Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/chLz6xyEg3OCbXZWz6NhtmCeHcM.roa
File:                     chLz6xyEg3OCbXZWz6NhtmCeHcM.roa (raw, json)
Hash identifier:          siUUtcQ40P5Ki1IZEwtzcf06yF/ypQn35jJOB+x3u/E=
Subject key identifier:   72:12:F3:EB:1C:84:83:73:82:6D:76:56:CF:A3:61:B6:60:9E:1D:C3
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       01934D85AA77B093B859200F1CB799D88107
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/chLz6xyEg3OCbXZWz6NhtmCeHcM.roa
Signing time:             Thu 21 Nov 2024 07:00:25 +0000
ROA not before:           Thu 21 Nov 2024 07:00:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44592
IP address blocks:        77.90.15.0/24 maxlen: 24
                          77.90.17.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:4d:85:aa:77:b0:93:b8:59:20:0f:1c:b7:99:d8:81:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Nov 21 07:00:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7212f3eb1c848373826d7656cfa361b6609e1dc3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:80:8f:d0:67:ca:71:a6:67:ae:89:8d:12:e8:
                    6d:97:15:e0:81:ec:bf:55:f8:71:f2:38:d4:97:48:
                    21:91:55:d2:90:e8:c0:6d:7b:e1:79:89:0f:d7:49:
                    1a:8c:7f:19:81:2f:35:90:12:a1:18:fb:cc:35:a7:
                    76:db:0f:36:8d:18:55:6e:ca:3d:af:11:df:4f:c9:
                    c5:8a:40:9a:b3:66:67:7a:fe:41:1b:28:c8:58:e2:
                    0c:d2:8e:aa:ab:0c:81:18:83:f4:72:b8:a7:ad:ba:
                    13:f9:a0:a3:ae:e4:a2:dc:0e:98:8b:de:06:43:e8:
                    4d:c8:2c:6a:1d:c7:29:f0:a9:ae:a2:20:67:d6:a7:
                    8e:f7:d2:f4:53:8d:61:0f:61:0d:5b:0c:5f:8f:8d:
                    12:00:36:c4:e9:2f:7b:ea:9a:59:64:ed:b2:6a:d0:
                    03:39:e7:54:0e:0f:93:58:54:1e:98:b8:12:a4:20:
                    a3:92:ab:d5:27:2d:f4:07:bd:3a:26:33:b8:95:92:
                    b6:fd:47:b8:d4:42:36:f6:b5:fa:6e:9a:7e:9f:1d:
                    61:dc:f6:9c:b3:f6:17:62:46:7c:e5:d5:a1:ca:55:
                    8e:f0:b6:e8:16:08:72:85:a2:d2:5d:af:98:9b:f3:
                    99:15:74:f8:ba:5a:44:2a:69:fb:10:64:b0:a3:db:
                    6f:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:12:F3:EB:1C:84:83:73:82:6D:76:56:CF:A3:61:B6:60:9E:1D:C3
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/chLz6xyEg3OCbXZWz6NhtmCeHcM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.15.0/24
                  77.90.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:c4:c8:22:23:c8:32:49:2c:31:48:6d:c7:57:65:e4:11:d9:
         f8:33:e9:c3:83:fc:ae:e9:58:9c:af:b6:43:14:10:fa:c0:a0:
         a9:68:26:c5:13:e9:a7:b1:a9:69:8a:09:13:6d:a7:11:70:95:
         6b:24:f2:bd:02:ea:13:59:87:ff:17:61:11:7e:24:fc:60:a1:
         21:bd:ba:39:b4:20:cf:1c:e5:6f:38:63:92:1e:ef:52:f6:02:
         57:9c:ee:63:ef:d0:04:b4:bd:69:84:24:69:6f:a7:15:e8:a8:
         fe:a4:ac:82:52:38:b9:b1:78:80:35:2e:e7:0d:cc:4e:22:ac:
         52:d7:eb:61:06:86:41:1e:bf:0b:97:af:f7:b7:c5:45:60:5d:
         0c:c8:77:70:f8:bd:bb:a8:21:c5:c7:d9:ae:71:5c:1d:b1:0f:
         12:e7:63:dd:83:d8:b7:e0:e3:1f:cf:69:95:43:fd:1c:6d:c1:
         67:72:38:5d:01:76:46:e5:31:7a:f7:c0:28:56:0b:3b:30:19:
         72:6a:69:ce:65:95:f5:3b:8d:4a:e0:59:84:9b:8c:6e:3c:87:
         19:5a:a7:ee:aa:21:f1:91:80:3e:a5:b6:5f:b5:fa:86:c9:8f:
         f7:6d:9d:9b:f2:76:28:9e:54:3d:53:c3:90:a6:08:37:88:a6:
         f8:f2:4c:51
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZNNhap3sJO4WSAPHLeZ2IEHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjQxMTIxMDcwMDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjEyZjNlYjFjODQ4MzczODI2ZDc2NTZjZmEzNjFiNjYwOWUxZGMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArICP0GfKcaZnromNEuhtlxXggey/
Vfhx8jjUl0ghkVXSkOjAbXvheYkP10kajH8ZgS81kBKhGPvMNad22w82jRhVbso9
rxHfT8nFikCas2Znev5BGyjIWOIM0o6qqwyBGIP0crinrboT+aCjruSi3A6Yi94G
Q+hNyCxqHccp8KmuoiBn1qeO99L0U41hD2ENWwxfj40SADbE6S976ppZZO2yatAD
OedUDg+TWFQemLgSpCCjkqvVJy30B706JjO4lZK2/Ue41EI29rX6bpp+nx1h3Pac
s/YXYkZ85dWhylWO8LboFghyhaLSXa+Ym/OZFXT4ulpEKmn7EGSwo9tvdwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHIS8+schINzgm12Vs+jYbZgnh3DMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvY2hMejZ4eUVnM09DYlhaV3o2Tmh0bUNlSGNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATVoPAwQA
TVoRMA0GCSqGSIb3DQEBCwUAA4IBAQAJxMgiI8gySSwxSG3HV2XkEdn4M+nDg/yu
6Vicr7ZDFBD6wKCpaCbFE+mnsalpigkTbacRcJVrJPK9AuoTWYf/F2ERfiT8YKEh
vbo5tCDPHOVvOGOSHu9S9gJXnO5j79AEtL1phCRpb6cV6Kj+pKyCUji5sXiANS7n
DcxOIqxS1+thBoZBHr8Ll6/3t8VFYF0MyHdw+L27qCHFx9mucVwdsQ8S52Pdg9i3
4OMfz2mVQ/0cbcFncjhdAXZG5TF698AoVgs7MBlyamnOZZX1O41K4FmEm4xuPIcZ
WqfuqiHxkYA+pbZftfqGyY/3bZ2b8nYonlQ9U8OQpgg3iKb48kxR
-----END CERTIFICATE-----