Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/tDxlBH-DDZgtG0zJy2G6PHAbzls.roa
File:                     tDxlBH-DDZgtG0zJy2G6PHAbzls.roa (raw, json)
Hash identifier:          eX/80te6QzpQYaHEfOPHnfYxHSPmCZpLgJwfMxGGVwg=
Subject key identifier:   B4:3C:65:04:7F:83:0D:98:2D:1B:4C:C9:CB:61:BA:3C:70:1B:CE:5B
Certificate issuer:       /CN=0692c5f16313653425bc467105875e3a297cff9b
Certificate serial:       0190B20D9A4290871FB53D6B7862EBAA955D
Authority key identifier: 06:92:C5:F1:63:13:65:34:25:BC:46:71:05:87:5E:3A:29:7C:FF:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BpLF8WMTZTQlvEZxBYdeOil8_5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/tDxlBH-DDZgtG0zJy2G6PHAbzls.roa
Signing time:             Sun 14 Jul 2024 16:22:34 +0000
ROA not before:           Sun 14 Jul 2024 16:22:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215590
IP address blocks:        77.91.97.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/BpLF8WMTZTQlvEZxBYdeOil8_5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/BpLF8WMTZTQlvEZxBYdeOil8_5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BpLF8WMTZTQlvEZxBYdeOil8_5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:b2:0d:9a:42:90:87:1f:b5:3d:6b:78:62:eb:aa:95:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0692c5f16313653425bc467105875e3a297cff9b
        Validity
            Not Before: Jul 14 16:22:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b43c65047f830d982d1b4cc9cb61ba3c701bce5b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:c5:f3:23:26:3e:87:6d:ab:e6:f1:46:03:51:
                    e1:ab:1c:95:88:e9:02:33:6e:23:4f:cd:e8:8c:14:
                    68:46:18:7d:49:d2:cb:42:49:de:0c:71:d4:48:5d:
                    17:57:cd:7a:aa:40:60:1c:07:f5:76:3c:bb:b1:4a:
                    9b:42:d5:21:2b:32:3e:45:79:6c:fe:10:34:68:70:
                    39:9d:d9:48:b5:63:12:94:7c:9f:5c:1b:09:a9:b5:
                    a8:c2:de:ff:38:bb:11:a4:c6:41:e5:f5:83:8c:a0:
                    9f:98:0c:0e:20:05:df:c8:42:64:c0:cb:b5:59:a7:
                    ec:df:7f:be:d4:67:1e:51:55:0a:2d:60:a8:e5:a8:
                    24:1b:a5:af:c8:c7:a4:02:9a:d4:d0:82:76:a9:ad:
                    4c:ad:bf:32:a6:01:39:8b:34:b4:df:73:f2:cb:83:
                    4b:fc:eb:0e:a0:2c:37:af:b0:d0:11:6f:d2:c2:38:
                    55:75:fe:59:34:35:bd:28:f0:53:78:fc:c0:de:e6:
                    6e:70:1e:79:27:44:40:b3:00:c5:fa:0d:80:b5:9f:
                    87:81:f9:9c:ab:03:f1:07:8d:22:62:92:5f:f6:c5:
                    cc:f9:00:8a:9f:c6:df:10:4a:3c:a7:61:10:79:c4:
                    27:ea:48:7b:08:df:6e:d8:5f:59:e9:6f:d8:60:33:
                    a3:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:3C:65:04:7F:83:0D:98:2D:1B:4C:C9:CB:61:BA:3C:70:1B:CE:5B
            X509v3 Authority Key Identifier:
                keyid:06:92:C5:F1:63:13:65:34:25:BC:46:71:05:87:5E:3A:29:7C:FF:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BpLF8WMTZTQlvEZxBYdeOil8_5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/tDxlBH-DDZgtG0zJy2G6PHAbzls.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/BpLF8WMTZTQlvEZxBYdeOil8_5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.91.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:01:2b:0f:f8:26:2d:17:f2:51:11:cb:5d:15:7e:c9:c0:92:
         e3:10:6a:c9:0f:51:a6:4e:6b:b2:f0:3f:26:a4:ea:39:89:77:
         5a:d1:2f:55:cc:15:d8:b8:2a:02:bb:69:52:79:d1:81:8e:ab:
         4b:2f:f4:64:b4:75:9e:2a:7f:f7:8d:53:3a:83:f0:70:65:1f:
         4b:a7:06:cd:0e:45:15:06:6d:32:f6:67:a2:a3:12:a0:75:09:
         f8:18:04:2f:f2:f5:d9:d3:7e:6e:ca:e1:4c:fe:2a:92:65:81:
         5c:a0:53:99:35:e9:94:7c:79:d0:6f:5d:93:65:76:b9:3b:ef:
         6e:9c:03:46:bf:18:41:bc:bb:e9:83:49:db:04:de:a0:92:07:
         37:3b:c9:0f:88:58:79:ca:26:cd:54:6e:a5:9c:71:15:69:59:
         8e:7f:8a:3e:cd:8f:b5:10:d2:16:f5:1b:83:39:c0:35:f4:ec:
         bc:93:16:a7:60:25:67:46:b7:e4:4d:ba:d6:50:52:e8:a2:df:
         6d:b5:5c:cf:a7:d5:6f:5f:16:24:e2:ec:56:6e:b9:e7:b7:89:
         07:be:03:7c:fe:e5:3c:20:b1:5a:36:6c:98:ab:90:80:ce:e7:
         e2:a8:69:25:ec:f0:82:7a:13:6f:8d:55:7a:13:56:89:d0:42:
         1e:75:86:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZCyDZpCkIcftT1reGLrqpVdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2OTJjNWYxNjMxMzY1MzQyNWJjNDY3MTA1ODc1ZTNhMjk3
Y2ZmOWIwHhcNMjQwNzE0MTYyMjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDNjNjUwNDdmODMwZDk4MmQxYjRjYzljYjYxYmEzYzcwMWJjZTViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAusXzIyY+h22r5vFGA1HhqxyViOkC
M24jT83ojBRoRhh9SdLLQkneDHHUSF0XV816qkBgHAf1djy7sUqbQtUhKzI+RXls
/hA0aHA5ndlItWMSlHyfXBsJqbWowt7/OLsRpMZB5fWDjKCfmAwOIAXfyEJkwMu1
Wafs33++1GceUVUKLWCo5agkG6WvyMekAprU0IJ2qa1Mrb8ypgE5izS033Pyy4NL
/OsOoCw3r7DQEW/SwjhVdf5ZNDW9KPBTePzA3uZucB55J0RAswDF+g2AtZ+Hgfmc
qwPxB40iYpJf9sXM+QCKn8bfEEo8p2EQecQn6kh7CN9u2F9Z6W/YYDOjlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLQ8ZQR/gw2YLRtMycthujxwG85bMB8GA1UdIwQY
MBaAFAaSxfFjE2U0JbxGcQWHXjopfP+bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnBMRjhXTVRaVFFsdkVaeEJZZGVPaWw4XzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS83Nzk5MjgtODgxYy00MzNhLWIyNDMt
YzlmNTdlOTU5ZWYxLzEvdER4bEJILUREWmd0RzB6SnkyRzZQSEFiemxzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS83Nzk5MjgtODgxYy00MzNhLWIyNDMtYzlmNTdlOTU5ZWYx
LzEvQnBMRjhXTVRaVFFsdkVaeEJZZGVPaWw4XzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVthMA0G
CSqGSIb3DQEBCwUAA4IBAQBkASsP+CYtF/JREctdFX7JwJLjEGrJD1GmTmuy8D8m
pOo5iXda0S9VzBXYuCoCu2lSedGBjqtLL/RktHWeKn/3jVM6g/BwZR9LpwbNDkUV
Bm0y9meioxKgdQn4GAQv8vXZ035uyuFM/iqSZYFcoFOZNemUfHnQb12TZXa5O+9u
nANGvxhBvLvpg0nbBN6gkgc3O8kPiFh5yibNVG6lnHEVaVmOf4o+zY+1ENIW9RuD
OcA19Oy8kxanYCVnRrfkTbrWUFLoot9ttVzPp9VvXxYk4uxWbrnnt4kHvgN8/uU8
ILFaNmyYq5CAzufiqGkl7PCCehNvjVV6E1aJ0EIedYa+
-----END CERTIFICATE-----