Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/QXzgfCP4zR6cJUKEPNSMDt3trK8.roa
File:                     QXzgfCP4zR6cJUKEPNSMDt3trK8.roa (raw, json)
Hash identifier:          mL23ShF4pUPZFABttBmYIm1+MZTCn8AM2zQr8/fIKQE=
Subject key identifier:   41:7C:E0:7C:23:F8:CD:1E:9C:25:42:84:3C:D4:8C:0E:DD:ED:AC:AF
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       018F4964D8756EBAA49D620A726736645937
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/QXzgfCP4zR6cJUKEPNSMDt3trK8.roa
Signing time:             Sun 05 May 2024 15:34:56 +0000
ROA not before:           Sun 05 May 2024 15:34:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44486
IP address blocks:        77.90.3.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 31 May 2024 03:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:49:64:d8:75:6e:ba:a4:9d:62:0a:72:67:36:64:59:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: May  5 15:34:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=417ce07c23f8cd1e9c2542843cd48c0eddedacaf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:2b:8b:66:c3:6d:54:8b:22:c7:b4:7e:d5:b4:
                    c6:06:58:93:3c:85:06:a4:a6:93:0b:56:b5:cd:32:
                    fd:80:2f:4b:18:d1:6a:c5:13:7a:bc:51:7f:7d:dd:
                    c9:e1:dc:af:0c:f4:16:b6:17:3c:96:43:0e:af:5d:
                    b7:9e:1b:e4:e4:ba:60:6b:c4:15:01:04:b6:1d:73:
                    c2:ec:58:e6:5d:a4:5a:9d:a9:b3:5e:d1:ac:a7:56:
                    a4:d3:1c:11:47:9f:1f:99:4d:32:32:30:05:14:ac:
                    1e:cf:ac:0a:1e:0e:fb:95:c4:18:dc:68:c5:54:ca:
                    c9:c2:93:56:ab:e6:26:de:e1:69:8f:2d:37:fc:d5:
                    71:38:35:df:8a:a9:88:8a:dd:8d:74:e5:be:9f:ae:
                    3c:31:8a:56:d3:8f:e0:5a:e9:aa:b3:42:88:33:9f:
                    56:bf:e1:8b:69:8b:01:98:e0:92:be:52:0f:c1:6d:
                    1d:33:76:d8:f7:fc:66:34:29:0b:6d:84:f9:b5:51:
                    fc:45:0a:a9:60:cf:e8:15:df:47:de:d0:b1:c8:e3:
                    20:8f:f8:db:ab:c1:f0:4c:57:2f:e2:01:e8:bf:97:
                    ba:49:f1:6f:2f:9c:b6:5b:f9:a5:7b:68:b1:04:0f:
                    7d:0c:96:ee:fa:de:37:5c:e7:27:90:ec:81:72:a3:
                    19:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:7C:E0:7C:23:F8:CD:1E:9C:25:42:84:3C:D4:8C:0E:DD:ED:AC:AF
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/QXzgfCP4zR6cJUKEPNSMDt3trK8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:bf:ec:68:ed:0c:f7:e1:e8:c6:52:5e:9c:fc:e9:7f:31:93:
         90:ee:ad:b0:8d:41:aa:d0:59:54:4a:f3:fd:31:1c:58:4d:4b:
         76:53:ce:10:e2:28:77:0d:38:05:f9:af:a4:a0:52:f9:89:31:
         9a:c6:07:c1:70:37:0c:38:ae:64:f2:bf:c4:ab:e9:81:a6:6a:
         4d:6a:77:ee:5d:14:51:08:11:a3:a3:59:a2:48:4c:33:5e:60:
         66:2e:02:24:13:32:b6:5c:2d:1e:44:5f:f8:33:d7:33:c0:01:
         ef:15:9e:91:0e:3a:ac:84:b4:c7:b7:8b:37:a4:58:af:25:2d:
         c5:b1:43:0e:77:21:b9:d7:56:f5:a3:24:5f:a7:db:26:16:ae:
         bf:52:8d:44:68:60:1a:c5:96:28:c7:55:76:3d:01:ae:40:d0:
         79:5b:60:49:bc:6e:9a:22:96:5e:41:f1:87:a3:d0:b3:e7:dd:
         1a:05:6b:69:7d:3b:65:3f:c9:95:41:8b:6a:d9:9d:21:0a:c2:
         99:53:dd:d7:e4:84:72:d2:02:7d:58:b6:e9:3b:8a:14:41:a6:
         58:5b:c9:f2:a7:01:69:93:90:89:26:cf:8f:ad:09:ec:bb:bd:
         82:1a:b1:6d:d5:6b:c9:66:ac:a4:b7:ec:ed:10:f3:b6:7a:c7:
         06:1b:1c:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9JZNh1brqknWIKcmc2ZFk3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjQwNTA1MTUzNDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTdjZTA3YzIzZjhjZDFlOWMyNTQyODQzY2Q0OGMwZWRkZWRhY2FmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsSuLZsNtVIsix7R+1bTGBliTPIUG
pKaTC1a1zTL9gC9LGNFqxRN6vFF/fd3J4dyvDPQWthc8lkMOr123nhvk5Lpga8QV
AQS2HXPC7FjmXaRanamzXtGsp1ak0xwRR58fmU0yMjAFFKwez6wKHg77lcQY3GjF
VMrJwpNWq+Ym3uFpjy03/NVxODXfiqmIit2NdOW+n648MYpW04/gWumqs0KIM59W
v+GLaYsBmOCSvlIPwW0dM3bY9/xmNCkLbYT5tVH8RQqpYM/oFd9H3tCxyOMgj/jb
q8HwTFcv4gHov5e6SfFvL5y2W/mle2ixBA99DJbu+t43XOcnkOyBcqMZPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEF84Hwj+M0enCVChDzUjA7d7ayvMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvUVh6Z2ZDUDR6UjZjSlVLRVBOU01EdDN0cks4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVoDMA0G
CSqGSIb3DQEBCwUAA4IBAQCUv+xo7Qz34ejGUl6c/Ol/MZOQ7q2wjUGq0FlUSvP9
MRxYTUt2U84Q4ih3DTgF+a+koFL5iTGaxgfBcDcMOK5k8r/Eq+mBpmpNanfuXRRR
CBGjo1miSEwzXmBmLgIkEzK2XC0eRF/4M9czwAHvFZ6RDjqshLTHt4s3pFivJS3F
sUMOdyG511b1oyRfp9smFq6/Uo1EaGAaxZYox1V2PQGuQNB5W2BJvG6aIpZeQfGH
o9Cz590aBWtpfTtlP8mVQYtq2Z0hCsKZU93X5IRy0gJ9WLbpO4oUQaZYW8nypwFp
k5CJJs+PrQnsu72CGrFt1WvJZqykt+ztEPO2escGGxx+
-----END CERTIFICATE-----