Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/MITkHJbRrNP_yKMqFbs1dpVINk8.roa
File:                     MITkHJbRrNP_yKMqFbs1dpVINk8.roa (raw, json)
Hash identifier:          sErmqbyx/7SP7pwNgMr9oPDC1HaHFKg+r5GosBzBggk=
Subject key identifier:   30:84:E4:1C:96:D1:AC:D3:FF:C8:A3:2A:15:BB:35:76:95:48:36:4F
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       0192DDDBC9D7032A6F486DE67FBC4BD25C96
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/MITkHJbRrNP_yKMqFbs1dpVINk8.roa
Signing time:             Wed 30 Oct 2024 14:37:01 +0000
ROA not before:           Wed 30 Oct 2024 14:37:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214243
IP address blocks:        77.90.4.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:dd:db:c9:d7:03:2a:6f:48:6d:e6:7f:bc:4b:d2:5c:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Oct 30 14:37:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3084e41c96d1acd3ffc8a32a15bb35769548364f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:40:59:aa:5a:12:fa:b9:e6:5f:2c:27:11:de:
                    9a:8f:57:23:bd:02:a5:2c:05:11:60:43:7a:7e:51:
                    34:7b:c4:5b:37:97:bb:be:9a:2f:4c:18:d6:96:fe:
                    cf:ea:6b:30:05:7e:f8:63:54:27:98:fb:ef:05:bd:
                    52:c6:22:4e:11:03:3d:08:54:b2:8e:7c:0a:91:a9:
                    e7:95:12:a1:17:1a:59:5a:72:eb:b7:77:cb:5e:f0:
                    19:42:62:fa:4a:39:f6:1c:d0:1f:ae:43:79:02:61:
                    29:05:37:f6:a6:bb:92:eb:5c:91:f5:cc:0b:0f:6e:
                    be:10:18:44:88:19:94:ea:6f:53:9b:e6:bc:79:ac:
                    73:b0:a4:d6:4f:90:ba:75:fa:2c:4a:5e:06:7f:d8:
                    db:96:0e:30:ab:74:1f:7c:40:a8:86:9e:09:1f:d3:
                    ed:99:22:b4:f0:4e:66:10:77:09:f1:0d:79:28:23:
                    f1:51:2e:62:e9:b6:ad:d6:72:f6:f1:6b:20:42:21:
                    2e:c1:63:b2:a4:51:a6:f3:22:a4:78:d2:34:b5:38:
                    4f:85:99:72:72:ab:8f:21:9d:17:6f:6d:89:15:31:
                    cb:56:8a:4f:58:ae:cf:97:a1:d1:30:b2:cd:5e:ac:
                    f4:ee:7c:d4:1e:98:ae:67:a4:a3:2d:f0:8b:58:f1:
                    e6:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:84:E4:1C:96:D1:AC:D3:FF:C8:A3:2A:15:BB:35:76:95:48:36:4F
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/MITkHJbRrNP_yKMqFbs1dpVINk8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:0c:eb:f2:63:8d:9e:d3:90:87:fa:9e:23:91:a5:a0:73:52:
         94:99:ab:35:56:4f:bd:ec:39:7b:6d:b7:f3:59:99:c0:76:bb:
         c2:ef:31:28:08:68:46:45:2f:f0:5b:43:ad:ef:06:96:0e:5f:
         da:c5:29:7b:08:31:b2:cb:8e:c9:1a:2b:fc:78:16:62:3b:4f:
         fc:08:a7:82:8c:f1:22:24:1e:04:94:83:82:de:74:fd:3e:93:
         58:78:07:33:1d:de:c3:83:27:fd:58:da:a6:8e:20:b2:30:87:
         56:b6:26:6a:60:67:ec:f1:65:71:2e:f6:fb:f6:d1:d3:70:08:
         20:0d:2c:3f:f1:93:e5:de:d2:95:0e:5c:c6:21:b2:7b:c3:f9:
         4e:18:75:9e:09:06:c9:8a:ec:a7:37:94:91:27:4f:e6:5d:20:
         d1:45:16:c1:f0:a8:bd:ca:56:a8:0c:19:61:38:a9:a3:3b:cb:
         b9:b5:f1:1c:55:96:39:be:a1:30:b7:2a:7d:6b:e6:a0:88:97:
         1e:1f:3a:d5:8a:e7:f8:2e:9e:b3:47:7b:da:51:ac:02:05:c6:
         9c:c4:43:1d:d2:0c:0e:e6:4a:33:9d:29:9a:0b:d0:b1:de:38:
         12:1d:39:45:05:85:d9:b5:d0:db:d4:d4:bf:04:02:b6:1a:ee:
         10:62:e5:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLd28nXAypvSG3mf7xL0lyWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjQxMDMwMTQzNzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDg0ZTQxYzk2ZDFhY2QzZmZjOGEzMmExNWJiMzU3Njk1NDgzNjRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3EBZqloS+rnmXywnEd6aj1cjvQKl
LAURYEN6flE0e8RbN5e7vpovTBjWlv7P6mswBX74Y1QnmPvvBb1SxiJOEQM9CFSy
jnwKkannlRKhFxpZWnLrt3fLXvAZQmL6Sjn2HNAfrkN5AmEpBTf2pruS61yR9cwL
D26+EBhEiBmU6m9Tm+a8eaxzsKTWT5C6dfosSl4Gf9jblg4wq3QffECohp4JH9Pt
mSK08E5mEHcJ8Q15KCPxUS5i6bat1nL28WsgQiEuwWOypFGm8yKkeNI0tThPhZly
cquPIZ0Xb22JFTHLVopPWK7Pl6HRMLLNXqz07nzUHpiuZ6SjLfCLWPHmkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDCE5ByW0azT/8ijKhW7NXaVSDZPMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvTUlUa0hKYlJyTlBfeUtNcUZiczFkcFZJTms4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVoEMA0G
CSqGSIb3DQEBCwUAA4IBAQB+DOvyY42e05CH+p4jkaWgc1KUmas1Vk+97Dl7bbfz
WZnAdrvC7zEoCGhGRS/wW0Ot7waWDl/axSl7CDGyy47JGiv8eBZiO0/8CKeCjPEi
JB4ElIOC3nT9PpNYeAczHd7Dgyf9WNqmjiCyMIdWtiZqYGfs8WVxLvb79tHTcAgg
DSw/8ZPl3tKVDlzGIbJ7w/lOGHWeCQbJiuynN5SRJ0/mXSDRRRbB8Ki9ylaoDBlh
OKmjO8u5tfEcVZY5vqEwtyp9a+agiJceHzrViuf4Lp6zR3vaUawCBcacxEMd0gwO
5koznSmaC9Cx3jgSHTlFBYXZtdDb1NS/BAK2Gu4QYuUc
-----END CERTIFICATE-----