Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/yu4lJsrHt_wwX2ISROVXu2LmB3o.roa
File:                     yu4lJsrHt_wwX2ISROVXu2LmB3o.roa (raw, json)
Hash identifier:          ayi5H4NpJExk6PzV7scUHEsRngBo3eUlPsNd57mGLYE=
Subject key identifier:   CA:EE:25:26:CA:C7:B7:FC:30:5F:62:12:44:E5:57:BB:62:E6:07:7A
Certificate issuer:       /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial:       01924C2BC1115D7AF998E1765CC563EB5B47
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/yu4lJsrHt_wwX2ISROVXu2LmB3o.roa
Signing time:             Wed 02 Oct 2024 07:39:48 +0000
ROA not before:           Wed 02 Oct 2024 07:39:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29582
IP address blocks:        77.76.3.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:4c:2b:c1:11:5d:7a:f9:98:e1:76:5c:c5:63:eb:5b:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
        Validity
            Not Before: Oct  2 07:39:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=caee2526cac7b7fc305f621244e557bb62e6077a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:27:09:d3:98:2f:11:e4:5f:33:f7:7c:2e:5b:
                    ed:c2:6a:95:5e:30:b3:9d:ea:99:04:4a:f7:b0:00:
                    e5:45:ff:59:fa:c4:a1:e3:56:f2:d9:b2:6c:d5:ad:
                    28:7f:a0:0f:3d:ff:2a:84:bd:de:93:d0:60:4a:1c:
                    85:8d:f5:6c:48:f2:4c:6e:a9:7d:a1:1b:75:d3:2a:
                    97:e0:ce:d0:e6:dc:9a:87:c4:88:5f:06:3c:3d:ba:
                    e8:6b:b4:88:79:61:67:64:a9:c5:17:a0:f5:8f:3b:
                    45:e5:1b:4e:be:cf:bb:e9:a5:66:9e:82:0e:07:be:
                    2b:9c:f0:84:f3:2d:d5:49:a9:2d:14:2d:cb:b0:cb:
                    72:b6:2a:ca:03:b4:33:c1:69:7d:d5:81:97:4e:7d:
                    6e:7e:8e:3e:c7:b8:15:8b:a1:f6:13:89:bd:b0:27:
                    33:b3:db:e2:d6:8a:37:01:e4:3b:44:2c:31:32:10:
                    04:e4:22:44:2c:77:06:96:6d:11:08:2d:29:e3:36:
                    4d:d9:65:96:57:7e:06:11:33:f5:ca:e5:23:0a:79:
                    96:b2:1c:3d:48:8c:6d:ce:38:ed:23:b4:4e:7a:00:
                    c3:0e:72:71:b5:d6:02:1b:64:2e:b6:d5:d3:e2:bb:
                    27:c2:ac:f5:7c:f5:54:21:13:43:97:8d:93:3a:7a:
                    e2:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:EE:25:26:CA:C7:B7:FC:30:5F:62:12:44:E5:57:BB:62:E6:07:7A
            X509v3 Authority Key Identifier:
                keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/yu4lJsrHt_wwX2ISROVXu2LmB3o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.76.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:92:c2:0d:35:b3:e7:9f:29:cd:e3:18:6b:9f:14:70:ff:33:
         7b:e0:d0:8d:80:24:29:5c:d2:4b:1f:72:3c:4f:e0:0f:6a:5f:
         3f:89:60:27:24:27:0b:14:8a:39:9a:9e:76:f7:35:96:5c:01:
         13:b6:57:b8:b3:7d:0b:d6:9c:a1:e3:23:0a:e9:f0:e5:fd:b8:
         22:12:09:e3:36:e2:2d:33:7b:ed:55:9e:96:14:9d:df:d5:c0:
         14:f9:f5:aa:8e:55:39:37:a0:b7:89:84:93:ac:a4:78:3c:ba:
         90:52:06:db:8f:08:27:3c:d5:38:f0:e2:6c:7f:8b:c3:d1:36:
         71:3b:06:94:93:9c:05:dd:bb:42:fb:5d:4f:c3:81:a7:68:8c:
         e2:28:42:ba:a9:86:dd:95:21:cd:ba:93:b8:d2:09:1e:51:f5:
         40:09:8b:50:93:a8:e2:d8:3e:00:3e:6a:24:f7:b3:9e:34:46:
         58:dc:13:a8:1c:9c:8b:73:9e:33:85:be:95:6f:57:34:3a:9b:
         bc:66:df:1a:58:2b:3a:18:51:2d:34:f9:47:6e:ec:02:51:d3:
         43:7b:52:b7:d4:55:9e:59:1f:78:31:06:c7:5e:dd:df:a6:ac:
         02:e0:38:ba:5f:74:d5:3b:e7:bd:5f:94:3b:29:6a:1e:c1:1f:
         43:95:59:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJMK8ERXXr5mOF2XMVj61tHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjQxMDAyMDczOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWVlMjUyNmNhYzdiN2ZjMzA1ZjYyMTI0NGU1NTdiYjYyZTYwNzdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyycJ05gvEeRfM/d8LlvtwmqVXjCz
neqZBEr3sADlRf9Z+sSh41by2bJs1a0of6APPf8qhL3ek9BgShyFjfVsSPJMbql9
oRt10yqX4M7Q5tyah8SIXwY8Pbroa7SIeWFnZKnFF6D1jztF5RtOvs+76aVmnoIO
B74rnPCE8y3VSaktFC3LsMtytirKA7QzwWl91YGXTn1ufo4+x7gVi6H2E4m9sCcz
s9vi1oo3AeQ7RCwxMhAE5CJELHcGlm0RCC0p4zZN2WWWV34GETP1yuUjCnmWshw9
SIxtzjjtI7ROegDDDnJxtdYCG2QuttXT4rsnwqz1fPVUIRNDl42TOnri9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMruJSbKx7f8MF9iEkTlV7ti5gd6MB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEveXU0bEpzckh0X3d3WDJJU1JPVlh1MkxtQjNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATUwDMA0G
CSqGSIb3DQEBCwUAA4IBAQASksINNbPnnynN4xhrnxRw/zN74NCNgCQpXNJLH3I8
T+APal8/iWAnJCcLFIo5mp529zWWXAETtle4s30L1pyh4yMK6fDl/bgiEgnjNuIt
M3vtVZ6WFJ3f1cAU+fWqjlU5N6C3iYSTrKR4PLqQUgbbjwgnPNU48OJsf4vD0TZx
OwaUk5wF3btC+11Pw4GnaIziKEK6qYbdlSHNupO40gkeUfVACYtQk6ji2D4APmok
97OeNEZY3BOoHJyLc54zhb6Vb1c0Opu8Zt8aWCs6GFEtNPlHbuwCUdNDe1K31FWe
WR94MQbHXt3fpqwC4Di6X3TVO+e9X5Q7KWoewR9DlVmc
-----END CERTIFICATE-----