Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/AyF9IXcIuYEW1B3OUPth2W4iBFI.roa
File:                     AyF9IXcIuYEW1B3OUPth2W4iBFI.roa (raw, json)
Hash identifier:          ffn+oBM1T0D2vh09De0epPP/P+5Mawsa8Cirb9uYgd0=
Subject key identifier:   03:21:7D:21:77:08:B9:81:16:D4:1D:CE:50:FB:61:D9:6E:22:04:52
Certificate issuer:       /CN=6d088cef28e02af7d00f297816c55f8e3c43d535
Certificate serial:       018CC9BC08666330E5FA5AD3563DB924E3E9
Authority key identifier: 6D:08:8C:EF:28:E0:2A:F7:D0:0F:29:78:16:C5:5F:8E:3C:43:D5:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bQiM7yjgKvfQDyl4FsVfjjxD1TU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/AyF9IXcIuYEW1B3OUPth2W4iBFI.roa
Signing time:             Tue 02 Jan 2024 10:33:12 +0000
ROA not before:           Tue 02 Jan 2024 10:33:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203727
IP address blocks:        77.91.68.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/bQiM7yjgKvfQDyl4FsVfjjxD1TU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/bQiM7yjgKvfQDyl4FsVfjjxD1TU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bQiM7yjgKvfQDyl4FsVfjjxD1TU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 06:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:08:66:63:30:e5:fa:5a:d3:56:3d:b9:24:e3:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d088cef28e02af7d00f297816c55f8e3c43d535
        Validity
            Not Before: Jan  2 10:33:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=03217d217708b98116d41dce50fb61d96e220452
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:69:ec:a9:83:1e:17:f0:f4:c0:57:85:f5:86:
                    d2:0d:38:97:e3:23:07:a6:4c:ff:b5:0e:43:47:23:
                    26:f3:43:f4:9e:e5:61:31:49:62:a4:23:c5:89:b2:
                    fd:eb:4c:d6:ce:55:ef:9b:f2:7c:1b:fe:7a:f1:e7:
                    56:ab:08:72:ab:41:d2:e4:00:91:17:30:ac:bc:e2:
                    d7:c4:eb:7b:4b:f0:49:fb:f8:f5:51:9c:64:c3:98:
                    a7:76:a0:e8:ee:37:3f:35:d5:26:54:29:23:36:90:
                    c4:af:96:92:ef:b2:f5:a7:d7:3f:3d:81:26:12:ca:
                    dd:81:a2:a1:f2:1f:ee:11:dc:42:fb:c0:a6:fa:ed:
                    c7:c9:92:3b:25:28:52:36:9e:e9:ec:cb:f1:93:43:
                    e7:b3:b6:8d:e2:cf:1c:07:1f:66:20:fd:60:82:43:
                    ac:4f:a3:43:7d:fb:45:85:39:7c:b3:62:17:0b:44:
                    cb:a6:22:4c:5d:77:e8:60:ad:7e:11:09:8e:91:a9:
                    62:9f:3c:af:45:9b:50:f0:92:a5:1a:e1:e3:74:9d:
                    8a:c0:b1:87:72:3d:5f:ea:ec:04:7e:e3:4c:87:57:
                    05:c2:4c:71:b9:59:03:0f:64:ed:78:ca:47:2f:8f:
                    b4:3e:44:b8:ae:46:f6:8f:1a:c0:3b:02:eb:d5:af:
                    38:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:21:7D:21:77:08:B9:81:16:D4:1D:CE:50:FB:61:D9:6E:22:04:52
            X509v3 Authority Key Identifier:
                keyid:6D:08:8C:EF:28:E0:2A:F7:D0:0F:29:78:16:C5:5F:8E:3C:43:D5:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bQiM7yjgKvfQDyl4FsVfjjxD1TU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/AyF9IXcIuYEW1B3OUPth2W4iBFI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/bQiM7yjgKvfQDyl4FsVfjjxD1TU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.91.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:fa:33:da:ac:fd:9a:b0:b5:fc:e5:98:0f:9e:bd:01:b1:e2:
         cf:55:a8:b2:36:8e:2b:ca:30:75:0b:78:bd:2e:5c:7a:e2:8a:
         ab:ca:65:70:c3:b8:38:4e:f4:24:3b:95:17:c5:1b:0f:be:fd:
         10:20:0e:74:27:4a:01:ba:d5:32:9b:78:eb:db:25:5d:89:7a:
         48:7d:2b:86:83:76:4a:b8:25:d9:d2:b8:67:e0:ba:4c:c2:06:
         35:17:19:84:1e:44:d5:e9:6d:ff:83:5a:d4:1e:1e:0e:36:a5:
         3c:e6:70:ed:d5:22:36:ee:d8:83:18:c2:cf:c9:25:d9:e3:32:
         ff:99:aa:a7:ea:2f:05:29:59:9f:91:2b:da:84:e5:70:bb:49:
         63:9c:54:b2:fe:79:35:bc:b3:c3:d4:ac:5d:07:7e:6c:c6:98:
         55:fd:39:11:ff:1e:99:5a:d0:56:3a:3b:f6:cb:8c:af:c1:0f:
         ac:b5:ea:c5:ae:89:65:33:a6:ef:f3:6a:91:a9:ab:7e:5c:d5:
         2d:56:ac:c3:ff:75:68:14:a8:8e:95:78:d2:c0:48:79:66:f9:
         ad:74:50:29:3a:52:e7:c1:0b:d1:58:86:f1:ab:6e:34:ba:d1:
         f1:92:ed:bf:3f:79:bb:fa:6d:6f:d5:e9:b6:f1:11:58:6e:33:
         15:f0:de:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvAhmYzDl+lrTVj25JOPpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMDg4Y2VmMjhlMDJhZjdkMDBmMjk3ODE2YzU1ZjhlM2M0
M2Q1MzUwHhcNMjQwMTAyMTAzMzEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzIxN2QyMTc3MDhiOTgxMTZkNDFkY2U1MGZiNjFkOTZlMjIwNDUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoGnsqYMeF/D0wFeF9YbSDTiX4yMH
pkz/tQ5DRyMm80P0nuVhMUlipCPFibL960zWzlXvm/J8G/568edWqwhyq0HS5ACR
FzCsvOLXxOt7S/BJ+/j1UZxkw5indqDo7jc/NdUmVCkjNpDEr5aS77L1p9c/PYEm
EsrdgaKh8h/uEdxC+8Cm+u3HyZI7JShSNp7p7Mvxk0Pns7aN4s8cBx9mIP1ggkOs
T6NDfftFhTl8s2IXC0TLpiJMXXfoYK1+EQmOkalinzyvRZtQ8JKlGuHjdJ2KwLGH
cj1f6uwEfuNMh1cFwkxxuVkDD2TteMpHL4+0PkS4rkb2jxrAOwLr1a84NQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAMhfSF3CLmBFtQdzlD7YdluIgRSMB8GA1UdIwQY
MBaAFG0IjO8o4Cr30A8peBbFX448Q9U1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlFpTTd5amdLdmZRRHlsNEZzVmZqanhEMVRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi9kNTdhNjQtYmQzMi00YzkxLWJlMDYt
ZmVlOGVhZjczYjBkLzEvQXlGOUlYY0l1WUVXMUIzT1VQdGgyVzRpQkZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi9kNTdhNjQtYmQzMi00YzkxLWJlMDYtZmVlOGVhZjczYjBk
LzEvYlFpTTd5amdLdmZRRHlsNEZzVmZqanhEMVRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVtEMA0G
CSqGSIb3DQEBCwUAA4IBAQAo+jParP2asLX85ZgPnr0BseLPVaiyNo4ryjB1C3i9
Llx64oqrymVww7g4TvQkO5UXxRsPvv0QIA50J0oButUym3jr2yVdiXpIfSuGg3ZK
uCXZ0rhn4LpMwgY1FxmEHkTV6W3/g1rUHh4ONqU85nDt1SI27tiDGMLPySXZ4zL/
maqn6i8FKVmfkSvahOVwu0ljnFSy/nk1vLPD1KxdB35sxphV/TkR/x6ZWtBWOjv2
y4yvwQ+sterFrollM6bv82qRqat+XNUtVqzD/3VoFKiOlXjSwEh5ZvmtdFApOlLn
wQvRWIbxq240utHxku2/P3m7+m1v1em28RFYbjMV8N5T
-----END CERTIFICATE-----