Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/ZzEZZaz7JlWhrNbDY5PdLjZOBjU.roa
File:                     ZzEZZaz7JlWhrNbDY5PdLjZOBjU.roa (raw, json)
Hash identifier:          MuXgGjiU4l/cAOecacML8UP0thrmp4argjNdXMlOFX0=
Subject key identifier:   67:31:19:65:AC:FB:26:55:A1:AC:D6:C3:63:93:DD:2E:36:4E:06:35
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       018E1E456F18BC85D794A835FE58D74723B7
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/ZzEZZaz7JlWhrNbDY5PdLjZOBjU.roa
Signing time:             Fri 08 Mar 2024 13:34:10 +0000
ROA not before:           Fri 08 Mar 2024 13:34:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197477
IP address blocks:        77.90.11.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 31 May 2024 03:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:1e:45:6f:18:bc:85:d7:94:a8:35:fe:58:d7:47:23:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Mar  8 13:34:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=67311965acfb2655a1acd6c36393dd2e364e0635
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:c4:a6:f6:f9:86:d8:23:1d:1c:b9:19:20:c0:
                    d1:a6:b1:ab:30:95:f0:5e:d4:19:53:39:40:60:1d:
                    bc:a6:fa:c3:3b:bd:09:b9:1e:68:45:62:09:e8:25:
                    f2:3c:c6:76:a7:19:38:e0:eb:9e:22:36:32:4a:ef:
                    3b:89:21:1a:b9:22:b3:bb:23:cf:dc:ee:39:ac:fe:
                    18:27:fb:4f:a5:87:ea:2f:d0:a7:3a:bf:94:95:30:
                    ec:2b:a3:3f:ec:6a:64:07:0c:67:86:5d:01:3a:6d:
                    57:bd:33:d8:67:46:e3:d1:ec:63:a5:68:31:3d:19:
                    06:a5:09:9e:95:ba:af:bd:29:cd:e8:61:53:bd:5f:
                    e8:08:2b:dd:20:8c:b3:d1:65:d6:d9:4f:71:2e:7a:
                    1c:30:8a:b4:2f:24:2d:81:58:b1:0c:eb:a1:fd:0c:
                    ac:60:ab:33:c1:20:de:24:e4:91:91:a4:e6:b8:37:
                    43:ff:93:2e:17:b0:1d:fd:39:34:fe:d5:50:0e:dc:
                    79:4e:8a:ad:82:e2:b5:38:08:67:e1:72:b0:2c:af:
                    e3:04:21:4d:5e:03:db:2d:34:98:b6:60:fb:ff:34:
                    8b:06:c0:44:b6:99:f0:ff:83:3a:08:9a:0e:8a:25:
                    6a:73:eb:b2:5d:45:be:e9:f3:72:52:f6:4a:e6:56:
                    90:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:31:19:65:AC:FB:26:55:A1:AC:D6:C3:63:93:DD:2E:36:4E:06:35
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/ZzEZZaz7JlWhrNbDY5PdLjZOBjU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bb:6f:b4:15:b1:8d:54:69:01:b3:df:a2:f3:3b:96:e7:e3:be:
         eb:32:38:5a:b8:fe:f5:4b:f7:d7:37:e4:12:b0:c4:bb:0d:5f:
         59:8f:fb:a4:90:ec:3f:61:5d:0d:86:93:4e:66:f4:3b:45:a5:
         94:ed:05:de:14:41:a7:7e:ce:b3:de:c4:00:6f:db:cb:11:93:
         c6:6e:26:f8:9b:d5:e6:d6:b7:d7:fe:99:e0:c2:fc:9c:2d:78:
         02:8c:b1:73:7d:4b:93:cd:a4:09:3f:dc:16:0e:e1:9a:79:4e:
         13:70:12:d9:66:3b:b3:d6:58:1b:c0:d9:88:db:a1:e5:6e:07:
         e9:2c:72:c7:1f:7d:85:49:1d:c4:90:3d:8b:8e:e5:3d:ab:ac:
         bc:20:8b:fb:ea:38:dc:b0:32:0e:d0:c0:a7:3f:4d:47:6f:69:
         d0:0a:a1:53:fe:b9:d2:a6:e2:e4:1f:1a:02:e6:71:d6:78:74:
         3f:ee:25:45:cd:49:60:f2:e6:92:e9:83:79:12:e0:79:2f:6e:
         1a:fd:dd:aa:94:7a:28:3b:84:7d:78:19:df:48:8a:69:fc:6f:
         37:a6:c5:81:9b:0d:62:96:25:0f:51:b1:5b:16:18:30:f6:38:
         11:c1:0b:6a:f3:c5:18:72:5a:c6:f2:b1:27:24:9e:12:3d:15:
         8e:20:fa:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4eRW8YvIXXlKg1/ljXRyO3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjQwMzA4MTMzNDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzMxMTk2NWFjZmIyNjU1YTFhY2Q2YzM2MzkzZGQyZTM2NGUwNjM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArsSm9vmG2CMdHLkZIMDRprGrMJXw
XtQZUzlAYB28pvrDO70JuR5oRWIJ6CXyPMZ2pxk44OueIjYySu87iSEauSKzuyPP
3O45rP4YJ/tPpYfqL9CnOr+UlTDsK6M/7GpkBwxnhl0BOm1XvTPYZ0bj0exjpWgx
PRkGpQmelbqvvSnN6GFTvV/oCCvdIIyz0WXW2U9xLnocMIq0LyQtgVixDOuh/Qys
YKszwSDeJOSRkaTmuDdD/5MuF7Ad/Tk0/tVQDtx5ToqtguK1OAhn4XKwLK/jBCFN
XgPbLTSYtmD7/zSLBsBEtpnw/4M6CJoOiiVqc+uyXUW+6fNyUvZK5laQkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGcxGWWs+yZVoazWw2OT3S42TgY1MB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvWnpFWlphejdKbFdock5iRFk1UGRMalpPQmpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVoLMA0G
CSqGSIb3DQEBCwUAA4IBAQC7b7QVsY1UaQGz36LzO5bn477rMjhauP71S/fXN+QS
sMS7DV9Zj/ukkOw/YV0NhpNOZvQ7RaWU7QXeFEGnfs6z3sQAb9vLEZPGbib4m9Xm
1rfX/pngwvycLXgCjLFzfUuTzaQJP9wWDuGaeU4TcBLZZjuz1lgbwNmI26Hlbgfp
LHLHH32FSR3EkD2LjuU9q6y8IIv76jjcsDIO0MCnP01Hb2nQCqFT/rnSpuLkHxoC
5nHWeHQ/7iVFzUlg8uaS6YN5EuB5L24a/d2qlHooO4R9eBnfSIpp/G83psWBmw1i
liUPUbFbFhgw9jgRwQtq88UYclrG8rEnJJ4SPRWOIPqq
-----END CERTIFICATE-----