Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/e08b8e-bf22-435c-8b1f-46bb7aec1f30/1/ZwFO6pLqE6AXOTJ020X5Do0XnIs.roa
File:                     ZwFO6pLqE6AXOTJ020X5Do0XnIs.roa (raw, json)
Hash identifier:          P34m495FQ6k3wlmATx1HwkY/n0WFa3S445Y2zOSmrnY=
Subject key identifier:   67:01:4E:EA:92:EA:13:A0:17:39:32:74:DB:45:F9:0E:8D:17:9C:8B
Certificate issuer:       /CN=af2f2e86dd7cc9101658ff8d5a5241445fcd1d6a
Certificate serial:       018F596C3DEE629DF0CDFE8BD32AB8C6979B
Authority key identifier: AF:2F:2E:86:DD:7C:C9:10:16:58:FF:8D:5A:52:41:44:5F:CD:1D:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ry8uht18yRAWWP-NWlJBRF_NHWo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/e08b8e-bf22-435c-8b1f-46bb7aec1f30/1/ZwFO6pLqE6AXOTJ020X5Do0XnIs.roa
Signing time:             Wed 08 May 2024 18:16:56 +0000
ROA not before:           Wed 08 May 2024 18:16:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61317
IP address blocks:        77.81.77.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/e08b8e-bf22-435c-8b1f-46bb7aec1f30/1/ry8uht18yRAWWP-NWlJBRF_NHWo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/e08b8e-bf22-435c-8b1f-46bb7aec1f30/1/ry8uht18yRAWWP-NWlJBRF_NHWo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ry8uht18yRAWWP-NWlJBRF_NHWo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Jun 2024 17:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:59:6c:3d:ee:62:9d:f0:cd:fe:8b:d3:2a:b8:c6:97:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af2f2e86dd7cc9101658ff8d5a5241445fcd1d6a
        Validity
            Not Before: May  8 18:16:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=67014eea92ea13a017393274db45f90e8d179c8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:f0:29:18:e7:85:2e:fc:02:e9:a5:51:0f:59:
                    6b:13:cf:29:d9:c0:ef:af:90:68:3e:27:77:60:16:
                    86:5e:5d:a5:4f:6b:f4:cb:52:16:9a:d6:dc:00:3d:
                    bd:c1:ae:34:0e:a0:78:fd:2f:99:1d:63:f0:6e:54:
                    d3:02:81:88:7b:78:ce:01:d9:f3:83:99:93:0a:c7:
                    bc:d8:a0:4e:3b:f1:bd:0b:5d:9c:82:39:fe:c5:ee:
                    24:7a:48:20:e0:c7:e7:20:c9:fe:9f:c0:8f:34:ae:
                    64:3d:4d:c8:4d:7e:3b:14:05:0e:dd:2b:ad:d8:0a:
                    ea:70:18:61:e4:e7:a9:d3:a8:62:23:b3:07:fe:fe:
                    19:88:f8:e2:fc:2c:4f:9a:c0:e5:9b:38:33:7b:f7:
                    36:53:7a:66:9b:0e:11:ea:47:6f:40:22:ae:99:26:
                    57:fc:fe:8d:18:b7:97:e2:3f:db:4d:da:53:87:69:
                    1f:c0:e3:dc:07:dc:e9:a3:ce:87:a5:a8:53:dd:6a:
                    43:75:99:62:df:b9:aa:61:5b:97:4f:b8:33:6f:88:
                    3f:bd:73:df:cf:bb:db:77:99:f9:5f:ba:48:b3:87:
                    85:39:24:21:5a:71:e4:79:55:c2:a0:3b:e4:7e:5f:
                    a0:3a:00:ba:64:30:65:43:d7:fc:c4:f0:b0:a7:65:
                    68:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:01:4E:EA:92:EA:13:A0:17:39:32:74:DB:45:F9:0E:8D:17:9C:8B
            X509v3 Authority Key Identifier:
                keyid:AF:2F:2E:86:DD:7C:C9:10:16:58:FF:8D:5A:52:41:44:5F:CD:1D:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ry8uht18yRAWWP-NWlJBRF_NHWo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/e08b8e-bf22-435c-8b1f-46bb7aec1f30/1/ZwFO6pLqE6AXOTJ020X5Do0XnIs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/e08b8e-bf22-435c-8b1f-46bb7aec1f30/1/ry8uht18yRAWWP-NWlJBRF_NHWo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.81.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:24:30:20:c2:28:0e:d5:02:87:96:29:02:4a:99:27:41:27:
         69:a3:e7:7f:be:7a:5a:cb:e6:ec:c5:9a:2b:58:72:f0:33:16:
         bd:b4:55:c2:13:95:73:64:d6:4b:99:e6:90:44:24:a0:67:15:
         b6:f1:78:7d:31:89:df:b8:0b:cc:c9:6a:03:0f:d4:81:59:9f:
         45:14:2a:2f:47:4f:17:a1:75:5d:d3:18:ec:0d:91:fb:50:68:
         b0:9b:a8:50:54:07:4d:00:18:3e:57:16:7b:bc:8a:8d:e1:47:
         96:32:2b:59:69:48:b8:50:b0:c7:8c:ba:4f:03:87:50:c9:3e:
         1c:8e:24:fe:66:25:1f:ff:56:32:20:82:b2:57:68:b7:d5:8c:
         3c:b4:b0:ba:27:f2:2a:a5:6e:b6:22:c2:bc:84:c2:2c:50:eb:
         3c:67:83:5c:ae:e4:73:cf:ec:b8:1f:2b:0c:f2:6b:06:96:d8:
         6e:d3:22:4c:c3:bb:c5:e4:bf:67:c5:56:e8:b5:74:bd:a8:cd:
         34:94:54:6b:38:ef:e1:68:95:f6:9b:9b:6a:d8:80:e0:fe:0a:
         c6:22:17:91:ba:e3:bd:57:9b:dd:a1:d5:8b:bf:f7:0f:b9:bc:
         88:a4:9b:43:8c:21:ec:c1:4b:15:00:05:07:00:d3:b5:dd:c4:
         45:08:23:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9ZbD3uYp3wzf6L0yq4xpebMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmMmYyZTg2ZGQ3Y2M5MTAxNjU4ZmY4ZDVhNTI0MTQ0NWZj
ZDFkNmEwHhcNMjQwNTA4MTgxNjU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzAxNGVlYTkyZWExM2EwMTczOTMyNzRkYjQ1ZjkwZThkMTc5YzhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqvApGOeFLvwC6aVRD1lrE88p2cDv
r5BoPid3YBaGXl2lT2v0y1IWmtbcAD29wa40DqB4/S+ZHWPwblTTAoGIe3jOAdnz
g5mTCse82KBOO/G9C12cgjn+xe4kekgg4MfnIMn+n8CPNK5kPU3ITX47FAUO3Sut
2ArqcBhh5Oep06hiI7MH/v4ZiPji/CxPmsDlmzgze/c2U3pmmw4R6kdvQCKumSZX
/P6NGLeX4j/bTdpTh2kfwOPcB9zpo86HpahT3WpDdZli37mqYVuXT7gzb4g/vXPf
z7vbd5n5X7pIs4eFOSQhWnHkeVXCoDvkfl+gOgC6ZDBlQ9f8xPCwp2VojQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGcBTuqS6hOgFzkydNtF+Q6NF5yLMB8GA1UdIwQY
MBaAFK8vLobdfMkQFlj/jVpSQURfzR1qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnk4dWh0MTh5UkFXV1AtTldsSkJSRl9OSFdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC9lMDhiOGUtYmYyMi00MzVjLThiMWYt
NDZiYjdhZWMxZjMwLzEvWndGTzZwTHFFNkFYT1RKMDIwWDVEbzBYbklzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC9lMDhiOGUtYmYyMi00MzVjLThiMWYtNDZiYjdhZWMxZjMw
LzEvcnk4dWh0MTh5UkFXV1AtTldsSkJSRl9OSFdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVFNMA0G
CSqGSIb3DQEBCwUAA4IBAQAgJDAgwigO1QKHlikCSpknQSdpo+d/vnpay+bsxZor
WHLwMxa9tFXCE5VzZNZLmeaQRCSgZxW28Xh9MYnfuAvMyWoDD9SBWZ9FFCovR08X
oXVd0xjsDZH7UGiwm6hQVAdNABg+VxZ7vIqN4UeWMitZaUi4ULDHjLpPA4dQyT4c
jiT+ZiUf/1YyIIKyV2i31Yw8tLC6J/IqpW62IsK8hMIsUOs8Z4NcruRzz+y4HysM
8msGlthu0yJMw7vF5L9nxVbotXS9qM00lFRrOO/haJX2m5tq2IDg/grGIheRuuO9
V5vdodWLv/cPubyIpJtDjCHswUsVAAUHANO13cRFCCPY
-----END CERTIFICATE-----