Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/VCtbY_u2oF-kMm4I_XTX7jVB-Mg.roa
File:                     VCtbY_u2oF-kMm4I_XTX7jVB-Mg.roa (raw, json)
Hash identifier:          PNc7+yyffFXd3rKSZLTedqIfTGsbi+jXDCMKxDzVKT0=
Subject key identifier:   54:2B:5B:63:FB:B6:A0:5F:A4:32:6E:08:FD:74:D7:EE:35:41:F8:C8
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       0191B3C07E73701628A558C032D1CC3508A5
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/VCtbY_u2oF-kMm4I_XTX7jVB-Mg.roa
Signing time:             Mon 02 Sep 2024 17:20:22 +0000
ROA not before:           Mon 02 Sep 2024 17:20:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44486
IP address blocks:        77.90.3.0/24 maxlen: 24
                          77.90.28.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:b3:c0:7e:73:70:16:28:a5:58:c0:32:d1:cc:35:08:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Sep  2 17:20:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=542b5b63fbb6a05fa4326e08fd74d7ee3541f8c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:4c:86:5a:a1:91:e8:90:17:58:a2:8b:8e:d5:
                    59:05:e2:c2:b4:b0:66:24:79:a8:31:02:02:d3:0f:
                    58:c4:09:d4:f0:b9:5e:3a:96:8e:5a:24:b7:a2:95:
                    34:33:02:90:49:d4:3f:f2:29:d6:4f:08:b5:07:2d:
                    c4:79:e5:38:c9:78:1a:f1:da:0d:c8:ea:17:fe:7c:
                    e4:3b:fb:7a:18:62:5b:ce:6b:79:7a:c2:b0:1a:6b:
                    21:ee:c4:8e:8e:34:f9:d0:e0:19:db:ff:22:19:1c:
                    84:d4:8b:94:3b:3e:be:42:57:fd:7d:30:ea:1c:db:
                    fc:28:53:8a:d2:aa:af:30:84:a1:c5:26:c9:24:a0:
                    2d:9b:a5:a5:f7:14:ec:6e:4e:d4:13:f9:e5:05:ba:
                    dd:41:29:18:4d:8e:86:d8:8d:1f:8c:60:73:1d:8e:
                    4b:5e:87:25:54:f2:6b:2d:d0:88:68:72:16:08:05:
                    3a:88:27:d7:37:0d:f7:c8:bb:57:8f:80:b0:1f:53:
                    b8:8b:e8:85:2c:05:e4:6b:51:ff:bf:cc:00:17:b4:
                    ab:e3:f5:36:b4:8e:31:23:f5:73:27:54:ec:58:d9:
                    a2:7d:29:41:7c:be:b7:72:cd:d4:47:9d:e5:d1:1c:
                    31:33:18:8e:72:39:20:6e:8b:6a:5f:68:10:4b:03:
                    dd:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:2B:5B:63:FB:B6:A0:5F:A4:32:6E:08:FD:74:D7:EE:35:41:F8:C8
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/VCtbY_u2oF-kMm4I_XTX7jVB-Mg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.3.0/24
                  77.90.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c4:e8:19:17:44:ce:45:a4:5f:cb:47:cb:fd:34:cb:02:79:cf:
         57:69:85:bf:67:29:3a:f0:31:29:33:a1:b3:98:eb:46:6b:15:
         2a:f9:df:4f:3e:a5:66:c9:b4:1d:a3:9f:49:79:b3:15:8d:b6:
         41:a4:79:97:63:c6:8d:18:d8:98:e4:37:21:79:c2:e0:3a:7b:
         cd:65:52:29:3d:1e:db:49:51:f9:01:16:7c:5a:83:ca:9f:a1:
         75:ac:ea:b1:39:19:03:f2:f9:90:a5:1a:95:67:4c:33:9b:f8:
         79:59:ae:04:98:d8:e3:ce:e3:aa:a5:0b:72:59:9b:98:5b:07:
         01:1e:d7:1c:ac:71:ea:83:51:92:94:43:62:38:dd:10:23:43:
         45:d1:cd:6d:c2:31:5d:3b:0b:42:4c:1e:0c:90:75:46:d5:d5:
         c8:a4:88:c3:6c:70:40:6d:bc:bd:c9:8e:49:24:c3:ec:b2:02:
         52:27:52:e8:bd:8e:98:24:df:54:fd:b4:f5:fb:4b:31:f0:a0:
         cd:3a:d6:94:03:f1:0b:9a:e6:fd:ed:11:64:71:a9:26:40:02:
         d9:58:2e:9a:18:63:49:3d:42:fe:1a:51:0c:72:74:a5:8e:a1:
         68:74:b0:31:a9:68:e0:77:ea:83:cb:1f:2f:ce:46:66:cf:12:
         b0:b2:d7:9b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZGzwH5zcBYopVjAMtHMNQilMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjQwOTAyMTcyMDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDJiNWI2M2ZiYjZhMDVmYTQzMjZlMDhmZDc0ZDdlZTM1NDFmOGM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvUyGWqGR6JAXWKKLjtVZBeLCtLBm
JHmoMQIC0w9YxAnU8LleOpaOWiS3opU0MwKQSdQ/8inWTwi1By3EeeU4yXga8doN
yOoX/nzkO/t6GGJbzmt5esKwGmsh7sSOjjT50OAZ2/8iGRyE1IuUOz6+Qlf9fTDq
HNv8KFOK0qqvMIShxSbJJKAtm6Wl9xTsbk7UE/nlBbrdQSkYTY6G2I0fjGBzHY5L
XoclVPJrLdCIaHIWCAU6iCfXNw33yLtXj4CwH1O4i+iFLAXka1H/v8wAF7Sr4/U2
tI4xI/VzJ1TsWNmifSlBfL63cs3UR53l0RwxMxiOcjkgbotqX2gQSwPdPQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFQrW2P7tqBfpDJuCP101+41QfjIMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvVkN0YllfdTJvRi1rTW00SV9YVFg3alZCLU1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATVoDAwQA
TVocMA0GCSqGSIb3DQEBCwUAA4IBAQDE6BkXRM5FpF/LR8v9NMsCec9XaYW/Zyk6
8DEpM6GzmOtGaxUq+d9PPqVmybQdo59JebMVjbZBpHmXY8aNGNiY5DchecLgOnvN
ZVIpPR7bSVH5ARZ8WoPKn6F1rOqxORkD8vmQpRqVZ0wzm/h5Wa4EmNjjzuOqpQty
WZuYWwcBHtccrHHqg1GSlENiON0QI0NF0c1twjFdOwtCTB4MkHVG1dXIpIjDbHBA
bby9yY5JJMPssgJSJ1LovY6YJN9U/bT1+0sx8KDNOtaUA/ELmub97RFkcakmQALZ
WC6aGGNJPUL+GlEMcnSljqFodLAxqWjgd+qDyx8vzkZmzxKwsteb
-----END CERTIFICATE-----