Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/fc87fa-cbfa-4f3c-88d3-ba922bb1ebb4/1/77vVEL7CocmnGitjx5dXVYLrTuQ.roa
File:                     77vVEL7CocmnGitjx5dXVYLrTuQ.roa (raw, json)
Hash identifier:          i9B/qaeP87J9J5JpL+2kypBNesifUR27FqkoSV77b5g=
Subject key identifier:   EF:BB:D5:10:BE:C2:A1:C9:A7:1A:2B:63:C7:97:57:55:82:EB:4E:E4
Certificate issuer:       /CN=8ef66691ad3a41652f5bd8596230b3ac743d2a2c
Certificate serial:       01942445395188EBD999A7ADA93995394F50
Authority key identifier: 8E:F6:66:91:AD:3A:41:65:2F:5B:D8:59:62:30:B3:AC:74:3D:2A:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jvZmka06QWUvW9hZYjCzrHQ9Kiw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/fc87fa-cbfa-4f3c-88d3-ba922bb1ebb4/1/77vVEL7CocmnGitjx5dXVYLrTuQ.roa
Signing time:             Wed 01 Jan 2025 23:48:23 +0000
ROA not before:           Wed 01 Jan 2025 23:48:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213354
IP address blocks:        194.79.8.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/fc87fa-cbfa-4f3c-88d3-ba922bb1ebb4/1/jvZmka06QWUvW9hZYjCzrHQ9Kiw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/fc87fa-cbfa-4f3c-88d3-ba922bb1ebb4/1/jvZmka06QWUvW9hZYjCzrHQ9Kiw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jvZmka06QWUvW9hZYjCzrHQ9Kiw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 02:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:39:51:88:eb:d9:99:a7:ad:a9:39:95:39:4f:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8ef66691ad3a41652f5bd8596230b3ac743d2a2c
        Validity
            Not Before: Jan  1 23:48:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=efbbd510bec2a1c9a71a2b63c797575582eb4ee4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:8e:91:06:47:24:ee:0b:58:b8:0e:c6:0b:4f:
                    07:70:24:57:5d:82:1f:8f:3e:fc:96:aa:05:e6:cc:
                    9d:97:e8:7f:73:e9:2d:11:71:d7:40:fe:23:3b:86:
                    a6:9a:f7:f7:c5:fa:9a:fa:21:1f:12:21:2d:9c:0b:
                    eb:ab:d8:92:ec:80:ab:5c:7c:cd:c0:30:e9:10:db:
                    af:6c:e0:fc:01:be:76:a9:1a:43:ac:24:5f:87:1a:
                    17:91:b1:3c:5f:b5:3e:9b:b7:d0:34:bf:21:ed:55:
                    ad:a5:67:db:04:23:b3:2b:0f:9e:ee:d5:e0:89:16:
                    35:36:00:40:aa:12:bd:b1:b8:9c:c8:bc:0e:e3:ec:
                    dd:d6:09:1f:f3:d5:38:a7:91:93:5f:42:ac:ca:14:
                    6f:e5:af:97:8a:fe:c3:08:c0:25:d2:b3:dc:f4:88:
                    fa:69:c1:60:37:bf:f2:81:f9:3d:51:61:b7:4f:3a:
                    30:4d:26:50:c9:f5:81:27:9a:2b:09:1b:34:61:ae:
                    d6:c3:a4:45:5c:7b:73:2f:7c:b0:99:59:f6:49:08:
                    83:ad:63:e4:2c:5a:41:27:6d:58:67:16:15:97:99:
                    f2:2a:e1:fb:20:ab:9a:bd:74:7b:e7:cb:91:77:96:
                    d1:96:7a:44:d8:1a:4e:8f:00:0a:29:3d:b8:4b:ab:
                    22:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:BB:D5:10:BE:C2:A1:C9:A7:1A:2B:63:C7:97:57:55:82:EB:4E:E4
            X509v3 Authority Key Identifier:
                keyid:8E:F6:66:91:AD:3A:41:65:2F:5B:D8:59:62:30:B3:AC:74:3D:2A:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jvZmka06QWUvW9hZYjCzrHQ9Kiw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/fc87fa-cbfa-4f3c-88d3-ba922bb1ebb4/1/77vVEL7CocmnGitjx5dXVYLrTuQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/fc87fa-cbfa-4f3c-88d3-ba922bb1ebb4/1/jvZmka06QWUvW9hZYjCzrHQ9Kiw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.79.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         45:6e:08:65:bf:13:56:93:60:47:3c:fb:0f:9d:e2:fe:c8:81:
         b0:21:c4:67:7c:c4:f2:83:fa:35:88:b2:0b:27:97:11:95:11:
         08:57:2b:66:96:39:f6:53:00:03:b5:c6:ca:2f:cc:8e:31:9a:
         3f:52:14:91:8f:1c:af:ed:80:13:36:59:72:d3:3c:d1:c8:0c:
         b5:07:88:38:cb:75:67:b1:d3:fd:a4:86:34:67:23:ee:77:e3:
         fe:5d:0f:df:dc:cc:e1:52:ab:b9:f9:43:f1:c9:f7:60:df:f3:
         73:2b:ab:00:55:03:1c:76:40:59:01:1d:e7:e9:f2:26:7e:89:
         17:bc:81:e2:03:ec:ad:a8:40:e5:e7:d0:ed:b9:f6:24:56:42:
         44:3e:24:3f:0b:2e:3f:e5:ef:a8:06:41:9d:f2:a6:f3:e6:0e:
         e6:35:be:33:c2:4b:a4:84:a9:43:b9:dd:0a:4b:bf:cb:df:d2:
         dc:95:35:8b:f7:0c:63:a3:29:4b:d4:de:4e:c4:79:a9:de:33:
         8f:47:34:18:c7:96:9c:90:8f:e3:11:f7:aa:f1:9c:34:f0:04:
         c0:91:84:ba:72:40:f2:0f:03:08:ec:38:7e:45:77:5f:97:35:
         63:15:7b:2d:80:82:81:70:61:ba:c3:60:ee:82:ad:30:cd:1c:
         99:04:1b:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRTlRiOvZmaetqTmVOU9QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlZjY2NjkxYWQzYTQxNjUyZjViZDg1OTYyMzBiM2FjNzQz
ZDJhMmMwHhcNMjUwMTAxMjM0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZmJiZDUxMGJlYzJhMWM5YTcxYTJiNjNjNzk3NTc1NTgyZWI0ZWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlo6RBkck7gtYuA7GC08HcCRXXYIf
jz78lqoF5sydl+h/c+ktEXHXQP4jO4ammvf3xfqa+iEfEiEtnAvrq9iS7ICrXHzN
wDDpENuvbOD8Ab52qRpDrCRfhxoXkbE8X7U+m7fQNL8h7VWtpWfbBCOzKw+e7tXg
iRY1NgBAqhK9sbicyLwO4+zd1gkf89U4p5GTX0KsyhRv5a+Xiv7DCMAl0rPc9Ij6
acFgN7/ygfk9UWG3TzowTSZQyfWBJ5orCRs0Ya7Ww6RFXHtzL3ywmVn2SQiDrWPk
LFpBJ21YZxYVl5nyKuH7IKuavXR758uRd5bRlnpE2BpOjwAKKT24S6si6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO+71RC+wqHJpxorY8eXV1WC607kMB8GA1UdIwQY
MBaAFI72ZpGtOkFlL1vYWWIws6x0PSosMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanZabWthMDZRV1V2VzloWllqQ3pySFE5S2l3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC9mYzg3ZmEtY2JmYS00ZjNjLTg4ZDMt
YmE5MjJiYjFlYmI0LzEvNzd2VkVMN0NvY21uR2l0ang1ZFhWWUxyVHVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC9mYzg3ZmEtY2JmYS00ZjNjLTg4ZDMtYmE5MjJiYjFlYmI0
LzEvanZabWthMDZRV1V2VzloWllqQ3pySFE5S2l3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwk8IMA0G
CSqGSIb3DQEBCwUAA4IBAQBFbghlvxNWk2BHPPsPneL+yIGwIcRnfMTyg/o1iLIL
J5cRlREIVytmljn2UwADtcbKL8yOMZo/UhSRjxyv7YATNlly0zzRyAy1B4g4y3Vn
sdP9pIY0ZyPud+P+XQ/f3MzhUqu5+UPxyfdg3/NzK6sAVQMcdkBZAR3n6fImfokX
vIHiA+ytqEDl59DtufYkVkJEPiQ/Cy4/5e+oBkGd8qbz5g7mNb4zwkukhKlDud0K
S7/L39LclTWL9wxjoylL1N5OxHmp3jOPRzQYx5ackI/jEfeq8Zw08ATAkYS6ckDy
DwMI7Dh+RXdflzVjFXstgIKBcGG6w2Dugq0wzRyZBBu1
-----END CERTIFICATE-----