Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/sdbr3CarlVVKl_B5kuXbGW6sUfs.roa
File:                     sdbr3CarlVVKl_B5kuXbGW6sUfs.roa (raw, json)
Hash identifier:          /aEXHdbXGqDyV5gZ6UsZ6plOtUAbZCzRkpkPRR4UVts=
Subject key identifier:   B1:D6:EB:DC:26:AB:95:55:4A:97:F0:79:92:E5:DB:19:6E:AC:51:FB
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       0192765F5569DD9EDDF0915D6FE2BCBE4437
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/sdbr3CarlVVKl_B5kuXbGW6sUfs.roa
Signing time:             Thu 10 Oct 2024 12:20:12 +0000
ROA not before:           Thu 10 Oct 2024 12:20:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208208
IP address blocks:        77.90.46.0/24 maxlen: 24
                          77.90.47.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:76:5f:55:69:dd:9e:dd:f0:91:5d:6f:e2:bc:be:44:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Oct 10 12:20:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b1d6ebdc26ab95554a97f07992e5db196eac51fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:4c:97:57:09:fe:f3:cd:45:66:8f:f8:3c:66:
                    b3:e5:64:3a:af:b0:2b:19:fe:05:fe:80:34:f9:af:
                    1e:c2:6a:63:14:e1:53:a3:88:f4:f7:a8:4a:d2:9e:
                    7e:32:cc:1f:b0:93:dd:bf:65:2c:48:77:36:f3:66:
                    73:2e:7f:ea:d5:82:b7:bc:77:27:bb:bb:33:af:11:
                    f4:61:bd:68:d1:a9:29:a7:a6:06:f0:2b:2e:5f:78:
                    de:e8:3e:98:66:f8:b3:2b:81:35:21:9f:3d:27:0c:
                    69:79:af:33:56:0d:52:38:f7:15:0c:09:bd:51:b9:
                    82:1f:2c:04:51:4a:f5:66:9d:28:4f:a1:d8:42:d0:
                    0d:6b:8a:34:c8:22:42:21:32:65:79:c1:22:ec:04:
                    7b:3b:71:3c:0c:bd:6b:b3:50:b9:48:ca:17:db:e2:
                    e4:e7:d9:b4:3a:98:66:ec:17:c6:7d:db:62:94:b7:
                    98:6f:39:f9:b2:9b:6d:82:7c:bf:91:65:e4:59:bf:
                    21:7e:70:b4:53:12:be:dd:07:ce:fc:a0:4b:d7:cd:
                    c5:14:21:12:18:23:9a:67:4a:a9:26:18:20:c7:58:
                    53:29:58:08:6a:2a:33:0d:89:39:1f:f4:5c:fe:fa:
                    37:f7:ae:f3:f9:35:5c:8e:ff:ab:5d:fa:13:d0:43:
                    9d:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:D6:EB:DC:26:AB:95:55:4A:97:F0:79:92:E5:DB:19:6E:AC:51:FB
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/sdbr3CarlVVKl_B5kuXbGW6sUfs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.46.0/23

    Signature Algorithm: sha256WithRSAEncryption
         18:c0:b4:83:14:9b:e1:83:a4:77:f2:ef:6f:68:f8:69:9b:9d:
         3a:70:01:83:76:10:b6:39:da:3e:1e:ad:6b:50:47:fd:24:57:
         e2:db:00:bd:2c:c3:e9:45:fa:e5:82:f9:95:be:80:3c:26:89:
         f4:40:42:61:9c:cd:fd:cd:d0:a1:6a:f9:d6:3f:e8:3a:84:0c:
         14:a0:ee:1c:60:76:9d:ec:6e:bb:6c:b9:48:6f:9c:d2:6e:ae:
         98:32:66:23:32:e5:70:65:26:e5:56:4a:94:8a:f3:d9:b3:97:
         b8:0b:f8:3c:91:e1:9a:e1:81:31:eb:5b:94:0e:96:a7:7b:ff:
         11:7c:9a:28:f8:23:82:03:db:1c:40:5c:65:19:6f:4f:aa:84:
         3b:39:6d:a2:c8:99:81:d0:03:d1:d0:99:2b:d0:20:7b:93:05:
         32:21:64:b4:45:80:51:59:f8:0f:89:0d:5f:72:61:00:fc:48:
         c4:4b:95:c3:36:5f:5e:f2:7a:07:4c:be:77:31:7a:70:8a:13:
         a7:44:65:af:ab:78:93:ef:93:21:63:75:5c:ab:0b:de:c6:c3:
         c1:89:c6:bf:f3:fb:a1:8a:12:14:be:d6:4d:1e:bc:cd:7c:97:
         e1:5c:43:6d:34:93:3e:19:e3:eb:f7:ec:4f:0d:04:d4:ae:13:
         ee:58:d3:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJ2X1Vp3Z7d8JFdb+K8vkQ3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjQxMDEwMTIyMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWQ2ZWJkYzI2YWI5NTU1NGE5N2YwNzk5MmU1ZGIxOTZlYWM1MWZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgkyXVwn+881FZo/4PGaz5WQ6r7Ar
Gf4F/oA0+a8ewmpjFOFTo4j096hK0p5+MswfsJPdv2UsSHc282ZzLn/q1YK3vHcn
u7szrxH0Yb1o0akpp6YG8CsuX3je6D6YZvizK4E1IZ89Jwxpea8zVg1SOPcVDAm9
UbmCHywEUUr1Zp0oT6HYQtANa4o0yCJCITJlecEi7AR7O3E8DL1rs1C5SMoX2+Lk
59m0Ophm7BfGfdtilLeYbzn5spttgny/kWXkWb8hfnC0UxK+3QfO/KBL183FFCES
GCOaZ0qpJhggx1hTKVgIaiozDYk5H/Rc/vo3967z+TVcjv+rXfoT0EOdUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLHW69wmq5VVSpfweZLl2xlurFH7MB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvc2RicjNDYXJsVlZLbF9CNWt1WGJHVzZzVWZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBTVouMA0G
CSqGSIb3DQEBCwUAA4IBAQAYwLSDFJvhg6R38u9vaPhpm506cAGDdhC2Odo+Hq1r
UEf9JFfi2wC9LMPpRfrlgvmVvoA8Jon0QEJhnM39zdChavnWP+g6hAwUoO4cYHad
7G67bLlIb5zSbq6YMmYjMuVwZSblVkqUivPZs5e4C/g8keGa4YEx61uUDpane/8R
fJoo+COCA9scQFxlGW9PqoQ7OW2iyJmB0APR0Jkr0CB7kwUyIWS0RYBRWfgPiQ1f
cmEA/EjES5XDNl9e8noHTL53MXpwihOnRGWvq3iT75MhY3VcqwvexsPBica/8/uh
ihIUvtZNHrzNfJfhXENtNJM+GePr9+xPDQTUrhPuWNMc
-----END CERTIFICATE-----