Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/7e0b13-ec91-483d-b96a-659b4ccd7f4a/1/sg2_OQMj-cxLyLAWGkZuTyXpU4o.roa
File:                     sg2_OQMj-cxLyLAWGkZuTyXpU4o.roa (raw, json)
Hash identifier:          b8WSN2K1T/2/ElgWiybVpa4ZytXVfveJgdQPm5SCzWU=
Subject key identifier:   B2:0D:BF:39:03:23:F9:CC:4B:C8:B0:16:1A:46:6E:4F:25:E9:53:8A
Certificate issuer:       /CN=9af188a04bb45d4ee74c44dc76d71fffbdc04f60
Certificate serial:       018CC56ED83EDE10926F14F9998727599286
Authority key identifier: 9A:F1:88:A0:4B:B4:5D:4E:E7:4C:44:DC:76:D7:1F:FF:BD:C0:4F:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mvGIoEu0XU7nTETcdtcf_73AT2A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/7e0b13-ec91-483d-b96a-659b4ccd7f4a/1/sg2_OQMj-cxLyLAWGkZuTyXpU4o.roa
Signing time:             Mon 01 Jan 2024 14:30:25 +0000
ROA not before:           Mon 01 Jan 2024 14:30:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        77.83.236.0/22 maxlen: 22
                          2a09:9280::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/7e0b13-ec91-483d-b96a-659b4ccd7f4a/1/mvGIoEu0XU7nTETcdtcf_73AT2A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/7e0b13-ec91-483d-b96a-659b4ccd7f4a/1/mvGIoEu0XU7nTETcdtcf_73AT2A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mvGIoEu0XU7nTETcdtcf_73AT2A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 27 Apr 2024 02:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:d8:3e:de:10:92:6f:14:f9:99:87:27:59:92:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9af188a04bb45d4ee74c44dc76d71fffbdc04f60
        Validity
            Not Before: Jan  1 14:30:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b20dbf390323f9cc4bc8b0161a466e4f25e9538a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:3a:5d:2c:18:19:11:e2:58:8e:78:6b:43:ed:
                    22:26:61:81:60:09:89:9b:a2:89:b7:5b:fa:72:2a:
                    d1:54:60:3a:1f:c9:d4:07:cb:ac:89:d5:7f:e6:7c:
                    6b:42:4b:6a:ae:d2:0e:28:47:82:a2:d8:9b:b3:ed:
                    d2:33:cd:42:c4:71:b2:ab:83:ac:29:5f:df:5f:31:
                    4f:16:33:c6:d1:cc:d6:6a:2f:55:7a:01:4a:6d:c7:
                    df:39:ed:5f:e4:f9:a8:44:ae:3e:9e:05:37:6f:3c:
                    90:20:1c:52:63:cf:78:a3:25:1c:3b:e2:26:11:db:
                    9a:47:6b:42:f2:5c:51:30:74:cb:8a:15:e9:d7:da:
                    a4:d7:ea:79:e7:1d:62:cf:ad:ef:7d:3e:69:1d:bc:
                    55:b1:90:80:3e:f0:c2:6f:a8:75:2e:f3:e7:5a:28:
                    9d:55:72:0d:ad:fb:ba:b6:46:94:5a:21:4a:95:dc:
                    7a:bd:92:7c:b4:48:53:90:b9:c6:a0:6a:f2:6d:cd:
                    57:05:2a:3b:7a:ed:b8:48:71:d0:e6:72:cb:61:19:
                    54:8e:3c:e5:4c:59:2d:c1:2c:a3:a9:76:37:af:40:
                    b5:c8:84:b4:17:e8:dd:b8:45:0b:83:e0:c3:cb:03:
                    4b:c4:c7:6c:a2:cf:7f:20:64:79:cf:1b:51:bf:61:
                    44:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:0D:BF:39:03:23:F9:CC:4B:C8:B0:16:1A:46:6E:4F:25:E9:53:8A
            X509v3 Authority Key Identifier:
                keyid:9A:F1:88:A0:4B:B4:5D:4E:E7:4C:44:DC:76:D7:1F:FF:BD:C0:4F:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mvGIoEu0XU7nTETcdtcf_73AT2A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/7e0b13-ec91-483d-b96a-659b4ccd7f4a/1/sg2_OQMj-cxLyLAWGkZuTyXpU4o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/7e0b13-ec91-483d-b96a-659b4ccd7f4a/1/mvGIoEu0XU7nTETcdtcf_73AT2A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.83.236.0/22
                IPv6:
                  2a09:9280::/29

    Signature Algorithm: sha256WithRSAEncryption
         a7:23:db:8d:9b:bb:59:ab:9f:ca:e1:1a:af:0b:44:ba:f8:bb:
         ce:d1:f8:7c:be:ed:63:98:d3:d0:76:00:b4:8d:ca:0a:f5:19:
         21:e5:9c:16:c5:57:77:79:72:b5:29:fd:c6:ca:4f:a1:3e:1d:
         2f:96:e4:a4:4f:ca:6b:d3:c7:51:b8:26:08:5c:c0:a9:e8:f1:
         2a:df:85:31:f0:1c:7c:a1:15:77:81:9b:99:0e:d5:2b:a4:a2:
         7a:1b:78:48:2a:78:1b:d0:25:da:52:3f:a9:e9:55:8b:23:94:
         6d:da:07:76:23:60:c3:45:c6:53:a0:80:cf:73:85:aa:0b:d1:
         77:6c:5f:ca:a6:0f:80:00:10:f5:78:dd:eb:7c:03:98:fc:76:
         54:e6:ff:5d:83:b5:f3:67:6a:4c:1c:fc:e3:e7:9a:a7:3f:25:
         94:51:ad:c9:a8:39:53:c8:20:a0:7c:ef:7e:e0:6c:27:89:1e:
         b5:0e:9a:93:26:c4:e9:cb:08:9a:26:78:3a:9e:4e:00:db:18:
         75:9c:24:10:6e:14:46:5c:df:b3:eb:ee:f6:30:5e:1b:b1:56:
         db:c6:2d:94:b6:79:69:ca:6c:37:f9:11:82:00:9b:9b:79:01:
         85:ab:53:22:23:22:c7:d4:4f:53:80:87:df:71:35:da:ea:60:
         77:84:83:b8
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFbtg+3hCSbxT5mYcnWZKGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhZjE4OGEwNGJiNDVkNGVlNzRjNDRkYzc2ZDcxZmZmYmRj
MDRmNjAwHhcNMjQwMTAxMTQzMDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjBkYmYzOTAzMjNmOWNjNGJjOGIwMTYxYTQ2NmU0ZjI1ZTk1MzhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlDpdLBgZEeJYjnhrQ+0iJmGBYAmJ
m6KJt1v6cirRVGA6H8nUB8usidV/5nxrQktqrtIOKEeCotibs+3SM81CxHGyq4Os
KV/fXzFPFjPG0czWai9VegFKbcffOe1f5PmoRK4+ngU3bzyQIBxSY894oyUcO+Im
EduaR2tC8lxRMHTLihXp19qk1+p55x1iz63vfT5pHbxVsZCAPvDCb6h1LvPnWiid
VXINrfu6tkaUWiFKldx6vZJ8tEhTkLnGoGrybc1XBSo7eu24SHHQ5nLLYRlUjjzl
TFktwSyjqXY3r0C1yIS0F+jduEULg+DDywNLxMdsos9/IGR5zxtRv2FE3QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLINvzkDI/nMS8iwFhpGbk8l6VOKMB8GA1UdIwQY
MBaAFJrxiKBLtF1O50xE3HbXH/+9wE9gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXZHSW9FdTBYVTduVEVUY2R0Y2ZfNzNBVDJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy83ZTBiMTMtZWM5MS00ODNkLWI5NmEt
NjU5YjRjY2Q3ZjRhLzEvc2cyX09RTWotY3hMeUxBV0drWnVUeVhwVTRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy83ZTBiMTMtZWM5MS00ODNkLWI5NmEtNjU5YjRjY2Q3ZjRh
LzEvbXZHSW9FdTBYVTduVEVUY2R0Y2ZfNzNBVDJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCTVPsMA0E
AgACMAcDBQMqCZKAMA0GCSqGSIb3DQEBCwUAA4IBAQCnI9uNm7tZq5/K4RqvC0S6
+LvO0fh8vu1jmNPQdgC0jcoK9Rkh5ZwWxVd3eXK1Kf3Gyk+hPh0vluSkT8pr08dR
uCYIXMCp6PEq34Ux8Bx8oRV3gZuZDtUrpKJ6G3hIKngb0CXaUj+p6VWLI5Rt2gd2
I2DDRcZToIDPc4WqC9F3bF/Kpg+AABD1eN3rfAOY/HZU5v9dg7XzZ2pMHPzj55qn
PyWUUa3JqDlTyCCgfO9+4GwniR61DpqTJsTpywiaJng6nk4A2xh1nCQQbhRGXN+z
6+72MF4bsVbbxi2Utnlpymw3+RGCAJubeQGFq1MiIyLH1E9TgIffcTXa6mB3hIO4
-----END CERTIFICATE-----