Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/U2CJ5dyxPhWWgWkKP6COVXs1Jpc.roa
File:                     U2CJ5dyxPhWWgWkKP6COVXs1Jpc.roa (raw, json)
Hash identifier:          KbXKttHuKMXln6TPafAMvta5YLVLDb0Kpr/j7yuCvaM=
Subject key identifier:   53:60:89:E5:DC:B1:3E:15:96:81:69:0A:3F:A0:8E:55:7B:35:26:97
Certificate issuer:       /CN=641975583b250362c8150f63adb30a0f6a0c6fc3
Certificate serial:       018CC500B37695796EB673B68A975D01ADD1
Authority key identifier: 64:19:75:58:3B:25:03:62:C8:15:0F:63:AD:B3:0A:0F:6A:0C:6F:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/U2CJ5dyxPhWWgWkKP6COVXs1Jpc.roa
Signing time:             Mon 01 Jan 2024 12:30:06 +0000
ROA not before:           Mon 01 Jan 2024 12:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206814
IP address blocks:        77.111.125.0/24 maxlen: 24
                          77.111.124.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:b3:76:95:79:6e:b6:73:b6:8a:97:5d:01:ad:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=641975583b250362c8150f63adb30a0f6a0c6fc3
        Validity
            Not Before: Jan  1 12:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=536089e5dcb13e159681690a3fa08e557b352697
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:3f:bf:72:89:81:9c:0a:d6:ca:85:f8:d0:4a:
                    d1:6c:d6:9c:66:1e:5e:e5:e6:32:df:69:6a:ec:95:
                    dd:e9:e3:a2:00:85:1f:70:af:bd:b3:4d:5d:6a:a9:
                    b2:fe:b9:71:2e:68:81:b4:97:ac:e2:60:34:4b:21:
                    97:9d:5f:75:44:8b:80:8c:b2:73:5c:5a:70:df:49:
                    ea:0d:84:f2:26:9c:5b:86:cb:d4:59:82:61:ba:64:
                    62:b8:1c:11:cb:49:00:8f:16:3a:ae:98:68:04:25:
                    23:b3:67:ef:97:6a:27:09:56:fe:39:81:e3:93:6d:
                    29:15:86:12:58:8a:73:4e:05:29:bc:a8:04:3a:62:
                    8c:ab:fa:2a:89:26:de:94:24:09:62:c7:52:b0:c0:
                    81:2a:25:1e:59:3f:b1:22:25:b0:9a:e8:94:ea:a4:
                    ea:e0:f8:89:c0:7b:02:b9:0b:81:e6:ca:bf:7f:46:
                    b6:9f:09:7b:81:e8:89:78:f3:ce:82:bf:9b:c0:96:
                    9d:bf:36:d2:2f:ce:52:a1:23:61:8d:ab:54:d3:9c:
                    14:65:87:b5:d6:22:90:fd:ef:1f:c7:06:c1:5e:0f:
                    34:9c:9f:dc:7f:94:30:3e:69:17:48:32:f9:46:18:
                    fc:4d:63:4c:bb:c0:f6:28:72:54:13:dd:0c:d5:a3:
                    69:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:60:89:E5:DC:B1:3E:15:96:81:69:0A:3F:A0:8E:55:7B:35:26:97
            X509v3 Authority Key Identifier:
                keyid:64:19:75:58:3B:25:03:62:C8:15:0F:63:AD:B3:0A:0F:6A:0C:6F:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/U2CJ5dyxPhWWgWkKP6COVXs1Jpc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.111.124.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ab:6b:f9:b5:c1:d1:e0:69:ee:19:86:92:e8:12:98:31:93:74:
         f7:42:ac:6d:fa:39:7c:bb:2a:b2:01:c6:f6:1e:1f:48:ac:0b:
         21:81:b1:d2:d9:2e:49:4c:8e:56:86:c5:87:2f:5e:44:c2:b6:
         84:04:f7:11:49:be:42:71:9c:56:00:e4:98:36:a2:4e:80:89:
         ca:44:28:88:88:96:81:0b:cd:5f:b0:14:a0:0e:30:0a:e7:1d:
         7a:eb:4c:ec:ff:55:5d:a9:29:e3:77:8e:55:a8:e8:2d:5b:f0:
         d6:48:b6:c7:38:47:07:8e:bd:dd:b6:ae:3c:45:ff:1c:e7:82:
         1e:b1:98:0e:c0:9c:d4:d1:cd:53:cd:b1:14:5c:a3:8b:04:43:
         89:fc:ba:c0:38:72:ac:1c:95:6f:e0:2a:9d:7e:74:8c:84:6c:
         72:e8:f9:76:62:f0:fc:3a:9b:fb:70:22:a4:a1:99:37:64:77:
         37:1a:37:ef:31:23:5d:08:67:9e:82:df:96:6c:ea:1b:7c:d6:
         2a:c9:e0:14:f5:a5:07:f5:8a:54:04:62:1e:4c:3e:da:27:4d:
         56:38:88:93:5b:3a:44:94:7b:63:87:38:fa:71:c7:76:3c:a5:
         e8:99:2e:77:2d:4e:00:6d:0b:d7:b4:06:cd:80:ec:d8:61:da:
         86:d3:37:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFALN2lXlutnO2ipddAa3RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0MTk3NTU4M2IyNTAzNjJjODE1MGY2M2FkYjMwYTBmNmEw
YzZmYzMwHhcNMjQwMTAxMTIzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzYwODllNWRjYjEzZTE1OTY4MTY5MGEzZmEwOGU1NTdiMzUyNjk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjj+/comBnArWyoX40ErRbNacZh5e
5eYy32lq7JXd6eOiAIUfcK+9s01daqmy/rlxLmiBtJes4mA0SyGXnV91RIuAjLJz
XFpw30nqDYTyJpxbhsvUWYJhumRiuBwRy0kAjxY6rphoBCUjs2fvl2onCVb+OYHj
k20pFYYSWIpzTgUpvKgEOmKMq/oqiSbelCQJYsdSsMCBKiUeWT+xIiWwmuiU6qTq
4PiJwHsCuQuB5sq/f0a2nwl7geiJePPOgr+bwJadvzbSL85SoSNhjatU05wUZYe1
1iKQ/e8fxwbBXg80nJ/cf5QwPmkXSDL5Rhj8TWNMu8D2KHJUE90M1aNpMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFNgieXcsT4VloFpCj+gjlV7NSaXMB8GA1UdIwQY
MBaAFGQZdVg7JQNiyBUPY62zCg9qDG/DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWkJsMVdEc2xBMkxJRlE5anJiTUtEMm9NYjhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC85OGE1ZWQtOTA1ZS00YmZhLTkxNTQt
ZjFjMzNhYTJmZDUwLzEvVTJDSjVkeXhQaFdXZ1drS1A2Q09WWHMxSnBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC85OGE1ZWQtOTA1ZS00YmZhLTkxNTQtZjFjMzNhYTJmZDUw
LzEvWkJsMVdEc2xBMkxJRlE5anJiTUtEMm9NYjhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBTW98MA0G
CSqGSIb3DQEBCwUAA4IBAQCra/m1wdHgae4ZhpLoEpgxk3T3Qqxt+jl8uyqyAcb2
Hh9IrAshgbHS2S5JTI5WhsWHL15EwraEBPcRSb5CcZxWAOSYNqJOgInKRCiIiJaB
C81fsBSgDjAK5x1660zs/1VdqSnjd45VqOgtW/DWSLbHOEcHjr3dtq48Rf8c54Ie
sZgOwJzU0c1TzbEUXKOLBEOJ/LrAOHKsHJVv4CqdfnSMhGxy6Pl2YvD8Opv7cCKk
oZk3ZHc3GjfvMSNdCGeegt+WbOobfNYqyeAU9aUH9YpUBGIeTD7aJ01WOIiTWzpE
lHtjhzj6ccd2PKXomS53LU4AbQvXtAbNgOzYYdqG0zcX
-----END CERTIFICATE-----