Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/ddxAwZ8Ho8nSndf35gfzOePCNVQ.roa
File:                     ddxAwZ8Ho8nSndf35gfzOePCNVQ.roa (raw, json)
Hash identifier:          wpKNMhnfPagw/9e6d9rgrZPf/thL+aBoJvazZYTUAnA=
Subject key identifier:   75:DC:40:C1:9F:07:A3:C9:D2:9D:D7:F7:E6:07:F3:39:E3:C2:35:54
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       019072DCE94BF57D31696609B57167D8C850
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/ddxAwZ8Ho8nSndf35gfzOePCNVQ.roa
Signing time:             Tue 02 Jul 2024 09:53:18 +0000
ROA not before:           Tue 02 Jul 2024 09:53:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214603
IP address blocks:        77.90.18.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:72:dc:e9:4b:f5:7d:31:69:66:09:b5:71:67:d8:c8:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Jul  2 09:53:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=75dc40c19f07a3c9d29dd7f7e607f339e3c23554
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:eb:90:b5:9a:75:41:5b:80:e1:d9:90:fc:3f:
                    cd:88:84:dc:db:a1:19:71:11:bb:82:fb:14:24:6e:
                    c9:fc:37:83:40:f0:05:67:8b:22:94:10:95:dc:a9:
                    51:c2:f2:3a:c9:e2:a0:cc:45:7f:8f:14:c6:89:de:
                    5c:a6:8c:66:cc:ee:f5:cb:d1:8e:9e:30:ba:c5:45:
                    a9:b9:cd:c7:cf:cf:2e:15:7e:7e:f3:7b:af:30:82:
                    d4:57:35:71:cb:75:99:19:b1:66:3f:28:fa:0d:19:
                    5a:c3:ae:7c:0b:d5:28:9c:e7:22:ef:f6:81:04:85:
                    b6:bf:17:88:44:9a:03:e4:9a:2c:6b:08:04:12:7f:
                    28:28:6b:c2:da:67:7f:f1:60:45:37:df:44:51:49:
                    98:57:3c:0f:dd:96:ac:e3:9b:fe:8f:35:ca:e4:5c:
                    35:1c:08:98:8a:83:5b:4b:68:85:91:dd:f6:6a:83:
                    b1:8f:61:e5:f3:31:17:a1:2a:68:1b:b4:1b:e4:a5:
                    b1:83:40:7f:7d:fd:3d:e5:6d:48:eb:57:ab:69:d7:
                    bf:ce:b5:df:88:f1:90:78:67:92:9e:ac:aa:5e:84:
                    d7:a1:6b:5a:25:e1:b4:33:e4:32:94:68:ca:08:03:
                    38:f3:f8:61:c1:2b:6d:7e:79:a2:6e:44:ee:01:0e:
                    d7:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:DC:40:C1:9F:07:A3:C9:D2:9D:D7:F7:E6:07:F3:39:E3:C2:35:54
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/ddxAwZ8Ho8nSndf35gfzOePCNVQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:2d:e1:1c:2d:f6:24:fd:d3:b9:a4:e0:69:a2:d3:6e:41:aa:
         97:27:a7:65:15:a2:4e:0a:bc:38:4f:66:0c:6e:b5:14:c0:5f:
         d0:ae:00:ba:02:3f:3a:4e:2e:9a:df:09:ca:eb:7c:e1:0a:ee:
         08:57:36:4d:70:ca:68:6a:a0:04:9f:f8:fa:12:ae:93:5c:bd:
         f0:a5:8f:46:82:17:9a:9f:60:29:7f:ad:f6:bb:7c:ed:7a:fa:
         7e:22:45:f6:e5:47:21:04:1f:24:ed:1f:fa:9b:62:3a:f8:ec:
         84:27:4b:cb:f7:07:66:de:76:3e:9b:e4:44:49:68:42:ef:65:
         12:eb:b4:c7:c0:e5:8b:f5:90:d2:47:f0:01:33:1c:7f:0b:d9:
         af:d6:31:fe:57:17:7b:ee:42:5c:35:80:6d:54:6a:44:47:e8:
         54:eb:7d:16:8b:23:a4:77:d7:68:3d:fd:0e:64:e7:53:f3:f6:
         7d:a6:83:e8:dc:42:9b:f9:6a:6e:c8:24:dc:e3:00:8d:02:6e:
         f6:27:87:ca:4d:60:9e:6c:7b:3b:a6:18:6d:88:6e:4f:38:0c:
         32:0d:ad:12:79:7a:1a:0d:67:b1:42:62:08:8e:ff:12:a6:2c:
         d8:2c:d7:ce:a2:1a:78:69:e2:d1:28:5e:9f:00:70:66:0a:1a:
         9b:6f:1f:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBy3OlL9X0xaWYJtXFn2MhQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjQwNzAyMDk1MzE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NWRjNDBjMTlmMDdhM2M5ZDI5ZGQ3ZjdlNjA3ZjMzOWUzYzIzNTU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3OuQtZp1QVuA4dmQ/D/NiITc26EZ
cRG7gvsUJG7J/DeDQPAFZ4silBCV3KlRwvI6yeKgzEV/jxTGid5cpoxmzO71y9GO
njC6xUWpuc3Hz88uFX5+83uvMILUVzVxy3WZGbFmPyj6DRlaw658C9UonOci7/aB
BIW2vxeIRJoD5JosawgEEn8oKGvC2md/8WBFN99EUUmYVzwP3Zas45v+jzXK5Fw1
HAiYioNbS2iFkd32aoOxj2Hl8zEXoSpoG7Qb5KWxg0B/ff095W1I61erade/zrXf
iPGQeGeSnqyqXoTXoWtaJeG0M+QylGjKCAM48/hhwSttfnmibkTuAQ7X1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHXcQMGfB6PJ0p3X9+YH8znjwjVUMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvZGR4QXdaOEhvOG5TbmRmMzVnZnpPZVBDTlZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVoSMA0G
CSqGSIb3DQEBCwUAA4IBAQAgLeEcLfYk/dO5pOBpotNuQaqXJ6dlFaJOCrw4T2YM
brUUwF/QrgC6Aj86Ti6a3wnK63zhCu4IVzZNcMpoaqAEn/j6Eq6TXL3wpY9Gghea
n2Apf632u3ztevp+IkX25UchBB8k7R/6m2I6+OyEJ0vL9wdm3nY+m+RESWhC72US
67THwOWL9ZDSR/ABMxx/C9mv1jH+Vxd77kJcNYBtVGpER+hU630WiyOkd9doPf0O
ZOdT8/Z9poPo3EKb+WpuyCTc4wCNAm72J4fKTWCebHs7phhtiG5POAwyDa0SeXoa
DWexQmIIjv8SpizYLNfOohp4aeLRKF6fAHBmChqbbx8H
-----END CERTIFICATE-----