Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/3uFWR0vVPRl8D2lPM7roQ9WJz0Y.roa
File:                     3uFWR0vVPRl8D2lPM7roQ9WJz0Y.roa (raw, json)
Hash identifier:          LSmzWgn/hYIHi4NUmlM6GKYm3LBmcQmORRPkif4dGKQ=
Subject key identifier:   DE:E1:56:47:4B:D5:3D:19:7C:0F:69:4F:33:BA:E8:43:D5:89:CF:46
Certificate issuer:       /CN=c378bc3bd350eedc4f377c224556b250da6dde6f
Certificate serial:       018CC4249F8943156079138FEBC78D0C8760
Authority key identifier: C3:78:BC:3B:D3:50:EE:DC:4F:37:7C:22:45:56:B2:50:DA:6D:DE:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w3i8O9NQ7txPN3wiRVayUNpt3m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/3uFWR0vVPRl8D2lPM7roQ9WJz0Y.roa
Signing time:             Mon 01 Jan 2024 08:29:43 +0000
ROA not before:           Mon 01 Jan 2024 08:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31736
IP address blocks:        77.37.8.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/w3i8O9NQ7txPN3wiRVayUNpt3m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/w3i8O9NQ7txPN3wiRVayUNpt3m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w3i8O9NQ7txPN3wiRVayUNpt3m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 05:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:9f:89:43:15:60:79:13:8f:eb:c7:8d:0c:87:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c378bc3bd350eedc4f377c224556b250da6dde6f
        Validity
            Not Before: Jan  1 08:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dee156474bd53d197c0f694f33bae843d589cf46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:dd:a5:b1:12:b2:a5:11:f2:a3:69:9b:ef:ec:
                    df:f7:c7:fa:08:17:25:6f:76:e4:b4:ef:51:74:1a:
                    48:f8:ad:62:8e:b0:5d:99:87:22:0e:9b:dd:5c:2a:
                    fe:93:ff:8f:83:f4:cb:26:d1:6e:a9:30:c7:b8:6b:
                    3c:b7:fd:04:9a:65:f7:3e:b7:50:7b:bb:25:38:d8:
                    d4:94:19:34:80:6c:2e:9c:15:7b:9a:83:ef:bd:0a:
                    51:56:8f:c2:b2:47:f9:5c:8c:0e:f4:bd:30:8b:8e:
                    b3:27:b5:d0:78:b5:05:c2:93:2f:22:f7:58:be:4d:
                    b8:a3:13:7e:21:08:f1:0d:35:35:c5:8a:11:70:78:
                    e6:ed:2d:bf:27:e7:1d:7c:dd:6f:fa:a7:0d:4f:f1:
                    bb:9b:82:8e:de:5f:f8:0b:c5:30:a9:a7:1f:09:8b:
                    22:fe:d2:da:f1:e6:a5:c7:93:2a:55:30:3d:28:e5:
                    a5:c4:0d:92:68:95:0b:f4:cd:a2:8a:39:6f:d9:86:
                    78:d7:64:a8:54:af:cd:45:12:67:2f:17:0f:56:d4:
                    c0:85:6f:ef:d8:6f:38:4b:0d:a0:48:50:04:d3:61:
                    5e:1c:f1:cf:40:7e:65:56:99:fb:a8:0b:c1:c9:d6:
                    3e:a1:0e:2b:60:c5:8d:37:9d:ea:4b:e8:64:fb:62:
                    96:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:E1:56:47:4B:D5:3D:19:7C:0F:69:4F:33:BA:E8:43:D5:89:CF:46
            X509v3 Authority Key Identifier:
                keyid:C3:78:BC:3B:D3:50:EE:DC:4F:37:7C:22:45:56:B2:50:DA:6D:DE:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w3i8O9NQ7txPN3wiRVayUNpt3m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/3uFWR0vVPRl8D2lPM7roQ9WJz0Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/w3i8O9NQ7txPN3wiRVayUNpt3m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.37.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:55:d0:c3:ee:13:e1:c7:10:2a:ba:af:a2:43:3b:fd:7b:c9:
         dc:dc:f6:ec:7d:d0:5c:8b:8d:8a:6a:07:4b:0a:84:7c:be:fd:
         24:a8:fd:15:da:a2:a3:d7:33:6a:7a:90:5d:b0:46:b7:e6:34:
         f3:4a:74:ff:43:28:60:08:42:9e:13:fc:dc:27:48:0a:2f:43:
         62:4b:83:42:47:91:7c:7a:d2:e6:97:b8:8e:1b:85:f3:27:5f:
         e8:e6:07:97:f9:8a:c5:f6:f3:2c:b2:a7:25:09:36:cb:c7:75:
         32:16:c3:fa:ed:80:52:c3:07:4e:89:ae:29:d0:b0:4f:b2:fb:
         92:68:36:bd:1f:7d:4b:0b:42:14:ca:12:cc:e4:15:63:f3:1b:
         f2:58:0b:0a:f9:ba:79:a6:97:6b:c0:20:42:b1:37:29:29:31:
         e2:36:93:91:32:5e:5c:59:02:46:41:e0:c5:91:c5:bb:6b:36:
         f3:f1:24:2f:a3:13:7c:c0:b3:42:1c:e5:db:44:4b:b0:ca:dc:
         35:79:11:75:7c:1a:18:05:ce:cd:28:00:42:90:b1:d8:b7:29:
         a6:ca:c9:9f:86:74:ce:ce:be:a3:65:87:6a:a0:50:6a:e6:67:
         16:cf:03:63:fc:b2:61:a7:5b:ec:31:52:7d:b8:4c:97:9a:f2:
         d4:1b:59:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJJ+JQxVgeROP68eNDIdgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNzhiYzNiZDM1MGVlZGM0ZjM3N2MyMjQ1NTZiMjUwZGE2
ZGRlNmYwHhcNMjQwMTAxMDgyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWUxNTY0NzRiZDUzZDE5N2MwZjY5NGYzM2JhZTg0M2Q1ODljZjQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnt2lsRKypRHyo2mb7+zf98f6CBcl
b3bktO9RdBpI+K1ijrBdmYciDpvdXCr+k/+Pg/TLJtFuqTDHuGs8t/0EmmX3PrdQ
e7slONjUlBk0gGwunBV7moPvvQpRVo/Cskf5XIwO9L0wi46zJ7XQeLUFwpMvIvdY
vk24oxN+IQjxDTU1xYoRcHjm7S2/J+cdfN1v+qcNT/G7m4KO3l/4C8UwqacfCYsi
/tLa8ealx5MqVTA9KOWlxA2SaJUL9M2iijlv2YZ412SoVK/NRRJnLxcPVtTAhW/v
2G84Sw2gSFAE02FeHPHPQH5lVpn7qAvBydY+oQ4rYMWNN53qS+hk+2KWrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN7hVkdL1T0ZfA9pTzO66EPVic9GMB8GA1UdIwQY
MBaAFMN4vDvTUO7cTzd8IkVWslDabd5vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzNpOE85TlE3dHhQTjN3aVJWYXlVTnB0M204LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi9iZTY2ZTQtZjE0Yi00YjMxLWJkYWYt
NDQxNDU1OGZkY2JiLzEvM3VGV1IwdlZQUmw4RDJsUE03cm9ROVdKejBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi9iZTY2ZTQtZjE0Yi00YjMxLWJkYWYtNDQxNDU1OGZkY2Ji
LzEvdzNpOE85TlE3dHhQTjN3aVJWYXlVTnB0M204LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATSUIMA0G
CSqGSIb3DQEBCwUAA4IBAQB1VdDD7hPhxxAquq+iQzv9e8nc3PbsfdBci42KagdL
CoR8vv0kqP0V2qKj1zNqepBdsEa35jTzSnT/QyhgCEKeE/zcJ0gKL0NiS4NCR5F8
etLml7iOG4XzJ1/o5geX+YrF9vMssqclCTbLx3UyFsP67YBSwwdOia4p0LBPsvuS
aDa9H31LC0IUyhLM5BVj8xvyWAsK+bp5ppdrwCBCsTcpKTHiNpORMl5cWQJGQeDF
kcW7azbz8SQvoxN8wLNCHOXbREuwytw1eRF1fBoYBc7NKABCkLHYtymmysmfhnTO
zr6jZYdqoFBq5mcWzwNj/LJhp1vsMVJ9uEyXmvLUG1ms
-----END CERTIFICATE-----