Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/PYHeIla2qpaw9QjqJpHqayh-wa0.roa
File:                     PYHeIla2qpaw9QjqJpHqayh-wa0.roa (raw, json)
Hash identifier:          mXN73ITLODSvMh2ujjMchZdonu/TcmPR3P50YgM8XXE=
Subject key identifier:   3D:81:DE:22:56:B6:AA:96:B0:F5:08:EA:26:91:EA:6B:28:7E:C1:AD
Certificate issuer:       /CN=6d088cef28e02af7d00f297816c55f8e3c43d535
Certificate serial:       0190B1C8065E3AD32A7B8CB46775C406CA2F
Authority key identifier: 6D:08:8C:EF:28:E0:2A:F7:D0:0F:29:78:16:C5:5F:8E:3C:43:D5:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bQiM7yjgKvfQDyl4FsVfjjxD1TU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/PYHeIla2qpaw9QjqJpHqayh-wa0.roa
Signing time:             Sun 14 Jul 2024 15:06:34 +0000
ROA not before:           Sun 14 Jul 2024 15:06:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215590
IP address blocks:        77.91.65.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/bQiM7yjgKvfQDyl4FsVfjjxD1TU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/bQiM7yjgKvfQDyl4FsVfjjxD1TU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bQiM7yjgKvfQDyl4FsVfjjxD1TU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 08:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:b1:c8:06:5e:3a:d3:2a:7b:8c:b4:67:75:c4:06:ca:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d088cef28e02af7d00f297816c55f8e3c43d535
        Validity
            Not Before: Jul 14 15:06:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3d81de2256b6aa96b0f508ea2691ea6b287ec1ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:f6:1b:aa:42:3f:63:47:63:35:73:3f:d4:ad:
                    c6:ab:c4:16:69:78:db:5e:ed:c2:9b:ed:2b:dd:e2:
                    97:a5:e6:fb:10:43:92:25:38:29:f6:79:76:34:c5:
                    97:ee:dd:6f:27:3f:79:60:fd:d1:0f:64:b3:cf:5c:
                    a8:74:5b:d1:32:f5:ce:c7:be:bf:7b:7e:e8:f7:1c:
                    e5:56:07:b0:be:e2:0b:03:f3:6c:ea:a9:7a:c8:57:
                    39:17:70:38:03:09:73:84:c4:21:04:53:91:ee:62:
                    db:47:ca:1a:05:ea:fc:06:fc:56:bd:32:5d:33:60:
                    82:03:27:76:a1:21:47:9e:32:b7:82:98:cd:e8:bf:
                    73:a7:52:4c:e4:1a:df:cc:33:7b:57:07:01:bd:23:
                    57:f9:50:0c:0e:5c:f1:e6:3d:f0:d4:01:cb:68:57:
                    e9:44:f9:4e:88:54:b7:32:59:b8:a7:d1:78:af:a6:
                    de:2a:c5:cd:04:bc:d2:d3:b4:00:ed:e3:a9:15:23:
                    a6:d5:d3:eb:67:8e:3c:a7:8e:d4:07:6e:ea:a4:e4:
                    b4:b1:ea:92:89:55:28:9e:4a:83:aa:0c:13:6a:88:
                    33:e6:99:12:de:47:e2:c2:77:83:14:bc:31:66:7c:
                    85:89:3b:8c:be:13:84:ad:c2:2c:49:46:b5:ca:a8:
                    f0:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:81:DE:22:56:B6:AA:96:B0:F5:08:EA:26:91:EA:6B:28:7E:C1:AD
            X509v3 Authority Key Identifier:
                keyid:6D:08:8C:EF:28:E0:2A:F7:D0:0F:29:78:16:C5:5F:8E:3C:43:D5:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bQiM7yjgKvfQDyl4FsVfjjxD1TU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/PYHeIla2qpaw9QjqJpHqayh-wa0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/bQiM7yjgKvfQDyl4FsVfjjxD1TU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.91.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:bf:a1:a6:b8:7a:77:03:df:65:fb:b6:d4:75:f4:0e:45:aa:
         ee:23:84:d6:95:db:1b:cc:eb:4f:bf:51:99:b1:1f:0a:ef:cf:
         19:aa:89:c9:59:a6:2a:51:be:7c:e8:00:e3:d7:f1:4e:6e:70:
         59:af:8b:7d:6d:57:05:71:ed:76:29:94:a0:49:e0:99:48:9e:
         87:52:81:3c:7d:9f:b1:21:78:9f:11:23:d8:d1:b8:f6:9e:86:
         a0:e3:03:72:00:08:43:2e:a7:a5:63:51:63:5e:5d:56:dc:4c:
         9c:d2:3c:24:9f:6e:e3:f8:bb:ea:f1:d7:44:8c:44:3f:5e:b6:
         b4:a8:11:0f:ee:20:ec:c5:15:bc:34:15:40:97:6b:f0:63:ee:
         e4:4b:93:61:06:2c:e0:2b:f4:5f:a4:71:f2:4f:63:6f:93:5e:
         b8:8c:ff:21:9e:2c:15:b4:ab:ec:3e:f2:4a:75:d9:2f:60:5a:
         20:a6:fe:55:84:d4:e8:13:a8:1d:ad:f8:59:d9:bf:86:da:de:
         97:19:25:36:51:87:0e:e4:d9:87:11:48:15:96:ef:aa:02:82:
         0b:03:b1:76:fa:9b:16:11:8e:38:b4:13:db:af:73:df:b2:3c:
         b0:aa:c2:c4:9b:b0:f3:37:d6:76:fa:a8:21:5e:a5:16:94:a7:
         cc:b9:9b:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZCxyAZeOtMqe4y0Z3XEBsovMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMDg4Y2VmMjhlMDJhZjdkMDBmMjk3ODE2YzU1ZjhlM2M0
M2Q1MzUwHhcNMjQwNzE0MTUwNjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDgxZGUyMjU2YjZhYTk2YjBmNTA4ZWEyNjkxZWE2YjI4N2VjMWFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqfYbqkI/Y0djNXM/1K3Gq8QWaXjb
Xu3Cm+0r3eKXpeb7EEOSJTgp9nl2NMWX7t1vJz95YP3RD2Szz1yodFvRMvXOx76/
e37o9xzlVgewvuILA/Ns6ql6yFc5F3A4AwlzhMQhBFOR7mLbR8oaBer8BvxWvTJd
M2CCAyd2oSFHnjK3gpjN6L9zp1JM5BrfzDN7VwcBvSNX+VAMDlzx5j3w1AHLaFfp
RPlOiFS3Mlm4p9F4r6beKsXNBLzS07QA7eOpFSOm1dPrZ448p47UB27qpOS0seqS
iVUonkqDqgwTaogz5pkS3kfiwneDFLwxZnyFiTuMvhOErcIsSUa1yqjwJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD2B3iJWtqqWsPUI6iaR6msofsGtMB8GA1UdIwQY
MBaAFG0IjO8o4Cr30A8peBbFX448Q9U1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlFpTTd5amdLdmZRRHlsNEZzVmZqanhEMVRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi9kNTdhNjQtYmQzMi00YzkxLWJlMDYt
ZmVlOGVhZjczYjBkLzEvUFlIZUlsYTJxcGF3OVFqcUpwSHFheWgtd2EwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi9kNTdhNjQtYmQzMi00YzkxLWJlMDYtZmVlOGVhZjczYjBk
LzEvYlFpTTd5amdLdmZRRHlsNEZzVmZqanhEMVRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVtBMA0G
CSqGSIb3DQEBCwUAA4IBAQA5v6GmuHp3A99l+7bUdfQORaruI4TWldsbzOtPv1GZ
sR8K788ZqonJWaYqUb586ADj1/FObnBZr4t9bVcFce12KZSgSeCZSJ6HUoE8fZ+x
IXifESPY0bj2noag4wNyAAhDLqelY1FjXl1W3Eyc0jwkn27j+Lvq8ddEjEQ/Xra0
qBEP7iDsxRW8NBVAl2vwY+7kS5NhBizgK/RfpHHyT2Nvk164jP8hniwVtKvsPvJK
ddkvYFogpv5VhNToE6gdrfhZ2b+G2t6XGSU2UYcO5NmHEUgVlu+qAoILA7F2+psW
EY44tBPbr3PfsjywqsLEm7DzN9Z2+qghXqUWlKfMuZvV
-----END CERTIFICATE-----