Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/9c6e07-693f-46ce-8646-d7abcd0ef64a/1/D0wrD3HvW0-nRojGMLwghuk1wiE.roa
File:                     D0wrD3HvW0-nRojGMLwghuk1wiE.roa (raw, json)
Hash identifier:          ZZPSoXqp0vMCt9d4iyYiEvl0xcqdK7Xs4uGcb2YCgHs=
Subject key identifier:   0F:4C:2B:0F:71:EF:5B:4F:A7:46:88:C6:30:BC:20:86:E9:35:C2:21
Certificate issuer:       /CN=8a5a3417fbe25c2e467c18485c181a7776f96ff4
Certificate serial:       018F73ACA70DB0175CB0FF4B07094088E4B2
Authority key identifier: 8A:5A:34:17:FB:E2:5C:2E:46:7C:18:48:5C:18:1A:77:76:F9:6F:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ilo0F_viXC5GfBhIXBgad3b5b_Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/9c6e07-693f-46ce-8646-d7abcd0ef64a/1/D0wrD3HvW0-nRojGMLwghuk1wiE.roa
Signing time:             Mon 13 May 2024 20:37:25 +0000
ROA not before:           Mon 13 May 2024 20:37:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215567
IP address blocks:        77.93.133.0/24 maxlen: 24
                          77.93.140.0/24 maxlen: 24
                          77.93.142.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/9c6e07-693f-46ce-8646-d7abcd0ef64a/1/ilo0F_viXC5GfBhIXBgad3b5b_Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/9c6e07-693f-46ce-8646-d7abcd0ef64a/1/ilo0F_viXC5GfBhIXBgad3b5b_Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ilo0F_viXC5GfBhIXBgad3b5b_Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:73:ac:a7:0d:b0:17:5c:b0:ff:4b:07:09:40:88:e4:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a5a3417fbe25c2e467c18485c181a7776f96ff4
        Validity
            Not Before: May 13 20:37:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0f4c2b0f71ef5b4fa74688c630bc2086e935c221
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:88:68:e1:bd:28:46:77:f6:91:ca:10:11:7c:
                    29:d7:be:77:c2:71:1c:ba:ff:27:f4:8f:79:4e:1e:
                    40:48:22:a6:f5:83:36:9d:ac:b5:39:fa:58:e2:81:
                    8a:4c:c8:85:9f:29:39:f3:75:06:c4:a6:12:88:e5:
                    ed:d1:26:10:1e:f1:f3:4d:4e:1f:a1:94:c5:46:c7:
                    9a:4e:c2:55:9d:88:7f:81:5b:cf:51:e3:24:78:2f:
                    71:d1:ba:d8:bf:09:34:da:cd:c7:84:69:eb:ce:18:
                    7d:83:df:8d:6e:a5:ee:7c:20:e0:20:fd:64:c6:78:
                    05:27:00:b6:a4:15:72:e0:0c:96:ec:82:3e:7d:9f:
                    65:26:ea:5a:c8:b9:bc:5d:fa:d1:fd:df:27:b1:4b:
                    33:d7:e4:72:b5:47:e6:7f:dc:d3:88:a9:71:7a:72:
                    56:9a:50:74:a0:47:9b:73:aa:be:ca:cd:98:44:9f:
                    79:57:40:b2:0c:9f:b7:60:9f:54:95:72:35:35:c5:
                    0b:5f:2c:23:f7:db:0d:b6:5e:cd:86:14:70:ec:ae:
                    b7:44:1b:e0:07:bb:76:ee:4d:b4:5f:28:f1:3d:3e:
                    be:3a:dc:cd:15:75:14:8f:29:c2:6e:56:f0:70:fe:
                    e1:87:0e:aa:b5:3c:7d:68:2a:22:5f:d9:ba:21:3d:
                    18:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:4C:2B:0F:71:EF:5B:4F:A7:46:88:C6:30:BC:20:86:E9:35:C2:21
            X509v3 Authority Key Identifier:
                keyid:8A:5A:34:17:FB:E2:5C:2E:46:7C:18:48:5C:18:1A:77:76:F9:6F:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ilo0F_viXC5GfBhIXBgad3b5b_Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/9c6e07-693f-46ce-8646-d7abcd0ef64a/1/D0wrD3HvW0-nRojGMLwghuk1wiE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/9c6e07-693f-46ce-8646-d7abcd0ef64a/1/ilo0F_viXC5GfBhIXBgad3b5b_Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.93.133.0/24
                  77.93.140.0/24
                  77.93.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:a2:66:74:a2:22:99:93:76:03:16:1c:00:ee:a0:35:35:ba:
         f7:f8:75:78:19:94:3e:cf:dd:33:d6:81:ce:32:59:5d:e0:3e:
         48:fd:3f:d1:27:7a:96:53:19:e7:e3:40:8a:c7:9f:3b:e3:d5:
         2e:f2:d8:69:68:95:c5:af:6a:cb:ab:13:68:b0:85:fd:95:28:
         ca:1d:ee:4c:67:2a:ce:52:84:8c:ff:e3:94:b2:fa:e7:bd:b0:
         91:d2:8f:ea:7e:a3:e0:f4:18:da:e3:f8:54:b2:bb:89:1d:99:
         20:96:d7:00:b6:ca:9d:2d:46:8d:e3:63:b5:8b:0a:2f:31:f6:
         85:05:e5:4e:c3:5e:79:28:88:2c:ee:bb:13:82:50:82:ad:91:
         94:2a:d3:c7:97:6e:4c:41:17:69:c5:ca:79:e1:3b:91:7e:eb:
         b5:dd:02:d9:09:bc:72:1b:64:ce:74:46:77:ea:db:16:7a:9d:
         63:ac:94:c9:7f:62:fa:b3:74:56:d6:35:0d:a2:ee:34:9b:6d:
         37:5b:14:31:11:8d:58:c1:47:09:f8:1e:41:6e:de:3e:27:35:
         49:d7:70:43:fb:08:30:c4:4a:a4:4b:45:a4:f2:25:f7:88:c2:
         a5:a4:8e:c9:84:f3:c7:d8:57:2d:9e:64:de:e0:3a:10:c3:96:
         26:9c:d2:b0
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY9zrKcNsBdcsP9LBwlAiOSyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhNWEzNDE3ZmJlMjVjMmU0NjdjMTg0ODVjMTgxYTc3NzZm
OTZmZjQwHhcNMjQwNTEzMjAzNzI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjRjMmIwZjcxZWY1YjRmYTc0Njg4YzYzMGJjMjA4NmU5MzVjMjIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApIho4b0oRnf2kcoQEXwp1753wnEc
uv8n9I95Th5ASCKm9YM2nay1OfpY4oGKTMiFnyk583UGxKYSiOXt0SYQHvHzTU4f
oZTFRseaTsJVnYh/gVvPUeMkeC9x0brYvwk02s3HhGnrzhh9g9+NbqXufCDgIP1k
xngFJwC2pBVy4AyW7II+fZ9lJupayLm8XfrR/d8nsUsz1+RytUfmf9zTiKlxenJW
mlB0oEebc6q+ys2YRJ95V0CyDJ+3YJ9UlXI1NcULXywj99sNtl7NhhRw7K63RBvg
B7t27k20XyjxPT6+OtzNFXUUjynCblbwcP7hhw6qtTx9aCoiX9m6IT0YlQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFA9MKw9x71tPp0aIxjC8IIbpNcIhMB8GA1UdIwQY
MBaAFIpaNBf74lwuRnwYSFwYGnd2+W/0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWxvMEZfdmlYQzVHZkJoSVhCZ2FkM2I1Yl9RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC85YzZlMDctNjkzZi00NmNlLTg2NDYt
ZDdhYmNkMGVmNjRhLzEvRDB3ckQzSHZXMC1uUm9qR01Md2dodWsxd2lFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC85YzZlMDctNjkzZi00NmNlLTg2NDYtZDdhYmNkMGVmNjRh
LzEvaWxvMEZfdmlYQzVHZkJoSVhCZ2FkM2I1Yl9RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQATV2FAwQA
TV2MAwQATV2OMA0GCSqGSIb3DQEBCwUAA4IBAQANomZ0oiKZk3YDFhwA7qA1Nbr3
+HV4GZQ+z90z1oHOMlld4D5I/T/RJ3qWUxnn40CKx58749Uu8thpaJXFr2rLqxNo
sIX9lSjKHe5MZyrOUoSM/+OUsvrnvbCR0o/qfqPg9Bja4/hUsruJHZkgltcAtsqd
LUaN42O1iwovMfaFBeVOw155KIgs7rsTglCCrZGUKtPHl25MQRdpxcp54TuRfuu1
3QLZCbxyG2TOdEZ36tsWep1jrJTJf2L6s3RW1jUNou40m203WxQxEY1YwUcJ+B5B
bt4+JzVJ13BD+wgwxEqkS0Wk8iX3iMKlpI7JhPPH2FctnmTe4DoQw5YmnNKw
-----END CERTIFICATE-----