Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/UxAc3yfs2I6ur30DX5OFivDxXp8.roa
File:                     UxAc3yfs2I6ur30DX5OFivDxXp8.roa (raw, json)
Hash identifier:          dtsNeRB89uBGPryBZ14xrqRCMEWmHShzCkjhNakG9b0=
Subject key identifier:   53:10:1C:DF:27:EC:D8:8E:AE:AF:7D:03:5F:93:85:8A:F0:F1:5E:9F
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       0190B9033879880E8E68E8276BEB2D1ED2BB
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/UxAc3yfs2I6ur30DX5OFivDxXp8.roa
Signing time:             Tue 16 Jul 2024 00:48:34 +0000
ROA not before:           Tue 16 Jul 2024 00:48:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214556
IP address blocks:        77.90.27.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:b9:03:38:79:88:0e:8e:68:e8:27:6b:eb:2d:1e:d2:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Jul 16 00:48:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=53101cdf27ecd88eaeaf7d035f93858af0f15e9f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:b2:9c:60:c8:d9:9d:30:51:45:fc:a6:75:47:
                    bc:62:cd:fd:26:ab:2c:2c:d8:3b:2c:a4:4b:d9:63:
                    5a:dc:76:3a:c3:0a:d2:ab:27:9b:6f:06:be:cb:0e:
                    03:a7:9a:42:42:26:af:20:68:4e:4c:d1:b3:24:26:
                    6b:59:23:f7:96:22:da:62:15:1a:bb:15:cd:71:b0:
                    d5:d1:bc:8b:14:c8:ae:f5:b7:22:6e:2c:2a:b0:c4:
                    78:31:5c:c3:05:04:df:61:15:56:de:49:3b:77:fd:
                    a3:7b:12:04:78:d4:e7:55:d7:19:a4:8c:c3:68:26:
                    d0:42:3e:5d:c4:e4:e6:a4:27:1a:37:2d:0b:cf:46:
                    6a:45:76:10:57:c4:25:e6:98:81:cf:2c:94:6f:09:
                    8b:09:2d:31:b6:7d:a5:9a:9d:5e:e0:92:4e:01:90:
                    f7:61:11:7a:20:b7:43:dd:76:dd:22:82:f5:a6:97:
                    bb:d3:0e:10:92:8e:e2:cd:87:54:36:b0:aa:3b:67:
                    3d:c2:d3:89:e1:1a:89:9b:1a:8b:28:7e:00:23:99:
                    19:fc:53:4a:eb:72:28:58:fb:68:a5:b3:a9:94:d3:
                    7b:8a:ef:e2:3c:fa:4a:37:e0:3a:16:07:90:88:a6:
                    d8:3f:11:91:9e:bb:17:92:f4:90:66:6b:c7:e0:d5:
                    a5:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:10:1C:DF:27:EC:D8:8E:AE:AF:7D:03:5F:93:85:8A:F0:F1:5E:9F
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/UxAc3yfs2I6ur30DX5OFivDxXp8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:0f:a7:b5:8f:e8:8d:ae:70:6b:7c:32:27:11:0e:fd:ec:70:
         7e:1a:54:76:a8:96:66:09:b2:2e:b2:4a:e5:0b:a0:cf:96:24:
         9c:e3:f6:0c:18:2c:16:06:e7:a2:35:83:94:51:c3:6e:d8:f2:
         bf:95:03:b3:bb:1b:ab:13:55:4d:41:02:33:73:aa:64:5e:6a:
         5f:23:00:32:bc:be:7b:33:76:52:82:75:9a:96:63:68:92:6b:
         43:be:a0:e4:6d:60:e0:95:3a:37:df:29:03:bd:8b:c5:4b:96:
         a4:8a:4b:9f:06:d2:cf:eb:27:19:83:5d:0f:15:53:78:d5:da:
         02:a9:de:29:af:46:5d:fc:8c:d3:60:b1:a2:bb:37:9c:ac:04:
         37:af:a7:69:f2:48:3f:91:56:50:61:72:04:6b:a9:22:6f:16:
         79:e6:39:c0:8d:36:94:92:8c:2e:04:a5:c2:16:52:4d:23:8f:
         62:e0:2b:6c:5a:61:f0:19:5b:c1:5d:a7:c2:f3:4a:d6:11:8b:
         cc:ef:0c:74:5d:67:14:74:46:22:bd:1f:b5:55:1b:a9:ad:e1:
         b1:ee:7c:0f:07:d8:4d:94:3d:79:38:ba:b0:03:03:36:3c:f2:
         b1:9b:59:00:33:d8:14:8a:5a:27:65:b4:58:c0:35:1e:17:e1:
         91:09:0d:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZC5Azh5iA6OaOgna+stHtK7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjQwNzE2MDA0ODM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzEwMWNkZjI3ZWNkODhlYWVhZjdkMDM1ZjkzODU4YWYwZjE1ZTlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyLKcYMjZnTBRRfymdUe8Ys39Jqss
LNg7LKRL2WNa3HY6wwrSqyebbwa+yw4Dp5pCQiavIGhOTNGzJCZrWSP3liLaYhUa
uxXNcbDV0byLFMiu9bcibiwqsMR4MVzDBQTfYRVW3kk7d/2jexIEeNTnVdcZpIzD
aCbQQj5dxOTmpCcaNy0Lz0ZqRXYQV8Ql5piBzyyUbwmLCS0xtn2lmp1e4JJOAZD3
YRF6ILdD3XbdIoL1ppe70w4Qko7izYdUNrCqO2c9wtOJ4RqJmxqLKH4AI5kZ/FNK
63IoWPtopbOplNN7iu/iPPpKN+A6FgeQiKbYPxGRnrsXkvSQZmvH4NWleQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFMQHN8n7NiOrq99A1+ThYrw8V6fMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvVXhBYzN5ZnMySTZ1cjMwRFg1T0ZpdkR4WHA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVobMA0G
CSqGSIb3DQEBCwUAA4IBAQBID6e1j+iNrnBrfDInEQ797HB+GlR2qJZmCbIuskrl
C6DPliSc4/YMGCwWBueiNYOUUcNu2PK/lQOzuxurE1VNQQIzc6pkXmpfIwAyvL57
M3ZSgnWalmNokmtDvqDkbWDglTo33ykDvYvFS5akikufBtLP6ycZg10PFVN41doC
qd4pr0Zd/IzTYLGiuzecrAQ3r6dp8kg/kVZQYXIEa6kibxZ55jnAjTaUkowuBKXC
FlJNI49i4CtsWmHwGVvBXafC80rWEYvM7wx0XWcUdEYivR+1VRupreGx7nwPB9hN
lD15OLqwAwM2PPKxm1kAM9gUilonZbRYwDUeF+GRCQ0t
-----END CERTIFICATE-----