Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/pnKZH43-CaKXh-9PBjblzQxGzjo.roa
File:                     pnKZH43-CaKXh-9PBjblzQxGzjo.roa (raw, json)
Hash identifier:          sSoC3EJBfoESPuapzDargSEvvR42R1rqBilXjD97mdg=
Subject key identifier:   A6:72:99:1F:8D:FE:09:A2:97:87:EF:4F:06:36:E5:CD:0C:46:CE:3A
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       01934ACCB74E3D4782028791936BF6705DDC
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/pnKZH43-CaKXh-9PBjblzQxGzjo.roa
Signing time:             Wed 20 Nov 2024 18:19:10 +0000
ROA not before:           Wed 20 Nov 2024 18:19:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209824
IP address blocks:        77.90.1.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:4a:cc:b7:4e:3d:47:82:02:87:91:93:6b:f6:70:5d:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Nov 20 18:19:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a672991f8dfe09a29787ef4f0636e5cd0c46ce3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:a3:04:aa:cc:e7:cd:ab:f3:0c:89:c1:e4:62:
                    4e:7d:37:57:b6:7f:e9:67:1f:cf:84:77:48:1d:dd:
                    5b:b7:7b:f2:66:6d:8e:d2:ad:72:ef:0d:de:c5:0e:
                    c3:bb:68:36:61:ef:29:29:73:79:5c:ff:78:da:b1:
                    53:53:96:8b:4f:65:c8:7b:67:2d:23:2b:b6:ce:73:
                    20:f3:a7:c3:e4:f1:d6:ad:a3:ba:eb:02:fb:15:07:
                    18:52:96:7e:7e:dd:85:ad:b2:44:04:63:cb:43:43:
                    62:59:33:0f:f8:e7:41:9f:9c:df:60:02:4c:db:ad:
                    e5:bc:78:61:c5:91:3e:cc:5d:49:db:29:cc:da:d1:
                    f9:90:09:93:23:b1:ae:0c:71:38:93:06:ac:3c:7d:
                    a2:6d:48:3c:a1:85:47:e8:18:5d:d6:78:82:3a:06:
                    35:cb:62:18:8c:ce:80:fa:1a:b0:1a:cd:c9:b7:82:
                    83:a5:36:ec:68:b5:35:6c:b5:4a:e3:d7:ad:43:90:
                    1b:01:f1:4d:a3:27:ec:d6:45:e9:5c:3e:2a:4a:57:
                    35:15:a2:0f:ab:34:6a:39:eb:0c:17:6c:3c:61:f4:
                    cf:13:87:12:40:fa:d9:17:3e:07:1e:31:f1:cb:e7:
                    0e:92:3a:4e:5c:0a:08:e9:b7:5c:ba:f5:65:ba:de:
                    39:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:72:99:1F:8D:FE:09:A2:97:87:EF:4F:06:36:E5:CD:0C:46:CE:3A
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/pnKZH43-CaKXh-9PBjblzQxGzjo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:59:d9:eb:4a:e4:bf:e2:b4:16:af:be:7e:5a:d3:33:a8:fc:
         d1:84:e9:c8:26:bc:28:9a:37:9e:8e:bf:13:41:a0:15:51:c9:
         a6:c9:89:aa:9c:0a:b8:13:b9:d8:a0:45:ed:92:c9:d2:b3:aa:
         4a:8a:7d:73:d0:a6:52:62:53:8f:a5:30:03:41:02:10:32:b2:
         e9:86:ff:97:a5:b8:bc:12:84:8b:f9:20:ed:68:09:8c:43:53:
         2c:08:3c:6b:93:f6:42:bf:0c:66:6a:3c:40:ce:fa:6f:ba:34:
         10:3e:43:be:6e:4b:f5:30:c7:2b:c0:36:74:61:4e:d6:74:5d:
         2e:56:26:60:f5:f0:86:a8:44:74:67:15:7a:a2:4e:a1:46:2d:
         2e:b6:a3:9b:8f:d9:ec:32:00:72:65:9d:63:b0:d8:02:94:f6:
         ed:b6:0a:4d:8b:09:37:84:cd:f4:4d:1a:56:64:0f:0e:c5:a2:
         16:a1:44:e2:0f:a0:76:92:32:29:90:c7:6b:95:58:a5:67:85:
         02:16:50:d4:88:5e:f0:8c:95:97:a8:7a:40:c7:1f:b4:20:6f:
         f4:ba:70:c5:2c:7b:e4:12:d1:c3:bb:59:e6:58:b6:0e:23:11:
         12:c0:73:7f:47:b5:6b:55:bd:8d:0b:77:a3:94:c9:d5:f9:03:
         4b:fd:01:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNKzLdOPUeCAoeRk2v2cF3cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjQxMTIwMTgxOTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjcyOTkxZjhkZmUwOWEyOTc4N2VmNGYwNjM2ZTVjZDBjNDZjZTNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApaMEqsznzavzDInB5GJOfTdXtn/p
Zx/PhHdIHd1bt3vyZm2O0q1y7w3exQ7Du2g2Ye8pKXN5XP942rFTU5aLT2XIe2ct
Iyu2znMg86fD5PHWraO66wL7FQcYUpZ+ft2FrbJEBGPLQ0NiWTMP+OdBn5zfYAJM
263lvHhhxZE+zF1J2ynM2tH5kAmTI7GuDHE4kwasPH2ibUg8oYVH6Bhd1niCOgY1
y2IYjM6A+hqwGs3Jt4KDpTbsaLU1bLVK49etQ5AbAfFNoyfs1kXpXD4qSlc1FaIP
qzRqOesMF2w8YfTPE4cSQPrZFz4HHjHxy+cOkjpOXAoI6bdcuvVlut45VQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKZymR+N/gmil4fvTwY25c0MRs46MB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvcG5LWkg0My1DYUtYaC05UEJqYmx6UXhHempvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVoBMA0G
CSqGSIb3DQEBCwUAA4IBAQAsWdnrSuS/4rQWr75+WtMzqPzRhOnIJrwomjeejr8T
QaAVUcmmyYmqnAq4E7nYoEXtksnSs6pKin1z0KZSYlOPpTADQQIQMrLphv+Xpbi8
EoSL+SDtaAmMQ1MsCDxrk/ZCvwxmajxAzvpvujQQPkO+bkv1MMcrwDZ0YU7WdF0u
ViZg9fCGqER0ZxV6ok6hRi0utqObj9nsMgByZZ1jsNgClPbttgpNiwk3hM30TRpW
ZA8OxaIWoUTiD6B2kjIpkMdrlVilZ4UCFlDUiF7wjJWXqHpAxx+0IG/0unDFLHvk
EtHDu1nmWLYOIxESwHN/R7VrVb2NC3ejlMnV+QNL/QHZ
-----END CERTIFICATE-----