Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/3fztKJNFsJIUYRouWtGGnWB1aA0.roa
File:                     3fztKJNFsJIUYRouWtGGnWB1aA0.roa (raw, json)
Hash identifier:          tpFwez0VjrHtFRz3jW4zUy/4iqFg7vVSRIOaavkpu6w=
Subject key identifier:   DD:FC:ED:28:93:45:B0:92:14:61:1A:2E:5A:D1:86:9D:60:75:68:0D
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       01937235D31B3292108ED0F4EC46369D50EB
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/3fztKJNFsJIUYRouWtGGnWB1aA0.roa
Signing time:             Thu 28 Nov 2024 09:59:10 +0000
ROA not before:           Thu 28 Nov 2024 09:59:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44592
IP address blocks:        77.90.15.0/24 maxlen: 24
                          77.90.17.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Dec 2024 00:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:72:35:d3:1b:32:92:10:8e:d0:f4:ec:46:36:9d:50:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Nov 28 09:59:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ddfced289345b09214611a2e5ad1869d6075680d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:a7:dc:e0:ca:ab:f8:5e:3f:a0:ce:ff:0e:5c:
                    e6:11:3f:4a:da:bd:f4:2e:03:56:90:cb:d3:91:c1:
                    8c:86:9f:bf:52:65:0a:3d:bc:c2:7c:16:54:6d:4a:
                    48:f3:54:30:36:45:6b:6c:a5:4f:57:c5:04:b3:97:
                    44:81:3e:c0:6c:c7:91:11:c0:b1:3c:62:0a:50:eb:
                    8c:3c:0f:c1:be:d0:81:4c:11:ed:e3:9e:d6:12:2c:
                    f9:30:69:3b:6b:ee:cf:77:1b:5d:0d:95:f8:33:64:
                    5b:d2:22:dd:7f:58:04:57:9c:14:fc:97:46:f7:d2:
                    81:4b:bd:4c:c0:d5:32:f4:d3:d6:2d:9c:5d:41:66:
                    dc:9f:72:a7:52:38:07:c3:a4:57:54:0b:50:89:8a:
                    f3:f8:08:0d:d9:e5:d6:88:df:c4:dd:ff:06:06:75:
                    37:6d:13:1e:d2:46:d3:55:44:0b:6b:a4:7f:ca:14:
                    78:68:6e:82:45:48:ca:c5:a7:7b:04:3e:70:34:93:
                    5f:43:87:34:11:8c:d5:b8:d6:a8:7b:89:a7:c9:d3:
                    36:cc:57:54:3b:18:c2:a4:04:46:59:ac:67:3b:e0:
                    f3:4d:7e:83:31:d9:23:ef:87:4a:73:15:be:33:d5:
                    c4:91:47:f6:7b:be:ce:9c:da:b2:01:0b:2c:fe:32:
                    e2:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:FC:ED:28:93:45:B0:92:14:61:1A:2E:5A:D1:86:9D:60:75:68:0D
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/3fztKJNFsJIUYRouWtGGnWB1aA0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.15.0/24
                  77.90.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:fb:09:b7:c2:20:2f:67:96:35:7b:07:f3:1d:c3:93:27:0e:
         e9:cb:88:d0:8f:f1:a6:ab:56:ee:26:17:c4:2d:05:8e:27:7c:
         fb:7c:65:56:d2:ec:1b:96:97:5d:17:c3:37:7b:7d:b1:21:ef:
         89:f4:7c:c7:b2:04:ca:70:78:e3:1b:34:0b:b1:6b:ae:ec:b1:
         b3:26:a9:0b:a8:08:76:8f:7c:d6:b8:fe:be:1d:63:ce:13:f5:
         54:67:72:7e:52:d2:e2:8b:f2:7b:f6:29:a0:8a:da:07:01:00:
         de:c2:ae:9b:cd:b2:c6:f7:3b:33:32:36:29:03:09:45:76:08:
         92:f2:7a:6c:f9:01:d5:c0:cc:e9:32:f8:2e:34:6f:d0:3d:6d:
         15:29:97:b6:eb:b2:65:af:b5:3c:ca:d8:f2:a9:85:c8:12:35:
         a1:71:29:e5:70:3b:97:8d:67:1b:29:20:0e:15:b6:25:28:ed:
         f0:a1:0b:5a:86:12:68:6e:06:1b:02:8b:74:b6:70:9b:cd:3e:
         9d:9b:87:27:d4:02:cc:4c:51:af:5a:91:d6:8b:e8:06:a8:97:
         cb:b5:52:41:56:13:73:cf:cb:c9:1f:04:dc:f1:d0:e6:79:90:
         b8:89:eb:d7:11:af:cc:21:86:6f:79:6e:1f:5b:f3:2b:5f:a6:
         aa:e8:c2:c5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZNyNdMbMpIQjtD07EY2nVDrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjQxMTI4MDk1OTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGZjZWQyODkzNDViMDkyMTQ2MTFhMmU1YWQxODY5ZDYwNzU2ODBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtqfc4Mqr+F4/oM7/DlzmET9K2r30
LgNWkMvTkcGMhp+/UmUKPbzCfBZUbUpI81QwNkVrbKVPV8UEs5dEgT7AbMeREcCx
PGIKUOuMPA/BvtCBTBHt457WEiz5MGk7a+7PdxtdDZX4M2Rb0iLdf1gEV5wU/JdG
99KBS71MwNUy9NPWLZxdQWbcn3KnUjgHw6RXVAtQiYrz+AgN2eXWiN/E3f8GBnU3
bRMe0kbTVUQLa6R/yhR4aG6CRUjKxad7BD5wNJNfQ4c0EYzVuNaoe4mnydM2zFdU
OxjCpARGWaxnO+DzTX6DMdkj74dKcxW+M9XEkUf2e77OnNqyAQss/jLiPQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFN387SiTRbCSFGEaLlrRhp1gdWgNMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvM2Z6dEtKTkZzSklVWVJvdVd0R0duV0IxYUEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATVoPAwQA
TVoRMA0GCSqGSIb3DQEBCwUAA4IBAQAz+wm3wiAvZ5Y1ewfzHcOTJw7py4jQj/Gm
q1buJhfELQWOJ3z7fGVW0uwblpddF8M3e32xIe+J9HzHsgTKcHjjGzQLsWuu7LGz
JqkLqAh2j3zWuP6+HWPOE/VUZ3J+UtLii/J79imgitoHAQDewq6bzbLG9zszMjYp
AwlFdgiS8nps+QHVwMzpMvguNG/QPW0VKZe267Jlr7U8ytjyqYXIEjWhcSnlcDuX
jWcbKSAOFbYlKO3woQtahhJobgYbAot0tnCbzT6dm4cn1ALMTFGvWpHWi+gGqJfL
tVJBVhNzz8vJHwTc8dDmeZC4ievXEa/MIYZveW4fW/MrX6aq6MLF
-----END CERTIFICATE-----