Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/o6e6FcWXCSyyWR87I2qP1nN_45A.roa
File:                     o6e6FcWXCSyyWR87I2qP1nN_45A.roa (raw, json)
Hash identifier:          g0Bt/Cs9ikfO0B56eYKSVFoPtadyrQgt/veFgzAWhcA=
Subject key identifier:   A3:A7:BA:15:C5:97:09:2C:B2:59:1F:3B:23:6A:8F:D6:73:7F:E3:90
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       0193649DE6BFB8FADC13039FFAF885A05696
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/o6e6FcWXCSyyWR87I2qP1nN_45A.roa
Signing time:             Mon 25 Nov 2024 18:38:10 +0000
ROA not before:           Mon 25 Nov 2024 18:38:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214771
IP address blocks:        77.90.20.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Dec 2024 00:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:64:9d:e6:bf:b8:fa:dc:13:03:9f:fa:f8:85:a0:56:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Nov 25 18:38:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a3a7ba15c597092cb2591f3b236a8fd6737fe390
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:6c:c2:f6:1d:55:66:b6:a4:a6:27:0b:da:fc:
                    66:cb:e6:83:a2:ad:11:1f:75:f1:23:f2:b3:ce:46:
                    dd:a7:e5:d4:6b:55:d0:d6:83:88:15:8e:3b:d0:b7:
                    68:bd:03:49:6c:cc:32:14:d6:53:d3:ec:b3:d3:5e:
                    05:06:37:9f:43:d4:52:de:25:ee:1d:c5:68:a4:92:
                    18:de:21:2a:32:1e:32:4c:91:a2:80:94:b5:04:e9:
                    88:3f:86:06:a8:08:c2:05:48:88:37:92:b3:ce:bb:
                    6d:b4:7b:58:a8:d0:ad:fd:4d:0b:9e:9e:3e:06:02:
                    3c:3a:0f:08:af:03:75:08:67:a0:01:7d:ab:56:5b:
                    f4:8a:d4:bd:08:11:06:69:0c:c6:76:19:c4:fd:54:
                    53:d8:cc:3d:2d:3f:16:1c:bf:76:de:6d:54:10:cc:
                    5d:0a:16:17:7c:a1:f6:78:2e:8c:52:84:a0:7b:6c:
                    aa:8e:92:4e:9e:cd:4f:c1:ac:39:7a:12:d9:4b:a7:
                    f3:7c:5d:30:60:e3:f9:9b:4c:d8:8a:bc:35:9f:18:
                    c4:96:c3:13:40:a7:cf:f0:85:ac:12:c9:ac:18:ff:
                    08:6e:80:69:2b:5c:3c:87:43:42:70:02:f1:ba:23:
                    3d:14:e7:47:9d:8d:79:99:18:19:2d:14:44:91:4b:
                    2b:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:A7:BA:15:C5:97:09:2C:B2:59:1F:3B:23:6A:8F:D6:73:7F:E3:90
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/o6e6FcWXCSyyWR87I2qP1nN_45A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:f1:29:32:98:5a:3b:9c:56:1b:dc:ad:f6:f8:df:37:99:19:
         33:0f:7b:7a:c3:c3:28:62:05:c0:f2:ee:12:c7:bd:47:36:da:
         bb:7a:86:b8:c9:03:53:8b:9f:8c:db:a3:33:e7:86:0d:f0:6f:
         33:e5:e8:59:21:fd:51:64:ef:14:7d:92:9a:25:ba:ee:93:d3:
         df:92:01:3e:dd:00:fe:b6:51:95:90:cd:f9:d3:eb:56:af:d3:
         e4:19:d9:08:d0:0a:41:fa:31:ee:bd:4d:1b:93:ac:f2:65:62:
         5d:61:a7:3b:c1:d8:1d:29:11:96:a7:9f:51:69:9d:b4:a4:e1:
         16:1a:53:0b:28:9e:4f:28:16:5d:b7:f8:42:5c:d0:a7:55:0b:
         b9:ed:66:1d:ee:76:67:50:f1:cb:3a:e4:f7:0a:2e:ec:37:3c:
         9a:ce:b3:d0:75:40:7b:9f:16:a5:07:93:6d:d5:c2:34:a3:cf:
         c1:50:4e:5b:65:71:63:84:d7:e2:47:63:57:42:ed:54:e3:cb:
         ba:bf:3b:9c:db:44:70:c2:6a:97:a6:16:d7:65:5a:41:2a:04:
         19:d0:6f:82:bc:57:72:22:c6:57:3d:34:4c:65:d1:ac:20:db:
         62:1c:01:75:08:e4:f3:fe:99:0d:ac:13:29:9f:62:12:5a:cf:
         a4:d1:c7:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNknea/uPrcEwOf+viFoFaWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjQxMTI1MTgzODEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2E3YmExNWM1OTcwOTJjYjI1OTFmM2IyMzZhOGZkNjczN2ZlMzkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtmzC9h1VZrakpicL2vxmy+aDoq0R
H3XxI/Kzzkbdp+XUa1XQ1oOIFY470LdovQNJbMwyFNZT0+yz014FBjefQ9RS3iXu
HcVopJIY3iEqMh4yTJGigJS1BOmIP4YGqAjCBUiIN5KzzrtttHtYqNCt/U0Lnp4+
BgI8Og8IrwN1CGegAX2rVlv0itS9CBEGaQzGdhnE/VRT2Mw9LT8WHL923m1UEMxd
ChYXfKH2eC6MUoSge2yqjpJOns1Pwaw5ehLZS6fzfF0wYOP5m0zYirw1nxjElsMT
QKfP8IWsEsmsGP8IboBpK1w8h0NCcALxuiM9FOdHnY15mRgZLRREkUsriwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKOnuhXFlwksslkfOyNqj9Zzf+OQMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvbzZlNkZjV1hDU3l5V1I4N0kycVAxbk5fNDVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVoUMA0G
CSqGSIb3DQEBCwUAA4IBAQCp8SkymFo7nFYb3K32+N83mRkzD3t6w8MoYgXA8u4S
x71HNtq7eoa4yQNTi5+M26Mz54YN8G8z5ehZIf1RZO8UfZKaJbruk9PfkgE+3QD+
tlGVkM350+tWr9PkGdkI0ApB+jHuvU0bk6zyZWJdYac7wdgdKRGWp59RaZ20pOEW
GlMLKJ5PKBZdt/hCXNCnVQu57WYd7nZnUPHLOuT3Ci7sNzyazrPQdUB7nxalB5Nt
1cI0o8/BUE5bZXFjhNfiR2NXQu1U48u6vzuc20RwwmqXphbXZVpBKgQZ0G+CvFdy
IsZXPTRMZdGsINtiHAF1COTz/pkNrBMpn2ISWs+k0cdr
-----END CERTIFICATE-----