Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/1AOr8Dhfja5s-fmm2_g_oSFTVq0.roa
File:                     1AOr8Dhfja5s-fmm2_g_oSFTVq0.roa (raw, json)
Hash identifier:          mvIzno7Foy3Vj205ExDVYIyG2MXNNEBi7P8jTZAs8ig=
Subject key identifier:   D4:03:AB:F0:38:5F:8D:AE:6C:F9:F9:A6:DB:F8:3F:A1:21:53:56:AD
Certificate issuer:       /CN=0692c5f16313653425bc467105875e3a297cff9b
Certificate serial:       018CCA2A8FD300B5A5787A0C3BDA214E92BD
Authority key identifier: 06:92:C5:F1:63:13:65:34:25:BC:46:71:05:87:5E:3A:29:7C:FF:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BpLF8WMTZTQlvEZxBYdeOil8_5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/1AOr8Dhfja5s-fmm2_g_oSFTVq0.roa
Signing time:             Tue 02 Jan 2024 12:33:56 +0000
ROA not before:           Tue 02 Jan 2024 12:33:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30344
IP address blocks:        77.91.126.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/BpLF8WMTZTQlvEZxBYdeOil8_5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/BpLF8WMTZTQlvEZxBYdeOil8_5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BpLF8WMTZTQlvEZxBYdeOil8_5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:8f:d3:00:b5:a5:78:7a:0c:3b:da:21:4e:92:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0692c5f16313653425bc467105875e3a297cff9b
        Validity
            Not Before: Jan  2 12:33:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d403abf0385f8dae6cf9f9a6dbf83fa1215356ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:51:dc:b5:4d:01:e6:29:b1:43:b8:c7:16:a8:
                    82:c5:6e:28:1b:a3:10:ec:0f:04:6d:e1:6c:52:d4:
                    ff:3c:4b:7e:fc:39:f0:8a:c7:55:e5:a9:47:7c:77:
                    32:68:a3:31:c0:90:fd:67:ce:ec:fa:46:fe:d1:9b:
                    a2:7d:70:9c:40:05:29:9b:81:df:60:36:79:ce:8a:
                    c8:77:6a:13:82:7a:43:ca:7c:9b:05:74:20:5b:73:
                    59:11:14:e7:5e:65:41:c9:6b:7a:70:0f:1a:0a:09:
                    c2:c3:13:24:54:32:fb:bc:13:c5:f2:86:62:25:d8:
                    13:18:56:e3:eb:6c:be:d3:e0:94:ca:a5:07:e4:eb:
                    3b:02:e5:65:41:ad:10:f5:0b:e0:14:77:32:41:3f:
                    b7:88:c4:29:3a:29:da:d3:f8:ef:80:f1:9d:8a:5d:
                    d4:5a:5b:08:83:c1:21:e9:d2:26:b4:e1:38:71:de:
                    ab:30:fc:d1:fd:93:67:73:39:96:ea:20:cb:de:f5:
                    54:e7:c7:77:fe:95:ea:e7:ef:d4:b1:c4:1d:cb:83:
                    13:72:30:d4:e5:9b:df:f0:3c:ff:6a:9d:a8:b7:82:
                    c4:ec:55:b9:d0:11:40:31:66:d4:44:99:46:09:fb:
                    c0:2c:2c:2e:aa:1e:6a:85:b9:a7:37:85:e5:4d:1f:
                    fa:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:03:AB:F0:38:5F:8D:AE:6C:F9:F9:A6:DB:F8:3F:A1:21:53:56:AD
            X509v3 Authority Key Identifier:
                keyid:06:92:C5:F1:63:13:65:34:25:BC:46:71:05:87:5E:3A:29:7C:FF:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BpLF8WMTZTQlvEZxBYdeOil8_5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/1AOr8Dhfja5s-fmm2_g_oSFTVq0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/BpLF8WMTZTQlvEZxBYdeOil8_5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.91.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:56:d4:09:66:fb:cf:5f:53:44:33:9e:7b:16:d1:63:00:96:
         d9:9d:dc:df:4c:16:fb:aa:80:5c:78:6a:41:a4:3c:b7:c9:87:
         cb:d8:c6:80:fb:69:c6:8e:34:b1:0c:f3:80:cb:7b:4e:42:69:
         fa:8e:5a:36:a3:8f:bc:d1:21:f3:34:b2:06:ae:f0:08:6c:ab:
         db:b7:d1:43:c0:19:c1:24:a6:47:3b:26:ba:76:3a:7e:2c:26:
         d8:9c:92:a7:ed:44:1c:fb:a2:f3:fd:ee:28:9a:52:10:37:ab:
         36:8a:b9:99:e5:08:2e:64:ce:99:db:54:bc:6e:56:ba:91:20:
         c7:bb:83:e7:11:55:c9:a4:07:9c:41:16:f7:67:b5:93:d5:1c:
         2c:c4:83:f9:bd:79:af:e1:d0:f9:63:f7:f0:b0:cc:31:d2:c9:
         4b:2e:c1:6a:2a:91:ba:a6:ab:f8:38:74:d7:91:88:de:6d:1b:
         22:75:d7:86:9a:2e:76:90:6e:6c:a2:b6:38:22:78:b9:79:92:
         d1:2e:30:12:ad:c5:79:08:91:85:71:e1:56:95:93:c5:7a:c6:
         cc:b5:69:cc:8a:e8:52:a8:c7:50:14:c7:2c:2e:7d:b6:97:46:
         f9:c9:e2:aa:42:84:dc:3d:f4:05:cc:1e:eb:53:a7:d7:94:ec:
         b8:a5:9a:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKo/TALWleHoMO9ohTpK9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2OTJjNWYxNjMxMzY1MzQyNWJjNDY3MTA1ODc1ZTNhMjk3
Y2ZmOWIwHhcNMjQwMTAyMTIzMzU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDAzYWJmMDM4NWY4ZGFlNmNmOWY5YTZkYmY4M2ZhMTIxNTM1NmFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjFHctU0B5imxQ7jHFqiCxW4oG6MQ
7A8EbeFsUtT/PEt+/DnwisdV5alHfHcyaKMxwJD9Z87s+kb+0ZuifXCcQAUpm4Hf
YDZ5zorId2oTgnpDynybBXQgW3NZERTnXmVByWt6cA8aCgnCwxMkVDL7vBPF8oZi
JdgTGFbj62y+0+CUyqUH5Os7AuVlQa0Q9QvgFHcyQT+3iMQpOina0/jvgPGdil3U
WlsIg8Eh6dImtOE4cd6rMPzR/ZNnczmW6iDL3vVU58d3/pXq5+/UscQdy4MTcjDU
5Zvf8Dz/ap2ot4LE7FW50BFAMWbURJlGCfvALCwuqh5qhbmnN4XlTR/6gwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNQDq/A4X42ubPn5ptv4P6EhU1atMB8GA1UdIwQY
MBaAFAaSxfFjE2U0JbxGcQWHXjopfP+bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnBMRjhXTVRaVFFsdkVaeEJZZGVPaWw4XzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS83Nzk5MjgtODgxYy00MzNhLWIyNDMt
YzlmNTdlOTU5ZWYxLzEvMUFPcjhEaGZqYTVzLWZtbTJfZ19vU0ZUVnEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS83Nzk5MjgtODgxYy00MzNhLWIyNDMtYzlmNTdlOTU5ZWYx
LzEvQnBMRjhXTVRaVFFsdkVaeEJZZGVPaWw4XzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVt+MA0G
CSqGSIb3DQEBCwUAA4IBAQBzVtQJZvvPX1NEM557FtFjAJbZndzfTBb7qoBceGpB
pDy3yYfL2MaA+2nGjjSxDPOAy3tOQmn6jlo2o4+80SHzNLIGrvAIbKvbt9FDwBnB
JKZHOya6djp+LCbYnJKn7UQc+6Lz/e4omlIQN6s2irmZ5QguZM6Z21S8bla6kSDH
u4PnEVXJpAecQRb3Z7WT1RwsxIP5vXmv4dD5Y/fwsMwx0slLLsFqKpG6pqv4OHTX
kYjebRsiddeGmi52kG5sorY4Ini5eZLRLjASrcV5CJGFceFWlZPFesbMtWnMiuhS
qMdQFMcsLn22l0b5yeKqQoTcPfQFzB7rU6fXlOy4pZo1
-----END CERTIFICATE-----