Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/Cf5Eh9qlIAAI5bKLEKUNgFw_GIs.roa
File:                     Cf5Eh9qlIAAI5bKLEKUNgFw_GIs.roa (raw, json)
Hash identifier:          I3gzsIijSdNlc3wk+8VGaFkk38hO0/g+rhjIqEk6ZYU=
Subject key identifier:   09:FE:44:87:DA:A5:20:00:08:E5:B2:8B:10:A5:0D:80:5C:3F:18:8B
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       018DD7C584A978AD8F98C2B0CFA278783136
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/Cf5Eh9qlIAAI5bKLEKUNgFw_GIs.roa
Signing time:             Fri 23 Feb 2024 21:01:02 +0000
ROA not before:           Fri 23 Feb 2024 21:01:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62425
IP address blocks:        77.90.131.0/24 maxlen: 24
                          77.90.141.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:d7:c5:84:a9:78:ad:8f:98:c2:b0:cf:a2:78:78:31:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Feb 23 21:01:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=09fe4487daa5200008e5b28b10a50d805c3f188b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:b1:61:fa:32:66:35:9e:fb:c2:3a:cf:7c:18:
                    e1:23:b3:05:ba:ab:7e:b9:67:9c:b4:5e:39:3b:f1:
                    2e:ec:17:9b:ec:c8:7c:ac:12:55:41:57:27:66:37:
                    35:d4:97:ea:c9:c3:41:2e:bd:c8:64:c2:01:48:a3:
                    01:a9:3c:51:fa:7e:7f:e2:c1:00:b5:c9:74:6b:c5:
                    96:47:f0:31:00:e1:00:b7:8d:8f:53:b5:61:e7:90:
                    4c:08:21:69:55:42:3d:54:de:a8:57:1d:2f:68:7c:
                    71:60:29:06:f8:ac:45:cc:5e:66:21:2b:91:84:4b:
                    28:f9:27:8a:60:3e:34:78:8c:6c:37:bf:8c:d7:82:
                    60:1b:44:1b:3b:72:ab:b8:3c:33:c5:bf:4d:68:c3:
                    b7:c8:31:26:29:e6:7a:2a:5a:2f:cf:e8:52:ea:38:
                    5e:41:f8:53:e0:66:cc:a5:31:0d:3f:8a:b3:12:a7:
                    15:c4:c3:6b:73:e6:60:6d:a2:79:8b:8a:85:79:3e:
                    e1:e0:5f:ff:b0:d2:d1:3a:a1:79:8f:cb:5f:19:82:
                    8a:37:28:5e:c1:7c:20:8e:bd:88:51:16:dd:4f:de:
                    16:8c:ee:bf:15:44:a5:e3:7d:8f:8f:c1:3d:11:19:
                    89:68:20:17:e5:97:6f:80:ab:ba:74:76:5e:de:ad:
                    03:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:FE:44:87:DA:A5:20:00:08:E5:B2:8B:10:A5:0D:80:5C:3F:18:8B
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/Cf5Eh9qlIAAI5bKLEKUNgFw_GIs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.131.0/24
                  77.90.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:b6:e5:a7:28:f5:97:4e:c3:29:12:97:9f:6f:d3:ed:e7:f5:
         9b:14:b1:bb:4d:3a:fd:3c:cc:ad:8e:54:d3:2e:e1:c1:1d:46:
         14:02:4b:21:99:d9:05:7c:d4:d2:d9:cf:66:68:e5:28:13:be:
         31:ff:f1:ce:4a:fa:50:05:3a:e5:fc:dc:42:a5:0b:30:6f:77:
         36:b1:43:06:90:63:30:04:5f:ec:b3:f4:0d:5f:40:1b:e5:9b:
         23:6e:7e:97:58:6b:ef:11:55:f0:c0:34:d5:b7:6e:63:8c:94:
         b9:cc:3e:e5:2a:66:08:f7:8a:59:f4:aa:94:16:8a:4d:e1:bd:
         b7:fd:27:7b:50:2b:54:6d:fa:30:c3:34:31:00:e0:2d:a6:fc:
         f4:9c:73:fb:89:2b:b6:c2:24:d9:b0:e1:5a:99:50:89:b3:7a:
         44:d2:91:e2:17:cc:68:44:a4:4c:f0:53:00:c9:93:1f:86:6c:
         28:2b:f2:8b:f3:05:79:6f:c9:63:77:0c:ce:ec:ea:6c:90:26:
         8d:94:4c:91:3a:4e:65:53:bf:ab:6f:b8:18:f0:59:ea:cd:a4:
         06:36:51:e1:07:41:35:c8:17:c2:bb:66:0a:ea:3d:a9:f0:52:
         d2:92:de:78:2a:84:67:37:7c:0a:2d:28:5d:cb:50:f3:c9:f9:
         e9:0c:5b:e1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY3XxYSpeK2PmMKwz6J4eDE2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjQwMjIzMjEwMTAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOWZlNDQ4N2RhYTUyMDAwMDhlNWIyOGIxMGE1MGQ4MDVjM2YxODhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzrFh+jJmNZ77wjrPfBjhI7MFuqt+
uWectF45O/Eu7Beb7Mh8rBJVQVcnZjc11JfqycNBLr3IZMIBSKMBqTxR+n5/4sEA
tcl0a8WWR/AxAOEAt42PU7Vh55BMCCFpVUI9VN6oVx0vaHxxYCkG+KxFzF5mISuR
hEso+SeKYD40eIxsN7+M14JgG0QbO3KruDwzxb9NaMO3yDEmKeZ6Klovz+hS6jhe
QfhT4GbMpTENP4qzEqcVxMNrc+ZgbaJ5i4qFeT7h4F//sNLROqF5j8tfGYKKNyhe
wXwgjr2IURbdT94WjO6/FUSl432Pj8E9ERmJaCAX5ZdvgKu6dHZe3q0DHwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAn+RIfapSAACOWyixClDYBcPxiLMB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEvQ2Y1RWg5cWxJQUFJNWJLTEVLVU5nRndfR0lzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATVqDAwQA
TVqNMA0GCSqGSIb3DQEBCwUAA4IBAQA2tuWnKPWXTsMpEpefb9Pt5/WbFLG7TTr9
PMytjlTTLuHBHUYUAkshmdkFfNTS2c9maOUoE74x//HOSvpQBTrl/NxCpQswb3c2
sUMGkGMwBF/ss/QNX0Ab5Zsjbn6XWGvvEVXwwDTVt25jjJS5zD7lKmYI94pZ9KqU
FopN4b23/Sd7UCtUbfowwzQxAOAtpvz0nHP7iSu2wiTZsOFamVCJs3pE0pHiF8xo
RKRM8FMAyZMfhmwoK/KL8wV5b8ljdwzO7OpskCaNlEyROk5lU7+rb7gY8FnqzaQG
NlHhB0E1yBfCu2YK6j2p8FLSkt54KoRnN3wKLShdy1DzyfnpDFvh
-----END CERTIFICATE-----