Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/OR_0122qqDUwywsNG35kBJ2noDg.roa
File:                     OR_0122qqDUwywsNG35kBJ2noDg.roa (raw, json)
Hash identifier:          3uNaHig99b3BlJ8V7st6MnRnZoR9ZBteQ8kRgoROv4k=
Subject key identifier:   39:1F:F4:D7:6D:AA:A8:35:30:CB:0B:0D:1B:7E:64:04:9D:A7:A0:38
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       018CC8DF36DBFF77133EF75041406F1FDD0A
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/OR_0122qqDUwywsNG35kBJ2noDg.roa
Signing time:             Tue 02 Jan 2024 06:32:00 +0000
ROA not before:           Tue 02 Jan 2024 06:32:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     174
IP address blocks:        77.90.183.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 05:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:36:db:ff:77:13:3e:f7:50:41:40:6f:1f:dd:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Jan  2 06:32:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=391ff4d76daaa83530cb0b0d1b7e64049da7a038
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:67:16:f1:f7:b7:c9:62:0c:d1:98:57:fa:4c:
                    4f:be:a3:07:5e:66:4c:6e:b2:9a:f1:dd:53:42:42:
                    e6:87:98:93:13:76:bc:c9:d2:a5:53:73:9c:c6:c7:
                    93:2e:59:8a:bc:00:b0:ca:63:4a:28:af:d4:01:d4:
                    7a:65:6d:88:6c:33:b8:22:ba:26:a1:a8:e8:a0:a0:
                    f7:53:a9:3c:78:cb:62:64:8b:b4:e1:39:05:22:69:
                    d5:08:3d:25:65:6f:2c:33:87:37:cb:78:43:99:40:
                    83:93:93:a8:b8:9a:01:55:9a:49:7c:5e:4d:9b:c8:
                    ee:b7:02:ef:4b:3f:3d:48:c9:c4:71:ef:fc:88:06:
                    44:e9:83:03:e5:6d:06:27:58:4a:91:31:7e:62:b7:
                    d1:65:41:bf:29:38:2d:f1:7e:81:12:5e:b5:09:6d:
                    6f:3b:2c:5f:a5:6e:ad:7f:68:84:ad:39:50:c9:30:
                    04:98:04:ef:3f:01:93:16:17:5c:45:69:28:aa:b1:
                    04:cd:1f:c1:5c:8e:39:42:22:5c:12:33:17:38:94:
                    ca:e1:a1:a6:44:23:25:80:cc:ae:30:7c:7f:ed:04:
                    d5:d6:a9:86:ed:b5:c2:73:15:27:eb:61:dc:6e:c1:
                    c1:70:6f:0c:be:81:4d:84:65:12:ff:d2:86:b5:e6:
                    1d:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:1F:F4:D7:6D:AA:A8:35:30:CB:0B:0D:1B:7E:64:04:9D:A7:A0:38
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/OR_0122qqDUwywsNG35kBJ2noDg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:91:01:38:c3:08:e9:ae:1b:fa:db:0f:ec:bd:f1:12:38:6b:
         c6:8b:1b:07:a4:3f:35:6c:d3:68:75:8d:b0:9c:dd:22:75:ba:
         d3:a7:b8:86:a0:0c:6d:0e:26:12:78:79:65:0e:ee:86:69:57:
         c3:7b:71:11:c8:f1:5a:7d:59:7c:58:a2:f3:8e:73:7f:e5:49:
         4c:57:35:b0:4e:1f:c8:1c:97:65:92:0e:63:cc:ff:69:1e:9e:
         5d:dc:ce:d5:ce:32:36:13:a4:2f:46:9f:ce:29:79:af:6b:88:
         50:86:95:51:8a:ce:90:ef:a2:2b:69:e4:69:0a:14:60:21:90:
         7a:ea:e6:0a:9d:21:c3:0c:0f:a5:f7:f0:21:1f:ab:48:2f:5b:
         df:65:eb:fa:8f:cd:8b:f8:69:31:8d:e8:ba:ef:cc:68:1b:d1:
         07:d6:f7:57:09:52:73:ba:0c:03:42:a4:96:4e:2f:24:f1:92:
         e1:1a:f1:d3:9d:a3:d4:1e:0a:56:93:f9:c3:ff:ac:77:fc:96:
         1d:ca:98:7b:0d:d5:3a:ae:74:3c:04:9d:15:13:78:73:89:e1:
         2d:1c:6f:e5:fd:07:72:cd:87:62:85:f8:fe:d0:24:e3:c7:fb:
         9d:6d:96:c1:04:97:52:66:50:d7:ae:29:57:c2:4f:94:3e:79:
         0e:22:a5:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3zbb/3cTPvdQQUBvH90KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjQwMTAyMDYzMjAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTFmZjRkNzZkYWFhODM1MzBjYjBiMGQxYjdlNjQwNDlkYTdhMDM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqGcW8fe3yWIM0ZhX+kxPvqMHXmZM
brKa8d1TQkLmh5iTE3a8ydKlU3OcxseTLlmKvACwymNKKK/UAdR6ZW2IbDO4Irom
oajooKD3U6k8eMtiZIu04TkFImnVCD0lZW8sM4c3y3hDmUCDk5OouJoBVZpJfF5N
m8jutwLvSz89SMnEce/8iAZE6YMD5W0GJ1hKkTF+YrfRZUG/KTgt8X6BEl61CW1v
OyxfpW6tf2iErTlQyTAEmATvPwGTFhdcRWkoqrEEzR/BXI45QiJcEjMXOJTK4aGm
RCMlgMyuMHx/7QTV1qmG7bXCcxUn62HcbsHBcG8MvoFNhGUS/9KGteYdZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDkf9Ndtqqg1MMsLDRt+ZASdp6A4MB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEvT1JfMDEyMnFxRFV3eXdzTkczNWtCSjJub0RnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVq3MA0G
CSqGSIb3DQEBCwUAA4IBAQBWkQE4wwjprhv62w/svfESOGvGixsHpD81bNNodY2w
nN0idbrTp7iGoAxtDiYSeHllDu6GaVfDe3ERyPFafVl8WKLzjnN/5UlMVzWwTh/I
HJdlkg5jzP9pHp5d3M7VzjI2E6QvRp/OKXmva4hQhpVRis6Q76IraeRpChRgIZB6
6uYKnSHDDA+l9/AhH6tIL1vfZev6j82L+Gkxjei678xoG9EH1vdXCVJzugwDQqSW
Ti8k8ZLhGvHTnaPUHgpWk/nD/6x3/JYdyph7DdU6rnQ8BJ0VE3hzieEtHG/l/Qdy
zYdihfj+0CTjx/udbZbBBJdSZlDXrilXwk+UPnkOIqVY
-----END CERTIFICATE-----