Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/Qgkw5GtNRcsOFSShf-z0xF_tI6I.roa
File:                     Qgkw5GtNRcsOFSShf-z0xF_tI6I.roa (raw, json)
Hash identifier:          mZ0NWqp/jNCXFtNZo5WbQ6xy8wKTYFTecNdM8OwQcds=
Subject key identifier:   42:09:30:E4:6B:4D:45:CB:0E:15:24:A1:7F:EC:F4:C4:5F:ED:23:A2
Certificate issuer:       /CN=0692c5f16313653425bc467105875e3a297cff9b
Certificate serial:       01942067F3B53E125E71A230529A60037D35
Authority key identifier: 06:92:C5:F1:63:13:65:34:25:BC:46:71:05:87:5E:3A:29:7C:FF:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BpLF8WMTZTQlvEZxBYdeOil8_5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/Qgkw5GtNRcsOFSShf-z0xF_tI6I.roa
Signing time:             Wed 01 Jan 2025 05:47:50 +0000
ROA not before:           Wed 01 Jan 2025 05:47:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30344
IP address blocks:        77.91.126.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/BpLF8WMTZTQlvEZxBYdeOil8_5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/BpLF8WMTZTQlvEZxBYdeOil8_5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BpLF8WMTZTQlvEZxBYdeOil8_5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:f3:b5:3e:12:5e:71:a2:30:52:9a:60:03:7d:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0692c5f16313653425bc467105875e3a297cff9b
        Validity
            Not Before: Jan  1 05:47:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=420930e46b4d45cb0e1524a17fecf4c45fed23a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:2b:d2:ee:c0:55:02:f1:75:28:ee:4e:03:4b:
                    3b:95:c4:ed:2b:76:93:a4:09:ee:d4:28:78:ec:d6:
                    69:8a:2c:ec:7a:d4:69:39:54:c1:32:41:47:58:e0:
                    ea:2a:06:11:ef:d5:83:aa:0f:36:38:83:c1:31:d3:
                    ac:f0:35:d5:00:e2:98:c4:9d:68:ee:e0:5f:af:f8:
                    55:c9:3c:a9:e2:72:b8:0b:6e:ac:0a:0d:51:48:0f:
                    02:e0:69:fa:07:f1:47:44:54:4a:65:a0:52:6f:1c:
                    62:08:44:5f:a3:5a:f8:6f:18:07:f6:3c:a7:66:67:
                    e4:7a:3d:36:0c:8a:8e:c6:08:34:67:f7:41:c6:f3:
                    a5:92:bd:8e:75:a2:d9:6a:34:65:4a:57:e4:1e:73:
                    3b:f7:76:44:d7:0e:8d:4d:e9:b8:9a:2e:67:41:20:
                    c8:dd:94:b9:a1:4f:38:06:91:5a:c3:0d:cc:b3:7d:
                    ea:46:59:ad:d7:19:ba:1e:c2:7e:7e:57:1b:b3:5f:
                    98:ba:bb:f7:e2:f6:dc:d0:20:2a:51:65:6a:d4:09:
                    cd:e3:0c:31:b1:3c:f5:dc:4a:bc:28:f3:bb:24:37:
                    4e:75:cf:d8:c2:5d:af:ad:4f:36:84:3a:44:a4:25:
                    99:a9:70:22:a0:ec:1c:31:8f:f3:e3:6d:37:78:f5:
                    5e:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:09:30:E4:6B:4D:45:CB:0E:15:24:A1:7F:EC:F4:C4:5F:ED:23:A2
            X509v3 Authority Key Identifier:
                keyid:06:92:C5:F1:63:13:65:34:25:BC:46:71:05:87:5E:3A:29:7C:FF:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BpLF8WMTZTQlvEZxBYdeOil8_5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/Qgkw5GtNRcsOFSShf-z0xF_tI6I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/BpLF8WMTZTQlvEZxBYdeOil8_5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.91.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:96:89:3a:ee:ba:89:53:78:f9:ad:ca:36:54:2c:94:ae:67:
         41:bd:d7:7a:c5:bc:ba:dc:4f:b6:39:b6:06:5a:d9:69:85:12:
         2f:21:f0:d3:0a:e0:7d:d1:a7:b6:3d:c7:6b:6e:9f:63:c9:e2:
         22:2c:63:8a:86:c0:59:95:b5:95:bc:35:5e:42:2c:f9:6f:4a:
         21:dd:8a:3c:51:78:b2:d7:be:ad:84:be:c6:f9:e7:a7:04:43:
         15:e3:b6:25:5d:1f:e7:76:d8:b3:35:9d:78:eb:1d:7f:0f:f5:
         3e:2f:2b:62:ca:db:05:a7:7e:57:93:5b:58:0f:81:a4:f6:f7:
         ef:7c:df:d3:af:25:82:50:63:40:d5:a8:f8:49:ca:b5:13:fe:
         69:23:ad:c9:d9:b3:dc:e3:e5:1a:6c:4a:98:4f:36:13:4e:65:
         64:ba:a3:71:f0:d8:48:5e:d7:ae:e9:bc:a7:b1:f8:ba:71:0e:
         3a:57:91:eb:d9:39:21:f5:b3:7c:ee:48:34:a6:d1:cb:fc:e2:
         fe:ca:37:82:6b:75:f7:33:cc:fe:60:8c:da:cb:e7:26:0f:2d:
         cf:58:5e:7c:a0:6b:f5:3d:a6:4f:d6:e2:69:86:f7:13:0a:81:
         05:51:b2:1c:b1:d2:b9:08:c1:24:5d:c3:be:4a:12:e4:16:83:
         89:17:f8:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgZ/O1PhJecaIwUppgA301MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2OTJjNWYxNjMxMzY1MzQyNWJjNDY3MTA1ODc1ZTNhMjk3
Y2ZmOWIwHhcNMjUwMTAxMDU0NzUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjA5MzBlNDZiNGQ0NWNiMGUxNTI0YTE3ZmVjZjRjNDVmZWQyM2EyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsCvS7sBVAvF1KO5OA0s7lcTtK3aT
pAnu1Ch47NZpiizsetRpOVTBMkFHWODqKgYR79WDqg82OIPBMdOs8DXVAOKYxJ1o
7uBfr/hVyTyp4nK4C26sCg1RSA8C4Gn6B/FHRFRKZaBSbxxiCERfo1r4bxgH9jyn
Zmfkej02DIqOxgg0Z/dBxvOlkr2OdaLZajRlSlfkHnM793ZE1w6NTem4mi5nQSDI
3ZS5oU84BpFaww3Ms33qRlmt1xm6HsJ+flcbs1+Yurv34vbc0CAqUWVq1AnN4wwx
sTz13Eq8KPO7JDdOdc/Ywl2vrU82hDpEpCWZqXAioOwcMY/z4203ePVeiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEIJMORrTUXLDhUkoX/s9MRf7SOiMB8GA1UdIwQY
MBaAFAaSxfFjE2U0JbxGcQWHXjopfP+bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnBMRjhXTVRaVFFsdkVaeEJZZGVPaWw4XzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS83Nzk5MjgtODgxYy00MzNhLWIyNDMt
YzlmNTdlOTU5ZWYxLzEvUWdrdzVHdE5SY3NPRlNTaGYtejB4Rl90STZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS83Nzk5MjgtODgxYy00MzNhLWIyNDMtYzlmNTdlOTU5ZWYx
LzEvQnBMRjhXTVRaVFFsdkVaeEJZZGVPaWw4XzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVt+MA0G
CSqGSIb3DQEBCwUAA4IBAQCPlok67rqJU3j5rco2VCyUrmdBvdd6xby63E+2ObYG
WtlphRIvIfDTCuB90ae2Pcdrbp9jyeIiLGOKhsBZlbWVvDVeQiz5b0oh3Yo8UXiy
176thL7G+eenBEMV47YlXR/ndtizNZ146x1/D/U+LytiytsFp35Xk1tYD4Gk9vfv
fN/TryWCUGNA1aj4Scq1E/5pI63J2bPc4+UabEqYTzYTTmVkuqNx8NhIXteu6byn
sfi6cQ46V5Hr2Tkh9bN87kg0ptHL/OL+yjeCa3X3M8z+YIzay+cmDy3PWF58oGv1
PaZP1uJphvcTCoEFUbIcsdK5CMEkXcO+ShLkFoOJF/j7
-----END CERTIFICATE-----