Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/u8KUkpCA5MZBZEf4Gx55WxHopbk.roa
File:                     u8KUkpCA5MZBZEf4Gx55WxHopbk.roa (raw, json)
Hash identifier:          bYi8b27bm34eh0JABqmVhbNv9qGEBNcZ/yw6GWjgK70=
Subject key identifier:   BB:C2:94:92:90:80:E4:C6:41:64:47:F8:1B:1E:79:5B:11:E8:A5:B9
Certificate issuer:       /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial:       018CC56EEC85A51C0144363AD3EE9FF0EF1A
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/u8KUkpCA5MZBZEf4Gx55WxHopbk.roa
Signing time:             Mon 01 Jan 2024 14:30:30 +0000
ROA not before:           Mon 01 Jan 2024 14:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57912
IP address blocks:        77.76.12.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:ec:85:a5:1c:01:44:36:3a:d3:ee:9f:f0:ef:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
        Validity
            Not Before: Jan  1 14:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bbc294929080e4c6416447f81b1e795b11e8a5b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:c0:fb:63:a5:4a:a5:bc:58:cc:c0:ec:34:6d:
                    19:98:72:48:24:8b:b8:1c:fc:a2:80:e3:db:63:e7:
                    29:df:52:98:ef:42:de:8f:13:1c:7a:49:83:ca:19:
                    4c:5f:04:82:3f:1d:93:6b:26:79:2a:21:80:95:c1:
                    55:ec:5d:58:1b:dd:a1:ca:9f:f5:b6:1e:ac:7f:5c:
                    c9:82:5e:5e:f9:0e:69:44:d0:41:29:0a:65:6b:ca:
                    c5:47:4a:98:c3:d2:11:b5:23:f6:af:4c:e2:5f:a8:
                    58:3d:16:d6:26:4f:7e:88:11:28:d1:00:e1:44:69:
                    75:21:bc:f4:64:b9:00:13:19:d3:b0:84:b6:6c:e7:
                    36:91:fa:b2:c8:a8:3a:de:83:06:ba:8f:70:d8:1e:
                    42:93:05:7c:7c:f1:5f:4a:c2:32:9c:a7:6d:cc:0a:
                    bf:23:f6:93:1e:cd:c5:12:86:ce:71:c5:e8:7f:d8:
                    3c:19:75:67:a6:90:ca:94:cd:b8:f1:fb:a1:3f:87:
                    8e:29:97:9f:ac:11:8a:1a:f3:0c:43:09:c6:d7:bf:
                    ad:9b:ac:d9:8c:26:da:ea:53:c3:a6:a1:48:5f:27:
                    ff:c4:9a:bc:00:0b:e0:86:50:5b:73:2d:8a:7f:13:
                    98:c2:33:f9:32:36:4b:99:81:0a:86:69:38:c3:62:
                    46:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:C2:94:92:90:80:E4:C6:41:64:47:F8:1B:1E:79:5B:11:E8:A5:B9
            X509v3 Authority Key Identifier:
                keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/u8KUkpCA5MZBZEf4Gx55WxHopbk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.76.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:16:57:f2:90:0b:47:b5:13:d9:6a:37:a0:8b:e8:17:bb:46:
         db:a2:10:2a:b2:8a:87:1c:6b:a9:ce:15:32:d4:28:0b:7f:53:
         bd:8d:26:dd:88:f9:eb:3a:da:70:33:f5:db:fa:7f:ff:b1:1e:
         51:dd:2b:2f:2d:5e:0f:9b:b4:1c:87:11:61:3f:9d:a3:e1:f0:
         18:b1:d2:7b:95:ff:7e:41:8e:57:fd:e5:3f:a5:71:9b:8f:67:
         71:a8:8d:30:45:94:c8:fe:f8:7e:42:cc:05:cd:f3:54:5d:83:
         cb:e7:9e:a4:fb:77:80:2f:6e:a1:df:3c:30:78:58:48:4b:56:
         c6:d9:23:4f:14:ec:e0:c5:b7:f7:ff:56:16:1c:14:cb:27:5d:
         f5:de:06:74:0f:dc:ea:b8:b1:c3:5a:16:97:12:eb:f7:b5:51:
         7f:d6:58:76:ff:60:fb:5b:56:94:6f:65:c1:a6:a0:0e:33:94:
         17:c2:48:68:c0:82:ba:fd:77:b5:96:40:f0:f5:28:75:77:c5:
         61:34:8f:25:e4:a0:66:1e:ab:e7:ec:d8:0b:0d:0b:82:ac:46:
         cf:7a:50:a0:cd:ba:83:f9:ab:18:df:d5:11:24:e5:1a:96:ca:
         81:23:58:5d:9f:fa:fc:26:4e:6c:bf:a3:d3:71:32:59:25:bf:
         b9:78:45:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbuyFpRwBRDY60+6f8O8aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjQwMTAxMTQzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYmMyOTQ5MjkwODBlNGM2NDE2NDQ3ZjgxYjFlNzk1YjExZThhNWI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxsD7Y6VKpbxYzMDsNG0ZmHJIJIu4
HPyigOPbY+cp31KY70LejxMcekmDyhlMXwSCPx2TayZ5KiGAlcFV7F1YG92hyp/1
th6sf1zJgl5e+Q5pRNBBKQpla8rFR0qYw9IRtSP2r0ziX6hYPRbWJk9+iBEo0QDh
RGl1Ibz0ZLkAExnTsIS2bOc2kfqyyKg63oMGuo9w2B5CkwV8fPFfSsIynKdtzAq/
I/aTHs3FEobOccXof9g8GXVnppDKlM248fuhP4eOKZefrBGKGvMMQwnG17+tm6zZ
jCba6lPDpqFIXyf/xJq8AAvghlBbcy2KfxOYwjP5MjZLmYEKhmk4w2JGAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLvClJKQgOTGQWRH+BseeVsR6KW5MB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvdThLVWtwQ0E1TVpCWkVmNEd4NTVXeEhvcGJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATUwMMA0G
CSqGSIb3DQEBCwUAA4IBAQAKFlfykAtHtRPZajegi+gXu0bbohAqsoqHHGupzhUy
1CgLf1O9jSbdiPnrOtpwM/Xb+n//sR5R3SsvLV4Pm7QchxFhP52j4fAYsdJ7lf9+
QY5X/eU/pXGbj2dxqI0wRZTI/vh+QswFzfNUXYPL556k+3eAL26h3zwweFhIS1bG
2SNPFOzgxbf3/1YWHBTLJ1313gZ0D9zquLHDWhaXEuv3tVF/1lh2/2D7W1aUb2XB
pqAOM5QXwkhowIK6/Xe1lkDw9Sh1d8VhNI8l5KBmHqvn7NgLDQuCrEbPelCgzbqD
+asY39URJOUalsqBI1hdn/r8Jk5sv6PTcTJZJb+5eEU0
-----END CERTIFICATE-----