Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/9c27c2-fdbe-4e39-ba92-1d5d945a05a3/1/RgY0PkEjPFPIv_P4t4CILsKvvgs.roa
File:                     RgY0PkEjPFPIv_P4t4CILsKvvgs.roa (raw, json)
Hash identifier:          rH3z/Xiin8RX2HsspRbrkooP6mPjdYzxTMiTa1sY+Fs=
Subject key identifier:   46:06:34:3E:41:23:3C:53:C8:BF:F3:F8:B7:80:88:2E:C2:AF:BE:0B
Certificate issuer:       /CN=12ef9e49fecf2509eb6769eee2cdd4a5253b71c5
Certificate serial:       018CC64AA8D0BC65DD3641AB59CE7D81859C
Authority key identifier: 12:EF:9E:49:FE:CF:25:09:EB:67:69:EE:E2:CD:D4:A5:25:3B:71:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Eu-eSf7PJQnrZ2nu4s3UpSU7ccU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/9c27c2-fdbe-4e39-ba92-1d5d945a05a3/1/RgY0PkEjPFPIv_P4t4CILsKvvgs.roa
Signing time:             Mon 01 Jan 2024 18:30:30 +0000
ROA not before:           Mon 01 Jan 2024 18:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62323
IP address blocks:        77.78.148.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/9c27c2-fdbe-4e39-ba92-1d5d945a05a3/1/Eu-eSf7PJQnrZ2nu4s3UpSU7ccU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/9c27c2-fdbe-4e39-ba92-1d5d945a05a3/1/Eu-eSf7PJQnrZ2nu4s3UpSU7ccU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Eu-eSf7PJQnrZ2nu4s3UpSU7ccU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 22:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:a8:d0:bc:65:dd:36:41:ab:59:ce:7d:81:85:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12ef9e49fecf2509eb6769eee2cdd4a5253b71c5
        Validity
            Not Before: Jan  1 18:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4606343e41233c53c8bff3f8b780882ec2afbe0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:03:28:07:b2:a6:8c:12:ec:c6:55:96:00:ea:
                    36:16:e5:1b:f9:15:44:aa:37:11:3f:59:a2:f7:f8:
                    57:d0:3b:94:f0:8b:b6:01:9c:e3:b7:66:b3:3e:81:
                    41:56:50:cc:69:c8:12:37:16:de:cc:e3:ee:e4:49:
                    bd:e9:b8:fd:91:80:0d:8e:10:e9:aa:e8:d6:80:b2:
                    d5:d1:0f:19:94:b1:70:2f:57:13:da:31:e4:a4:57:
                    d3:a8:4a:81:e2:7a:e2:14:a7:81:09:41:d3:60:96:
                    24:90:b1:d3:f6:44:41:3b:43:c0:52:70:9b:af:3d:
                    ad:cd:bf:7c:fd:4d:1e:df:e9:f9:18:17:14:16:c6:
                    23:5d:4d:bb:3a:ea:99:da:c2:23:ac:f8:d8:c0:14:
                    ad:85:db:c7:e9:9d:03:96:bc:55:9b:2c:f4:9e:e0:
                    71:dc:9c:ee:4c:8d:6e:e8:ab:a0:59:f3:45:67:9c:
                    48:c5:ce:1e:44:c9:83:e0:a3:f8:fb:f3:f3:01:66:
                    71:22:40:26:aa:4f:c1:84:3e:08:b1:5a:95:2c:33:
                    00:4c:3d:9f:de:99:ba:43:dd:69:5f:1c:2d:1f:5c:
                    8b:3b:b9:b5:cf:ff:84:99:0c:5d:80:f2:84:76:9b:
                    95:f3:eb:03:3e:18:a3:ef:76:c2:7f:f8:2d:64:92:
                    67:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:06:34:3E:41:23:3C:53:C8:BF:F3:F8:B7:80:88:2E:C2:AF:BE:0B
            X509v3 Authority Key Identifier:
                keyid:12:EF:9E:49:FE:CF:25:09:EB:67:69:EE:E2:CD:D4:A5:25:3B:71:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Eu-eSf7PJQnrZ2nu4s3UpSU7ccU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/9c27c2-fdbe-4e39-ba92-1d5d945a05a3/1/RgY0PkEjPFPIv_P4t4CILsKvvgs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/9c27c2-fdbe-4e39-ba92-1d5d945a05a3/1/Eu-eSf7PJQnrZ2nu4s3UpSU7ccU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.78.148.0/23

    Signature Algorithm: sha256WithRSAEncryption
         42:1d:97:5d:e0:1d:04:a6:5d:c7:d4:16:7e:26:e6:77:89:60:
         03:64:ed:b1:cb:0a:ca:6d:1e:0e:4d:ff:5c:f1:5b:f9:45:1e:
         59:a7:ca:c1:cb:0a:04:7d:e6:1c:90:50:6b:cb:80:93:4c:9e:
         dc:f2:e2:e0:8e:e3:84:2c:22:10:2d:d8:bd:28:1a:9f:60:ea:
         74:25:80:0f:4f:1a:5f:87:ff:bc:83:02:39:a8:43:97:7b:e4:
         cf:ce:45:73:0f:d0:7a:7f:6f:32:e2:f0:44:fe:1e:40:50:91:
         9f:bb:4f:db:b6:d6:34:14:03:63:69:8d:39:79:03:1b:ca:45:
         a0:e9:18:9e:8a:44:5a:07:26:ef:32:84:22:ad:b0:41:2f:4f:
         40:06:dd:29:9a:ff:b9:54:9f:ab:c1:84:85:1a:0e:cb:e2:ca:
         98:d7:5a:22:e7:57:1f:15:df:d6:d8:ee:3c:fc:53:d8:7b:31:
         96:2b:c6:03:3c:a3:b2:3a:10:4c:b4:75:ee:ce:7d:72:cb:75:
         43:4a:ef:88:a8:c4:ee:20:0f:a1:c1:b0:96:9d:08:56:40:d7:
         7a:6b:2e:eb:59:0d:60:cc:d4:91:90:ed:ac:21:44:95:fd:aa:
         e4:b4:e6:ee:dc:d7:c9:e1:cd:42:ff:a6:a5:f9:6d:88:4f:56:
         ed:f9:89:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSqjQvGXdNkGrWc59gYWcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyZWY5ZTQ5ZmVjZjI1MDllYjY3NjllZWUyY2RkNGE1MjUz
YjcxYzUwHhcNMjQwMTAxMTgzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjA2MzQzZTQxMjMzYzUzYzhiZmYzZjhiNzgwODgyZWMyYWZiZTBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArwMoB7KmjBLsxlWWAOo2FuUb+RVE
qjcRP1mi9/hX0DuU8Iu2AZzjt2azPoFBVlDMacgSNxbezOPu5Em96bj9kYANjhDp
qujWgLLV0Q8ZlLFwL1cT2jHkpFfTqEqB4nriFKeBCUHTYJYkkLHT9kRBO0PAUnCb
rz2tzb98/U0e3+n5GBcUFsYjXU27OuqZ2sIjrPjYwBSthdvH6Z0DlrxVmyz0nuBx
3JzuTI1u6KugWfNFZ5xIxc4eRMmD4KP4+/PzAWZxIkAmqk/BhD4IsVqVLDMATD2f
3pm6Q91pXxwtH1yLO7m1z/+EmQxdgPKEdpuV8+sDPhij73bCf/gtZJJn+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEYGND5BIzxTyL/z+LeAiC7Cr74LMB8GA1UdIwQY
MBaAFBLvnkn+zyUJ62dp7uLN1KUlO3HFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXUtZVNmN1BKUW5yWjJudTRzM1VwU1U3Y2NVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS85YzI3YzItZmRiZS00ZTM5LWJhOTIt
MWQ1ZDk0NWEwNWEzLzEvUmdZMFBrRWpQRlBJdl9QNHQ0Q0lMc0t2dmdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS85YzI3YzItZmRiZS00ZTM5LWJhOTItMWQ1ZDk0NWEwNWEz
LzEvRXUtZVNmN1BKUW5yWjJudTRzM1VwU1U3Y2NVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBTU6UMA0G
CSqGSIb3DQEBCwUAA4IBAQBCHZdd4B0Epl3H1BZ+JuZ3iWADZO2xywrKbR4OTf9c
8Vv5RR5Zp8rBywoEfeYckFBry4CTTJ7c8uLgjuOELCIQLdi9KBqfYOp0JYAPTxpf
h/+8gwI5qEOXe+TPzkVzD9B6f28y4vBE/h5AUJGfu0/bttY0FANjaY05eQMbykWg
6RieikRaBybvMoQirbBBL09ABt0pmv+5VJ+rwYSFGg7L4sqY11oi51cfFd/W2O48
/FPYezGWK8YDPKOyOhBMtHXuzn1yy3VDSu+IqMTuIA+hwbCWnQhWQNd6ay7rWQ1g
zNSRkO2sIUSV/arktObu3NfJ4c1C/6al+W2IT1bt+Ymu
-----END CERTIFICATE-----