Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/9c6e07-693f-46ce-8646-d7abcd0ef64a/1/Dkx8MbZ_qvCIQT75MJAoSVQO2no.roa
File:                     Dkx8MbZ_qvCIQT75MJAoSVQO2no.roa (raw, json)
Hash identifier:          3+WzNOLPu4nJo39PQ7tLtCcH47CjlgO6qzLipUPbVCA=
Subject key identifier:   0E:4C:7C:31:B6:7F:AA:F0:88:41:3E:F9:30:90:28:49:54:0E:DA:7A
Certificate issuer:       /CN=8a5a3417fbe25c2e467c18485c181a7776f96ff4
Certificate serial:       0190227903821BE531F0B338C6C628E32B4A
Authority key identifier: 8A:5A:34:17:FB:E2:5C:2E:46:7C:18:48:5C:18:1A:77:76:F9:6F:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ilo0F_viXC5GfBhIXBgad3b5b_Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/9c6e07-693f-46ce-8646-d7abcd0ef64a/1/Dkx8MbZ_qvCIQT75MJAoSVQO2no.roa
Signing time:             Sun 16 Jun 2024 19:14:34 +0000
ROA not before:           Sun 16 Jun 2024 19:14:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     397423
IP address blocks:        77.93.143.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/9c6e07-693f-46ce-8646-d7abcd0ef64a/1/ilo0F_viXC5GfBhIXBgad3b5b_Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/9c6e07-693f-46ce-8646-d7abcd0ef64a/1/ilo0F_viXC5GfBhIXBgad3b5b_Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ilo0F_viXC5GfBhIXBgad3b5b_Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:22:79:03:82:1b:e5:31:f0:b3:38:c6:c6:28:e3:2b:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a5a3417fbe25c2e467c18485c181a7776f96ff4
        Validity
            Not Before: Jun 16 19:14:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0e4c7c31b67faaf088413ef930902849540eda7a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:3a:ac:c6:9b:8b:b8:82:22:19:4a:b7:d3:b6:
                    41:10:1e:6c:41:dc:7c:cd:67:60:20:31:15:e1:47:
                    98:4e:6a:b4:93:43:ca:4e:df:fb:a0:2a:8b:4f:fe:
                    59:c9:85:f3:77:91:e2:af:fc:21:59:29:d5:90:5e:
                    07:11:0b:cf:3b:6a:4c:c3:1e:9c:03:b1:71:12:11:
                    e5:5d:58:b2:57:e2:33:02:61:cb:c4:77:da:bd:49:
                    71:15:ac:02:39:21:99:14:6f:d4:95:cc:6c:70:0c:
                    34:61:ce:dd:b1:bb:40:ad:c8:0b:22:50:05:1d:ea:
                    a8:5b:df:28:4c:25:e4:29:b4:4d:64:c6:87:c0:d7:
                    09:54:8c:f8:29:0e:40:dd:d6:5f:6a:3c:03:74:7d:
                    f0:44:e7:39:91:88:5b:26:19:88:37:dc:4b:ba:92:
                    5f:6f:8d:df:bb:49:74:71:36:a2:1e:76:39:09:66:
                    8e:e3:14:02:b5:81:16:f0:b9:08:70:8b:dd:a7:54:
                    05:7f:ce:91:d1:e9:57:fa:ff:83:2d:dd:9e:d4:ae:
                    8b:1c:34:e1:4c:01:fb:9d:ab:7d:2c:cf:b1:f8:02:
                    53:27:46:4e:97:ad:7b:ef:ba:87:5b:2e:c8:57:a7:
                    63:4d:9c:6a:dc:53:4a:c3:06:e0:d7:3f:31:26:62:
                    20:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:4C:7C:31:B6:7F:AA:F0:88:41:3E:F9:30:90:28:49:54:0E:DA:7A
            X509v3 Authority Key Identifier:
                keyid:8A:5A:34:17:FB:E2:5C:2E:46:7C:18:48:5C:18:1A:77:76:F9:6F:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ilo0F_viXC5GfBhIXBgad3b5b_Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/9c6e07-693f-46ce-8646-d7abcd0ef64a/1/Dkx8MbZ_qvCIQT75MJAoSVQO2no.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/9c6e07-693f-46ce-8646-d7abcd0ef64a/1/ilo0F_viXC5GfBhIXBgad3b5b_Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.93.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:87:f0:ae:9a:75:03:d5:e3:eb:5d:f7:bc:7d:f2:38:7a:fb:
         49:a3:b8:95:05:92:8e:47:5b:57:aa:1c:c1:af:8b:d8:c7:91:
         21:71:d9:ad:e7:6b:4b:76:5e:a6:53:e3:c8:d1:95:74:83:f8:
         42:8a:be:f2:3a:32:9b:4c:71:63:e3:81:ea:e7:41:20:d3:1b:
         ae:4c:2f:88:dc:ee:a0:19:69:19:6f:23:8c:e9:b3:5d:58:6a:
         e6:bf:f4:7f:04:d1:a1:2c:c6:12:66:58:a9:57:9c:51:e3:c0:
         02:af:d6:10:4a:90:09:bb:65:f2:e0:1d:cf:fb:75:5f:08:9b:
         31:e2:e4:90:ad:1c:5d:5c:15:ca:d4:32:39:23:dc:73:93:af:
         33:18:21:96:09:d4:f4:45:69:77:26:8d:ae:d8:87:7d:2a:2e:
         28:e5:ff:a5:a9:cf:cd:8a:58:da:cb:90:dc:b1:c8:49:93:68:
         2d:59:20:a4:0a:9b:7b:4b:ba:2b:eb:73:d3:13:24:47:03:b5:
         fd:89:38:06:3e:ef:3a:7f:c9:4c:6c:36:79:1b:8b:23:2c:8d:
         ae:13:91:09:45:87:62:a0:51:77:d6:d6:44:e7:f2:6f:57:93:
         6e:b3:67:1d:d9:f5:16:14:ba:f7:29:d4:e4:9f:32:99:79:a4:
         94:ce:a1:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZAieQOCG+Ux8LM4xsYo4ytKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhNWEzNDE3ZmJlMjVjMmU0NjdjMTg0ODVjMTgxYTc3NzZm
OTZmZjQwHhcNMjQwNjE2MTkxNDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTRjN2MzMWI2N2ZhYWYwODg0MTNlZjkzMDkwMjg0OTU0MGVkYTdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1TqsxpuLuIIiGUq307ZBEB5sQdx8
zWdgIDEV4UeYTmq0k0PKTt/7oCqLT/5ZyYXzd5Hir/whWSnVkF4HEQvPO2pMwx6c
A7FxEhHlXViyV+IzAmHLxHfavUlxFawCOSGZFG/UlcxscAw0Yc7dsbtArcgLIlAF
HeqoW98oTCXkKbRNZMaHwNcJVIz4KQ5A3dZfajwDdH3wROc5kYhbJhmIN9xLupJf
b43fu0l0cTaiHnY5CWaO4xQCtYEW8LkIcIvdp1QFf86R0elX+v+DLd2e1K6LHDTh
TAH7nat9LM+x+AJTJ0ZOl61777qHWy7IV6djTZxq3FNKwwbg1z8xJmIgfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA5MfDG2f6rwiEE++TCQKElUDtp6MB8GA1UdIwQY
MBaAFIpaNBf74lwuRnwYSFwYGnd2+W/0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWxvMEZfdmlYQzVHZkJoSVhCZ2FkM2I1Yl9RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC85YzZlMDctNjkzZi00NmNlLTg2NDYt
ZDdhYmNkMGVmNjRhLzEvRGt4OE1iWl9xdkNJUVQ3NU1KQW9TVlFPMm5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC85YzZlMDctNjkzZi00NmNlLTg2NDYtZDdhYmNkMGVmNjRh
LzEvaWxvMEZfdmlYQzVHZkJoSVhCZ2FkM2I1Yl9RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATV2PMA0G
CSqGSIb3DQEBCwUAA4IBAQCSh/CumnUD1ePrXfe8ffI4evtJo7iVBZKOR1tXqhzB
r4vYx5Ehcdmt52tLdl6mU+PI0ZV0g/hCir7yOjKbTHFj44Hq50Eg0xuuTC+I3O6g
GWkZbyOM6bNdWGrmv/R/BNGhLMYSZlipV5xR48ACr9YQSpAJu2Xy4B3P+3VfCJsx
4uSQrRxdXBXK1DI5I9xzk68zGCGWCdT0RWl3Jo2u2Id9Ki4o5f+lqc/Niljay5Dc
schJk2gtWSCkCpt7S7or63PTEyRHA7X9iTgGPu86f8lMbDZ5G4sjLI2uE5EJRYdi
oFF31tZE5/JvV5Nus2cd2fUWFLr3KdTknzKZeaSUzqEf
-----END CERTIFICATE-----