Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/pG1ncMNDygRzBrkuCaB_6DRSZ58.roa
File:                     pG1ncMNDygRzBrkuCaB_6DRSZ58.roa (raw, json)
Hash identifier:          11paJD21SqlJhLllY2Hp2XxqTqKTd8JuoCxPszUptz0=
Subject key identifier:   A4:6D:67:70:C3:43:CA:04:73:06:B9:2E:09:A0:7F:E8:34:52:67:9F
Certificate issuer:       /CN=0692c5f16313653425bc467105875e3a297cff9b
Certificate serial:       018CCA2A922BBF325FE834F5AC59F1190663
Authority key identifier: 06:92:C5:F1:63:13:65:34:25:BC:46:71:05:87:5E:3A:29:7C:FF:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BpLF8WMTZTQlvEZxBYdeOil8_5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/pG1ncMNDygRzBrkuCaB_6DRSZ58.roa
Signing time:             Tue 02 Jan 2024 12:33:56 +0000
ROA not before:           Tue 02 Jan 2024 12:33:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203727
IP address blocks:        77.91.124.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/BpLF8WMTZTQlvEZxBYdeOil8_5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/BpLF8WMTZTQlvEZxBYdeOil8_5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BpLF8WMTZTQlvEZxBYdeOil8_5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:92:2b:bf:32:5f:e8:34:f5:ac:59:f1:19:06:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0692c5f16313653425bc467105875e3a297cff9b
        Validity
            Not Before: Jan  2 12:33:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a46d6770c343ca047306b92e09a07fe83452679f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:9c:5a:e8:32:b7:4d:d3:4b:2c:b3:1f:96:d0:
                    4c:62:08:d1:00:b2:56:c8:56:f3:fe:37:a4:04:da:
                    79:0c:6f:79:c3:81:5c:e1:ba:f7:e6:70:44:83:2e:
                    d9:ec:4d:b2:75:fe:0e:9b:e9:6a:b8:ff:a0:f7:82:
                    73:83:e1:69:0c:0a:66:3f:38:5f:be:75:6a:43:04:
                    79:70:a8:df:8f:21:cc:2d:eb:c6:ad:a9:a5:a5:38:
                    5a:f9:11:ae:5f:7a:9d:c5:21:b1:d7:61:76:1e:be:
                    56:83:07:c4:d5:42:87:af:bb:0f:f3:f2:c9:71:a5:
                    10:1f:49:fe:ab:e2:7a:8c:75:22:02:34:86:e9:28:
                    29:98:d4:80:d1:13:a4:eb:d6:d9:88:d3:95:14:9a:
                    ad:d2:67:72:14:02:e4:47:2c:37:c3:71:c3:69:a6:
                    dd:ea:5f:45:c0:ca:e9:89:ee:ec:76:77:52:46:99:
                    24:ef:c3:b6:92:82:93:9b:fe:b9:f7:ef:a5:5b:08:
                    54:45:65:4c:d1:b3:82:e8:a8:4b:2e:1e:1f:4f:0d:
                    cf:a9:1f:05:07:f5:e3:aa:39:e0:7a:d5:fb:89:0e:
                    52:a9:68:87:5d:8e:46:e3:e0:29:46:2f:e9:ab:65:
                    69:95:41:52:e7:08:b7:63:76:5f:87:72:f6:a7:38:
                    fe:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:6D:67:70:C3:43:CA:04:73:06:B9:2E:09:A0:7F:E8:34:52:67:9F
            X509v3 Authority Key Identifier:
                keyid:06:92:C5:F1:63:13:65:34:25:BC:46:71:05:87:5E:3A:29:7C:FF:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BpLF8WMTZTQlvEZxBYdeOil8_5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/pG1ncMNDygRzBrkuCaB_6DRSZ58.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/BpLF8WMTZTQlvEZxBYdeOil8_5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.91.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:fe:d1:68:fa:b3:75:f0:6e:86:67:d2:02:4f:78:0f:15:24:
         9d:2a:86:ec:3a:14:96:1a:fe:e7:98:fb:cc:33:69:4c:35:1e:
         ee:6d:26:6e:61:1c:db:06:81:7e:a9:bb:d4:63:d3:85:8f:40:
         a5:14:c6:60:6e:50:19:d5:04:9f:90:d0:5c:5f:2b:e3:f9:4a:
         2f:50:1f:55:2d:fe:28:40:df:21:74:fe:7a:cb:a8:51:5c:5f:
         ff:4d:8f:d5:53:ff:c9:89:7b:9c:f2:92:07:05:5a:56:f5:59:
         95:17:97:55:9f:c3:f4:8f:07:01:1a:ed:a2:f2:5e:0f:a2:23:
         6e:ec:e8:f9:f7:13:76:c7:34:6b:14:d8:c2:7f:5a:8f:dc:48:
         5f:c5:f5:75:3b:a0:1a:e6:29:68:3e:b2:b6:1b:06:3a:af:4e:
         ab:08:11:f3:48:db:8d:16:61:4a:d6:80:26:c9:8b:4f:0f:05:
         1d:2d:82:15:11:74:35:61:65:f8:51:0e:53:b9:5c:4b:b1:95:
         a0:14:bb:ec:1c:f5:c5:81:dd:62:20:a3:ff:b7:c0:f1:d0:98:
         56:be:d0:0d:1a:fb:9e:dd:3d:19:3a:0e:6f:2a:ae:cf:cc:2f:
         42:ef:9f:81:03:08:9d:7f:f3:03:61:c7:53:17:ac:e6:79:7c:
         74:48:f2:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKpIrvzJf6DT1rFnxGQZjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2OTJjNWYxNjMxMzY1MzQyNWJjNDY3MTA1ODc1ZTNhMjk3
Y2ZmOWIwHhcNMjQwMTAyMTIzMzU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDZkNjc3MGMzNDNjYTA0NzMwNmI5MmUwOWEwN2ZlODM0NTI2NzlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk5xa6DK3TdNLLLMfltBMYgjRALJW
yFbz/jekBNp5DG95w4Fc4br35nBEgy7Z7E2ydf4Om+lquP+g94Jzg+FpDApmPzhf
vnVqQwR5cKjfjyHMLevGramlpTha+RGuX3qdxSGx12F2Hr5WgwfE1UKHr7sP8/LJ
caUQH0n+q+J6jHUiAjSG6SgpmNSA0ROk69bZiNOVFJqt0mdyFALkRyw3w3HDaabd
6l9FwMrpie7sdndSRpkk78O2koKTm/659++lWwhURWVM0bOC6KhLLh4fTw3PqR8F
B/XjqjngetX7iQ5SqWiHXY5G4+ApRi/pq2VplUFS5wi3Y3Zfh3L2pzj+IQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKRtZ3DDQ8oEcwa5Lgmgf+g0UmefMB8GA1UdIwQY
MBaAFAaSxfFjE2U0JbxGcQWHXjopfP+bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnBMRjhXTVRaVFFsdkVaeEJZZGVPaWw4XzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS83Nzk5MjgtODgxYy00MzNhLWIyNDMt
YzlmNTdlOTU5ZWYxLzEvcEcxbmNNTkR5Z1J6QnJrdUNhQl82RFJTWjU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS83Nzk5MjgtODgxYy00MzNhLWIyNDMtYzlmNTdlOTU5ZWYx
LzEvQnBMRjhXTVRaVFFsdkVaeEJZZGVPaWw4XzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVt8MA0G
CSqGSIb3DQEBCwUAA4IBAQAb/tFo+rN18G6GZ9ICT3gPFSSdKobsOhSWGv7nmPvM
M2lMNR7ubSZuYRzbBoF+qbvUY9OFj0ClFMZgblAZ1QSfkNBcXyvj+UovUB9VLf4o
QN8hdP56y6hRXF//TY/VU//JiXuc8pIHBVpW9VmVF5dVn8P0jwcBGu2i8l4PoiNu
7Oj59xN2xzRrFNjCf1qP3EhfxfV1O6Aa5iloPrK2GwY6r06rCBHzSNuNFmFK1oAm
yYtPDwUdLYIVEXQ1YWX4UQ5TuVxLsZWgFLvsHPXFgd1iIKP/t8Dx0JhWvtANGvue
3T0ZOg5vKq7PzC9C75+BAwidf/MDYcdTF6zmeXx0SPJx
-----END CERTIFICATE-----