Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/d4a00f-c73f-4014-ade0-ab37fed52a4d/1/wIo7gRbp7iZb-2jeRG9lGC-Re6Y.roa
File:                     wIo7gRbp7iZb-2jeRG9lGC-Re6Y.roa (raw, json)
Hash identifier:          c/R2Gc35kkHkhxpw6cMeoVLqiOGAlcAA0Z2M+GPKUTc=
Subject key identifier:   C0:8A:3B:81:16:E9:EE:26:5B:FB:68:DE:44:6F:65:18:2F:91:7B:A6
Certificate issuer:       /CN=16785c048cf3d5b21869f49434f2d3bb47d43ba1
Certificate serial:       018FAC5A2F40B0F07A851A84FB73D36B974D
Authority key identifier: 16:78:5C:04:8C:F3:D5:B2:18:69:F4:94:34:F2:D3:BB:47:D4:3B:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FnhcBIzz1bIYafSUNPLTu0fUO6E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/d4a00f-c73f-4014-ade0-ab37fed52a4d/1/wIo7gRbp7iZb-2jeRG9lGC-Re6Y.roa
Signing time:             Fri 24 May 2024 20:45:42 +0000
ROA not before:           Fri 24 May 2024 20:45:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213212
IP address blocks:        77.81.186.0/23 maxlen: 23
                          185.76.159.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/d4a00f-c73f-4014-ade0-ab37fed52a4d/1/FnhcBIzz1bIYafSUNPLTu0fUO6E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/d4a00f-c73f-4014-ade0-ab37fed52a4d/1/FnhcBIzz1bIYafSUNPLTu0fUO6E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FnhcBIzz1bIYafSUNPLTu0fUO6E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 13:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:ac:5a:2f:40:b0:f0:7a:85:1a:84:fb:73:d3:6b:97:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=16785c048cf3d5b21869f49434f2d3bb47d43ba1
        Validity
            Not Before: May 24 20:45:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c08a3b8116e9ee265bfb68de446f65182f917ba6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:45:66:9f:3e:64:1e:c7:57:58:63:8a:ec:fe:
                    32:d6:c5:6d:7f:7d:57:5b:67:63:d6:fa:87:2c:b2:
                    ef:45:90:f7:6f:70:dd:ee:ce:ce:59:aa:52:f3:0a:
                    50:12:a9:77:6f:0d:8d:3e:b2:2b:83:40:6e:d4:8c:
                    b1:f5:b7:ea:25:d9:65:7d:c2:14:a7:ea:71:7a:17:
                    c6:ef:ab:5f:04:16:6c:b0:e2:75:da:1c:e1:e2:d7:
                    8b:cc:57:03:b9:48:f7:1b:2b:06:8b:f7:3c:39:6e:
                    5d:d0:5c:e4:c4:b9:f1:ec:b6:63:b6:35:98:59:d5:
                    9e:0d:a8:03:46:5f:5f:26:0e:6d:f3:66:b5:e2:48:
                    c2:be:75:4f:50:2f:f6:0d:cb:77:64:19:0f:0e:80:
                    91:19:e5:d1:63:b4:39:5d:bf:fd:7d:a6:04:2e:ec:
                    8c:c2:ae:73:fd:52:f3:f2:e0:7f:8f:4c:e5:71:72:
                    74:e1:ac:82:c5:b6:d6:8d:af:00:17:07:f0:96:2c:
                    08:81:e5:8e:aa:54:7e:61:cb:8a:31:29:e7:87:fa:
                    b7:d0:90:ff:71:cd:77:36:cc:44:1b:9e:08:62:da:
                    fc:ac:8c:e7:5c:0e:a1:25:48:92:8f:d5:a7:6a:84:
                    93:fa:21:56:54:e0:d6:dd:98:d5:3c:54:8b:5f:29:
                    2c:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:8A:3B:81:16:E9:EE:26:5B:FB:68:DE:44:6F:65:18:2F:91:7B:A6
            X509v3 Authority Key Identifier:
                keyid:16:78:5C:04:8C:F3:D5:B2:18:69:F4:94:34:F2:D3:BB:47:D4:3B:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FnhcBIzz1bIYafSUNPLTu0fUO6E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/d4a00f-c73f-4014-ade0-ab37fed52a4d/1/wIo7gRbp7iZb-2jeRG9lGC-Re6Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/d4a00f-c73f-4014-ade0-ab37fed52a4d/1/FnhcBIzz1bIYafSUNPLTu0fUO6E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.81.186.0/23
                  185.76.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:76:1e:9d:4b:47:80:2b:fa:33:36:32:9c:67:90:19:e1:87:
         1d:c4:5c:fa:46:6e:d2:83:e5:33:0e:f0:bd:4d:a8:4f:d9:cd:
         b1:eb:2b:dd:e8:6e:3b:87:a3:96:6c:40:fe:fe:5a:c2:cd:13:
         58:07:99:44:b1:35:db:3c:09:0e:54:2c:3b:02:d0:8f:68:2b:
         bb:00:fb:76:d9:b5:b8:dc:62:1f:17:a1:a9:75:68:82:68:82:
         7a:92:b1:6c:c5:39:ea:37:a6:4d:46:6b:f3:83:2c:c2:11:9b:
         ae:f4:00:b7:f5:0f:2a:0e:f2:3a:ab:ba:7f:76:85:83:4a:e3:
         21:de:e4:75:44:df:ec:03:85:4e:99:7b:3f:0c:8b:8b:1c:d9:
         3e:6d:be:3b:98:34:b1:da:3f:0e:e9:63:d6:e6:90:ad:95:17:
         6b:2e:80:f4:8d:f2:3a:7e:a0:13:59:50:3e:d7:52:a3:50:5c:
         bf:25:bb:bc:63:54:f8:4a:c3:9a:57:70:fa:50:46:6f:21:6a:
         72:39:47:e0:0f:98:b4:42:b7:cf:9b:95:70:3d:a4:00:6a:a9:
         2d:06:54:84:d0:06:a0:2c:17:9f:66:f0:c6:9c:de:ba:40:01:
         6a:88:cd:2e:15:e5:ba:fa:24:a6:f0:92:ba:84:c0:73:15:71:
         13:1b:cb:52
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY+sWi9AsPB6hRqE+3PTa5dNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2Nzg1YzA0OGNmM2Q1YjIxODY5ZjQ5NDM0ZjJkM2JiNDdk
NDNiYTEwHhcNMjQwNTI0MjA0NTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDhhM2I4MTE2ZTllZTI2NWJmYjY4ZGU0NDZmNjUxODJmOTE3YmE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvEVmnz5kHsdXWGOK7P4y1sVtf31X
W2dj1vqHLLLvRZD3b3Dd7s7OWapS8wpQEql3bw2NPrIrg0Bu1Iyx9bfqJdllfcIU
p+pxehfG76tfBBZssOJ12hzh4teLzFcDuUj3GysGi/c8OW5d0FzkxLnx7LZjtjWY
WdWeDagDRl9fJg5t82a14kjCvnVPUC/2Dct3ZBkPDoCRGeXRY7Q5Xb/9faYELuyM
wq5z/VLz8uB/j0zlcXJ04ayCxbbWja8AFwfwliwIgeWOqlR+YcuKMSnnh/q30JD/
cc13NsxEG54IYtr8rIznXA6hJUiSj9WnaoST+iFWVODW3ZjVPFSLXyksDwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMCKO4EW6e4mW/to3kRvZRgvkXumMB8GA1UdIwQY
MBaAFBZ4XASM89WyGGn0lDTy07tH1DuhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRm5oY0JJenoxYklZYWZTVU5QTFR1MGZVTzZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy9kNGEwMGYtYzczZi00MDE0LWFkZTAt
YWIzN2ZlZDUyYTRkLzEvd0lvN2dSYnA3aVpiLTJqZVJHOWxHQy1SZTZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy9kNGEwMGYtYzczZi00MDE0LWFkZTAtYWIzN2ZlZDUyYTRk
LzEvRm5oY0JJenoxYklZYWZTVU5QTFR1MGZVTzZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBTVG6AwQA
uUyfMA0GCSqGSIb3DQEBCwUAA4IBAQBCdh6dS0eAK/ozNjKcZ5AZ4YcdxFz6Rm7S
g+UzDvC9TahP2c2x6yvd6G47h6OWbED+/lrCzRNYB5lEsTXbPAkOVCw7AtCPaCu7
APt22bW43GIfF6GpdWiCaIJ6krFsxTnqN6ZNRmvzgyzCEZuu9AC39Q8qDvI6q7p/
doWDSuMh3uR1RN/sA4VOmXs/DIuLHNk+bb47mDSx2j8O6WPW5pCtlRdrLoD0jfI6
fqATWVA+11KjUFy/Jbu8Y1T4SsOaV3D6UEZvIWpyOUfgD5i0QrfPm5VwPaQAaqkt
BlSE0AagLBefZvDGnN66QAFqiM0uFeW6+iSm8JK6hMBzFXETG8tS
-----END CERTIFICATE-----