Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/LgNFPhnWy6Vt3xZ-iuXMi1B8QKg.roa
File:                     LgNFPhnWy6Vt3xZ-iuXMi1B8QKg.roa (raw, json)
Hash identifier:          Y9scOPtRX9c+caOQLbgzvfJmUjQRiKdHNdVZR9KAGQY=
Subject key identifier:   2E:03:45:3E:19:D6:CB:A5:6D:DF:16:7E:8A:E5:CC:8B:50:7C:40:A8
Certificate issuer:       /CN=6d088cef28e02af7d00f297816c55f8e3c43d535
Certificate serial:       01910E27A5344D84B4B22D2ACFF988323DA9
Authority key identifier: 6D:08:8C:EF:28:E0:2A:F7:D0:0F:29:78:16:C5:5F:8E:3C:43:D5:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bQiM7yjgKvfQDyl4FsVfjjxD1TU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/LgNFPhnWy6Vt3xZ-iuXMi1B8QKg.roa
Signing time:             Thu 01 Aug 2024 13:36:04 +0000
ROA not before:           Thu 01 Aug 2024 13:36:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214891
IP address blocks:        77.91.66.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/bQiM7yjgKvfQDyl4FsVfjjxD1TU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/bQiM7yjgKvfQDyl4FsVfjjxD1TU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bQiM7yjgKvfQDyl4FsVfjjxD1TU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:0e:27:a5:34:4d:84:b4:b2:2d:2a:cf:f9:88:32:3d:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d088cef28e02af7d00f297816c55f8e3c43d535
        Validity
            Not Before: Aug  1 13:36:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2e03453e19d6cba56ddf167e8ae5cc8b507c40a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:2e:58:d7:51:7d:83:37:7b:c3:e7:a4:e9:9e:
                    b2:eb:f2:ed:14:13:d9:a1:62:ad:c7:1f:42:6d:05:
                    56:ec:1c:74:be:d7:f7:90:10:7b:77:19:ce:f6:e0:
                    ce:e7:9f:8f:a8:ac:e1:67:d0:fc:88:4a:98:3f:82:
                    27:e5:a4:4c:97:5c:90:b1:4b:d1:67:76:6d:f0:61:
                    f9:2e:53:85:df:f8:a1:d5:fe:c1:a7:bb:13:9c:37:
                    2d:c7:ce:0e:ca:7b:69:19:10:0f:fe:43:e7:73:dc:
                    a2:a1:6e:ef:88:d7:b5:45:4f:b7:9f:ad:7c:63:3d:
                    54:1d:bb:7a:f4:94:7d:df:dd:c0:60:13:fd:69:08:
                    c7:e6:3f:e7:12:b0:8f:45:de:95:9f:73:b2:ef:cb:
                    a6:8c:8b:8e:0f:11:d7:7e:7a:8f:e7:b2:32:6a:8d:
                    77:8c:fb:fa:c5:1e:e2:01:d9:bf:66:d7:60:b0:a1:
                    dc:ae:6a:db:6b:c0:2f:8b:52:62:8f:cb:2d:d2:4f:
                    a9:79:20:e0:52:c1:f3:9d:40:f4:1c:a2:eb:07:9f:
                    b9:2e:aa:0b:92:b8:3d:32:47:ec:c4:8f:57:3a:e6:
                    e2:da:19:06:1e:b6:9f:1e:56:4f:fb:ca:02:68:dd:
                    5a:12:11:46:d8:57:e9:93:24:6f:9a:c6:8b:1f:8f:
                    69:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:03:45:3E:19:D6:CB:A5:6D:DF:16:7E:8A:E5:CC:8B:50:7C:40:A8
            X509v3 Authority Key Identifier:
                keyid:6D:08:8C:EF:28:E0:2A:F7:D0:0F:29:78:16:C5:5F:8E:3C:43:D5:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bQiM7yjgKvfQDyl4FsVfjjxD1TU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/LgNFPhnWy6Vt3xZ-iuXMi1B8QKg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/bQiM7yjgKvfQDyl4FsVfjjxD1TU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.91.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:d9:91:56:e1:39:34:30:de:ee:af:69:e7:e8:8d:06:84:19:
         98:4d:21:f6:1f:9b:27:ef:38:fa:d6:e1:4e:c6:44:88:44:e9:
         20:70:1d:dd:63:a8:46:c0:cc:c5:26:c2:21:a8:6f:81:c6:12:
         b0:a9:a7:8f:69:2e:93:b5:c3:42:20:3b:d6:5c:cb:57:78:6b:
         49:02:f9:43:5b:17:9f:ac:e4:af:d7:5c:a6:86:7e:f2:b9:f9:
         5b:72:50:b7:dd:36:63:ab:1d:e8:7b:f8:7f:01:57:90:34:82:
         d5:a4:e7:f0:2e:56:cc:4b:c4:f3:09:40:17:4a:e2:6b:40:48:
         43:df:22:55:cb:2b:c6:af:0b:15:7a:54:a2:63:f1:e5:75:c8:
         8c:0a:45:10:b7:36:f7:df:f0:94:0e:62:4c:ad:7d:ca:2e:8b:
         26:2c:3c:06:4a:9a:e8:27:1a:3b:8f:7a:85:f1:7c:04:b5:60:
         7e:e0:e8:fd:52:d0:0f:02:6d:5a:da:7e:c0:43:ad:f3:33:fd:
         53:20:17:e5:3d:73:af:3f:8d:bb:c3:35:86:fa:3b:b3:06:60:
         dc:94:f0:9f:87:b2:1e:0f:b8:66:30:d2:5f:9f:92:df:2c:d9:
         f6:8d:57:c5:c7:52:af:dc:b1:12:0e:1f:aa:29:ba:61:cc:45:
         0e:fc:79:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZEOJ6U0TYS0si0qz/mIMj2pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMDg4Y2VmMjhlMDJhZjdkMDBmMjk3ODE2YzU1ZjhlM2M0
M2Q1MzUwHhcNMjQwODAxMTMzNjA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTAzNDUzZTE5ZDZjYmE1NmRkZjE2N2U4YWU1Y2M4YjUwN2M0MGE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnS5Y11F9gzd7w+ek6Z6y6/LtFBPZ
oWKtxx9CbQVW7Bx0vtf3kBB7dxnO9uDO55+PqKzhZ9D8iEqYP4In5aRMl1yQsUvR
Z3Zt8GH5LlOF3/ih1f7Bp7sTnDctx84OyntpGRAP/kPnc9yioW7viNe1RU+3n618
Yz1UHbt69JR9393AYBP9aQjH5j/nErCPRd6Vn3Oy78umjIuODxHXfnqP57Iyao13
jPv6xR7iAdm/ZtdgsKHcrmrba8Avi1Jij8st0k+peSDgUsHznUD0HKLrB5+5LqoL
krg9MkfsxI9XOubi2hkGHrafHlZP+8oCaN1aEhFG2FfpkyRvmsaLH49phQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC4DRT4Z1sulbd8WforlzItQfECoMB8GA1UdIwQY
MBaAFG0IjO8o4Cr30A8peBbFX448Q9U1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlFpTTd5amdLdmZRRHlsNEZzVmZqanhEMVRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi9kNTdhNjQtYmQzMi00YzkxLWJlMDYt
ZmVlOGVhZjczYjBkLzEvTGdORlBobld5NlZ0M3haLWl1WE1pMUI4UUtnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi9kNTdhNjQtYmQzMi00YzkxLWJlMDYtZmVlOGVhZjczYjBk
LzEvYlFpTTd5amdLdmZRRHlsNEZzVmZqanhEMVRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVtCMA0G
CSqGSIb3DQEBCwUAA4IBAQAK2ZFW4Tk0MN7ur2nn6I0GhBmYTSH2H5sn7zj61uFO
xkSIROkgcB3dY6hGwMzFJsIhqG+BxhKwqaePaS6TtcNCIDvWXMtXeGtJAvlDWxef
rOSv11ymhn7yuflbclC33TZjqx3oe/h/AVeQNILVpOfwLlbMS8TzCUAXSuJrQEhD
3yJVyyvGrwsVelSiY/HldciMCkUQtzb33/CUDmJMrX3KLosmLDwGSproJxo7j3qF
8XwEtWB+4Oj9UtAPAm1a2n7AQ63zM/1TIBflPXOvP427wzWG+juzBmDclPCfh7Ie
D7hmMNJfn5LfLNn2jVfFx1Kv3LESDh+qKbphzEUO/HnR
-----END CERTIFICATE-----