Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/3gXq2fIpYzzN3Bpn4_GzFPgqgKM.roa
File:                     3gXq2fIpYzzN3Bpn4_GzFPgqgKM.roa (raw, json)
Hash identifier:          fvP5UFy17Cf2+C7kMRW/My5Gt6RFoTpNvnNTS7WDKQg=
Subject key identifier:   DE:05:EA:D9:F2:29:63:3C:CD:DC:1A:67:E3:F1:B3:14:F8:2A:80:A3
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       019258B536047FEFD6412EE73A1EE0141A9E
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/3gXq2fIpYzzN3Bpn4_GzFPgqgKM.roa
Signing time:             Fri 04 Oct 2024 18:05:23 +0000
ROA not before:           Fri 04 Oct 2024 18:05:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47263
IP address blocks:        77.90.37.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:58:b5:36:04:7f:ef:d6:41:2e:e7:3a:1e:e0:14:1a:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Oct  4 18:05:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=de05ead9f229633ccddc1a67e3f1b314f82a80a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:63:b7:5c:b5:54:a5:30:14:89:41:c2:4e:c0:
                    a0:c6:de:fc:a3:fb:f8:d1:f1:b8:33:57:a6:c6:28:
                    a4:f1:d9:f8:f2:ce:9d:4e:d1:e6:3d:63:c8:94:25:
                    e8:43:0b:a0:51:9f:8c:81:30:15:25:20:81:34:ec:
                    07:7c:7d:91:35:cc:22:29:85:dd:0d:a8:96:54:64:
                    86:40:45:dc:80:56:37:8f:fd:ab:bf:33:cd:69:ff:
                    83:3e:13:19:b8:28:97:10:98:ea:67:cb:e1:99:f9:
                    16:e2:38:7f:36:e9:4a:da:c9:63:76:23:f1:b7:62:
                    97:27:1b:bb:aa:95:a3:80:81:80:94:08:9c:9d:24:
                    80:f9:67:a3:9d:c9:68:ed:4a:00:1c:24:d0:13:6c:
                    aa:a3:05:9b:8c:b1:42:f0:ff:c4:08:06:e0:bb:29:
                    e4:93:92:82:48:11:d6:46:ff:ce:18:bf:2a:e5:b8:
                    2f:39:2a:76:98:8e:8e:c7:a9:9b:8e:18:3d:68:56:
                    49:8b:0d:72:a9:72:55:ec:dc:18:7f:16:ba:43:36:
                    1f:e1:66:99:46:df:e0:30:6a:f7:a6:98:98:3a:34:
                    89:86:f0:5c:c8:ba:99:54:20:10:f4:fd:ec:82:51:
                    a7:70:fe:cc:28:da:ec:70:85:a4:a0:9b:03:2b:dc:
                    fe:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:05:EA:D9:F2:29:63:3C:CD:DC:1A:67:E3:F1:B3:14:F8:2A:80:A3
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/3gXq2fIpYzzN3Bpn4_GzFPgqgKM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:0f:d4:a2:da:55:c9:98:32:fe:2f:82:6a:6a:bd:39:5c:9c:
         18:8f:b7:15:2f:29:bf:71:f7:48:87:db:ba:2a:5c:6e:1b:c1:
         8b:36:ce:f4:5b:d5:e6:da:01:36:e9:f7:aa:c2:33:18:fc:19:
         93:61:4a:f8:3f:14:e4:e4:b6:20:f8:48:71:a4:61:b9:17:77:
         5d:2b:84:4b:d3:39:67:79:54:2a:20:4e:8a:db:89:f5:aa:23:
         7c:bd:c4:7f:6b:d2:1d:07:db:29:f3:a9:6f:af:2a:2f:a2:7b:
         43:b8:94:0c:e1:da:c7:71:b5:0d:a4:b4:87:33:05:ca:a9:bb:
         ab:f4:57:30:c5:b5:c7:e2:75:b5:a2:8e:1b:b8:75:56:60:11:
         33:ab:88:a9:84:55:14:94:72:b1:d5:4e:cc:2f:bf:af:da:56:
         39:31:27:e8:15:9c:0c:f3:9e:ed:ee:6b:dd:e9:fa:e8:f4:a3:
         60:cd:aa:a3:b1:48:ba:17:8f:69:ad:cb:ef:9a:ce:3f:0a:88:
         4c:da:a5:21:05:27:e1:e3:88:1b:02:db:30:df:f4:0d:de:08:
         09:e4:67:39:8a:67:0c:56:69:e9:32:4f:5c:fe:9d:fa:46:39:
         bd:28:a0:98:53:8d:b0:38:4c:87:23:d9:68:36:fa:18:9b:9f:
         c0:e4:25:dd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJYtTYEf+/WQS7nOh7gFBqeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjQxMDA0MTgwNTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTA1ZWFkOWYyMjk2MzNjY2RkYzFhNjdlM2YxYjMxNGY4MmE4MGEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyWO3XLVUpTAUiUHCTsCgxt78o/v4
0fG4M1emxiik8dn48s6dTtHmPWPIlCXoQwugUZ+MgTAVJSCBNOwHfH2RNcwiKYXd
DaiWVGSGQEXcgFY3j/2rvzPNaf+DPhMZuCiXEJjqZ8vhmfkW4jh/NulK2sljdiPx
t2KXJxu7qpWjgIGAlAicnSSA+Wejnclo7UoAHCTQE2yqowWbjLFC8P/ECAbguynk
k5KCSBHWRv/OGL8q5bgvOSp2mI6Ox6mbjhg9aFZJiw1yqXJV7NwYfxa6QzYf4WaZ
Rt/gMGr3ppiYOjSJhvBcyLqZVCAQ9P3sglGncP7MKNrscIWkoJsDK9z+1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN4F6tnyKWM8zdwaZ+PxsxT4KoCjMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvM2dYcTJmSXBZenpOM0JwbjRfR3pGUGdxZ0tNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVolMA0G
CSqGSIb3DQEBCwUAA4IBAQCZD9Si2lXJmDL+L4Jqar05XJwYj7cVLym/cfdIh9u6
KlxuG8GLNs70W9Xm2gE26feqwjMY/BmTYUr4PxTk5LYg+EhxpGG5F3ddK4RL0zln
eVQqIE6K24n1qiN8vcR/a9IdB9sp86lvryovontDuJQM4drHcbUNpLSHMwXKqbur
9FcwxbXH4nW1oo4buHVWYBEzq4iphFUUlHKx1U7ML7+v2lY5MSfoFZwM857t7mvd
6fro9KNgzaqjsUi6F49prcvvms4/CohM2qUhBSfh44gbAtsw3/QN3ggJ5Gc5imcM
VmnpMk9c/p36Rjm9KKCYU42wOEyHI9loNvoYm5/A5CXd
-----END CERTIFICATE-----