Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/3enX_5aFeIBcUNxI7mvvrgjcHnQ.roa
File:                     3enX_5aFeIBcUNxI7mvvrgjcHnQ.roa (raw, json)
Hash identifier:          NtsNF6H1hJ4CgRBT3d4FtRQTBDewAKbDdlINqv+ZdKY=
Subject key identifier:   DD:E9:D7:FF:96:85:78:80:5C:50:DC:48:EE:6B:EF:AE:08:DC:1E:74
Certificate issuer:       /CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
Certificate serial:       018CC492DF9B83DC834966770ABE860A8DAB
Authority key identifier: 81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/3enX_5aFeIBcUNxI7mvvrgjcHnQ.roa
Signing time:             Mon 01 Jan 2024 10:30:08 +0000
ROA not before:           Mon 01 Jan 2024 10:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60627
IP address blocks:        77.237.90.0/24 maxlen: 24
                          46.209.72.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:df:9b:83:dc:83:49:66:77:0a:be:86:0a:8d:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
        Validity
            Not Before: Jan  1 10:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dde9d7ff968578805c50dc48ee6befae08dc1e74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:02:8f:f1:44:6e:91:df:f0:7e:b8:01:b8:6d:
                    6d:b8:e7:c5:5f:1c:af:ac:88:b9:ad:79:b2:1f:9f:
                    d8:5d:47:f4:f7:a8:41:bf:0b:7f:de:e3:e3:fc:cd:
                    3e:a1:a2:c0:39:9b:e0:ad:69:0d:96:b8:74:cf:87:
                    f4:12:ef:71:a8:79:af:07:73:58:70:9b:3d:47:2d:
                    13:c6:b4:06:be:05:5d:88:59:91:fb:37:04:b8:7b:
                    90:47:ba:38:d3:25:7f:bb:46:bf:01:84:75:7c:60:
                    fb:6b:da:b8:73:c2:7f:56:b8:d4:60:8a:f2:2e:0d:
                    2f:2b:9b:a4:be:17:fd:84:9f:30:8e:bb:ee:99:33:
                    19:60:22:b8:b6:1d:a4:99:2e:59:83:df:dc:68:d5:
                    37:f5:55:08:32:34:d4:46:7b:c7:c7:01:24:2b:94:
                    c4:fc:1b:2d:ab:a1:e8:b3:65:c8:90:99:de:e7:af:
                    c4:64:b6:99:35:6d:ef:4d:0a:c5:39:7b:9e:db:d1:
                    a8:cc:b0:12:98:84:63:72:c9:c0:43:45:1d:18:60:
                    16:23:24:e6:54:a7:91:0f:8e:c5:c2:62:f4:d2:15:
                    3d:64:cd:5c:c2:63:22:6e:d3:7a:d2:f2:3f:40:99:
                    c7:8c:60:59:39:c2:a8:d6:fb:d1:46:fc:a8:ff:a7:
                    89:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:E9:D7:FF:96:85:78:80:5C:50:DC:48:EE:6B:EF:AE:08:DC:1E:74
            X509v3 Authority Key Identifier:
                keyid:81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/3enX_5aFeIBcUNxI7mvvrgjcHnQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.209.72.0/24
                  77.237.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:14:a3:a8:f1:93:02:93:7e:75:49:ba:bb:70:52:f6:21:2c:
         0c:c5:25:72:2b:65:f1:c0:60:09:95:c0:77:4c:32:c8:3a:41:
         05:74:c2:91:88:e5:c3:23:2f:84:59:7a:c0:b0:e6:ce:e3:36:
         f3:52:d0:f5:9f:21:86:8d:81:de:c7:42:98:b5:75:bb:80:1b:
         3a:22:0e:bb:3b:8f:ce:49:e9:a1:28:55:c7:d1:a7:4d:55:a8:
         b1:80:8c:ab:8f:9c:56:53:40:8f:aa:b6:ad:b2:95:87:55:c0:
         5f:32:fa:42:6d:67:e5:a2:84:05:c7:82:c0:5b:4e:4e:81:5a:
         c8:4f:7b:90:20:77:f9:59:97:e2:7d:39:71:89:73:1d:5a:06:
         8a:75:0e:ce:08:8b:2a:2f:62:66:dc:e5:53:31:ea:7e:42:c0:
         0a:c9:c1:e3:2d:0a:ac:04:81:45:95:8a:d7:6e:d1:87:b3:3e:
         24:26:a6:b6:89:54:b7:2c:bb:ea:37:3c:d5:f5:34:f3:2c:b6:
         06:ff:f5:6e:d5:fe:ad:2a:e7:09:3d:9f:b5:e3:4c:63:f5:17:
         4b:ff:41:11:13:6d:95:46:e0:fe:26:21:d7:08:dc:b8:dd:44:
         eb:23:47:57:09:e1:9c:0a:4a:5f:24:82:f0:9a:22:81:ab:44:
         16:40:33:e3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEkt+bg9yDSWZ3Cr6GCo2rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxY2NhOWYxNWUxOTIxOTUzYTYyOGM4YWQyYWM0YmU5Nzdi
NmMzMDMwHhcNMjQwMTAxMTAzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGU5ZDdmZjk2ODU3ODgwNWM1MGRjNDhlZTZiZWZhZTA4ZGMxZTc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkQKP8URukd/wfrgBuG1tuOfFXxyv
rIi5rXmyH5/YXUf096hBvwt/3uPj/M0+oaLAOZvgrWkNlrh0z4f0Eu9xqHmvB3NY
cJs9Ry0TxrQGvgVdiFmR+zcEuHuQR7o40yV/u0a/AYR1fGD7a9q4c8J/VrjUYIry
Lg0vK5ukvhf9hJ8wjrvumTMZYCK4th2kmS5Zg9/caNU39VUIMjTURnvHxwEkK5TE
/Bstq6Hos2XIkJne56/EZLaZNW3vTQrFOXue29GozLASmIRjcsnAQ0UdGGAWIyTm
VKeRD47FwmL00hU9ZM1cwmMibtN60vI/QJnHjGBZOcKo1vvRRvyo/6eJGQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFN3p1/+WhXiAXFDcSO5r764I3B50MB8GA1UdIwQY
MBaAFIHMqfFeGSGVOmKMitKsS+l3tsMDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2N5cDhWNFpJWlU2WW95SzBxeEw2WGUyd3dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8xZWEyYjAtNmI5YS00NGQ3LWEyZTUt
MjIwNmNjMmU2OTFjLzEvM2VuWF81YUZlSUJjVU54STdtdnZyZ2pjSG5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8xZWEyYjAtNmI5YS00NGQ3LWEyZTUtMjIwNmNjMmU2OTFj
LzEvZ2N5cDhWNFpJWlU2WW95SzBxeEw2WGUyd3dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALtFIAwQA
Te1aMA0GCSqGSIb3DQEBCwUAA4IBAQCmFKOo8ZMCk351Sbq7cFL2ISwMxSVyK2Xx
wGAJlcB3TDLIOkEFdMKRiOXDIy+EWXrAsObO4zbzUtD1nyGGjYHex0KYtXW7gBs6
Ig67O4/OSemhKFXH0adNVaixgIyrj5xWU0CPqratspWHVcBfMvpCbWflooQFx4LA
W05OgVrIT3uQIHf5WZfifTlxiXMdWgaKdQ7OCIsqL2Jm3OVTMep+QsAKycHjLQqs
BIFFlYrXbtGHsz4kJqa2iVS3LLvqNzzV9TTzLLYG//Vu1f6tKucJPZ+140xj9RdL
/0ERE22VRuD+JiHXCNy43UTrI0dXCeGcCkpfJILwmiKBq0QWQDPj
-----END CERTIFICATE-----