Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/9c6e07-693f-46ce-8646-d7abcd0ef64a/1/FqF41xMv2cjHWhAyB8L8yeCfBbg.roa
File:                     FqF41xMv2cjHWhAyB8L8yeCfBbg.roa (raw, json)
Hash identifier:          jwMV+OB9ZcI0EVMAVZGzkPKikqmzH5+ConsmbJgNz70=
Subject key identifier:   16:A1:78:D7:13:2F:D9:C8:C7:5A:10:32:07:C2:FC:C9:E0:9F:05:B8
Certificate issuer:       /CN=8a5a3417fbe25c2e467c18485c181a7776f96ff4
Certificate serial:       0190FA7E13785381EF2614626707C4C13B91
Authority key identifier: 8A:5A:34:17:FB:E2:5C:2E:46:7C:18:48:5C:18:1A:77:76:F9:6F:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ilo0F_viXC5GfBhIXBgad3b5b_Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/9c6e07-693f-46ce-8646-d7abcd0ef64a/1/FqF41xMv2cjHWhAyB8L8yeCfBbg.roa
Signing time:             Sun 28 Jul 2024 17:58:04 +0000
ROA not before:           Sun 28 Jul 2024 17:58:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203576
IP address blocks:        77.93.148.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/9c6e07-693f-46ce-8646-d7abcd0ef64a/1/ilo0F_viXC5GfBhIXBgad3b5b_Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/9c6e07-693f-46ce-8646-d7abcd0ef64a/1/ilo0F_viXC5GfBhIXBgad3b5b_Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ilo0F_viXC5GfBhIXBgad3b5b_Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:fa:7e:13:78:53:81:ef:26:14:62:67:07:c4:c1:3b:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a5a3417fbe25c2e467c18485c181a7776f96ff4
        Validity
            Not Before: Jul 28 17:58:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=16a178d7132fd9c8c75a103207c2fcc9e09f05b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:2e:02:ac:7f:e2:2e:6d:82:d1:d5:9d:e2:ae:
                    9e:95:1d:61:31:ae:c6:78:a6:53:d1:34:ce:1c:0e:
                    42:31:f9:78:18:0e:71:f1:12:7c:0f:4d:2d:a9:4c:
                    b1:06:a8:aa:cd:ac:d8:21:34:15:22:b2:c4:54:cc:
                    1a:8c:df:e2:bb:79:80:6e:cc:b6:2b:95:86:3e:b1:
                    3f:1c:3d:f6:90:eb:b3:7a:51:5b:e1:3a:66:52:88:
                    f1:d1:45:5f:c9:b1:16:18:26:b8:10:68:d0:d6:a4:
                    83:d1:0d:8a:aa:6a:c0:9b:20:d8:ab:6a:54:da:af:
                    e8:8f:74:15:46:93:d5:63:64:78:40:eb:bf:bb:32:
                    bb:a6:33:a5:c0:37:1b:45:1c:2c:08:34:75:7e:67:
                    45:25:eb:4a:0e:1d:b5:4d:1c:ff:56:99:d5:dc:8c:
                    8f:02:49:c4:ed:51:6f:41:e4:ad:84:cd:9f:ef:d7:
                    c9:df:42:33:d8:06:7c:52:6c:37:d6:33:14:cd:66:
                    b4:17:39:0a:1a:35:47:26:78:20:2c:87:c9:fd:9b:
                    22:04:9d:f7:1b:35:c1:68:5d:68:a3:25:04:27:3f:
                    70:1e:0e:6d:62:88:a9:57:d7:35:77:82:b0:16:60:
                    7d:35:d7:7d:1f:41:b3:f6:66:a3:41:eb:96:fe:ea:
                    fa:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:A1:78:D7:13:2F:D9:C8:C7:5A:10:32:07:C2:FC:C9:E0:9F:05:B8
            X509v3 Authority Key Identifier:
                keyid:8A:5A:34:17:FB:E2:5C:2E:46:7C:18:48:5C:18:1A:77:76:F9:6F:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ilo0F_viXC5GfBhIXBgad3b5b_Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/9c6e07-693f-46ce-8646-d7abcd0ef64a/1/FqF41xMv2cjHWhAyB8L8yeCfBbg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/9c6e07-693f-46ce-8646-d7abcd0ef64a/1/ilo0F_viXC5GfBhIXBgad3b5b_Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.93.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:d3:cc:56:4c:65:46:6a:95:12:95:a5:89:3b:29:6e:5f:01:
         b0:69:17:84:5d:15:fa:5f:9e:e6:01:f4:8c:01:14:03:63:0a:
         b8:5e:04:f6:b2:81:f7:43:43:3a:e7:84:1e:44:49:be:66:5d:
         75:34:f0:48:d7:a7:85:fa:fe:52:49:14:be:bb:44:8f:f0:c2:
         2e:59:77:01:36:17:bb:bb:7e:cd:ee:82:0a:d0:5f:75:9d:8e:
         a3:25:89:de:90:31:3c:39:ef:bd:f2:ed:26:40:ea:42:22:b8:
         e2:59:6e:80:f9:eb:b3:7c:aa:e7:da:25:b2:e8:1e:b5:6a:27:
         ae:6a:36:a6:20:77:ed:83:92:c9:0d:46:59:6d:a7:d5:7d:4c:
         e2:0b:00:20:8b:2f:f7:5b:83:dc:3f:b4:6a:68:22:e6:54:98:
         be:65:29:e6:10:60:8f:5a:83:32:18:33:32:c2:be:29:bf:83:
         17:a6:b5:17:35:86:9c:f8:15:24:25:e1:75:b1:cb:04:11:da:
         50:41:3c:cf:51:77:80:b8:39:65:57:5a:46:43:16:cb:d2:3a:
         d2:42:42:c1:77:e1:69:be:3f:17:9b:d8:ca:c5:b1:2d:0e:74:
         8e:e9:eb:76:b7:6f:3d:52:8d:7a:17:19:d1:2f:4b:a0:ca:d6:
         e2:7e:ac:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZD6fhN4U4HvJhRiZwfEwTuRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhNWEzNDE3ZmJlMjVjMmU0NjdjMTg0ODVjMTgxYTc3NzZm
OTZmZjQwHhcNMjQwNzI4MTc1ODA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNmExNzhkNzEzMmZkOWM4Yzc1YTEwMzIwN2MyZmNjOWUwOWYwNWI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAry4CrH/iLm2C0dWd4q6elR1hMa7G
eKZT0TTOHA5CMfl4GA5x8RJ8D00tqUyxBqiqzazYITQVIrLEVMwajN/iu3mAbsy2
K5WGPrE/HD32kOuzelFb4TpmUojx0UVfybEWGCa4EGjQ1qSD0Q2KqmrAmyDYq2pU
2q/oj3QVRpPVY2R4QOu/uzK7pjOlwDcbRRwsCDR1fmdFJetKDh21TRz/VpnV3IyP
AknE7VFvQeSthM2f79fJ30Iz2AZ8Umw31jMUzWa0FzkKGjVHJnggLIfJ/ZsiBJ33
GzXBaF1ooyUEJz9wHg5tYoipV9c1d4KwFmB9Ndd9H0Gz9majQeuW/ur6+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBaheNcTL9nIx1oQMgfC/MngnwW4MB8GA1UdIwQY
MBaAFIpaNBf74lwuRnwYSFwYGnd2+W/0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWxvMEZfdmlYQzVHZkJoSVhCZ2FkM2I1Yl9RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC85YzZlMDctNjkzZi00NmNlLTg2NDYt
ZDdhYmNkMGVmNjRhLzEvRnFGNDF4TXYyY2pIV2hBeUI4TDh5ZUNmQmJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC85YzZlMDctNjkzZi00NmNlLTg2NDYtZDdhYmNkMGVmNjRh
LzEvaWxvMEZfdmlYQzVHZkJoSVhCZ2FkM2I1Yl9RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATV2UMA0G
CSqGSIb3DQEBCwUAA4IBAQCD08xWTGVGapUSlaWJOyluXwGwaReEXRX6X57mAfSM
ARQDYwq4XgT2soH3Q0M654QeREm+Zl11NPBI16eF+v5SSRS+u0SP8MIuWXcBNhe7
u37N7oIK0F91nY6jJYnekDE8Oe+98u0mQOpCIrjiWW6A+euzfKrn2iWy6B61aieu
ajamIHftg5LJDUZZbafVfUziCwAgiy/3W4PcP7RqaCLmVJi+ZSnmEGCPWoMyGDMy
wr4pv4MXprUXNYac+BUkJeF1scsEEdpQQTzPUXeAuDllV1pGQxbL0jrSQkLBd+Fp
vj8Xm9jKxbEtDnSO6et2t289Uo16FxnRL0ugytbifqzV
-----END CERTIFICATE-----