Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/0Ety3xCycDhAidG7p5bIRjrYjeo.roa
File:                     0Ety3xCycDhAidG7p5bIRjrYjeo.roa (raw, json)
Hash identifier:          aLsbVHIDUUAex/RZ1ZWst9bgNv/XFEKagSgdP4ck1Qs=
Subject key identifier:   D0:4B:72:DF:10:B2:70:38:40:89:D1:BB:A7:96:C8:46:3A:D8:8D:EA
Certificate issuer:       /CN=0692c5f16313653425bc467105875e3a297cff9b
Certificate serial:       018CCA2A907E65CC4D87CA5B3EC67092D756
Authority key identifier: 06:92:C5:F1:63:13:65:34:25:BC:46:71:05:87:5E:3A:29:7C:FF:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BpLF8WMTZTQlvEZxBYdeOil8_5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/0Ety3xCycDhAidG7p5bIRjrYjeo.roa
Signing time:             Tue 02 Jan 2024 12:33:56 +0000
ROA not before:           Tue 02 Jan 2024 12:33:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52000
IP address blocks:        77.91.127.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/BpLF8WMTZTQlvEZxBYdeOil8_5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/BpLF8WMTZTQlvEZxBYdeOil8_5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BpLF8WMTZTQlvEZxBYdeOil8_5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:90:7e:65:cc:4d:87:ca:5b:3e:c6:70:92:d7:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0692c5f16313653425bc467105875e3a297cff9b
        Validity
            Not Before: Jan  2 12:33:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d04b72df10b270384089d1bba796c8463ad88dea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:d9:26:76:82:9a:94:4c:f1:46:3e:66:0b:d4:
                    9e:12:e4:c9:35:94:15:58:d6:75:3b:85:5e:1f:8d:
                    8d:cd:7b:d0:5f:3b:8e:57:a8:e6:9e:73:6c:45:43:
                    7f:6c:10:24:c9:bd:93:28:28:a7:37:67:c5:e4:2d:
                    af:4d:f6:59:c4:14:13:b3:93:78:f6:19:9a:96:e1:
                    50:a9:f8:da:6f:ea:30:3d:34:e4:ed:85:6c:78:30:
                    63:e0:5b:7f:fc:19:92:87:58:cc:76:7e:49:99:6f:
                    da:e0:37:06:1a:fe:6a:00:29:80:51:d9:dc:7c:96:
                    5f:4c:95:e0:d2:58:96:13:28:ad:d3:75:98:4b:49:
                    d8:2f:17:51:5d:94:b4:f0:ff:66:5d:74:85:a5:54:
                    7b:03:83:76:05:f1:58:61:9e:14:42:1b:f6:d7:5f:
                    80:ea:23:f8:52:1b:e2:dc:5b:33:96:b8:c1:93:e8:
                    95:9a:86:f2:eb:b2:ed:92:c3:4e:8d:d3:6d:ad:82:
                    ef:b2:72:cc:41:66:61:82:54:58:49:23:2b:80:90:
                    b7:b0:2e:dc:aa:86:8f:90:0b:78:a4:d9:42:79:1f:
                    e7:04:33:c6:29:b0:c4:7a:e1:12:ec:ab:01:98:96:
                    d7:38:21:09:7d:cb:cf:33:17:e3:81:9c:fa:95:99:
                    91:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:4B:72:DF:10:B2:70:38:40:89:D1:BB:A7:96:C8:46:3A:D8:8D:EA
            X509v3 Authority Key Identifier:
                keyid:06:92:C5:F1:63:13:65:34:25:BC:46:71:05:87:5E:3A:29:7C:FF:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BpLF8WMTZTQlvEZxBYdeOil8_5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/0Ety3xCycDhAidG7p5bIRjrYjeo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/BpLF8WMTZTQlvEZxBYdeOil8_5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.91.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:9f:84:eb:15:13:d2:d5:72:15:be:14:1b:a4:d8:8a:09:0a:
         47:6a:25:e2:40:43:35:c0:27:45:87:c5:3a:71:81:7e:d1:0c:
         54:e4:c2:fe:b4:a2:d8:1b:0c:bc:ce:60:67:86:25:ab:8a:0f:
         61:42:18:28:82:79:aa:49:17:59:d8:5c:bf:30:42:2c:0c:3c:
         21:5b:dc:0a:a4:d3:c7:94:60:35:95:2c:8a:d1:cc:29:0c:bb:
         95:17:1d:f1:ba:c4:f3:38:e3:af:f2:af:d8:09:ce:8c:df:36:
         22:93:7e:6d:db:a3:b2:35:7c:11:0c:df:c8:77:bf:e2:a5:05:
         ff:e0:18:88:c7:0d:02:0f:aa:ea:1f:9c:34:f9:66:02:04:9c:
         c3:87:c8:e6:d2:a5:c6:3b:9f:7c:46:07:5f:73:63:0d:62:e0:
         0a:16:55:27:30:be:8a:af:74:21:32:18:b4:04:df:ba:9f:23:
         02:5f:4b:50:2e:d3:4a:31:2e:5a:08:3e:cb:46:57:2c:9d:93:
         3e:6f:eb:e8:60:ee:60:9c:63:12:1b:40:24:51:ba:6d:c4:ef:
         30:3d:8e:04:9a:a3:94:bc:94:9d:36:98:0c:83:c0:9f:2a:d3:
         fe:08:fb:9e:eb:86:72:1c:53:80:c0:6c:e6:ed:22:d5:7a:d7:
         80:86:e9:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKpB+ZcxNh8pbPsZwktdWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2OTJjNWYxNjMxMzY1MzQyNWJjNDY3MTA1ODc1ZTNhMjk3
Y2ZmOWIwHhcNMjQwMTAyMTIzMzU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDRiNzJkZjEwYjI3MDM4NDA4OWQxYmJhNzk2Yzg0NjNhZDg4ZGVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjtkmdoKalEzxRj5mC9SeEuTJNZQV
WNZ1O4VeH42NzXvQXzuOV6jmnnNsRUN/bBAkyb2TKCinN2fF5C2vTfZZxBQTs5N4
9hmaluFQqfjab+owPTTk7YVseDBj4Ft//BmSh1jMdn5JmW/a4DcGGv5qACmAUdnc
fJZfTJXg0liWEyit03WYS0nYLxdRXZS08P9mXXSFpVR7A4N2BfFYYZ4UQhv211+A
6iP4Uhvi3FszlrjBk+iVmoby67LtksNOjdNtrYLvsnLMQWZhglRYSSMrgJC3sC7c
qoaPkAt4pNlCeR/nBDPGKbDEeuES7KsBmJbXOCEJfcvPMxfjgZz6lZmRTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNBLct8QsnA4QInRu6eWyEY62I3qMB8GA1UdIwQY
MBaAFAaSxfFjE2U0JbxGcQWHXjopfP+bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnBMRjhXTVRaVFFsdkVaeEJZZGVPaWw4XzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS83Nzk5MjgtODgxYy00MzNhLWIyNDMt
YzlmNTdlOTU5ZWYxLzEvMEV0eTN4Q3ljRGhBaWRHN3A1YklSanJZamVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS83Nzk5MjgtODgxYy00MzNhLWIyNDMtYzlmNTdlOTU5ZWYx
LzEvQnBMRjhXTVRaVFFsdkVaeEJZZGVPaWw4XzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVt/MA0G
CSqGSIb3DQEBCwUAA4IBAQBnn4TrFRPS1XIVvhQbpNiKCQpHaiXiQEM1wCdFh8U6
cYF+0QxU5ML+tKLYGwy8zmBnhiWrig9hQhgognmqSRdZ2Fy/MEIsDDwhW9wKpNPH
lGA1lSyK0cwpDLuVFx3xusTzOOOv8q/YCc6M3zYik35t26OyNXwRDN/Id7/ipQX/
4BiIxw0CD6rqH5w0+WYCBJzDh8jm0qXGO598Rgdfc2MNYuAKFlUnML6Kr3QhMhi0
BN+6nyMCX0tQLtNKMS5aCD7LRlcsnZM+b+voYO5gnGMSG0AkUbptxO8wPY4EmqOU
vJSdNpgMg8CfKtP+CPue64ZyHFOAwGzm7SLVeteAhulE
-----END CERTIFICATE-----