Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/8WnPOv5GupIPndKAy32yPH6BfQY.roa
File:                     8WnPOv5GupIPndKAy32yPH6BfQY.roa (raw, json)
Hash identifier:          pjMjF8tmWxYYOnOTzxCJxgX7/eeqBaao9jrvCSFbu88=
Subject key identifier:   F1:69:CF:3A:FE:46:BA:92:0F:9D:D2:80:CB:7D:B2:3C:7E:81:7D:06
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       0192F1F50D80C29A173846A25A01E168F8AC
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/8WnPOv5GupIPndKAy32yPH6BfQY.roa
Signing time:             Sun 03 Nov 2024 12:17:01 +0000
ROA not before:           Sun 03 Nov 2024 12:17:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     63473
IP address blocks:        77.90.31.0/24 maxlen: 24
                          77.90.35.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:f1:f5:0d:80:c2:9a:17:38:46:a2:5a:01:e1:68:f8:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Nov  3 12:17:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f169cf3afe46ba920f9dd280cb7db23c7e817d06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:53:b3:a0:aa:8e:c4:bb:08:cf:88:6f:e9:d2:
                    51:6b:05:31:9f:e9:b8:f4:18:00:ff:7b:52:77:88:
                    b6:a2:06:ba:8e:e7:87:19:d7:56:81:1d:f2:47:99:
                    53:d5:f9:43:5c:06:4b:53:76:eb:d8:5d:c9:99:d7:
                    3e:24:85:6e:a7:4c:d5:8a:36:95:7c:26:1f:d9:ad:
                    7f:a9:50:4e:3a:f0:be:40:9c:97:37:81:d3:14:1c:
                    9b:05:7c:7b:8f:0e:8b:17:dd:f1:61:57:f1:de:a7:
                    61:bd:f7:dd:ec:96:94:a1:8c:f7:eb:f7:dd:ec:43:
                    54:48:07:cd:0f:06:51:17:17:fc:c2:0b:70:9d:f2:
                    6c:ab:c6:38:40:bd:03:71:94:b6:2a:86:52:be:10:
                    59:15:4c:30:18:01:0f:0e:09:9b:6e:09:b8:24:1d:
                    90:a5:8e:a9:0a:bf:f6:f3:0d:3f:49:a0:01:74:6f:
                    a7:62:14:43:3d:80:27:91:96:8e:6e:de:90:fe:41:
                    23:f7:1e:58:11:6b:32:09:43:ef:d5:ac:ce:22:6c:
                    2a:8e:94:4b:31:ef:5d:6c:60:a8:e8:9a:f9:22:b7:
                    42:cf:cf:22:6e:4a:9e:94:dd:88:a7:ea:61:34:13:
                    bc:1e:7e:4e:c0:31:e7:43:67:ea:99:2a:56:c0:f1:
                    e7:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:69:CF:3A:FE:46:BA:92:0F:9D:D2:80:CB:7D:B2:3C:7E:81:7D:06
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/8WnPOv5GupIPndKAy32yPH6BfQY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.31.0/24
                  77.90.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:36:60:97:24:3e:73:6d:79:b1:23:8d:48:33:dc:f5:35:79:
         3b:fd:76:07:dc:7b:51:5f:0e:d7:f5:83:24:e4:7b:3c:15:a4:
         8b:c3:45:5d:90:fd:d4:d7:56:16:8e:15:de:cb:bc:24:87:fc:
         39:b8:0a:75:35:80:19:76:42:7a:74:a9:79:c1:17:03:f7:2d:
         70:b3:11:9e:6d:e2:6d:b3:6d:e4:8b:da:54:46:1d:11:05:2f:
         a5:f2:2b:98:0f:d7:5a:be:ef:09:59:da:70:e7:f9:f7:0e:dc:
         f6:9c:8d:d5:23:c5:36:b2:80:4c:56:a7:fd:1d:d2:f2:92:94:
         3f:31:c8:b9:91:e0:3b:f4:47:b9:73:8d:48:80:87:bb:50:62:
         3e:23:4e:4e:1f:e2:a9:e1:10:4b:fd:ad:83:a0:05:61:e3:7f:
         0d:3a:db:31:e4:ce:fd:50:1a:2c:6c:be:ce:85:6f:be:52:af:
         72:9e:01:0e:80:88:98:88:ed:37:f9:1b:6b:c7:e3:e2:05:0d:
         67:26:ec:0f:8a:84:bc:86:f4:88:51:45:40:87:df:90:f6:41:
         cd:b6:4c:69:70:fd:e1:96:52:08:2b:32:5a:25:7e:3c:9e:0f:
         3a:90:5d:3f:50:44:11:33:33:6b:8f:39:9b:a9:50:ba:34:1f:
         7c:a5:54:6d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZLx9Q2AwpoXOEaiWgHhaPisMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjQxMTAzMTIxNzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTY5Y2YzYWZlNDZiYTkyMGY5ZGQyODBjYjdkYjIzYzdlODE3ZDA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7VOzoKqOxLsIz4hv6dJRawUxn+m4
9BgA/3tSd4i2oga6jueHGddWgR3yR5lT1flDXAZLU3br2F3Jmdc+JIVup0zVijaV
fCYf2a1/qVBOOvC+QJyXN4HTFBybBXx7jw6LF93xYVfx3qdhvffd7JaUoYz36/fd
7ENUSAfNDwZRFxf8wgtwnfJsq8Y4QL0DcZS2KoZSvhBZFUwwGAEPDgmbbgm4JB2Q
pY6pCr/28w0/SaABdG+nYhRDPYAnkZaObt6Q/kEj9x5YEWsyCUPv1azOImwqjpRL
Me9dbGCo6Jr5IrdCz88ibkqelN2Ip+phNBO8Hn5OwDHnQ2fqmSpWwPHnsQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPFpzzr+RrqSD53SgMt9sjx+gX0GMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvOFduUE92NUd1cElQbmRLQXkzMnlQSDZCZlFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATVofAwQA
TVojMA0GCSqGSIb3DQEBCwUAA4IBAQADNmCXJD5zbXmxI41IM9z1NXk7/XYH3HtR
Xw7X9YMk5Hs8FaSLw0VdkP3U11YWjhXey7wkh/w5uAp1NYAZdkJ6dKl5wRcD9y1w
sxGebeJts23ki9pURh0RBS+l8iuYD9davu8JWdpw5/n3Dtz2nI3VI8U2soBMVqf9
HdLykpQ/Mci5keA79Ee5c41IgIe7UGI+I05OH+Kp4RBL/a2DoAVh438NOtsx5M79
UBosbL7OhW++Uq9yngEOgIiYiO03+Rtrx+PiBQ1nJuwPioS8hvSIUUVAh9+Q9kHN
tkxpcP3hllIIKzJaJX48ng86kF0/UEQRMzNrjzmbqVC6NB98pVRt
-----END CERTIFICATE-----