Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/OAG0cmJN7RPoXsHvYeMvRvhypSk.roa
File:                     OAG0cmJN7RPoXsHvYeMvRvhypSk.roa (raw, json)
Hash identifier:          ZtQ6hnN4dNgUnZT7YBg+RSARQdxspicu98hqgygG+q0=
Subject key identifier:   38:01:B4:72:62:4D:ED:13:E8:5E:C1:EF:61:E3:2F:46:F8:72:A5:29
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       01934DDE3CC23DC2F1D7B3B2B3B04D4D6A11
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/OAG0cmJN7RPoXsHvYeMvRvhypSk.roa
Signing time:             Thu 21 Nov 2024 08:37:10 +0000
ROA not before:           Thu 21 Nov 2024 08:37:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211301
IP address blocks:        77.90.57.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:4d:de:3c:c2:3d:c2:f1:d7:b3:b2:b3:b0:4d:4d:6a:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Nov 21 08:37:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3801b472624ded13e85ec1ef61e32f46f872a529
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:6d:a7:39:4e:eb:1a:88:2a:34:6c:88:97:c2:
                    59:5a:aa:ea:98:72:a0:6d:85:69:bc:45:5f:80:02:
                    e6:0b:73:c3:ca:9f:82:0d:63:2e:06:9a:5d:92:52:
                    f7:36:5e:9e:b3:3f:85:bb:4c:3d:b0:1c:d4:4e:f2:
                    f1:40:25:7e:0c:ec:84:4f:eb:3f:81:42:42:a9:de:
                    be:fe:d5:54:87:10:56:a7:c2:99:e2:ae:5f:8b:22:
                    c9:88:24:cf:3f:77:ad:1b:df:f4:b4:e7:60:23:9b:
                    e1:85:c7:53:cc:ee:51:4c:0e:67:e5:6b:05:00:cd:
                    cc:0c:83:e0:9f:f8:b8:f3:3e:65:ff:31:ff:ed:76:
                    bd:c9:ce:4c:e0:e5:fc:d3:82:38:fd:ac:53:6c:f0:
                    eb:38:f2:7b:47:16:23:01:2f:b4:6b:25:dc:80:a2:
                    00:c6:a9:5a:5d:18:5f:8f:f0:b8:5d:df:cd:65:91:
                    67:d1:6c:7a:49:8e:e2:52:95:8e:c4:f3:ad:4b:ab:
                    25:2b:e5:ee:e2:7f:50:85:9a:27:9f:64:d7:e5:61:
                    0d:a8:88:11:be:1e:9c:bc:e2:67:c1:b0:28:f7:e2:
                    70:45:90:1e:2a:62:38:83:90:be:7f:91:87:9a:56:
                    8a:2e:d9:03:3d:c1:3f:71:27:db:bd:22:79:c9:8b:
                    95:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:01:B4:72:62:4D:ED:13:E8:5E:C1:EF:61:E3:2F:46:F8:72:A5:29
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/OAG0cmJN7RPoXsHvYeMvRvhypSk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b8:a1:77:61:23:d6:0e:8f:69:0d:51:67:75:27:bd:4f:1c:98:
         60:87:e2:88:0e:ea:69:b7:cb:e5:f0:ad:9e:07:0b:4d:62:0d:
         6a:9b:e5:25:3b:dd:13:ef:92:3e:c7:02:28:05:6c:14:30:71:
         94:77:48:44:14:77:26:de:e1:5c:06:79:2d:8c:c5:cc:cf:91:
         3d:0d:79:05:e4:34:d8:71:5e:fa:73:82:f9:ed:4f:6d:00:14:
         92:b9:66:77:64:48:65:5a:ba:22:1a:76:a6:2a:36:d5:05:d3:
         54:3b:08:11:96:49:45:32:12:cc:25:c2:90:fd:d9:b5:1d:1d:
         bc:4d:c9:dd:a9:9a:7f:4a:29:8c:fa:a9:87:7f:9d:ba:f5:87:
         50:a5:2d:65:22:c1:97:70:e5:7e:5b:65:46:2d:6a:5c:77:45:
         dd:cd:92:93:43:35:e7:fe:89:cd:77:45:d4:76:b8:50:32:d7:
         f0:f5:9e:70:0d:33:28:55:2b:aa:51:48:95:c7:27:7b:3c:8a:
         9c:58:3b:ad:48:72:4a:f0:aa:07:a1:c5:ee:57:71:5e:03:9a:
         0b:42:22:62:ed:09:a2:82:ef:7d:5a:77:30:3c:c3:bc:b2:c5:
         18:66:e6:d0:26:97:38:a5:08:c5:ba:21:44:ad:97:4a:90:a2:
         1d:78:a2:3d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNN3jzCPcLx17Oys7BNTWoRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjQxMTIxMDgzNzEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODAxYjQ3MjYyNGRlZDEzZTg1ZWMxZWY2MWUzMmY0NmY4NzJhNTI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArW2nOU7rGogqNGyIl8JZWqrqmHKg
bYVpvEVfgALmC3PDyp+CDWMuBppdklL3Nl6esz+Fu0w9sBzUTvLxQCV+DOyET+s/
gUJCqd6+/tVUhxBWp8KZ4q5fiyLJiCTPP3etG9/0tOdgI5vhhcdTzO5RTA5n5WsF
AM3MDIPgn/i48z5l/zH/7Xa9yc5M4OX804I4/axTbPDrOPJ7RxYjAS+0ayXcgKIA
xqlaXRhfj/C4Xd/NZZFn0Wx6SY7iUpWOxPOtS6slK+Xu4n9QhZonn2TX5WENqIgR
vh6cvOJnwbAo9+JwRZAeKmI4g5C+f5GHmlaKLtkDPcE/cSfbvSJ5yYuVAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDgBtHJiTe0T6F7B72HjL0b4cqUpMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvT0FHMGNtSk43UlBvWHNIdlllTXZSdmh5cFNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVo5MA0G
CSqGSIb3DQEBCwUAA4IBAQC4oXdhI9YOj2kNUWd1J71PHJhgh+KIDuppt8vl8K2e
BwtNYg1qm+UlO90T75I+xwIoBWwUMHGUd0hEFHcm3uFcBnktjMXMz5E9DXkF5DTY
cV76c4L57U9tABSSuWZ3ZEhlWroiGnamKjbVBdNUOwgRlklFMhLMJcKQ/dm1HR28
TcndqZp/SimM+qmHf5269YdQpS1lIsGXcOV+W2VGLWpcd0XdzZKTQzXn/onNd0XU
drhQMtfw9Z5wDTMoVSuqUUiVxyd7PIqcWDutSHJK8KoHocXuV3FeA5oLQiJi7Qmi
gu99WncwPMO8ssUYZubQJpc4pQjFuiFErZdKkKIdeKI9
-----END CERTIFICATE-----