Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/d4a00f-c73f-4014-ade0-ab37fed52a4d/1/wq-sbK6wZCslTg-KQk0eohj20JY.roa
File:                     wq-sbK6wZCslTg-KQk0eohj20JY.roa (raw, json)
Hash identifier:          dIwNqBJjOyWxVd+rD1dPAAWpwiNwWE2sUgy3A31jXAk=
Subject key identifier:   C2:AF:AC:6C:AE:B0:64:2B:25:4E:0F:8A:42:4D:1E:A2:18:F6:D0:96
Certificate issuer:       /CN=16785c048cf3d5b21869f49434f2d3bb47d43ba1
Certificate serial:       0194282699E10AF40DDA7C49E8EE8D8B7565
Authority key identifier: 16:78:5C:04:8C:F3:D5:B2:18:69:F4:94:34:F2:D3:BB:47:D4:3B:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FnhcBIzz1bIYafSUNPLTu0fUO6E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/d4a00f-c73f-4014-ade0-ab37fed52a4d/1/wq-sbK6wZCslTg-KQk0eohj20JY.roa
Signing time:             Thu 02 Jan 2025 17:53:25 +0000
ROA not before:           Thu 02 Jan 2025 17:53:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213212
IP address blocks:        77.81.186.0/23 maxlen: 23
                          185.76.159.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/d4a00f-c73f-4014-ade0-ab37fed52a4d/1/FnhcBIzz1bIYafSUNPLTu0fUO6E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/d4a00f-c73f-4014-ade0-ab37fed52a4d/1/FnhcBIzz1bIYafSUNPLTu0fUO6E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FnhcBIzz1bIYafSUNPLTu0fUO6E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:26:99:e1:0a:f4:0d:da:7c:49:e8:ee:8d:8b:75:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=16785c048cf3d5b21869f49434f2d3bb47d43ba1
        Validity
            Not Before: Jan  2 17:53:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c2afac6caeb0642b254e0f8a424d1ea218f6d096
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:be:4e:16:8c:5a:c7:87:7f:3d:88:a5:d5:e1:
                    61:80:51:47:de:c8:0c:4f:07:8e:bf:c1:63:1c:67:
                    ee:c9:81:eb:30:a4:13:f7:da:ec:a0:cf:99:8f:41:
                    d5:f8:7e:34:76:71:b8:15:6e:ad:fc:3a:45:12:13:
                    7c:d9:72:02:b2:b4:96:d8:a8:23:9d:38:db:6b:ad:
                    31:af:9a:05:f2:5e:08:86:33:0c:50:d0:cd:4b:bd:
                    52:64:68:60:28:62:fe:10:73:28:da:98:e0:6a:46:
                    8d:6d:9e:9e:15:2e:c0:ff:f9:7d:ff:e4:01:0a:06:
                    22:1d:5a:c8:86:47:6b:c5:ce:40:a3:7b:5b:c8:12:
                    01:5f:71:d6:62:8c:29:97:f4:ad:19:de:6f:5e:a5:
                    e4:fb:c6:82:f0:4f:15:5c:7c:a4:f1:01:25:72:bd:
                    ee:97:65:07:c9:07:7f:0c:88:cd:8b:56:53:fa:d9:
                    ee:58:9d:f8:e5:cf:d0:2a:f2:50:5b:94:57:7d:b2:
                    de:54:c1:d1:e7:08:e1:6e:8e:88:a0:49:d1:f1:f1:
                    4e:6d:af:56:80:48:2d:f3:a1:cf:ef:5f:00:98:89:
                    d4:51:76:5a:09:f7:21:05:3d:e6:3b:e6:65:48:4c:
                    4f:0a:93:09:2f:0f:95:80:e4:7c:e8:f8:93:d3:c2:
                    14:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:AF:AC:6C:AE:B0:64:2B:25:4E:0F:8A:42:4D:1E:A2:18:F6:D0:96
            X509v3 Authority Key Identifier:
                keyid:16:78:5C:04:8C:F3:D5:B2:18:69:F4:94:34:F2:D3:BB:47:D4:3B:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FnhcBIzz1bIYafSUNPLTu0fUO6E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/d4a00f-c73f-4014-ade0-ab37fed52a4d/1/wq-sbK6wZCslTg-KQk0eohj20JY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/d4a00f-c73f-4014-ade0-ab37fed52a4d/1/FnhcBIzz1bIYafSUNPLTu0fUO6E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.81.186.0/23
                  185.76.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:9d:93:18:68:31:34:31:45:96:b5:1c:1e:20:02:69:b1:9c:
         9c:d7:2f:ae:9e:c6:99:ce:8b:56:02:12:5a:2e:d2:c0:19:d4:
         61:28:94:e0:43:2c:a0:d2:63:06:99:fd:2a:e0:c8:f5:bb:8f:
         66:63:b4:e0:2a:64:fb:25:f1:df:84:a4:85:e0:6c:96:af:18:
         14:15:92:09:c4:10:98:2e:4c:97:4a:4b:8c:5a:59:c7:6b:e1:
         34:25:50:15:a9:cf:43:ec:03:6c:ea:38:b2:b9:c1:d7:2e:61:
         bd:86:50:67:31:d4:0a:99:0f:3b:06:68:5a:45:50:ed:1e:6d:
         f2:40:a8:7c:31:fb:76:79:6e:f0:f9:0d:75:b3:d2:39:4d:8f:
         8b:81:c0:36:98:f8:7e:4e:14:9b:ac:ec:a2:e0:c3:5e:1e:e3:
         af:a7:58:f4:84:ac:4c:ae:c1:f0:19:f8:d6:74:92:82:38:c3:
         49:95:83:8e:e5:b7:61:9a:e7:3c:f5:74:c8:55:85:9a:8b:30:
         ef:5b:33:34:43:8d:56:b5:a4:fa:ec:7d:2b:e6:97:08:95:b6:
         2f:7c:ad:fc:52:0d:34:bf:44:ae:83:9b:9a:33:5e:44:2a:30:
         7c:c4:ac:b7:77:3d:7f:a2:a6:ae:10:88:00:1a:f2:c8:53:f1:
         d7:cb:41:36
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQoJpnhCvQN2nxJ6O6Ni3VlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2Nzg1YzA0OGNmM2Q1YjIxODY5ZjQ5NDM0ZjJkM2JiNDdk
NDNiYTEwHhcNMjUwMTAyMTc1MzI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmFmYWM2Y2FlYjA2NDJiMjU0ZTBmOGE0MjRkMWVhMjE4ZjZkMDk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAub5OFoxax4d/PYil1eFhgFFH3sgM
TweOv8FjHGfuyYHrMKQT99rsoM+Zj0HV+H40dnG4FW6t/DpFEhN82XICsrSW2Kgj
nTjba60xr5oF8l4IhjMMUNDNS71SZGhgKGL+EHMo2pjgakaNbZ6eFS7A//l9/+QB
CgYiHVrIhkdrxc5Ao3tbyBIBX3HWYowpl/StGd5vXqXk+8aC8E8VXHyk8QElcr3u
l2UHyQd/DIjNi1ZT+tnuWJ345c/QKvJQW5RXfbLeVMHR5wjhbo6IoEnR8fFOba9W
gEgt86HP718AmInUUXZaCfchBT3mO+ZlSExPCpMJLw+VgOR86PiT08IUzQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMKvrGyusGQrJU4PikJNHqIY9tCWMB8GA1UdIwQY
MBaAFBZ4XASM89WyGGn0lDTy07tH1DuhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRm5oY0JJenoxYklZYWZTVU5QTFR1MGZVTzZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy9kNGEwMGYtYzczZi00MDE0LWFkZTAt
YWIzN2ZlZDUyYTRkLzEvd3Etc2JLNndaQ3NsVGctS1FrMGVvaGoyMEpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy9kNGEwMGYtYzczZi00MDE0LWFkZTAtYWIzN2ZlZDUyYTRk
LzEvRm5oY0JJenoxYklZYWZTVU5QTFR1MGZVTzZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBTVG6AwQA
uUyfMA0GCSqGSIb3DQEBCwUAA4IBAQBBnZMYaDE0MUWWtRweIAJpsZyc1y+unsaZ
zotWAhJaLtLAGdRhKJTgQyyg0mMGmf0q4Mj1u49mY7TgKmT7JfHfhKSF4GyWrxgU
FZIJxBCYLkyXSkuMWlnHa+E0JVAVqc9D7ANs6jiyucHXLmG9hlBnMdQKmQ87Bmha
RVDtHm3yQKh8Mft2eW7w+Q11s9I5TY+LgcA2mPh+ThSbrOyi4MNeHuOvp1j0hKxM
rsHwGfjWdJKCOMNJlYOO5bdhmuc89XTIVYWaizDvWzM0Q41WtaT67H0r5pcIlbYv
fK38Ug00v0Sug5uaM15EKjB8xKy3dz1/oqauEIgAGvLIU/HXy0E2
-----END CERTIFICATE-----