Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/ok7WVktx7jJA0GSIjIeTx8mVZlA.roa
File:                     ok7WVktx7jJA0GSIjIeTx8mVZlA.roa (raw, json)
Hash identifier:          YUtRN7LjsuJvapFjYbfrxE66tLPjtnDzZunYyWR6298=
Subject key identifier:   A2:4E:D6:56:4B:71:EE:32:40:D0:64:88:8C:87:93:C7:C9:95:66:50
Certificate issuer:       /CN=c378bc3bd350eedc4f377c224556b250da6dde6f
Certificate serial:       01941FFA4E6646345C97E019C42FFCAD4994
Authority key identifier: C3:78:BC:3B:D3:50:EE:DC:4F:37:7C:22:45:56:B2:50:DA:6D:DE:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w3i8O9NQ7txPN3wiRVayUNpt3m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/ok7WVktx7jJA0GSIjIeTx8mVZlA.roa
Signing time:             Wed 01 Jan 2025 03:48:05 +0000
ROA not before:           Wed 01 Jan 2025 03:48:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209242
IP address blocks:        77.37.33.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/w3i8O9NQ7txPN3wiRVayUNpt3m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/w3i8O9NQ7txPN3wiRVayUNpt3m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w3i8O9NQ7txPN3wiRVayUNpt3m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:4e:66:46:34:5c:97:e0:19:c4:2f:fc:ad:49:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c378bc3bd350eedc4f377c224556b250da6dde6f
        Validity
            Not Before: Jan  1 03:48:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a24ed6564b71ee3240d064888c8793c7c9956650
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:a1:a9:1f:72:0e:3a:4e:31:1f:43:5d:a4:26:
                    f6:cc:cd:b6:ba:04:64:a8:45:c4:82:6e:a7:ce:eb:
                    6d:64:89:1e:23:a9:e0:8d:a4:0f:eb:b6:ed:7b:25:
                    51:87:bb:d4:6d:cc:77:98:7a:a5:e8:48:0c:f1:7f:
                    4a:72:40:83:55:a0:36:cf:24:7c:46:67:9a:56:c2:
                    28:9d:5a:c9:3e:d1:c7:93:f9:0d:01:e9:d9:10:2c:
                    b1:2b:36:11:1c:01:4b:df:b9:06:61:d2:50:12:05:
                    76:28:d2:a5:2b:d1:c1:ff:33:e8:ec:de:20:a8:52:
                    a7:03:c4:a0:96:86:dc:47:15:ea:a7:2b:1e:e1:a2:
                    42:3b:3f:55:b3:c8:75:6c:8d:7c:81:11:13:c6:76:
                    3b:b3:ef:bc:3f:e8:29:75:5d:99:a5:69:e1:c1:a1:
                    75:cb:d9:d9:59:ea:4a:41:8b:53:37:c3:95:38:c3:
                    9a:96:2d:1d:bd:8f:58:12:56:5a:a8:c9:01:09:95:
                    ab:96:33:dd:34:e1:41:b6:66:fb:e0:75:06:f2:93:
                    6a:78:1f:52:e4:42:e3:06:11:06:a7:14:6b:a7:a0:
                    23:d7:34:ca:17:91:bb:fc:94:b6:83:68:1c:32:e0:
                    09:1f:84:89:ef:e7:ef:ac:ee:eb:f2:71:cd:46:f8:
                    3c:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:4E:D6:56:4B:71:EE:32:40:D0:64:88:8C:87:93:C7:C9:95:66:50
            X509v3 Authority Key Identifier:
                keyid:C3:78:BC:3B:D3:50:EE:DC:4F:37:7C:22:45:56:B2:50:DA:6D:DE:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w3i8O9NQ7txPN3wiRVayUNpt3m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/ok7WVktx7jJA0GSIjIeTx8mVZlA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/w3i8O9NQ7txPN3wiRVayUNpt3m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.37.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:c5:f8:e4:a8:60:b4:d2:c5:47:9f:a0:81:44:f8:1b:70:7d:
         1e:57:c1:e1:23:c7:dd:b3:74:93:0b:c0:e8:0a:76:5e:0a:2b:
         a5:cb:c4:fe:d3:59:66:4c:28:cb:4b:09:91:8e:53:a3:be:1b:
         4e:bd:a7:b9:05:58:bd:05:cc:14:13:6d:65:31:09:9e:a7:64:
         33:41:e9:90:20:0f:bf:f9:d3:ed:92:45:1a:4e:4a:85:70:04:
         a6:d1:21:05:18:37:45:a3:e4:13:0b:54:16:33:e7:7f:5a:d4:
         50:7b:72:ed:29:1b:e4:5a:36:4c:3c:8b:5d:19:be:93:e4:35:
         d4:e7:35:50:c6:18:19:82:b0:5c:55:75:86:ab:00:e3:41:f0:
         60:95:1c:b9:76:82:14:67:92:8b:1e:d5:ae:50:9d:73:e1:b9:
         c1:32:ab:7c:dd:48:76:7b:ad:e9:36:ab:b1:6b:c3:b8:dd:81:
         64:d1:0c:8a:88:79:7c:af:c9:1e:d5:c6:f4:e2:de:2f:40:88:
         3d:3a:4f:30:ba:06:e9:c1:69:08:95:22:52:a7:ea:56:7c:67:
         8f:2a:6d:ae:f5:58:05:db:6d:27:d8:ed:1d:e0:33:0c:56:c7:
         a1:77:c3:c0:5c:6b:10:10:78:fa:1c:13:fb:74:d1:12:e1:92:
         94:d1:fa:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+k5mRjRcl+AZxC/8rUmUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNzhiYzNiZDM1MGVlZGM0ZjM3N2MyMjQ1NTZiMjUwZGE2
ZGRlNmYwHhcNMjUwMTAxMDM0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjRlZDY1NjRiNzFlZTMyNDBkMDY0ODg4Yzg3OTNjN2M5OTU2NjUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu6GpH3IOOk4xH0NdpCb2zM22ugRk
qEXEgm6nzuttZIkeI6ngjaQP67bteyVRh7vUbcx3mHql6EgM8X9KckCDVaA2zyR8
RmeaVsIonVrJPtHHk/kNAenZECyxKzYRHAFL37kGYdJQEgV2KNKlK9HB/zPo7N4g
qFKnA8SglobcRxXqpyse4aJCOz9Vs8h1bI18gRETxnY7s++8P+gpdV2ZpWnhwaF1
y9nZWepKQYtTN8OVOMOali0dvY9YElZaqMkBCZWrljPdNOFBtmb74HUG8pNqeB9S
5ELjBhEGpxRrp6Aj1zTKF5G7/JS2g2gcMuAJH4SJ7+fvrO7r8nHNRvg8gwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKJO1lZLce4yQNBkiIyHk8fJlWZQMB8GA1UdIwQY
MBaAFMN4vDvTUO7cTzd8IkVWslDabd5vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzNpOE85TlE3dHhQTjN3aVJWYXlVTnB0M204LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi9iZTY2ZTQtZjE0Yi00YjMxLWJkYWYt
NDQxNDU1OGZkY2JiLzEvb2s3V1ZrdHg3akpBMEdTSWpJZVR4OG1WWmxBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi9iZTY2ZTQtZjE0Yi00YjMxLWJkYWYtNDQxNDU1OGZkY2Ji
LzEvdzNpOE85TlE3dHhQTjN3aVJWYXlVTnB0M204LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATSUhMA0G
CSqGSIb3DQEBCwUAA4IBAQAUxfjkqGC00sVHn6CBRPgbcH0eV8HhI8fds3STC8Do
CnZeCiuly8T+01lmTCjLSwmRjlOjvhtOvae5BVi9BcwUE21lMQmep2QzQemQIA+/
+dPtkkUaTkqFcASm0SEFGDdFo+QTC1QWM+d/WtRQe3LtKRvkWjZMPItdGb6T5DXU
5zVQxhgZgrBcVXWGqwDjQfBglRy5doIUZ5KLHtWuUJ1z4bnBMqt83Uh2e63pNqux
a8O43YFk0QyKiHl8r8ke1cb04t4vQIg9Ok8wugbpwWkIlSJSp+pWfGePKm2u9VgF
220n2O0d4DMMVsehd8PAXGsQEHj6HBP7dNES4ZKU0fr2
-----END CERTIFICATE-----