Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/4f3e11-fd0f-4e71-9369-2204ee217280/1/X7b7gGFMEBsA5-B51NSM5FgVJ7U.roa
File:                     X7b7gGFMEBsA5-B51NSM5FgVJ7U.roa (raw, json)
Hash identifier:          NrZL1MxoEVIYudN2635kv2WqI7Wd8EAYluT6ZAx3lD8=
Subject key identifier:   5F:B6:FB:80:61:4C:10:1B:00:E7:E0:79:D4:D4:8C:E4:58:15:27:B5
Certificate issuer:       /CN=77a1eed3ace0fc2f8aa000de687a49befd2791d8
Certificate serial:       018CC348C2E10DAFDAD2F588F1B00D0C7761
Authority key identifier: 77:A1:EE:D3:AC:E0:FC:2F:8A:A0:00:DE:68:7A:49:BE:FD:27:91:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d6Hu06zg_C-KoADeaHpJvv0nkdg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/4f3e11-fd0f-4e71-9369-2204ee217280/1/X7b7gGFMEBsA5-B51NSM5FgVJ7U.roa
Signing time:             Mon 01 Jan 2024 04:29:34 +0000
ROA not before:           Mon 01 Jan 2024 04:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211645
IP address blocks:        91.205.124.0/24 maxlen: 24
                          2a10:41c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/4f3e11-fd0f-4e71-9369-2204ee217280/1/d6Hu06zg_C-KoADeaHpJvv0nkdg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/4f3e11-fd0f-4e71-9369-2204ee217280/1/d6Hu06zg_C-KoADeaHpJvv0nkdg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d6Hu06zg_C-KoADeaHpJvv0nkdg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 19:09:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:c2:e1:0d:af:da:d2:f5:88:f1:b0:0d:0c:77:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77a1eed3ace0fc2f8aa000de687a49befd2791d8
        Validity
            Not Before: Jan  1 04:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5fb6fb80614c101b00e7e079d4d48ce4581527b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:19:93:29:83:30:60:5f:bd:a6:61:7a:a2:fb:
                    3b:59:5a:8b:b6:20:f5:d0:31:f2:76:9b:8f:85:84:
                    6a:01:2e:6e:28:e3:97:b6:07:ec:aa:3e:87:7c:dc:
                    cb:1f:27:6a:c4:60:f9:cf:89:cc:91:4e:c5:6b:fa:
                    16:c9:64:6d:be:ba:9f:ff:e0:a7:d5:06:92:99:bd:
                    25:72:eb:2a:10:11:62:37:1f:87:97:c7:c0:17:80:
                    52:e1:50:21:09:f0:04:be:f6:8c:f2:9a:a6:28:c5:
                    10:94:86:58:ee:59:73:2d:f4:84:c3:ff:51:96:00:
                    28:de:c0:db:12:ff:dd:ca:d3:c5:22:97:a3:00:f7:
                    5c:68:4b:e6:af:37:31:5d:29:81:21:02:96:50:2e:
                    67:97:20:0a:99:6a:1e:01:93:88:18:f4:8e:d1:2a:
                    54:ca:68:8b:e3:ad:39:f6:e0:21:f6:9d:0e:57:44:
                    96:52:58:02:60:50:4a:0a:dc:fb:0c:ee:a1:95:c1:
                    a8:9b:85:7e:b5:05:7f:e6:57:24:2c:c6:c3:45:f0:
                    ea:1a:43:d0:70:64:d0:9a:06:62:f4:3b:32:f1:8f:
                    7c:32:f8:60:91:c1:ed:02:6e:e4:86:f9:8f:08:2e:
                    dc:76:80:5a:00:7a:27:0f:03:84:3e:6d:9d:54:f3:
                    d7:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:B6:FB:80:61:4C:10:1B:00:E7:E0:79:D4:D4:8C:E4:58:15:27:B5
            X509v3 Authority Key Identifier:
                keyid:77:A1:EE:D3:AC:E0:FC:2F:8A:A0:00:DE:68:7A:49:BE:FD:27:91:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6Hu06zg_C-KoADeaHpJvv0nkdg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/4f3e11-fd0f-4e71-9369-2204ee217280/1/X7b7gGFMEBsA5-B51NSM5FgVJ7U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/4f3e11-fd0f-4e71-9369-2204ee217280/1/d6Hu06zg_C-KoADeaHpJvv0nkdg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.205.124.0/24
                IPv6:
                  2a10:41c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         64:9d:e5:cb:87:9b:cb:24:e4:68:bf:7d:43:44:be:85:0c:b8:
         f6:b2:21:68:c0:2f:64:6c:e1:8b:4d:06:11:d5:b1:c0:2d:b6:
         b5:cf:a5:4d:2b:30:83:ba:e3:aa:f7:92:61:0c:47:9a:c3:86:
         87:29:6a:5e:e4:a6:65:cb:41:9e:ff:57:2a:53:fb:de:5c:fb:
         07:2b:87:d7:b4:48:b5:cb:2f:9d:2e:78:51:1a:be:d9:53:46:
         5f:f7:07:97:e7:aa:f7:0f:38:25:3c:94:8d:15:d7:02:3b:b6:
         ec:e8:1a:fb:97:13:ca:e8:3e:dd:f8:be:fe:dd:c3:6d:c1:16:
         5a:6b:f1:71:27:28:dd:39:b6:a4:94:bb:a8:50:2e:60:3e:d7:
         66:53:f8:c3:69:a8:fb:d9:2a:da:7a:12:fb:84:b6:5e:8d:99:
         be:22:aa:e4:ef:7e:07:56:14:c4:75:db:79:bd:78:ff:8d:11:
         93:19:9f:33:09:97:3d:bc:bb:78:61:b8:48:ef:54:02:b2:c5:
         43:3e:3e:07:9b:07:0b:cf:e6:7f:9b:79:14:75:d3:e4:ea:cd:
         c9:ae:39:56:d2:35:c5:d8:7c:03:2f:44:06:1b:70:b5:55:ce:
         d6:06:72:b3:c7:f6:6f:86:05:63:7e:31:74:12:3b:da:87:00:
         84:97:8a:31
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDSMLhDa/a0vWI8bANDHdhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3YTFlZWQzYWNlMGZjMmY4YWEwMDBkZTY4N2E0OWJlZmQy
NzkxZDgwHhcNMjQwMTAxMDQyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmI2ZmI4MDYxNGMxMDFiMDBlN2UwNzlkNGQ0OGNlNDU4MTUyN2I1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlhmTKYMwYF+9pmF6ovs7WVqLtiD1
0DHydpuPhYRqAS5uKOOXtgfsqj6HfNzLHydqxGD5z4nMkU7Fa/oWyWRtvrqf/+Cn
1QaSmb0lcusqEBFiNx+Hl8fAF4BS4VAhCfAEvvaM8pqmKMUQlIZY7llzLfSEw/9R
lgAo3sDbEv/dytPFIpejAPdcaEvmrzcxXSmBIQKWUC5nlyAKmWoeAZOIGPSO0SpU
ymiL46059uAh9p0OV0SWUlgCYFBKCtz7DO6hlcGom4V+tQV/5lckLMbDRfDqGkPQ
cGTQmgZi9Dsy8Y98MvhgkcHtAm7khvmPCC7cdoBaAHonDwOEPm2dVPPXqwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFF+2+4BhTBAbAOfgedTUjORYFSe1MB8GA1UdIwQY
MBaAFHeh7tOs4PwviqAA3mh6Sb79J5HYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZDZIdTA2emdfQy1Lb0FEZWFIcEp2djBua2RnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi80ZjNlMTEtZmQwZi00ZTcxLTkzNjkt
MjIwNGVlMjE3MjgwLzEvWDdiN2dHRk1FQnNBNS1CNTFOU001RmdWSjdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi80ZjNlMTEtZmQwZi00ZTcxLTkzNjktMjIwNGVlMjE3Mjgw
LzEvZDZIdTA2emdfQy1Lb0FEZWFIcEp2djBua2RnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAW818MA0E
AgACMAcDBQMqEEHAMA0GCSqGSIb3DQEBCwUAA4IBAQBkneXLh5vLJORov31DRL6F
DLj2siFowC9kbOGLTQYR1bHALba1z6VNKzCDuuOq95JhDEeaw4aHKWpe5KZly0Ge
/1cqU/veXPsHK4fXtEi1yy+dLnhRGr7ZU0Zf9weX56r3DzglPJSNFdcCO7bs6Br7
lxPK6D7d+L7+3cNtwRZaa/FxJyjdObaklLuoUC5gPtdmU/jDaaj72SraehL7hLZe
jZm+Iqrk734HVhTEddt5vXj/jRGTGZ8zCZc9vLt4YbhI71QCssVDPj4HmwcLz+Z/
m3kUddPk6s3JrjlW0jXF2HwDL0QGG3C1Vc7WBnKzx/ZvhgVjfjF0EjvahwCEl4ox
-----END CERTIFICATE-----