Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/05e17f-d31f-431f-a8bc-7e05ab41b6e4/1/kY3KA70JOx6iZNcx29Ge1kTCS38.roa
File:                     kY3KA70JOx6iZNcx29Ge1kTCS38.roa (raw, json)
Hash identifier:          pAOi0+x2VvFwK5AHrUpBhN3p33Z4EOlnkeTE30pGsdY=
Subject key identifier:   91:8D:CA:03:BD:09:3B:1E:A2:64:D7:31:DB:D1:9E:D6:44:C2:4B:7F
Certificate issuer:       /CN=fd37cc8f16b3c6cbd3346aa3ed61771f3e83ac97
Certificate serial:       018D5661A02F80A06A4F236A015AC6C438DB
Authority key identifier: FD:37:CC:8F:16:B3:C6:CB:D3:34:6A:A3:ED:61:77:1F:3E:83:AC:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_TfMjxazxsvTNGqj7WF3Hz6DrJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/05e17f-d31f-431f-a8bc-7e05ab41b6e4/1/kY3KA70JOx6iZNcx29Ge1kTCS38.roa
Signing time:             Mon 29 Jan 2024 18:00:55 +0000
ROA not before:           Mon 29 Jan 2024 18:00:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209242
IP address blocks:        77.81.102.0/24 maxlen: 24
                          93.113.175.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/05e17f-d31f-431f-a8bc-7e05ab41b6e4/1/_TfMjxazxsvTNGqj7WF3Hz6DrJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/05e17f-d31f-431f-a8bc-7e05ab41b6e4/1/_TfMjxazxsvTNGqj7WF3Hz6DrJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_TfMjxazxsvTNGqj7WF3Hz6DrJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:56:61:a0:2f:80:a0:6a:4f:23:6a:01:5a:c6:c4:38:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fd37cc8f16b3c6cbd3346aa3ed61771f3e83ac97
        Validity
            Not Before: Jan 29 18:00:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=918dca03bd093b1ea264d731dbd19ed644c24b7f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:7a:4b:05:11:0f:9b:1b:8b:00:7c:90:90:63:
                    6c:91:f7:b1:fe:c7:bf:74:0f:07:f9:7f:22:1a:dc:
                    93:e9:08:1e:57:e3:52:d8:75:fd:1f:5f:6a:7f:2d:
                    75:43:4b:e3:f2:7b:bb:0e:36:d4:dd:b5:4b:bc:2c:
                    26:22:cb:f5:5a:e5:85:94:99:40:da:8d:05:ad:af:
                    6c:87:0c:47:43:09:23:82:a2:d6:de:8f:e7:89:69:
                    fc:a1:b7:ec:d8:0b:91:bb:17:a5:c9:ca:69:c2:3a:
                    86:01:dc:5b:27:b1:e9:75:6f:a1:d9:c5:ac:74:02:
                    95:9e:40:f8:96:f3:c2:c0:6a:b6:25:9c:11:1b:d4:
                    d9:3c:4c:a1:64:8f:b9:f6:d6:65:21:59:ec:09:cc:
                    5d:54:0f:35:68:2a:41:da:cb:f9:23:2c:18:0d:f9:
                    4f:1f:48:e3:02:93:c4:b4:be:77:87:64:60:fd:6e:
                    9a:99:0b:bb:2c:1b:70:a5:48:25:3b:b4:69:59:30:
                    fe:4e:9b:05:45:1e:f4:c8:8e:24:fc:35:e3:09:02:
                    f4:df:6e:d2:61:89:f6:06:7c:d8:78:0e:b3:f1:45:
                    47:f1:ad:e3:51:60:29:28:22:49:bd:79:c4:bb:e0:
                    78:e1:69:65:3e:97:e9:51:7f:56:7b:a0:84:8c:79:
                    a8:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:8D:CA:03:BD:09:3B:1E:A2:64:D7:31:DB:D1:9E:D6:44:C2:4B:7F
            X509v3 Authority Key Identifier:
                keyid:FD:37:CC:8F:16:B3:C6:CB:D3:34:6A:A3:ED:61:77:1F:3E:83:AC:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_TfMjxazxsvTNGqj7WF3Hz6DrJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/05e17f-d31f-431f-a8bc-7e05ab41b6e4/1/kY3KA70JOx6iZNcx29Ge1kTCS38.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/05e17f-d31f-431f-a8bc-7e05ab41b6e4/1/_TfMjxazxsvTNGqj7WF3Hz6DrJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.81.102.0/24
                  93.113.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:9c:75:b2:f8:ac:f4:fd:08:3a:39:5f:b7:01:06:62:63:40:
         5d:c0:c5:91:34:af:3c:19:05:ec:b6:4f:18:ca:31:7d:79:02:
         f4:7b:97:78:53:b8:88:a5:cb:ae:6c:78:71:38:a5:f5:01:ec:
         c0:f1:18:97:38:ec:ae:97:80:c2:59:3b:3d:bb:1b:53:f6:a4:
         74:f9:42:2a:66:7e:16:87:f1:b2:3e:1b:cf:d2:f3:7a:ce:d6:
         51:f7:e6:39:00:47:dd:24:ef:1d:e0:d9:f6:4c:96:4d:e7:d3:
         6d:73:18:5e:29:0f:64:07:e0:e3:52:66:b6:a3:ad:04:44:a9:
         ab:23:88:78:48:3d:2f:46:71:cc:89:9f:b6:e2:ee:3f:47:82:
         0f:f6:63:25:75:13:b5:f1:da:1d:68:f2:f1:df:90:6a:6e:f0:
         7f:a4:da:d7:07:c7:22:a7:48:12:ad:6f:4e:1b:47:ba:b2:89:
         46:4d:7b:b0:cb:88:79:49:87:7f:c3:14:e4:23:83:07:6b:ec:
         5c:f3:08:4c:8d:99:34:11:b7:0d:2a:9e:c9:d0:34:75:4e:bc:
         2f:29:38:37:9d:a6:d0:df:f2:22:80:15:04:a2:06:68:99:b3:
         f4:8f:5f:6a:d1:dd:87:a0:f0:22:fc:0c:c3:37:25:1f:26:44:
         57:5d:94:8f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY1WYaAvgKBqTyNqAVrGxDjbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkMzdjYzhmMTZiM2M2Y2JkMzM0NmFhM2VkNjE3NzFmM2U4
M2FjOTcwHhcNMjQwMTI5MTgwMDU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MThkY2EwM2JkMDkzYjFlYTI2NGQ3MzFkYmQxOWVkNjQ0YzI0YjdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArHpLBREPmxuLAHyQkGNskfex/se/
dA8H+X8iGtyT6QgeV+NS2HX9H19qfy11Q0vj8nu7DjbU3bVLvCwmIsv1WuWFlJlA
2o0Fra9shwxHQwkjgqLW3o/niWn8obfs2AuRuxelycppwjqGAdxbJ7HpdW+h2cWs
dAKVnkD4lvPCwGq2JZwRG9TZPEyhZI+59tZlIVnsCcxdVA81aCpB2sv5IywYDflP
H0jjApPEtL53h2Rg/W6amQu7LBtwpUglO7RpWTD+TpsFRR70yI4k/DXjCQL0327S
YYn2BnzYeA6z8UVH8a3jUWApKCJJvXnEu+B44WllPpfpUX9We6CEjHmowwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJGNygO9CTseomTXMdvRntZEwkt/MB8GA1UdIwQY
MBaAFP03zI8Ws8bL0zRqo+1hdx8+g6yXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX1RmTWp4YXp4c3ZUTkdxajdXRjNIejZEckpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8wNWUxN2YtZDMxZi00MzFmLWE4YmMt
N2UwNWFiNDFiNmU0LzEva1kzS0E3MEpPeDZpWk5jeDI5R2Uxa1RDUzM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8wNWUxN2YtZDMxZi00MzFmLWE4YmMtN2UwNWFiNDFiNmU0
LzEvX1RmTWp4YXp4c3ZUTkdxajdXRjNIejZEckpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATVFmAwQA
XXGvMA0GCSqGSIb3DQEBCwUAA4IBAQArnHWy+Kz0/Qg6OV+3AQZiY0BdwMWRNK88
GQXstk8YyjF9eQL0e5d4U7iIpcuubHhxOKX1AezA8RiXOOyul4DCWTs9uxtT9qR0
+UIqZn4Wh/GyPhvP0vN6ztZR9+Y5AEfdJO8d4Nn2TJZN59NtcxheKQ9kB+DjUma2
o60ERKmrI4h4SD0vRnHMiZ+24u4/R4IP9mMldRO18dodaPLx35BqbvB/pNrXB8ci
p0gSrW9OG0e6solGTXuwy4h5SYd/wxTkI4MHa+xc8whMjZk0EbcNKp7J0DR1Trwv
KTg3nabQ3/IigBUEogZombP0j19q0d2HoPAi/AzDNyUfJkRXXZSP
-----END CERTIFICATE-----