Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/m1pcCxPeuokVfu50-gNRMQnn7wM.roa
File:                     m1pcCxPeuokVfu50-gNRMQnn7wM.roa (raw, json)
Hash identifier:          rfKyn1+B9zNlAhB8O0vVxilmEsqa9t+qioe6iOaHZOk=
Subject key identifier:   9B:5A:5C:0B:13:DE:BA:89:15:7E:EE:74:FA:03:51:31:09:E7:EF:03
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       018CC8DF3D6EF5B9C7F85E2D126046579E7B
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/m1pcCxPeuokVfu50-gNRMQnn7wM.roa
Signing time:             Tue 02 Jan 2024 06:32:02 +0000
ROA not before:           Tue 02 Jan 2024 06:32:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207710
IP address blocks:        213.209.131.0/24 maxlen: 24
                          77.90.177.0/24 maxlen: 24
                          77.90.186.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:3d:6e:f5:b9:c7:f8:5e:2d:12:60:46:57:9e:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Jan  2 06:32:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9b5a5c0b13deba89157eee74fa03513109e7ef03
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:2a:e4:48:cb:ab:e9:db:43:d0:b1:45:d4:0c:
                    de:ca:0f:e4:81:1b:53:8a:5d:0e:57:3b:33:5a:94:
                    4a:2f:6b:83:5a:e6:a0:50:b6:9d:89:66:03:62:12:
                    05:cf:8f:5c:c1:6f:23:fd:51:87:21:a1:b1:9c:81:
                    e9:72:89:24:75:cc:fa:aa:fa:bc:40:ed:3c:20:4a:
                    73:bd:2d:b8:27:b6:15:b1:d1:99:38:ae:d8:a8:72:
                    d0:dd:93:29:c0:1f:02:45:b7:40:ca:59:b8:5e:c1:
                    ec:42:a3:35:74:53:4a:47:11:77:bc:43:bf:8e:cb:
                    75:b8:fb:89:7c:7d:2d:02:ad:af:b2:27:8f:61:33:
                    89:88:6c:4a:3a:eb:12:88:2c:5b:28:d3:e9:12:3e:
                    bc:47:5e:4b:bd:16:f9:ba:88:42:fa:c9:8e:a5:22:
                    8e:c8:4e:9c:7e:a1:31:bd:ab:02:a2:01:91:d6:fe:
                    7c:f2:1b:36:47:c6:83:9b:57:86:90:22:c5:d6:7f:
                    b7:cd:7f:00:bc:e9:f2:d2:6f:bd:80:72:e7:d1:39:
                    f6:47:1a:24:06:4f:bd:ae:12:29:21:88:dd:48:38:
                    ea:08:08:5b:64:85:ce:40:d5:25:21:59:b1:9e:ef:
                    78:b5:57:0f:3e:45:19:c2:a4:9f:fc:c6:06:0a:da:
                    62:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:5A:5C:0B:13:DE:BA:89:15:7E:EE:74:FA:03:51:31:09:E7:EF:03
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/m1pcCxPeuokVfu50-gNRMQnn7wM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.177.0/24
                  77.90.186.0/24
                  213.209.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:01:e2:45:ad:f7:cc:b3:17:b8:62:db:8c:24:ff:b5:26:71:
         8d:5e:0b:57:7a:fb:a1:bc:d7:6f:35:03:52:e2:c2:22:ac:f9:
         8f:6a:79:85:9f:e4:76:50:08:51:d2:97:ae:d3:86:0b:e3:0c:
         52:97:bb:5c:77:ec:56:f6:3b:46:e1:41:3b:67:53:55:6a:47:
         03:88:5a:bb:be:66:57:8c:6f:6e:78:1a:9b:25:c3:23:d8:ab:
         04:bd:f6:d6:b5:e1:e1:d5:a5:c7:89:58:98:24:61:c4:cd:d0:
         67:e3:c1:4f:ba:8c:60:8d:fb:c6:82:b7:26:66:1b:71:72:f3:
         52:92:70:c1:e9:18:bb:e4:58:d2:4a:08:a7:03:89:81:4f:75:
         7d:d3:62:55:43:fa:15:b9:24:f2:94:58:9e:94:15:b7:9e:f2:
         62:72:9f:e0:21:f7:36:ca:2e:81:8a:82:2b:ed:75:14:75:e4:
         99:a4:30:cc:d3:1b:7a:d7:dd:68:3a:37:27:b4:e6:43:0a:53:
         3a:61:0f:8b:a3:46:4a:03:45:60:6f:d5:19:4b:d1:a1:18:04:
         ae:30:8b:3e:fa:26:f4:79:96:03:14:39:fd:34:2a:31:ae:79:
         b2:06:62:76:13:57:09:13:30:e4:4d:4a:4a:f7:58:1b:ee:f3:
         d8:82:a9:52
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzI3z1u9bnH+F4tEmBGV557MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjQwMTAyMDYzMjAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjVhNWMwYjEzZGViYTg5MTU3ZWVlNzRmYTAzNTEzMTA5ZTdlZjAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtirkSMur6dtD0LFF1Azeyg/kgRtT
il0OVzszWpRKL2uDWuagULadiWYDYhIFz49cwW8j/VGHIaGxnIHpcokkdcz6qvq8
QO08IEpzvS24J7YVsdGZOK7YqHLQ3ZMpwB8CRbdAylm4XsHsQqM1dFNKRxF3vEO/
jst1uPuJfH0tAq2vsiePYTOJiGxKOusSiCxbKNPpEj68R15LvRb5uohC+smOpSKO
yE6cfqExvasCogGR1v588hs2R8aDm1eGkCLF1n+3zX8AvOny0m+9gHLn0Tn2Rxok
Bk+9rhIpIYjdSDjqCAhbZIXOQNUlIVmxnu94tVcPPkUZwqSf/MYGCtpiywIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJtaXAsT3rqJFX7udPoDUTEJ5+8DMB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEvbTFwY0N4UGV1b2tWZnU1MC1nTlJNUW5uN3dNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQATVqxAwQA
TVq6AwQA1dGDMA0GCSqGSIb3DQEBCwUAA4IBAQBvAeJFrffMsxe4YtuMJP+1JnGN
XgtXevuhvNdvNQNS4sIirPmPanmFn+R2UAhR0peu04YL4wxSl7tcd+xW9jtG4UE7
Z1NVakcDiFq7vmZXjG9ueBqbJcMj2KsEvfbWteHh1aXHiViYJGHEzdBn48FPuoxg
jfvGgrcmZhtxcvNSknDB6Ri75FjSSginA4mBT3V902JVQ/oVuSTylFielBW3nvJi
cp/gIfc2yi6BioIr7XUUdeSZpDDM0xt6191oOjcntOZDClM6YQ+Lo0ZKA0Vgb9UZ
S9GhGASuMIs++ib0eZYDFDn9NCoxrnmyBmJ2E1cJEzDkTUpK91gb7vPYgqlS
-----END CERTIFICATE-----