Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/yQNmFqV3SLZzlSL4uNSxaQyaIC0.roa
File:                     yQNmFqV3SLZzlSL4uNSxaQyaIC0.roa (raw, json)
Hash identifier:          OMxZqbBrph8Z+2aZ6pyEcCIr0gjyUBQCI7+0pDGgcFA=
Subject key identifier:   C9:03:66:16:A5:77:48:B6:73:95:22:F8:B8:D4:B1:69:0C:9A:20:2D
Certificate issuer:       /CN=2c3963ba2aae5abd38a6eed09da985611f1b5021
Certificate serial:       018CC5013B364B5D220282576F40C77E7AAD
Authority key identifier: 2C:39:63:BA:2A:AE:5A:BD:38:A6:EE:D0:9D:A9:85:61:1F:1B:50:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LDljuiquWr04pu7QnamFYR8bUCE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/yQNmFqV3SLZzlSL4uNSxaQyaIC0.roa
Signing time:             Mon 01 Jan 2024 12:30:41 +0000
ROA not before:           Mon 01 Jan 2024 12:30:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204782
IP address blocks:        77.242.236.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/LDljuiquWr04pu7QnamFYR8bUCE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/LDljuiquWr04pu7QnamFYR8bUCE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LDljuiquWr04pu7QnamFYR8bUCE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:3b:36:4b:5d:22:02:82:57:6f:40:c7:7e:7a:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c3963ba2aae5abd38a6eed09da985611f1b5021
        Validity
            Not Before: Jan  1 12:30:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c9036616a57748b6739522f8b8d4b1690c9a202d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:98:3c:56:fa:1e:62:87:36:33:c8:bf:bf:38:
                    c9:62:f7:d1:4e:e1:8a:b4:40:92:20:1d:c5:6d:66:
                    e0:a4:4a:dd:57:48:03:86:0a:ab:81:42:41:7d:7e:
                    05:6a:93:65:ce:30:57:14:1d:54:43:e4:32:29:77:
                    85:d4:b8:c3:b4:9e:12:2a:6a:e3:76:85:de:af:d9:
                    6e:82:95:ac:2e:31:ab:82:e0:69:22:ce:7c:74:3f:
                    e5:0a:70:b9:28:9c:33:f7:37:a9:98:f6:ff:1c:4f:
                    de:01:1a:47:9c:7c:41:9e:02:d5:7e:59:7e:8a:9f:
                    a0:cb:7c:19:71:5e:93:73:17:d6:61:12:98:2c:6c:
                    5f:ee:9b:65:ba:94:bf:1c:49:65:c2:d2:8a:42:f2:
                    f9:31:dd:10:9e:a2:e1:84:cc:36:c0:e0:a4:3d:5e:
                    dd:9f:f1:c0:21:b5:6a:81:98:d6:c4:5a:23:e7:1a:
                    aa:e9:23:80:63:df:ac:64:47:a6:32:d3:c2:fc:87:
                    38:ed:5f:ae:99:36:c2:e7:d5:7e:88:5f:b5:76:f3:
                    3c:21:7a:ba:83:3c:8d:2a:e4:86:01:f9:6b:b4:2a:
                    50:92:a9:41:30:43:ab:0e:f3:a1:25:fe:c6:b9:ab:
                    32:f4:29:f3:45:56:02:76:8c:44:f8:1e:1d:c8:b4:
                    dc:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:03:66:16:A5:77:48:B6:73:95:22:F8:B8:D4:B1:69:0C:9A:20:2D
            X509v3 Authority Key Identifier:
                keyid:2C:39:63:BA:2A:AE:5A:BD:38:A6:EE:D0:9D:A9:85:61:1F:1B:50:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LDljuiquWr04pu7QnamFYR8bUCE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/yQNmFqV3SLZzlSL4uNSxaQyaIC0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/LDljuiquWr04pu7QnamFYR8bUCE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.242.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         83:00:2e:62:2b:38:93:92:45:46:0d:e9:92:1a:7f:de:99:b4:
         6a:eb:e5:88:e3:e0:94:c4:ae:ff:f2:ca:83:e0:11:65:32:0b:
         c1:b3:c9:41:c7:4a:14:08:48:3f:81:fe:7b:11:b6:4d:0b:d7:
         62:90:19:f8:45:6e:cf:44:8c:d2:d7:c3:12:a2:f7:2a:fb:7e:
         5a:a6:39:54:47:73:9c:46:fa:88:8e:8d:2c:20:84:16:d6:4a:
         ad:d5:d6:1c:61:50:78:d2:b0:44:fb:51:c9:67:bf:dc:bf:3a:
         ae:d0:93:9c:21:92:15:2e:79:9c:e4:98:27:9d:6e:f3:b0:4f:
         13:9f:ad:ac:7a:dd:c7:ac:b7:0a:0e:40:04:e4:28:2a:80:24:
         6f:96:fe:dd:b7:c5:89:14:9b:49:a6:09:41:68:ba:ee:1c:60:
         84:9d:e4:98:fb:7e:12:20:61:10:68:3e:74:65:c3:74:63:f7:
         f2:1c:b4:60:bd:37:10:22:55:c3:3c:5c:c9:96:9b:ef:6b:dd:
         81:a4:7a:f9:67:ce:16:ac:76:6d:79:e2:47:a2:e5:79:30:0a:
         dd:7d:50:24:ce:b7:68:0b:47:90:1c:b8:38:b5:cd:82:84:d6:
         3d:af:80:cf:24:d6:42:04:df:04:1c:3e:6c:d9:47:fc:42:ae:
         cf:3f:1b:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFATs2S10iAoJXb0DHfnqtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjMzk2M2JhMmFhZTVhYmQzOGE2ZWVkMDlkYTk4NTYxMWYx
YjUwMjEwHhcNMjQwMTAxMTIzMDQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTAzNjYxNmE1Nzc0OGI2NzM5NTIyZjhiOGQ0YjE2OTBjOWEyMDJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk5g8VvoeYoc2M8i/vzjJYvfRTuGK
tECSIB3FbWbgpErdV0gDhgqrgUJBfX4FapNlzjBXFB1UQ+QyKXeF1LjDtJ4SKmrj
doXer9lugpWsLjGrguBpIs58dD/lCnC5KJwz9zepmPb/HE/eARpHnHxBngLVfll+
ip+gy3wZcV6TcxfWYRKYLGxf7ptlupS/HEllwtKKQvL5Md0QnqLhhMw2wOCkPV7d
n/HAIbVqgZjWxFoj5xqq6SOAY9+sZEemMtPC/Ic47V+umTbC59V+iF+1dvM8IXq6
gzyNKuSGAflrtCpQkqlBMEOrDvOhJf7Guasy9CnzRVYCdoxE+B4dyLTc5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMkDZhald0i2c5Ui+LjUsWkMmiAtMB8GA1UdIwQY
MBaAFCw5Y7oqrlq9OKbu0J2phWEfG1AhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTERsanVpcXVXcjA0cHU3UW5hbUZZUjhiVUNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8zODFlY2MtOWQ3NS00MWJhLTg1ZjYt
MTc2OTNlN2VhNjdhLzEveVFObUZxVjNTTFp6bFNMNHVOU3hhUXlhSUMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8zODFlY2MtOWQ3NS00MWJhLTg1ZjYtMTc2OTNlN2VhNjdh
LzEvTERsanVpcXVXcjA0cHU3UW5hbUZZUjhiVUNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCTfLsMA0G
CSqGSIb3DQEBCwUAA4IBAQCDAC5iKziTkkVGDemSGn/embRq6+WI4+CUxK7/8sqD
4BFlMgvBs8lBx0oUCEg/gf57EbZNC9dikBn4RW7PRIzS18MSovcq+35apjlUR3Oc
RvqIjo0sIIQW1kqt1dYcYVB40rBE+1HJZ7/cvzqu0JOcIZIVLnmc5JgnnW7zsE8T
n62set3HrLcKDkAE5CgqgCRvlv7dt8WJFJtJpglBaLruHGCEneSY+34SIGEQaD50
ZcN0Y/fyHLRgvTcQIlXDPFzJlpvva92BpHr5Z84WrHZteeJHouV5MArdfVAkzrdo
C0eQHLg4tc2ChNY9r4DPJNZCBN8EHD5s2Uf8Qq7PPxvQ
-----END CERTIFICATE-----