Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/e08b8e-bf22-435c-8b1f-46bb7aec1f30/1/0UIcsDzmX2DuIgC02Qx1DrQp3K8.roa
File:                     0UIcsDzmX2DuIgC02Qx1DrQp3K8.roa (raw, json)
Hash identifier:          Legg/mEsggeqyzAY/pPK155cdcLQjziBTbcrBb4VpEE=
Subject key identifier:   D1:42:1C:B0:3C:E6:5F:60:EE:22:00:B4:D9:0C:75:0E:B4:29:DC:AF
Certificate issuer:       /CN=af2f2e86dd7cc9101658ff8d5a5241445fcd1d6a
Certificate serial:       018CCA2A43803122D712E8B15E2395FD20A8
Authority key identifier: AF:2F:2E:86:DD:7C:C9:10:16:58:FF:8D:5A:52:41:44:5F:CD:1D:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ry8uht18yRAWWP-NWlJBRF_NHWo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/e08b8e-bf22-435c-8b1f-46bb7aec1f30/1/0UIcsDzmX2DuIgC02Qx1DrQp3K8.roa
Signing time:             Tue 02 Jan 2024 12:33:36 +0000
ROA not before:           Tue 02 Jan 2024 12:33:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209043
IP address blocks:        77.81.77.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/e08b8e-bf22-435c-8b1f-46bb7aec1f30/1/ry8uht18yRAWWP-NWlJBRF_NHWo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/e08b8e-bf22-435c-8b1f-46bb7aec1f30/1/ry8uht18yRAWWP-NWlJBRF_NHWo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ry8uht18yRAWWP-NWlJBRF_NHWo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 24 May 2024 08:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:43:80:31:22:d7:12:e8:b1:5e:23:95:fd:20:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af2f2e86dd7cc9101658ff8d5a5241445fcd1d6a
        Validity
            Not Before: Jan  2 12:33:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d1421cb03ce65f60ee2200b4d90c750eb429dcaf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:c1:64:d6:30:68:dc:c7:cc:da:25:5c:56:7e:
                    ee:e6:f1:c9:b8:b3:b8:01:45:05:e6:4a:f2:e9:7e:
                    d2:0b:ff:44:c6:5f:2d:41:b3:f0:89:72:91:0d:a6:
                    aa:2c:50:1b:ec:11:f4:ab:39:93:89:5c:9e:4a:98:
                    77:b3:96:e3:92:09:e9:8a:22:75:68:aa:45:21:dc:
                    96:9a:a7:49:78:f8:29:4c:31:53:ce:4c:8c:9e:91:
                    d1:da:12:48:9e:6f:4a:d8:7e:fb:c4:14:00:b1:4d:
                    13:85:51:24:8d:82:0d:2b:3b:f6:71:83:19:15:94:
                    0a:f2:d0:48:61:e6:a5:c5:78:89:cf:fa:f4:6b:bf:
                    20:ca:5b:e1:d4:07:8e:9c:ab:e1:a5:f2:3c:c0:fd:
                    66:45:eb:7b:3d:06:1f:c1:2c:1c:31:dd:7f:62:2d:
                    b9:33:6f:87:33:61:73:c3:7c:12:f2:a4:bd:97:43:
                    38:a2:60:e3:51:fd:45:a1:e2:42:00:b1:53:85:e4:
                    41:fb:f8:fa:46:92:4f:89:db:3f:64:e9:29:7c:9d:
                    2f:98:5a:96:d3:f5:1e:c3:08:c7:5d:a0:7d:09:99:
                    cb:59:51:45:fa:97:a5:9a:17:18:47:1a:ff:e3:a0:
                    50:d9:41:b8:65:11:31:5e:01:80:0d:a8:70:89:df:
                    62:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:42:1C:B0:3C:E6:5F:60:EE:22:00:B4:D9:0C:75:0E:B4:29:DC:AF
            X509v3 Authority Key Identifier:
                keyid:AF:2F:2E:86:DD:7C:C9:10:16:58:FF:8D:5A:52:41:44:5F:CD:1D:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ry8uht18yRAWWP-NWlJBRF_NHWo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/e08b8e-bf22-435c-8b1f-46bb7aec1f30/1/0UIcsDzmX2DuIgC02Qx1DrQp3K8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/e08b8e-bf22-435c-8b1f-46bb7aec1f30/1/ry8uht18yRAWWP-NWlJBRF_NHWo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.81.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:96:c7:89:6c:ea:08:bf:f6:df:b0:4b:1d:06:12:fb:85:02:
         5c:82:d2:89:4e:be:a2:ee:b0:a7:37:b4:94:c0:67:49:63:7a:
         bc:f1:0f:e3:a8:91:b8:29:9c:81:14:f3:64:c7:b9:af:45:cd:
         bd:0e:3a:5b:c4:1d:20:c0:96:45:06:6f:15:68:32:94:4e:7e:
         cd:78:1f:db:06:d0:3a:3f:97:f2:41:b3:70:bb:10:26:9e:04:
         43:a0:54:9c:75:6a:d5:92:73:ac:bb:3c:17:69:88:ec:b9:53:
         4c:2c:f7:1d:f3:be:03:79:35:0e:a1:dd:d4:52:24:c2:fc:3e:
         d0:78:9f:5c:7e:94:6f:40:ec:ac:75:0f:89:24:77:85:18:24:
         df:f0:65:25:5c:38:fe:31:ca:47:6e:7b:a7:cb:62:e3:bb:f7:
         40:e6:01:8c:57:a8:90:47:04:58:67:1a:f4:1d:38:a0:5b:c7:
         a9:69:c6:08:fd:e0:5a:61:75:93:b2:29:38:e6:f5:70:ac:58:
         aa:3a:5f:62:e5:9a:59:30:75:e0:f5:31:c8:96:2d:e0:e5:4a:
         88:56:67:81:32:7e:c6:a0:9a:c7:7f:3f:51:c9:97:55:6f:07:
         33:42:ec:47:0b:fb:cb:e6:c7:d4:f5:25:10:8c:f5:7a:6e:ce:
         d4:45:02:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKkOAMSLXEuixXiOV/SCoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmMmYyZTg2ZGQ3Y2M5MTAxNjU4ZmY4ZDVhNTI0MTQ0NWZj
ZDFkNmEwHhcNMjQwMTAyMTIzMzM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTQyMWNiMDNjZTY1ZjYwZWUyMjAwYjRkOTBjNzUwZWI0MjlkY2FmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqcFk1jBo3MfM2iVcVn7u5vHJuLO4
AUUF5kry6X7SC/9Exl8tQbPwiXKRDaaqLFAb7BH0qzmTiVyeSph3s5bjkgnpiiJ1
aKpFIdyWmqdJePgpTDFTzkyMnpHR2hJInm9K2H77xBQAsU0ThVEkjYINKzv2cYMZ
FZQK8tBIYealxXiJz/r0a78gylvh1AeOnKvhpfI8wP1mRet7PQYfwSwcMd1/Yi25
M2+HM2Fzw3wS8qS9l0M4omDjUf1FoeJCALFTheRB+/j6RpJPids/ZOkpfJ0vmFqW
0/UewwjHXaB9CZnLWVFF+pelmhcYRxr/46BQ2UG4ZRExXgGADahwid9iPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNFCHLA85l9g7iIAtNkMdQ60KdyvMB8GA1UdIwQY
MBaAFK8vLobdfMkQFlj/jVpSQURfzR1qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnk4dWh0MTh5UkFXV1AtTldsSkJSRl9OSFdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC9lMDhiOGUtYmYyMi00MzVjLThiMWYt
NDZiYjdhZWMxZjMwLzEvMFVJY3NEem1YMkR1SWdDMDJReDFEclFwM0s4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC9lMDhiOGUtYmYyMi00MzVjLThiMWYtNDZiYjdhZWMxZjMw
LzEvcnk4dWh0MTh5UkFXV1AtTldsSkJSRl9OSFdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVFNMA0G
CSqGSIb3DQEBCwUAA4IBAQBzlseJbOoIv/bfsEsdBhL7hQJcgtKJTr6i7rCnN7SU
wGdJY3q88Q/jqJG4KZyBFPNkx7mvRc29DjpbxB0gwJZFBm8VaDKUTn7NeB/bBtA6
P5fyQbNwuxAmngRDoFScdWrVknOsuzwXaYjsuVNMLPcd874DeTUOod3UUiTC/D7Q
eJ9cfpRvQOysdQ+JJHeFGCTf8GUlXDj+McpHbnuny2Lju/dA5gGMV6iQRwRYZxr0
HTigW8epacYI/eBaYXWTsik45vVwrFiqOl9i5ZpZMHXg9THIli3g5UqIVmeBMn7G
oJrHfz9RyZdVbwczQuxHC/vL5sfU9SUQjPV6bs7URQIL
-----END CERTIFICATE-----