Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/e08b8e-bf22-435c-8b1f-46bb7aec1f30/1/77uLGNcnoUguJvnX2MnDufeu_W8.roa
File:                     77uLGNcnoUguJvnX2MnDufeu_W8.roa (raw, json)
Hash identifier:          ApZNoqCbxWwtgEHdHBD2cuIp4hk8KdCI4tCD3Fubme0=
Subject key identifier:   EF:BB:8B:18:D7:27:A1:48:2E:26:F9:D7:D8:C9:C3:B9:F7:AE:FD:6F
Certificate issuer:       /CN=af2f2e86dd7cc9101658ff8d5a5241445fcd1d6a
Certificate serial:       018D7EEA876C8DBCFA0E6DB4D809A25D41EF
Authority key identifier: AF:2F:2E:86:DD:7C:C9:10:16:58:FF:8D:5A:52:41:44:5F:CD:1D:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ry8uht18yRAWWP-NWlJBRF_NHWo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/e08b8e-bf22-435c-8b1f-46bb7aec1f30/1/77uLGNcnoUguJvnX2MnDufeu_W8.roa
Signing time:             Tue 06 Feb 2024 14:55:15 +0000
ROA not before:           Tue 06 Feb 2024 14:55:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5065
IP address blocks:        188.214.232.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/e08b8e-bf22-435c-8b1f-46bb7aec1f30/1/ry8uht18yRAWWP-NWlJBRF_NHWo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/e08b8e-bf22-435c-8b1f-46bb7aec1f30/1/ry8uht18yRAWWP-NWlJBRF_NHWo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ry8uht18yRAWWP-NWlJBRF_NHWo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 01:01:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:7e:ea:87:6c:8d:bc:fa:0e:6d:b4:d8:09:a2:5d:41:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af2f2e86dd7cc9101658ff8d5a5241445fcd1d6a
        Validity
            Not Before: Feb  6 14:55:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=efbb8b18d727a1482e26f9d7d8c9c3b9f7aefd6f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:8b:53:1a:49:fc:72:a9:58:7e:2f:e2:37:55:
                    f1:0e:83:fb:c6:39:d0:3c:c2:a4:9a:53:7e:51:5c:
                    22:a7:32:a9:08:de:12:8d:5c:f6:69:b0:75:41:4d:
                    2f:38:bd:31:b6:a0:c5:46:a0:98:80:ed:24:3b:df:
                    0f:1f:fd:4d:8f:ea:fa:57:c2:f5:06:6d:15:56:6d:
                    f6:27:06:b7:97:52:4a:01:a5:de:fa:d9:96:6d:c0:
                    ea:ca:a7:87:ba:c0:36:93:e0:b7:85:7d:5f:68:74:
                    5c:26:51:47:ed:91:dc:45:21:c7:10:52:90:11:34:
                    26:99:f2:47:1d:11:f8:54:4e:65:71:b7:3e:fb:9f:
                    eb:2b:4f:8e:08:de:fa:dd:a6:a2:69:4d:5b:22:29:
                    ad:f3:02:87:ba:ca:34:6a:b8:f7:f8:07:70:01:96:
                    21:e5:af:b7:52:cb:4b:b3:ab:a9:2f:89:9c:73:32:
                    89:cf:05:d9:71:d3:92:3f:fc:c5:fc:b5:11:d9:7f:
                    ef:54:8f:c5:92:8b:98:d8:14:8e:f1:06:58:52:2a:
                    ed:c4:bd:44:23:8b:93:5f:97:74:37:22:7a:a7:4d:
                    69:79:41:af:c8:f7:c7:30:98:fc:b8:12:ae:2a:9d:
                    30:98:c7:18:c4:ca:fb:8f:64:f0:cc:ed:97:47:ea:
                    09:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:BB:8B:18:D7:27:A1:48:2E:26:F9:D7:D8:C9:C3:B9:F7:AE:FD:6F
            X509v3 Authority Key Identifier:
                keyid:AF:2F:2E:86:DD:7C:C9:10:16:58:FF:8D:5A:52:41:44:5F:CD:1D:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ry8uht18yRAWWP-NWlJBRF_NHWo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/e08b8e-bf22-435c-8b1f-46bb7aec1f30/1/77uLGNcnoUguJvnX2MnDufeu_W8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/e08b8e-bf22-435c-8b1f-46bb7aec1f30/1/ry8uht18yRAWWP-NWlJBRF_NHWo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.214.232.0/23

    Signature Algorithm: sha256WithRSAEncryption
         20:85:30:8d:48:4f:b3:6a:aa:1c:14:77:b8:49:54:f1:28:e6:
         2d:b0:73:31:a7:c0:ec:0c:33:7f:db:f3:73:7f:55:64:4e:48:
         ba:de:be:27:91:31:f1:0c:76:87:81:3a:4e:1a:cc:61:cc:5e:
         24:07:cd:13:ac:09:87:79:f8:df:fe:88:79:d0:00:8b:2a:49:
         ec:f8:48:92:a1:df:f2:86:8d:fd:dd:36:97:3e:54:f9:b9:90:
         d2:7d:4a:eb:9e:e7:f7:a1:9b:7c:8e:fc:28:be:4f:3c:4d:5e:
         29:81:2a:d0:36:41:78:ee:c9:8a:fd:2b:7f:eb:13:e7:34:9a:
         0d:6a:46:3e:38:df:d7:e0:e5:28:86:b2:8d:bb:c7:fa:34:8b:
         74:71:f1:ae:b6:14:22:ef:f5:be:5e:bb:4d:ab:83:43:a5:68:
         a3:9b:1d:41:4b:3f:7b:67:8c:a8:a2:9d:3c:3c:27:6b:f0:0c:
         03:00:d0:78:68:d6:4a:ff:0c:69:20:6c:96:8a:12:26:b2:70:
         4b:5e:35:14:29:1e:e2:72:77:be:7c:e5:09:b4:67:95:8b:4c:
         24:3e:b5:96:3e:1c:b4:d9:6b:77:11:4a:58:64:2e:b4:96:15:
         89:8b:a5:09:27:69:7f:9a:ff:db:26:66:f5:ff:46:fa:c6:6d:
         53:94:04:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1+6odsjbz6Dm202AmiXUHvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmMmYyZTg2ZGQ3Y2M5MTAxNjU4ZmY4ZDVhNTI0MTQ0NWZj
ZDFkNmEwHhcNMjQwMjA2MTQ1NTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZmJiOGIxOGQ3MjdhMTQ4MmUyNmY5ZDdkOGM5YzNiOWY3YWVmZDZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn4tTGkn8cqlYfi/iN1XxDoP7xjnQ
PMKkmlN+UVwipzKpCN4SjVz2abB1QU0vOL0xtqDFRqCYgO0kO98PH/1Nj+r6V8L1
Bm0VVm32Jwa3l1JKAaXe+tmWbcDqyqeHusA2k+C3hX1faHRcJlFH7ZHcRSHHEFKQ
ETQmmfJHHRH4VE5lcbc++5/rK0+OCN763aaiaU1bIimt8wKHuso0arj3+AdwAZYh
5a+3UstLs6upL4mcczKJzwXZcdOSP/zF/LUR2X/vVI/FkouY2BSO8QZYUirtxL1E
I4uTX5d0NyJ6p01peUGvyPfHMJj8uBKuKp0wmMcYxMr7j2TwzO2XR+oJJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO+7ixjXJ6FILib519jJw7n3rv1vMB8GA1UdIwQY
MBaAFK8vLobdfMkQFlj/jVpSQURfzR1qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnk4dWh0MTh5UkFXV1AtTldsSkJSRl9OSFdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC9lMDhiOGUtYmYyMi00MzVjLThiMWYt
NDZiYjdhZWMxZjMwLzEvNzd1TEdOY25vVWd1SnZuWDJNbkR1ZmV1X1c4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC9lMDhiOGUtYmYyMi00MzVjLThiMWYtNDZiYjdhZWMxZjMw
LzEvcnk4dWh0MTh5UkFXV1AtTldsSkJSRl9OSFdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBvNboMA0G
CSqGSIb3DQEBCwUAA4IBAQAghTCNSE+zaqocFHe4SVTxKOYtsHMxp8DsDDN/2/Nz
f1VkTki63r4nkTHxDHaHgTpOGsxhzF4kB80TrAmHefjf/oh50ACLKkns+EiSod/y
ho393TaXPlT5uZDSfUrrnuf3oZt8jvwovk88TV4pgSrQNkF47smK/St/6xPnNJoN
akY+ON/X4OUohrKNu8f6NIt0cfGuthQi7/W+XrtNq4NDpWijmx1BSz97Z4yoop08
PCdr8AwDANB4aNZK/wxpIGyWihImsnBLXjUUKR7icne+fOUJtGeVi0wkPrWWPhy0
2Wt3EUpYZC60lhWJi6UJJ2l/mv/bJmb1/0b6xm1TlATP
-----END CERTIFICATE-----