Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/szQy6Juvdr39SFu3IQgKvMsLX8s.roa
File:                     szQy6Juvdr39SFu3IQgKvMsLX8s.roa (raw, json)
Hash identifier:          nkEKq+PXDVCEmUoptPHGJzVWf+wnt7LJwHSOn7GtfPA=
Subject key identifier:   B3:34:32:E8:9B:AF:76:BD:FD:48:5B:B7:21:08:0A:BC:CB:0B:5F:CB
Certificate issuer:       /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial:       019428242F4D0119F2486D09B3612F0C56B5
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/szQy6Juvdr39SFu3IQgKvMsLX8s.roa
Signing time:             Thu 02 Jan 2025 17:50:47 +0000
ROA not before:           Thu 02 Jan 2025 17:50:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215941
IP address blocks:        77.76.15.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 05:01:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:24:2f:4d:01:19:f2:48:6d:09:b3:61:2f:0c:56:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
        Validity
            Not Before: Jan  2 17:50:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b33432e89baf76bdfd485bb721080abccb0b5fcb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:ad:6f:d5:c2:cb:ec:89:95:2c:c8:cc:68:31:
                    d9:e6:1a:30:ae:10:c1:ed:57:fc:f8:2f:81:d3:e3:
                    c6:9c:f9:7a:24:5d:76:3e:61:d1:33:9f:10:01:14:
                    3b:30:c8:2f:20:29:1e:8d:57:ef:12:0e:32:0c:b9:
                    02:a3:9a:e9:ad:66:cf:08:40:3a:fd:b4:0a:e0:1d:
                    82:43:26:af:2a:21:a1:10:e3:59:00:c0:1e:a0:3b:
                    3a:98:5f:0a:dd:7f:f2:4f:ac:a5:73:3c:7e:d2:c6:
                    56:80:55:47:ac:39:d3:0b:1b:94:8c:2c:0a:ce:94:
                    a9:05:0c:b9:95:c1:26:e0:bb:cb:cb:0f:b0:06:04:
                    3f:70:53:af:af:bc:15:27:19:35:ce:13:8a:b8:19:
                    13:d2:1a:74:01:bd:8d:50:6c:59:bb:48:d3:96:d0:
                    4e:7b:36:b8:3a:2a:75:cf:53:de:71:1e:53:d5:24:
                    90:f7:65:e2:ff:9e:5c:11:b3:d6:f2:13:51:f6:7d:
                    a0:35:9a:b5:35:db:1f:f2:64:cd:f8:65:c2:bf:14:
                    45:99:1c:39:64:f8:c0:ce:56:1f:4d:10:67:ec:2a:
                    e4:97:c2:d4:71:ce:63:e8:87:64:0e:65:86:6b:4f:
                    f7:bd:1e:ea:f4:ae:73:10:8b:93:de:60:45:88:f8:
                    7a:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:34:32:E8:9B:AF:76:BD:FD:48:5B:B7:21:08:0A:BC:CB:0B:5F:CB
            X509v3 Authority Key Identifier:
                keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/szQy6Juvdr39SFu3IQgKvMsLX8s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.76.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c1:5c:5f:7a:f7:91:d4:8e:aa:29:28:23:ea:71:1d:03:56:a8:
         26:92:cf:3c:fc:57:7d:e1:e8:f1:48:32:73:00:46:6d:4a:00:
         2b:0a:9d:ce:00:37:a2:29:a9:77:86:2c:5b:a8:26:68:e2:b0:
         ac:40:ae:77:67:c2:e7:64:eb:94:3a:46:9f:58:5f:1a:0a:18:
         38:c2:0f:f1:c5:6b:e9:22:d3:9a:70:07:18:4c:40:87:a7:39:
         fb:2a:37:23:57:e7:92:95:96:fa:78:e8:d9:fd:4d:f2:ef:e8:
         78:85:bf:84:d1:10:7c:0e:a3:75:8e:7e:4a:2e:65:5c:70:5e:
         53:99:b7:79:8d:fd:a6:80:cc:07:92:ee:87:76:21:ce:1c:e7:
         50:44:68:09:93:ab:40:8f:c8:9a:d3:2f:0f:7e:f8:4f:4b:1b:
         4c:39:14:14:5a:65:e9:62:31:42:ba:ce:ae:4e:ba:f9:0f:7b:
         a8:97:a0:7a:cd:fa:1d:b7:84:93:91:fc:ca:24:29:ec:07:d5:
         68:ca:ff:6b:56:8b:b1:77:58:bd:bf:0d:2c:38:a8:3d:24:c5:
         8f:8d:d3:78:5a:9a:1d:1e:3b:45:99:ea:49:c0:57:bf:ed:2f:
         01:95:55:0a:77:98:99:f8:07:95:56:1d:2a:40:24:7e:c2:3a:
         72:85:de:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJC9NARnySG0Js2EvDFa1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjUwMTAyMTc1MDQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzM0MzJlODliYWY3NmJkZmQ0ODViYjcyMTA4MGFiY2NiMGI1ZmNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9K1v1cLL7ImVLMjMaDHZ5howrhDB
7Vf8+C+B0+PGnPl6JF12PmHRM58QARQ7MMgvICkejVfvEg4yDLkCo5rprWbPCEA6
/bQK4B2CQyavKiGhEONZAMAeoDs6mF8K3X/yT6ylczx+0sZWgFVHrDnTCxuUjCwK
zpSpBQy5lcEm4LvLyw+wBgQ/cFOvr7wVJxk1zhOKuBkT0hp0Ab2NUGxZu0jTltBO
eza4Oip1z1PecR5T1SSQ92Xi/55cEbPW8hNR9n2gNZq1Ndsf8mTN+GXCvxRFmRw5
ZPjAzlYfTRBn7Crkl8LUcc5j6IdkDmWGa0/3vR7q9K5zEIuT3mBFiPh6LwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLM0Muibr3a9/UhbtyEICrzLC1/LMB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvc3pReTZKdXZkcjM5U0Z1M0lRZ0t2TXNMWDhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATUwPMA0G
CSqGSIb3DQEBCwUAA4IBAQDBXF9695HUjqopKCPqcR0DVqgmks88/Fd94ejxSDJz
AEZtSgArCp3OADeiKal3hixbqCZo4rCsQK53Z8LnZOuUOkafWF8aChg4wg/xxWvp
ItOacAcYTECHpzn7KjcjV+eSlZb6eOjZ/U3y7+h4hb+E0RB8DqN1jn5KLmVccF5T
mbd5jf2mgMwHku6HdiHOHOdQRGgJk6tAj8ia0y8PfvhPSxtMORQUWmXpYjFCus6u
Trr5D3uol6B6zfodt4STkfzKJCnsB9Voyv9rVouxd1i9vw0sOKg9JMWPjdN4Wpod
HjtFmepJwFe/7S8BlVUKd5iZ+AeVVh0qQCR+wjpyhd6c
-----END CERTIFICATE-----