Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/fuWQpx7pIw0mdaw1aqchqtWQAtQ.roa
File:                     fuWQpx7pIw0mdaw1aqchqtWQAtQ.roa (raw, json)
Hash identifier:          oEGfWWEgsWLbjsa0QfCLnOl7/mpoVzLp66aQhR1XgFM=
Subject key identifier:   7E:E5:90:A7:1E:E9:23:0D:26:75:AC:35:6A:A7:21:AA:D5:90:02:D4
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       018CC8DF3AC1EE57D3E673BC0198264B644D
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/fuWQpx7pIw0mdaw1aqchqtWQAtQ.roa
Signing time:             Tue 02 Jan 2024 06:32:01 +0000
ROA not before:           Tue 02 Jan 2024 06:32:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59729
IP address blocks:        213.209.135.0/24 maxlen: 24
                          77.90.167.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:3a:c1:ee:57:d3:e6:73:bc:01:98:26:4b:64:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Jan  2 06:32:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7ee590a71ee9230d2675ac356aa721aad59002d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:22:e3:c0:f5:66:10:9b:4f:05:de:2f:05:12:
                    dd:0f:85:37:4b:9a:43:26:03:f2:0b:74:23:f0:78:
                    16:6e:b3:16:2c:d0:7d:c7:9d:d6:c3:3c:dc:71:75:
                    f8:71:89:12:ae:9e:19:06:23:82:c7:fc:76:b6:83:
                    df:96:5f:ae:2d:f7:7c:48:f0:9b:00:cd:aa:20:b1:
                    70:7e:44:32:e5:31:53:9d:7b:ae:1d:a0:1b:c3:02:
                    38:10:c9:fc:e9:25:5f:4c:44:09:f1:a4:f4:0e:60:
                    0c:f1:0e:3d:9e:78:05:f0:c4:d6:48:1c:57:66:94:
                    22:8e:ae:de:d8:5a:08:ed:b3:e3:5e:6d:7e:9d:28:
                    3a:54:ae:73:65:fb:0a:58:ca:4b:a6:95:38:1a:cc:
                    fa:6f:fa:49:d9:75:68:55:a4:14:b6:2e:34:22:95:
                    c9:99:82:eb:f0:c0:f7:22:68:58:2e:18:ca:4a:b2:
                    be:cd:d7:80:9e:7a:1d:e3:59:4f:96:9d:ec:6c:f1:
                    e0:65:af:35:a5:cd:82:5a:23:2e:17:ae:06:f5:fd:
                    ad:79:90:56:f5:9b:02:33:29:8f:e9:38:0a:39:c6:
                    a4:95:a3:2c:3a:87:a8:7b:93:5f:24:0b:bf:6e:80:
                    10:2f:ad:e0:d8:95:bd:f4:fe:25:9c:9c:1e:88:5c:
                    62:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:E5:90:A7:1E:E9:23:0D:26:75:AC:35:6A:A7:21:AA:D5:90:02:D4
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/fuWQpx7pIw0mdaw1aqchqtWQAtQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.167.0/24
                  213.209.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:24:14:60:b2:c4:d9:63:19:4c:a9:09:29:8a:34:17:39:43:
         c3:60:b0:bd:d5:8d:df:2b:72:0b:1d:cd:dc:0f:49:6d:5c:b1:
         27:b8:f2:3c:63:41:46:ba:a2:cc:a5:89:05:54:50:8a:94:e5:
         ad:62:7b:ec:41:d1:fd:ef:f5:c4:86:f9:b4:32:cd:8d:ad:07:
         ce:b1:87:f8:09:a0:d8:8a:e5:60:8f:3d:dd:e3:4e:ee:27:f6:
         41:8d:64:92:06:7a:40:ff:a7:94:09:d7:43:99:54:47:cd:d1:
         4b:d6:07:79:07:d8:df:f1:e5:44:d1:e4:90:f7:3f:67:14:f4:
         64:67:3f:9c:e8:77:69:0c:bf:d1:11:30:0f:61:b8:cb:1d:7d:
         5f:03:0d:91:48:83:8a:7c:f8:84:95:dd:59:ee:ec:0f:cc:ca:
         ea:f0:0d:2b:39:16:44:30:a0:90:b3:3f:a3:fd:8b:28:87:8b:
         58:cd:ea:62:61:63:cc:43:a8:de:39:4d:e4:ce:7c:da:4d:8a:
         6f:2a:da:d6:b7:4b:af:22:b9:2d:85:27:a7:74:cd:11:73:bf:
         46:cf:b0:da:b1:cf:2e:4f:06:5c:18:72:40:01:39:f4:9c:a9:
         f1:02:aa:06:ae:33:b8:81:af:99:ea:20:f4:0f:d0:c4:32:d7:
         42:4f:0c:1f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzI3zrB7lfT5nO8AZgmS2RNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjQwMTAyMDYzMjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZWU1OTBhNzFlZTkyMzBkMjY3NWFjMzU2YWE3MjFhYWQ1OTAwMmQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkyLjwPVmEJtPBd4vBRLdD4U3S5pD
JgPyC3Qj8HgWbrMWLNB9x53WwzzccXX4cYkSrp4ZBiOCx/x2toPfll+uLfd8SPCb
AM2qILFwfkQy5TFTnXuuHaAbwwI4EMn86SVfTEQJ8aT0DmAM8Q49nngF8MTWSBxX
ZpQijq7e2FoI7bPjXm1+nSg6VK5zZfsKWMpLppU4Gsz6b/pJ2XVoVaQUti40IpXJ
mYLr8MD3ImhYLhjKSrK+zdeAnnod41lPlp3sbPHgZa81pc2CWiMuF64G9f2teZBW
9ZsCMymP6TgKOcaklaMsOoeoe5NfJAu/boAQL63g2JW99P4lnJweiFxiYwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFH7lkKce6SMNJnWsNWqnIarVkALUMB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEvZnVXUXB4N3BJdzBtZGF3MWFxY2hxdFdRQXRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATVqnAwQA
1dGHMA0GCSqGSIb3DQEBCwUAA4IBAQB0JBRgssTZYxlMqQkpijQXOUPDYLC91Y3f
K3ILHc3cD0ltXLEnuPI8Y0FGuqLMpYkFVFCKlOWtYnvsQdH97/XEhvm0Ms2NrQfO
sYf4CaDYiuVgjz3d407uJ/ZBjWSSBnpA/6eUCddDmVRHzdFL1gd5B9jf8eVE0eSQ
9z9nFPRkZz+c6HdpDL/RETAPYbjLHX1fAw2RSIOKfPiEld1Z7uwPzMrq8A0rORZE
MKCQsz+j/Ysoh4tYzepiYWPMQ6jeOU3kznzaTYpvKtrWt0uvIrkthSendM0Rc79G
z7Dasc8uTwZcGHJAATn0nKnxAqoGrjO4ga+Z6iD0D9DEMtdCTwwf
-----END CERTIFICATE-----