Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/DH2KmHptf0XCrxVYDl8SWJ6n_OU.roa
File:                     DH2KmHptf0XCrxVYDl8SWJ6n_OU.roa (raw, json)
Hash identifier:          1p3/Uw0Hzg9UQAF7EIOu+m40aaRU5MBeT7UYxTAJl5M=
Subject key identifier:   0C:7D:8A:98:7A:6D:7F:45:C2:AF:15:58:0E:5F:12:58:9E:A7:FC:E5
Certificate issuer:       /CN=0692c5f16313653425bc467105875e3a297cff9b
Certificate serial:       01942067F7552F012B23A757D2ECF0787400
Authority key identifier: 06:92:C5:F1:63:13:65:34:25:BC:46:71:05:87:5E:3A:29:7C:FF:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BpLF8WMTZTQlvEZxBYdeOil8_5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/DH2KmHptf0XCrxVYDl8SWJ6n_OU.roa
Signing time:             Wed 01 Jan 2025 05:47:51 +0000
ROA not before:           Wed 01 Jan 2025 05:47:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198981
IP address blocks:        77.91.97.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/BpLF8WMTZTQlvEZxBYdeOil8_5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/BpLF8WMTZTQlvEZxBYdeOil8_5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BpLF8WMTZTQlvEZxBYdeOil8_5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:f7:55:2f:01:2b:23:a7:57:d2:ec:f0:78:74:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0692c5f16313653425bc467105875e3a297cff9b
        Validity
            Not Before: Jan  1 05:47:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0c7d8a987a6d7f45c2af15580e5f12589ea7fce5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:26:dd:7d:54:22:2a:4b:6a:41:6c:08:97:d4:
                    a3:4e:cb:4f:63:dd:fe:67:0c:93:b3:a6:e4:be:30:
                    f8:99:6f:34:ae:35:73:a5:81:cb:53:b1:9f:7d:5f:
                    81:05:2c:ab:42:7c:8a:44:3c:99:c6:ef:ef:39:03:
                    ed:75:f0:ea:6c:c2:3e:47:2b:1d:2e:ca:8b:51:56:
                    87:91:b4:b1:75:9b:b1:1b:c7:14:88:42:f9:32:8a:
                    15:bf:9e:1a:79:a4:71:e4:47:e4:26:21:de:2c:0f:
                    85:2f:f5:6e:ad:b2:09:02:75:34:c7:96:dd:56:10:
                    a8:80:55:bf:f3:72:f9:d9:ad:fe:9c:7e:f5:a5:a4:
                    5f:dc:57:97:51:12:19:e3:46:68:8f:1e:47:c6:54:
                    f4:3f:c5:ed:e2:5d:48:f5:fa:3a:76:4e:53:cc:c2:
                    99:ab:3e:cb:27:24:32:cf:af:e8:e5:81:98:3e:96:
                    06:18:a8:41:2d:86:ec:99:9e:38:ac:81:a9:1f:4a:
                    b0:94:77:72:50:74:69:9c:ef:c1:51:3d:eb:7e:e6:
                    ee:d7:b2:a6:30:e7:44:45:28:80:b8:eb:a0:9c:3c:
                    6f:a3:5e:8b:b6:af:4e:10:33:47:c2:d6:67:ca:a1:
                    3d:2e:fe:6a:70:28:97:f7:f2:78:fe:9c:94:3c:18:
                    34:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:7D:8A:98:7A:6D:7F:45:C2:AF:15:58:0E:5F:12:58:9E:A7:FC:E5
            X509v3 Authority Key Identifier:
                keyid:06:92:C5:F1:63:13:65:34:25:BC:46:71:05:87:5E:3A:29:7C:FF:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BpLF8WMTZTQlvEZxBYdeOil8_5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/DH2KmHptf0XCrxVYDl8SWJ6n_OU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/BpLF8WMTZTQlvEZxBYdeOil8_5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.91.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:ec:a7:3c:fb:09:99:64:f5:12:c3:ac:15:19:c8:2c:d1:c8:
         e7:e5:96:6d:8f:5c:96:02:10:db:67:ad:af:9e:9c:5e:21:6d:
         4d:fe:ef:6f:17:4d:d4:58:90:48:7e:ca:6a:0a:96:82:c2:b5:
         7c:23:90:3a:e2:f2:ba:56:fd:a6:27:0d:3b:bc:9d:04:ce:cc:
         9c:2f:87:d4:22:e2:5e:95:0d:b7:06:5a:e4:b6:d0:b1:12:17:
         9f:b5:5b:dd:0e:dd:42:da:5f:a9:fe:f0:ab:5d:f4:46:ca:7e:
         ed:ce:64:56:4f:98:a0:7a:61:f9:96:cc:5f:c9:08:71:60:6c:
         a8:84:95:92:a6:b4:ad:66:ae:1f:4c:32:31:cf:a4:59:e2:47:
         9c:32:1e:ac:16:e8:b9:51:dd:19:0c:d5:25:a1:9b:8d:69:5f:
         55:06:88:6e:f4:fc:43:fd:89:ca:93:90:db:b6:98:1b:4d:9f:
         bd:88:c2:f3:c9:66:96:0c:8c:11:bd:5c:4a:69:14:ea:2a:9e:
         8b:43:1e:a5:ba:a5:ac:7b:45:58:74:61:cc:44:ab:d4:cc:3f:
         35:a3:5a:25:16:03:dc:3c:86:a5:14:da:83:53:5e:35:6f:f5:
         53:a8:a9:90:76:a4:ae:aa:35:92:dd:79:a4:ee:b2:09:e5:1b:
         60:8c:1e:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgZ/dVLwErI6dX0uzweHQAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2OTJjNWYxNjMxMzY1MzQyNWJjNDY3MTA1ODc1ZTNhMjk3
Y2ZmOWIwHhcNMjUwMTAxMDU0NzUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzdkOGE5ODdhNmQ3ZjQ1YzJhZjE1NTgwZTVmMTI1ODllYTdmY2U1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwibdfVQiKktqQWwIl9SjTstPY93+
ZwyTs6bkvjD4mW80rjVzpYHLU7GffV+BBSyrQnyKRDyZxu/vOQPtdfDqbMI+Rysd
LsqLUVaHkbSxdZuxG8cUiEL5MooVv54aeaRx5EfkJiHeLA+FL/VurbIJAnU0x5bd
VhCogFW/83L52a3+nH71paRf3FeXURIZ40Zojx5HxlT0P8Xt4l1I9fo6dk5TzMKZ
qz7LJyQyz6/o5YGYPpYGGKhBLYbsmZ44rIGpH0qwlHdyUHRpnO/BUT3rfubu17Km
MOdERSiAuOugnDxvo16Ltq9OEDNHwtZnyqE9Lv5qcCiX9/J4/pyUPBg0YQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAx9iph6bX9Fwq8VWA5fEliep/zlMB8GA1UdIwQY
MBaAFAaSxfFjE2U0JbxGcQWHXjopfP+bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnBMRjhXTVRaVFFsdkVaeEJZZGVPaWw4XzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS83Nzk5MjgtODgxYy00MzNhLWIyNDMt
YzlmNTdlOTU5ZWYxLzEvREgyS21IcHRmMFhDcnhWWURsOFNXSjZuX09VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS83Nzk5MjgtODgxYy00MzNhLWIyNDMtYzlmNTdlOTU5ZWYx
LzEvQnBMRjhXTVRaVFFsdkVaeEJZZGVPaWw4XzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVthMA0G
CSqGSIb3DQEBCwUAA4IBAQBy7Kc8+wmZZPUSw6wVGcgs0cjn5ZZtj1yWAhDbZ62v
npxeIW1N/u9vF03UWJBIfspqCpaCwrV8I5A64vK6Vv2mJw07vJ0EzsycL4fUIuJe
lQ23BlrkttCxEheftVvdDt1C2l+p/vCrXfRGyn7tzmRWT5igemH5lsxfyQhxYGyo
hJWSprStZq4fTDIxz6RZ4kecMh6sFui5Ud0ZDNUloZuNaV9VBohu9PxD/YnKk5Db
tpgbTZ+9iMLzyWaWDIwRvVxKaRTqKp6LQx6luqWse0VYdGHMRKvUzD81o1olFgPc
PIalFNqDU141b/VTqKmQdqSuqjWS3Xmk7rIJ5RtgjB64
-----END CERTIFICATE-----