Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/KhQAAMg_9UEroJuJU7LaGy4mhbU.roa
File:                     KhQAAMg_9UEroJuJU7LaGy4mhbU.roa (raw, json)
Hash identifier:          +8VOjSCpIxMxMg3p2olEjOnr2HvyjqvzPaC/goYCV9U=
Subject key identifier:   2A:14:00:00:C8:3F:F5:41:2B:A0:9B:89:53:B2:DA:1B:2E:26:85:B5
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       018CC8DF37A1A8032831B0084454D7561C95
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/KhQAAMg_9UEroJuJU7LaGy4mhbU.roa
Signing time:             Tue 02 Jan 2024 06:32:01 +0000
ROA not before:           Tue 02 Jan 2024 06:32:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8100
IP address blocks:        77.90.139.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:37:a1:a8:03:28:31:b0:08:44:54:d7:56:1c:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Jan  2 06:32:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2a140000c83ff5412ba09b8953b2da1b2e2685b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:65:39:66:a9:5a:62:fd:09:54:2d:88:12:0d:
                    fe:d8:34:a0:23:78:c0:ee:9a:1e:a8:2a:a3:69:2b:
                    05:1a:e3:73:15:a4:31:0e:e8:cd:eb:63:dd:1d:e9:
                    f2:11:4f:68:0c:5d:56:df:0d:73:8b:ab:f9:3f:14:
                    7c:78:95:c4:a5:02:4c:9d:c1:68:0a:3e:87:f5:7a:
                    73:b9:75:26:21:5a:9e:44:33:7d:ef:6a:de:a3:f6:
                    c7:5c:3b:84:75:28:a0:f6:f2:68:a4:7c:a2:e4:a7:
                    3e:29:e4:ca:64:53:a6:3f:4f:87:49:20:30:69:74:
                    df:97:9d:59:60:2a:46:82:69:66:93:f7:7e:bd:3a:
                    7a:9f:04:11:9f:f7:36:91:91:bd:2f:8c:99:d4:64:
                    bc:88:55:fd:47:7c:ab:91:3d:65:5a:7e:76:6c:6e:
                    40:95:9e:65:2a:cf:2d:2a:54:d4:54:cc:4a:af:bb:
                    64:08:24:fb:4f:60:84:5e:cb:73:ed:4d:68:2d:5b:
                    13:4b:e2:69:b1:78:90:09:3d:4f:9c:90:97:00:b0:
                    c8:2b:8c:d0:4f:cc:67:59:df:4a:5c:1a:4f:6f:ac:
                    6b:c1:77:11:39:db:78:be:d3:e1:c0:31:bf:c9:d7:
                    dc:f6:74:5b:92:ad:f2:8b:f2:36:67:a6:07:2b:c8:
                    08:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:14:00:00:C8:3F:F5:41:2B:A0:9B:89:53:B2:DA:1B:2E:26:85:B5
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/KhQAAMg_9UEroJuJU7LaGy4mhbU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:b0:54:b0:59:01:6e:60:c6:a5:94:e7:31:8c:ce:6f:a5:6f:
         c8:00:61:27:e1:ec:9c:c1:0f:bc:ff:01:be:99:a6:20:95:03:
         23:38:81:40:28:94:91:8e:3a:e5:00:ec:e5:9f:b2:2a:0c:38:
         f8:9e:7a:70:1f:a8:d4:4e:95:16:4d:68:5e:4c:64:29:16:cd:
         6f:33:71:8d:92:3b:aa:a3:e4:4d:65:29:42:5c:96:16:a0:98:
         d0:d6:c4:49:0c:7a:4b:bd:18:67:0a:bb:7b:c6:40:34:3a:67:
         62:50:68:dd:b4:8f:43:46:ed:ac:46:50:be:84:73:7c:d0:bb:
         ec:b8:98:e1:08:7e:42:43:65:50:70:85:c1:02:43:ff:ee:74:
         dc:e0:33:84:43:0e:e3:7c:97:9c:b8:71:9d:f3:52:e7:2c:c0:
         2e:cd:17:f0:28:b4:c8:dd:2f:da:da:8b:06:b0:18:74:08:ce:
         5a:e5:0a:6a:ad:8e:b6:02:55:4d:d0:02:14:87:c2:66:97:32:
         59:01:1b:c9:f5:bc:07:05:9b:1a:1b:ff:57:59:23:61:98:93:
         55:ef:c7:0e:10:c6:27:68:7b:e2:7d:6e:65:46:5b:14:10:b3:
         ab:81:9c:ef:bc:64:c7:94:58:e1:93:09:65:5c:37:5e:57:94:
         7e:35:d1:a1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3zehqAMoMbAIRFTXVhyVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjQwMTAyMDYzMjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTE0MDAwMGM4M2ZmNTQxMmJhMDliODk1M2IyZGExYjJlMjY4NWI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoGU5ZqlaYv0JVC2IEg3+2DSgI3jA
7poeqCqjaSsFGuNzFaQxDujN62PdHenyEU9oDF1W3w1zi6v5PxR8eJXEpQJMncFo
Cj6H9XpzuXUmIVqeRDN972reo/bHXDuEdSig9vJopHyi5Kc+KeTKZFOmP0+HSSAw
aXTfl51ZYCpGgmlmk/d+vTp6nwQRn/c2kZG9L4yZ1GS8iFX9R3yrkT1lWn52bG5A
lZ5lKs8tKlTUVMxKr7tkCCT7T2CEXstz7U1oLVsTS+JpsXiQCT1PnJCXALDIK4zQ
T8xnWd9KXBpPb6xrwXcROdt4vtPhwDG/ydfc9nRbkq3yi/I2Z6YHK8gIqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCoUAADIP/VBK6CbiVOy2hsuJoW1MB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEvS2hRQUFNZ185VUVyb0p1SlU3TGFHeTRtaGJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVqLMA0G
CSqGSIb3DQEBCwUAA4IBAQANsFSwWQFuYMallOcxjM5vpW/IAGEn4eycwQ+8/wG+
maYglQMjOIFAKJSRjjrlAOzln7IqDDj4nnpwH6jUTpUWTWheTGQpFs1vM3GNkjuq
o+RNZSlCXJYWoJjQ1sRJDHpLvRhnCrt7xkA0OmdiUGjdtI9DRu2sRlC+hHN80Lvs
uJjhCH5CQ2VQcIXBAkP/7nTc4DOEQw7jfJecuHGd81LnLMAuzRfwKLTI3S/a2osG
sBh0CM5a5QpqrY62AlVN0AIUh8JmlzJZARvJ9bwHBZsaG/9XWSNhmJNV78cOEMYn
aHvifW5lRlsUELOrgZzvvGTHlFjhkwllXDdeV5R+NdGh
-----END CERTIFICATE-----