875644cdb
        Validity
            Not Before: Jan  1 12:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=77214549550eeda846f3e45b43bbc32e84060878
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:78:dd:c9:e1:7a:4d:d8:1c:a5:df:5c:b2:27:
                    a9:8a:d5:56:3a:5d:dc:8a:ad:8f:2c:86:3f:bc:d9:
                    2b:89:a4:4a:2f:a6:5a:25:36:a7:51:6f:2b:df:75:
                    d2:a9:6a:e3:f7:67:0d:61:2e:f3:58:95:13:a7:59:
                    6c:e5:d9:a2:bc:94:af:d1:c2:dd:04:c4:35:f6:87:
                    80:4a:25:7b:e9:da:f3:52:2f:ce:1d:64:a5:fe:fc:
                    07:03:49:9e:69:e8:85:9e:bc:52:80:53:01:b9:ce:
                    15:95:0a:aa:c6:06:4a:1b:cd:d0:4c:8d:18:69:4a:
                    bc:b4:7e:9c:36:b8:6c:69:5a:f5:95:b0:8b:22:5b:
                    ab:dc:cf:ab:06:4b:b1:61:25:ff:f6:4e:48:09:02:
                    be:56:e1:27:e2:80:8a:74:2f:79:90:1e:c5:12:21:
                    3f:de:0a:3e:98:21:b0:a1:78:88:42:2d:cb:48:56:
                    8c:88:c8:9f:a5:cc:09:cb:09:19:c9:5c:90:e4:6a:
                    9b:d6:4e:41:26:a5:5d:91:46:61:be:6a:7d:be:da:
                    63:f7:c1:2f:ca:5d:12:0a:d9:6f:b5:40:f3:10:4b:
                    9a:63:82:a1:b6:f2:3d:39:d5:20:69:e8:05:d6:41:
                    88:7d:04:f4:b9:3b:7b:9f:b4:fc:1a:e9:e7:67:26:
                    95:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:21:45:49:55:0E:ED:A8:46:F3:E4:5B:43:BB:C3:2E:84:06:08:78
            X509v3 Authority Key Identifier:
                keyid:39:E4:05:9E:51:9E:7C:AD:05:36:BD:54:D9:1B:C9:78:75:64:4C:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OeQFnlGefK0FNr1U2RvJeHVkTNs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/ef9221-c354-4e67-a32f-84e596a3c121/1/dyFFSVUO7ahG8-RbQ7vDLoQGCHg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/ef9221-c354-4e67-a32f-84e596a3c121/1/OeQFnlGefK0FNr1U2RvJeHVkTNs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.238.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         76:f6:a7:af:70:1c:77:84:fe:28:63:a5:69:06:77:65:e6:f3:
         7b:87:78:55:71:3f:1f:3a:7b:0d:42:1d:47:bc:ce:f8:33:9b:
         e9:bb:50:9e:6e:b6:b3:86:38:c1:65:17:93:49:14:87:86:68:
         88:d5:38:3f:e5:a7:68:0e:c7:c3:dd:27:fa:97:91:c9:0f:71:
         a2:61:a3:ec:8f:cc:0a:7c:07:3d:4e:6e:ad:c6:2c:98:18:01:
         27:0d:9b:9d:09:de:be:43:4e:78:5c:c7:6d:a3:ae:fa:b5:1f:
         e9:a1:b3:fe:aa:15:89:b8:49:8d:ec:5e:c2:61:ba:85:c0:d1:
         73:d1:ec:12:39:13:46:07:4e:6d:2c:0e:17:36:20:c1:52:73:
         91:fd:d3:3a:7e:28:9a:81:bc:b6:31:c9:ec:79:81:df:26:c9:
         14:5f:ed:90:8c:d2:6b:b3:df:3e:9a:f0:2d:66:9c:d3:b3:b9:
         17:1d:4c:e0:8d:27:f7:bf:32:22:b1:54:a2:ba:80:bf:df:91:
         74:bc:4e:8a:b2:5c:dc:6b:39:dd:59:eb:c7:43:b0:3a:f1:e3:
         3e:05:bc:70:b0:ce:c8:24:7b:5c:dd:3e:69:b4:61:a9:b8:44:
         5e:34:cf:93:0c:e2:9a:63:54:46:2d:13:e6:5a:bf:19:36:33:
         51:fe:a2:2e
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzFAAvv/u9EbPPcgnwPbPiTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5ZTQwNTllNTE5ZTdjYWQwNTM2YmQ1NGQ5MWJjOTc4NzU2
NDRjZGIwHhcNMjQwMTAxMTIyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzIxNDU0OTU1MGVlZGE4NDZmM2U0NWI0M2JiYzMyZTg0MDYwODc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmXjdyeF6Tdgcpd9csiepitVWOl3c
iq2PLIY/vNkriaRKL6ZaJTanUW8r33XSqWrj92cNYS7zWJUTp1ls5dmivJSv0cLd
BMQ19oeASiV76drzUi/OHWSl/vwHA0meaeiFnrxSgFMBuc4VlQqqxgZKG83QTI0Y
aUq8tH6cNrhsaVr1lbCLIlur3M+rBkuxYSX/9k5ICQK+VuEn4oCKdC95kB7FEiE/
3go+mCGwoXiIQi3LSFaMiMifpcwJywkZyVyQ5Gqb1k5BJqVdkUZhvmp9vtpj98Ev
yl0SCtlvtUDzEEuaY4KhtvI9OdUgaegF1kGIfQT0uTt7n7T8GunnZyaVZwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFHchRUlVDu2oRvPkW0O7wy6EBgh4MB8GA1UdIwQY
MBaAFDnkBZ5RnnytBTa9VNkbyXh1ZEzbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2VRRm5sR2VmSzBGTnIxVTJSdkplSFZrVE5zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9lZjkyMjEtYzM1NC00ZTY3LWEzMmYt
ODRlNTk2YTNjMTIxLzEvZHlGRlNWVU83YWhHOC1SYlE3dkRMb1FHQ0hnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9lZjkyMjEtYzM1NC00ZTY3LWEzMmYtODRlNTk2YTNjMTIx
LzEvT2VRRm5sR2VmSzBGTnIxVTJSdkplSFZrVE5zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAke4wDQYJ
KoZIhvcNAQELBQADggEBAHb2p69wHHeE/ihjpWkGd2Xm83uHeFVxPx86ew1CHUe8
zvgzm+m7UJ5utrOGOMFlF5NJFIeGaIjVOD/lp2gOx8PdJ/qXkckPcaJho+yPzAp8
Bz1Obq3GLJgYAScNm50J3r5DTnhcx22jrvq1H+mhs/6qFYm4SY3sXsJhuoXA0XPR
7BI5E0YHTm0sDhc2IMFSc5H90zp+KJqBvLYxyex5gd8myRRf7ZCM0muz3z6a8C1m
nNOzuRcdTOCNJ/e/MiKxVKK6gL/fkXS8ToqyXNxrOd1Z68dDsDrx4z4FvHCwzsgk
e1zdPmm0Yam4RF40z5MM4ppjVEYtE+Zavxk2M1H+oi4=
-----END CERTIFICATE-----