Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/4XOK_WG8EIEhhrwzfieGvk2E7WM.roa
File:                     4XOK_WG8EIEhhrwzfieGvk2E7WM.roa (raw, json)
Hash identifier:          UY1fMyKxAbILf2WrxzrChRtWgUI7Eqz2IFxzTa6dVxo=
Subject key identifier:   E1:73:8A:FD:61:BC:10:81:21:86:BC:33:7E:27:86:BE:4D:84:ED:63
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       018E1E456FD1C6BD2E341137F6F96D063169
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/4XOK_WG8EIEhhrwzfieGvk2E7WM.roa
Signing time:             Fri 08 Mar 2024 13:34:10 +0000
ROA not before:           Fri 08 Mar 2024 13:34:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216474
IP address blocks:        77.90.10.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:1e:45:6f:d1:c6:bd:2e:34:11:37:f6:f9:6d:06:31:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Mar  8 13:34:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e1738afd61bc10812186bc337e2786be4d84ed63
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:40:5d:0d:0b:68:df:51:d3:a1:d9:e9:ce:c3:
                    b9:6b:b3:3d:5c:73:73:bd:3e:92:0c:4e:2d:7f:0b:
                    09:60:66:9d:8d:1d:ca:67:fc:be:ba:70:71:6e:1f:
                    88:32:5c:76:b2:a5:cc:76:14:f8:88:fd:a2:a9:50:
                    07:f1:53:37:3c:16:17:d9:e0:12:ab:07:0f:50:63:
                    41:ab:bc:ea:69:ca:c6:84:84:7a:64:b2:65:03:15:
                    49:1e:ed:c8:1d:b4:70:f8:77:ef:d3:a3:1a:f3:57:
                    43:3d:b3:3c:96:af:60:5c:f1:57:9d:19:6e:72:89:
                    40:3e:d9:4f:b8:c0:01:3a:6e:5a:52:8d:22:7c:a6:
                    35:e6:d5:47:6f:1a:05:92:9f:39:7f:df:d7:86:00:
                    b8:73:9d:02:6a:05:24:c1:64:f2:ba:95:e4:2f:ba:
                    7c:1f:eb:54:51:f8:7e:3f:3f:a8:91:e5:64:5d:a7:
                    82:81:f7:4f:69:22:b8:c8:15:5f:a1:a8:a5:d6:dd:
                    65:ab:d3:4e:53:66:93:ad:74:b3:81:77:f0:08:16:
                    9f:55:e6:df:b7:1a:29:d1:f5:31:65:26:98:fc:d3:
                    c9:49:5b:8f:46:73:35:6f:f2:5a:ae:0d:10:75:b2:
                    be:ab:f8:af:b3:bd:94:ee:db:29:24:d2:88:ea:f6:
                    db:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:73:8A:FD:61:BC:10:81:21:86:BC:33:7E:27:86:BE:4D:84:ED:63
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/4XOK_WG8EIEhhrwzfieGvk2E7WM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ec:66:94:c0:cb:69:25:ac:67:85:c9:3e:26:ec:6c:59:3c:20:
         88:9e:c0:57:a4:57:2c:26:ed:87:00:64:8a:5e:a3:97:2f:ed:
         05:3a:31:7f:e8:e5:0b:3d:6c:4a:9c:c7:9d:b9:7e:3b:a8:e8:
         9f:e4:53:8f:28:37:de:f0:e5:df:35:cd:9b:58:7e:fc:70:c4:
         f0:d5:59:26:61:c1:e8:4c:b0:2b:3b:cd:f3:df:b9:5d:0b:f0:
         ca:04:11:ac:7f:1f:17:55:65:31:8e:5b:ee:72:03:5e:61:e9:
         25:4d:17:1c:8c:03:a6:9b:31:1b:21:e2:96:56:5e:e3:17:81:
         fc:8b:87:40:86:e7:79:6c:70:fc:55:7c:5a:af:34:f8:5b:63:
         48:96:34:17:fa:ae:b9:eb:82:3c:aa:d2:1c:c7:83:ad:65:82:
         e2:aa:87:b0:32:0b:31:4e:52:fc:ec:29:f4:a4:5e:af:7d:aa:
         e9:2d:2c:36:45:ed:4b:66:a5:bd:22:06:14:b3:af:18:b2:64:
         11:0c:7e:52:7a:3f:4d:3e:64:37:f6:07:ff:51:15:a3:3a:75:
         1f:53:71:6c:4e:db:72:be:03:ba:ca:51:5c:2a:dd:09:85:54:
         4a:26:31:d3:ed:3d:d5:89:89:ae:67:bb:34:a1:e1:f5:a0:cf:
         c6:8b:23:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4eRW/Rxr0uNBE39vltBjFpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjQwMzA4MTMzNDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTczOGFmZDYxYmMxMDgxMjE4NmJjMzM3ZTI3ODZiZTRkODRlZDYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhEBdDQto31HTodnpzsO5a7M9XHNz
vT6SDE4tfwsJYGadjR3KZ/y+unBxbh+IMlx2sqXMdhT4iP2iqVAH8VM3PBYX2eAS
qwcPUGNBq7zqacrGhIR6ZLJlAxVJHu3IHbRw+Hfv06Ma81dDPbM8lq9gXPFXnRlu
colAPtlPuMABOm5aUo0ifKY15tVHbxoFkp85f9/XhgC4c50CagUkwWTyupXkL7p8
H+tUUfh+Pz+okeVkXaeCgfdPaSK4yBVfoail1t1lq9NOU2aTrXSzgXfwCBafVebf
txop0fUxZSaY/NPJSVuPRnM1b/Jarg0QdbK+q/ivs72U7tspJNKI6vbbGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOFziv1hvBCBIYa8M34nhr5NhO1jMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvNFhPS19XRzhFSUVoaHJ3emZpZUd2azJFN1dNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVoKMA0G
CSqGSIb3DQEBCwUAA4IBAQDsZpTAy2klrGeFyT4m7GxZPCCInsBXpFcsJu2HAGSK
XqOXL+0FOjF/6OULPWxKnMeduX47qOif5FOPKDfe8OXfNc2bWH78cMTw1VkmYcHo
TLArO83z37ldC/DKBBGsfx8XVWUxjlvucgNeYeklTRccjAOmmzEbIeKWVl7jF4H8
i4dAhud5bHD8VXxarzT4W2NIljQX+q6564I8qtIcx4OtZYLiqoewMgsxTlL87Cn0
pF6vfarpLSw2Re1LZqW9IgYUs68YsmQRDH5Sej9NPmQ39gf/URWjOnUfU3FsTtty
vgO6ylFcKt0JhVRKJjHT7T3ViYmuZ7s0oeH1oM/GiyM/
-----END CERTIFICATE-----