Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/5snQ2bvtuvJ0GupoEaTVp05p-l0.roa
File:                     5snQ2bvtuvJ0GupoEaTVp05p-l0.roa (raw, json)
Hash identifier:          Xq+IHg4+ouiSv4IImcJhzh9sG32HYOmMO1T7eSkASUo=
Subject key identifier:   E6:C9:D0:D9:BB:ED:BA:F2:74:1A:EA:68:11:A4:D5:A7:4E:69:FA:5D
Certificate issuer:       /CN=0692c5f16313653425bc467105875e3a297cff9b
Certificate serial:       018CE0A0DE28AFF966C86215D536C4AD9387
Authority key identifier: 06:92:C5:F1:63:13:65:34:25:BC:46:71:05:87:5E:3A:29:7C:FF:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BpLF8WMTZTQlvEZxBYdeOil8_5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/5snQ2bvtuvJ0GupoEaTVp05p-l0.roa
Signing time:             Sat 06 Jan 2024 21:14:48 +0000
ROA not before:           Sat 06 Jan 2024 21:14:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49418
IP address blocks:        77.91.97.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/BpLF8WMTZTQlvEZxBYdeOil8_5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/BpLF8WMTZTQlvEZxBYdeOil8_5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BpLF8WMTZTQlvEZxBYdeOil8_5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:e0:a0:de:28:af:f9:66:c8:62:15:d5:36:c4:ad:93:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0692c5f16313653425bc467105875e3a297cff9b
        Validity
            Not Before: Jan  6 21:14:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e6c9d0d9bbedbaf2741aea6811a4d5a74e69fa5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:2d:4a:1b:0e:15:86:96:d9:68:d8:ae:22:ea:
                    38:c4:23:5e:e3:04:62:ab:a7:9c:08:ed:aa:44:2d:
                    8e:ba:75:5b:7f:3a:75:7a:26:2e:48:4c:38:ab:55:
                    88:7c:95:1c:f3:94:db:e2:40:09:1a:3b:a1:34:c8:
                    75:fd:f3:eb:b1:69:f0:ab:29:aa:d2:f1:b1:43:6b:
                    0c:23:d8:e3:c6:a3:62:e7:65:07:47:08:d0:ff:e5:
                    8d:3d:c4:d7:53:88:5c:cd:54:93:cf:c9:8d:fa:6e:
                    99:29:8f:ff:c8:51:71:54:ce:a6:2e:6b:90:0b:95:
                    70:99:58:4c:6e:e5:ca:4e:ca:f5:aa:6a:8b:61:67:
                    11:60:de:57:ed:39:fa:e0:e3:01:87:d0:d9:9f:06:
                    7f:ea:0d:f8:78:2a:a8:45:67:4a:cd:dd:ac:01:1e:
                    fc:e4:af:c4:bd:a5:e2:c6:f5:f7:c1:8d:84:9e:4d:
                    f1:4d:2f:71:3f:9e:2d:20:69:95:68:fa:a5:31:4f:
                    30:88:61:bb:9e:68:46:9f:c4:36:54:87:9a:2d:c2:
                    6a:51:1a:50:ca:cf:aa:0a:45:47:51:b4:05:ec:1d:
                    42:36:a9:6b:87:69:42:54:74:91:44:55:36:57:39:
                    ca:1d:36:bf:c9:e2:84:92:2d:e0:d2:0a:c7:06:53:
                    6f:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:C9:D0:D9:BB:ED:BA:F2:74:1A:EA:68:11:A4:D5:A7:4E:69:FA:5D
            X509v3 Authority Key Identifier:
                keyid:06:92:C5:F1:63:13:65:34:25:BC:46:71:05:87:5E:3A:29:7C:FF:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BpLF8WMTZTQlvEZxBYdeOil8_5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/5snQ2bvtuvJ0GupoEaTVp05p-l0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/BpLF8WMTZTQlvEZxBYdeOil8_5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.91.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:af:8b:d1:b8:90:00:83:1c:67:80:5c:69:c8:2b:ac:65:39:
         0b:f7:84:71:2e:2e:ca:6f:7e:ce:52:6f:07:47:b8:95:8e:6f:
         fa:01:10:a6:54:08:83:77:76:6f:63:c8:a5:58:30:1c:6b:f1:
         62:8a:6a:d6:68:09:11:43:63:65:40:14:c8:60:c4:21:b6:1e:
         24:04:2b:d6:ae:39:e2:c9:6e:15:95:ae:90:17:7e:d6:eb:e9:
         dd:65:da:2a:57:85:e0:75:ae:b0:f3:e8:cb:bd:5d:fc:70:9e:
         e5:b2:07:a5:cc:02:6f:92:0c:0c:3e:af:ad:1f:82:10:da:1b:
         64:66:ab:f0:39:a1:c4:8c:4a:b0:a2:53:20:3d:37:c3:f1:41:
         37:25:d6:35:cd:c7:10:f4:a7:6c:78:8d:d7:db:b1:db:e1:c1:
         7d:f4:7a:a5:aa:08:78:c3:25:47:12:ea:a8:2c:48:1e:86:91:
         c6:31:05:1a:33:48:75:32:87:01:6e:70:30:30:39:1e:54:f4:
         29:2e:96:0a:ec:72:93:01:ff:a8:0a:05:5f:0f:32:c2:de:39:
         52:23:f9:87:f9:6f:a0:39:49:77:cb:55:66:d9:f6:39:88:aa:
         ac:ff:fb:61:3c:6b:74:51:04:c6:f5:ac:4b:f9:46:83:de:2d:
         19:a9:ee:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzgoN4or/lmyGIV1TbErZOHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2OTJjNWYxNjMxMzY1MzQyNWJjNDY3MTA1ODc1ZTNhMjk3
Y2ZmOWIwHhcNMjQwMTA2MjExNDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmM5ZDBkOWJiZWRiYWYyNzQxYWVhNjgxMWE0ZDVhNzRlNjlmYTVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiy1KGw4VhpbZaNiuIuo4xCNe4wRi
q6ecCO2qRC2OunVbfzp1eiYuSEw4q1WIfJUc85Tb4kAJGjuhNMh1/fPrsWnwqymq
0vGxQ2sMI9jjxqNi52UHRwjQ/+WNPcTXU4hczVSTz8mN+m6ZKY//yFFxVM6mLmuQ
C5VwmVhMbuXKTsr1qmqLYWcRYN5X7Tn64OMBh9DZnwZ/6g34eCqoRWdKzd2sAR78
5K/EvaXixvX3wY2Enk3xTS9xP54tIGmVaPqlMU8wiGG7nmhGn8Q2VIeaLcJqURpQ
ys+qCkVHUbQF7B1CNqlrh2lCVHSRRFU2VznKHTa/yeKEki3g0grHBlNvEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFObJ0Nm77brydBrqaBGk1adOafpdMB8GA1UdIwQY
MBaAFAaSxfFjE2U0JbxGcQWHXjopfP+bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnBMRjhXTVRaVFFsdkVaeEJZZGVPaWw4XzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS83Nzk5MjgtODgxYy00MzNhLWIyNDMt
YzlmNTdlOTU5ZWYxLzEvNXNuUTJidnR1dkowR3Vwb0VhVFZwMDVwLWwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS83Nzk5MjgtODgxYy00MzNhLWIyNDMtYzlmNTdlOTU5ZWYx
LzEvQnBMRjhXTVRaVFFsdkVaeEJZZGVPaWw4XzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVthMA0G
CSqGSIb3DQEBCwUAA4IBAQA6r4vRuJAAgxxngFxpyCusZTkL94RxLi7Kb37OUm8H
R7iVjm/6ARCmVAiDd3ZvY8ilWDAca/FiimrWaAkRQ2NlQBTIYMQhth4kBCvWrjni
yW4Vla6QF37W6+ndZdoqV4Xgda6w8+jLvV38cJ7lsgelzAJvkgwMPq+tH4IQ2htk
ZqvwOaHEjEqwolMgPTfD8UE3JdY1zccQ9KdseI3X27Hb4cF99Hqlqgh4wyVHEuqo
LEgehpHGMQUaM0h1MocBbnAwMDkeVPQpLpYK7HKTAf+oCgVfDzLC3jlSI/mH+W+g
OUl3y1Vm2fY5iKqs//thPGt0UQTG9axL+UaD3i0Zqe5c
-----END CERTIFICATE-----