Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/G7DNbwPzoOy4JfscFp4jLMLF7BM.roa
File:                     G7DNbwPzoOy4JfscFp4jLMLF7BM.roa (raw, json)
Hash identifier:          kevnd0TfsocPdVk0mc1cMR1ThxQIsMphjd+KSYQNtFA=
Subject key identifier:   1B:B0:CD:6F:03:F3:A0:EC:B8:25:FB:1C:16:9E:23:2C:C2:C5:EC:13
Certificate issuer:       /CN=c378bc3bd350eedc4f377c224556b250da6dde6f
Certificate serial:       01923D5BA3A69DED49BD0281686D12294932
Authority key identifier: C3:78:BC:3B:D3:50:EE:DC:4F:37:7C:22:45:56:B2:50:DA:6D:DE:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w3i8O9NQ7txPN3wiRVayUNpt3m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/G7DNbwPzoOy4JfscFp4jLMLF7BM.roa
Signing time:             Sun 29 Sep 2024 10:37:48 +0000
ROA not before:           Sun 29 Sep 2024 10:37:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44803
IP address blocks:        77.37.96.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/w3i8O9NQ7txPN3wiRVayUNpt3m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/w3i8O9NQ7txPN3wiRVayUNpt3m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w3i8O9NQ7txPN3wiRVayUNpt3m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 08:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:3d:5b:a3:a6:9d:ed:49:bd:02:81:68:6d:12:29:49:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c378bc3bd350eedc4f377c224556b250da6dde6f
        Validity
            Not Before: Sep 29 10:37:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1bb0cd6f03f3a0ecb825fb1c169e232cc2c5ec13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:a1:62:fe:06:be:5e:b6:eb:a8:7f:57:4c:1d:
                    93:79:e6:c5:f0:89:7b:38:6c:09:d3:b8:63:97:03:
                    48:4f:86:9f:ab:4c:72:87:9d:59:40:d0:75:60:ff:
                    50:47:eb:95:86:07:cb:56:15:94:d8:aa:35:d0:49:
                    22:5f:07:0a:bc:95:2f:ee:8e:5f:70:71:59:fa:26:
                    80:43:11:e3:5d:4c:15:8d:71:78:aa:81:f6:59:0e:
                    95:24:ef:e3:3c:e5:42:2b:9a:26:f3:a1:8b:20:33:
                    cf:68:45:ca:5b:a9:72:4c:88:2f:b3:a6:cc:e4:33:
                    fb:0d:c3:ad:20:64:ee:f5:47:40:dc:fb:02:2e:40:
                    27:04:94:42:45:d1:db:f5:51:8b:b2:1c:dc:c2:76:
                    fd:9b:cf:5a:44:b7:b1:57:c7:18:61:21:a7:64:34:
                    a7:1f:d6:34:32:41:14:bb:55:7d:ff:ea:ee:08:97:
                    6d:d7:96:82:c7:1a:31:1b:c2:36:fd:29:70:18:e7:
                    87:1d:34:ed:50:a3:a7:45:28:54:6b:20:c8:65:8d:
                    9d:c3:33:34:bb:22:d3:44:18:d9:be:8a:25:d4:01:
                    80:4a:a9:b8:2d:a4:fb:d8:7a:c9:e2:f8:ab:5d:11:
                    91:14:43:c7:ec:ea:df:36:36:9a:46:b1:3d:49:5c:
                    94:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:B0:CD:6F:03:F3:A0:EC:B8:25:FB:1C:16:9E:23:2C:C2:C5:EC:13
            X509v3 Authority Key Identifier:
                keyid:C3:78:BC:3B:D3:50:EE:DC:4F:37:7C:22:45:56:B2:50:DA:6D:DE:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w3i8O9NQ7txPN3wiRVayUNpt3m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/G7DNbwPzoOy4JfscFp4jLMLF7BM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/w3i8O9NQ7txPN3wiRVayUNpt3m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.37.96.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7f:1a:c8:80:9f:02:b7:f8:72:e9:85:15:98:e0:bd:3b:c1:cb:
         d0:8e:8e:82:24:4c:90:2d:e5:55:db:18:6d:41:55:dc:f5:e6:
         0e:4b:c9:da:e7:fa:64:54:96:22:c7:4d:dd:a4:07:9e:11:be:
         db:ef:91:bd:14:6a:b1:8b:72:2b:e6:dd:24:18:1c:80:7a:06:
         a2:db:0a:96:6d:bb:f8:74:99:5a:27:b9:6e:15:a1:f6:0e:32:
         62:42:94:eb:ef:01:e1:57:98:df:3e:68:b5:f6:1c:f3:5d:d8:
         4b:34:f2:f3:71:d7:5a:80:4f:29:19:d1:99:16:b6:9f:a4:1a:
         7a:ff:e1:cb:64:2e:c1:83:32:ce:42:62:62:80:b1:32:d5:10:
         15:47:c3:c8:36:9e:30:5f:e2:b0:55:3c:86:f7:9c:58:6b:92:
         1d:71:b1:5b:70:a4:aa:10:7e:ae:79:f6:6a:a8:f4:54:93:45:
         47:a8:7d:d5:77:28:d4:e8:37:d7:d1:87:95:45:f7:a3:79:0d:
         08:2f:07:bc:7b:f9:95:79:13:49:1d:2f:e8:ff:50:0e:c5:7f:
         1d:88:e9:c5:58:ce:9e:25:17:54:00:03:86:bf:9f:20:ed:f2:
         c3:9d:d6:c0:9d:97:82:a0:95:b0:25:b3:65:09:91:1a:a0:3a:
         7a:2b:38:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZI9W6Omne1JvQKBaG0SKUkyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNzhiYzNiZDM1MGVlZGM0ZjM3N2MyMjQ1NTZiMjUwZGE2
ZGRlNmYwHhcNMjQwOTI5MTAzNzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmIwY2Q2ZjAzZjNhMGVjYjgyNWZiMWMxNjllMjMyY2MyYzVlYzEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5KFi/ga+XrbrqH9XTB2TeebF8Il7
OGwJ07hjlwNIT4afq0xyh51ZQNB1YP9QR+uVhgfLVhWU2Ko10EkiXwcKvJUv7o5f
cHFZ+iaAQxHjXUwVjXF4qoH2WQ6VJO/jPOVCK5om86GLIDPPaEXKW6lyTIgvs6bM
5DP7DcOtIGTu9UdA3PsCLkAnBJRCRdHb9VGLshzcwnb9m89aRLexV8cYYSGnZDSn
H9Y0MkEUu1V9/+ruCJdt15aCxxoxG8I2/SlwGOeHHTTtUKOnRShUayDIZY2dwzM0
uyLTRBjZvool1AGASqm4LaT72HrJ4virXRGRFEPH7OrfNjaaRrE9SVyURwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBuwzW8D86DsuCX7HBaeIyzCxewTMB8GA1UdIwQY
MBaAFMN4vDvTUO7cTzd8IkVWslDabd5vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzNpOE85TlE3dHhQTjN3aVJWYXlVTnB0M204LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi9iZTY2ZTQtZjE0Yi00YjMxLWJkYWYt
NDQxNDU1OGZkY2JiLzEvRzdETmJ3UHpvT3k0SmZzY0ZwNGpMTUxGN0JNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi9iZTY2ZTQtZjE0Yi00YjMxLWJkYWYtNDQxNDU1OGZkY2Ji
LzEvdzNpOE85TlE3dHhQTjN3aVJWYXlVTnB0M204LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBTSVgMA0G
CSqGSIb3DQEBCwUAA4IBAQB/GsiAnwK3+HLphRWY4L07wcvQjo6CJEyQLeVV2xht
QVXc9eYOS8na5/pkVJYix03dpAeeEb7b75G9FGqxi3Ir5t0kGByAegai2wqWbbv4
dJlaJ7luFaH2DjJiQpTr7wHhV5jfPmi19hzzXdhLNPLzcddagE8pGdGZFrafpBp6
/+HLZC7BgzLOQmJigLEy1RAVR8PINp4wX+KwVTyG95xYa5IdcbFbcKSqEH6uefZq
qPRUk0VHqH3VdyjU6DfX0YeVRfejeQ0ILwe8e/mVeRNJHS/o/1AOxX8diOnFWM6e
JRdUAAOGv58g7fLDndbAnZeCoJWwJbNlCZEaoDp6KzgV
-----END CERTIFICATE-----