Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/aoCVuWP-vXvuRmt4v5WexowUv6Q.roa
File:                     aoCVuWP-vXvuRmt4v5WexowUv6Q.roa (raw, json)
Hash identifier:          yUlv2BsDdUDeDITq1D+1s/CE8ndCoaxyVOpzOmoJ6uM=
Subject key identifier:   6A:80:95:B9:63:FE:BD:7B:EE:46:6B:78:BF:95:9E:C6:8C:14:BF:A4
Certificate issuer:       /CN=0692c5f16313653425bc467105875e3a297cff9b
Certificate serial:       018CE09FF41EF125C4A4435A1F5A16634F35
Authority key identifier: 06:92:C5:F1:63:13:65:34:25:BC:46:71:05:87:5E:3A:29:7C:FF:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BpLF8WMTZTQlvEZxBYdeOil8_5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/aoCVuWP-vXvuRmt4v5WexowUv6Q.roa
Signing time:             Sat 06 Jan 2024 21:13:48 +0000
ROA not before:           Sat 06 Jan 2024 21:13:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198981
IP address blocks:        77.91.97.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/BpLF8WMTZTQlvEZxBYdeOil8_5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/BpLF8WMTZTQlvEZxBYdeOil8_5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BpLF8WMTZTQlvEZxBYdeOil8_5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:e0:9f:f4:1e:f1:25:c4:a4:43:5a:1f:5a:16:63:4f:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0692c5f16313653425bc467105875e3a297cff9b
        Validity
            Not Before: Jan  6 21:13:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6a8095b963febd7bee466b78bf959ec68c14bfa4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:d0:88:0e:18:bc:b3:8a:41:28:5f:13:7b:ac:
                    fe:be:75:c5:d1:51:43:9b:84:c8:c6:a5:dd:24:09:
                    b6:f2:0a:ee:f3:45:15:b4:9e:a5:08:db:49:ec:e7:
                    7f:67:03:ac:94:7d:6d:3d:68:2b:29:92:2f:b5:96:
                    94:2d:e0:5f:b3:d4:4d:c2:c4:f4:a6:bc:9c:9a:c1:
                    98:72:fe:b2:1b:e4:c3:31:7b:df:8d:2b:e9:8c:a6:
                    c0:d0:52:3b:fa:bd:67:c0:75:cf:a2:e0:73:cf:26:
                    a5:f3:ad:d9:97:b4:d5:11:19:55:5f:f1:88:e6:2d:
                    7a:0c:c9:df:9f:f7:b6:f8:46:ba:bf:d4:19:b3:7e:
                    60:fe:c0:e8:03:c0:07:87:04:34:1b:70:08:45:19:
                    01:37:76:be:14:76:01:43:07:02:07:67:d3:0a:a5:
                    dd:24:5d:1a:e1:a0:3b:ed:84:82:f3:50:dc:a4:57:
                    f3:50:00:ac:de:a2:26:ed:aa:75:3b:8f:2d:f5:28:
                    98:e9:95:5f:b2:6e:75:1e:e4:fb:f0:33:0e:85:05:
                    92:13:33:2e:5a:95:68:0d:ff:6d:18:61:3b:03:09:
                    9f:9f:28:60:2f:c5:c4:fc:d2:27:0f:0b:67:c6:a1:
                    25:62:fe:b2:68:0a:3a:f0:1e:c9:60:83:9b:03:18:
                    9d:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:80:95:B9:63:FE:BD:7B:EE:46:6B:78:BF:95:9E:C6:8C:14:BF:A4
            X509v3 Authority Key Identifier:
                keyid:06:92:C5:F1:63:13:65:34:25:BC:46:71:05:87:5E:3A:29:7C:FF:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BpLF8WMTZTQlvEZxBYdeOil8_5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/aoCVuWP-vXvuRmt4v5WexowUv6Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/BpLF8WMTZTQlvEZxBYdeOil8_5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.91.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:06:e7:de:10:a3:29:d5:94:06:dc:ea:ba:aa:82:c9:54:5b:
         aa:57:8f:84:30:27:69:2e:20:98:67:a2:34:7e:2f:78:b0:61:
         4a:ab:f0:12:c3:4d:46:4e:0f:e2:e0:f9:d4:4a:c0:2e:2a:df:
         f7:73:2b:53:b3:cb:89:ae:51:4d:2b:3c:3b:b2:fb:52:8e:0f:
         fb:cc:7c:a6:11:bb:da:62:f8:8b:0a:6c:bc:f9:58:4d:dd:da:
         3a:a7:8d:fd:72:86:27:7d:5c:a1:d1:a1:20:a6:7b:55:3e:88:
         bd:52:97:ed:fc:8c:96:31:c3:40:81:be:9b:52:7f:18:83:c8:
         70:fd:72:b1:23:ce:49:f9:db:a8:ae:bc:37:09:d1:68:80:37:
         c2:fd:96:ef:22:56:ba:45:e7:6b:1c:c6:4c:5f:e5:34:c8:b3:
         c3:5d:41:40:13:34:47:22:ec:a5:40:13:b3:e1:69:46:e2:82:
         23:ae:cc:18:7f:1f:e1:7d:2b:62:e6:8a:f2:be:dd:11:b4:d8:
         6c:fb:93:78:8d:ad:5e:d5:2d:3f:4f:8a:c0:e5:12:9d:de:b2:
         d1:b7:0b:c0:de:e2:71:bc:b3:69:e1:65:61:5d:15:d4:e0:14:
         16:95:0c:d6:98:d8:99:6c:8b:83:c9:c5:a7:46:61:94:f8:0f:
         b7:66:86:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzgn/Qe8SXEpENaH1oWY081MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2OTJjNWYxNjMxMzY1MzQyNWJjNDY3MTA1ODc1ZTNhMjk3
Y2ZmOWIwHhcNMjQwMTA2MjExMzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTgwOTViOTYzZmViZDdiZWU0NjZiNzhiZjk1OWVjNjhjMTRiZmE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAidCIDhi8s4pBKF8Te6z+vnXF0VFD
m4TIxqXdJAm28gru80UVtJ6lCNtJ7Od/ZwOslH1tPWgrKZIvtZaULeBfs9RNwsT0
prycmsGYcv6yG+TDMXvfjSvpjKbA0FI7+r1nwHXPouBzzyal863Zl7TVERlVX/GI
5i16DMnfn/e2+Ea6v9QZs35g/sDoA8AHhwQ0G3AIRRkBN3a+FHYBQwcCB2fTCqXd
JF0a4aA77YSC81DcpFfzUACs3qIm7ap1O48t9SiY6ZVfsm51HuT78DMOhQWSEzMu
WpVoDf9tGGE7AwmfnyhgL8XE/NInDwtnxqElYv6yaAo68B7JYIObAxid3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGqAlblj/r177kZreL+VnsaMFL+kMB8GA1UdIwQY
MBaAFAaSxfFjE2U0JbxGcQWHXjopfP+bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnBMRjhXTVRaVFFsdkVaeEJZZGVPaWw4XzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS83Nzk5MjgtODgxYy00MzNhLWIyNDMt
YzlmNTdlOTU5ZWYxLzEvYW9DVnVXUC12WHZ1Um10NHY1V2V4b3dVdjZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS83Nzk5MjgtODgxYy00MzNhLWIyNDMtYzlmNTdlOTU5ZWYx
LzEvQnBMRjhXTVRaVFFsdkVaeEJZZGVPaWw4XzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVthMA0G
CSqGSIb3DQEBCwUAA4IBAQBKBufeEKMp1ZQG3Oq6qoLJVFuqV4+EMCdpLiCYZ6I0
fi94sGFKq/ASw01GTg/i4PnUSsAuKt/3cytTs8uJrlFNKzw7svtSjg/7zHymEbva
YviLCmy8+VhN3do6p439coYnfVyh0aEgpntVPoi9Upft/IyWMcNAgb6bUn8Yg8hw
/XKxI85J+duorrw3CdFogDfC/ZbvIla6RedrHMZMX+U0yLPDXUFAEzRHIuylQBOz
4WlG4oIjrswYfx/hfSti5oryvt0RtNhs+5N4ja1e1S0/T4rA5RKd3rLRtwvA3uJx
vLNp4WVhXRXU4BQWlQzWmNiZbIuDycWnRmGU+A+3ZobH
-----END CERTIFICATE-----