Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/hvFegFTTNohHULpFosHs8dLDb8M.roa
File:                     hvFegFTTNohHULpFosHs8dLDb8M.roa (raw, json)
Hash identifier:          PZgTje9yDageCvCNHAAmGgpxQGopHzcz1EI9h9nGKi0=
Subject key identifier:   86:F1:5E:80:54:D3:36:88:47:50:BA:45:A2:C1:EC:F1:D2:C3:6F:C3
Certificate issuer:       /CN=6d088cef28e02af7d00f297816c55f8e3c43d535
Certificate serial:       018CD19BA7EBE911E2D86E1303757D7A1E56
Authority key identifier: 6D:08:8C:EF:28:E0:2A:F7:D0:0F:29:78:16:C5:5F:8E:3C:43:D5:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bQiM7yjgKvfQDyl4FsVfjjxD1TU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/hvFegFTTNohHULpFosHs8dLDb8M.roa
Signing time:             Wed 03 Jan 2024 23:14:48 +0000
ROA not before:           Wed 03 Jan 2024 23:14:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216246
IP address blocks:        77.91.76.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/bQiM7yjgKvfQDyl4FsVfjjxD1TU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/bQiM7yjgKvfQDyl4FsVfjjxD1TU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bQiM7yjgKvfQDyl4FsVfjjxD1TU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:d1:9b:a7:eb:e9:11:e2:d8:6e:13:03:75:7d:7a:1e:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d088cef28e02af7d00f297816c55f8e3c43d535
        Validity
            Not Before: Jan  3 23:14:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=86f15e8054d336884750ba45a2c1ecf1d2c36fc3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:40:af:95:8f:30:1d:a2:64:1e:88:35:07:5e:
                    82:62:c1:8f:a3:9e:62:24:61:e0:59:be:c3:77:a4:
                    9b:bc:80:cf:ed:8c:c6:0f:c0:38:f0:5b:28:a4:71:
                    36:09:41:16:83:ba:4e:da:23:31:85:44:5e:14:cb:
                    6a:c8:d1:e7:ca:ab:63:10:9f:46:6a:c6:6e:9d:e7:
                    d6:17:c3:d5:07:9b:bc:58:a6:1d:ab:2a:7d:53:c1:
                    4b:95:88:63:cb:e3:75:e1:92:57:9e:a0:bd:4a:00:
                    9f:ab:19:62:c9:67:3f:f7:a1:60:c9:83:94:2d:2f:
                    47:c1:fd:61:8c:59:e9:3d:63:58:c9:a1:ac:ad:79:
                    6b:c2:65:35:a8:95:db:f6:b4:f8:86:88:02:7a:a0:
                    e9:e1:27:38:05:82:50:2f:82:48:52:c3:39:42:a5:
                    0b:3c:ac:6b:ba:af:83:38:f3:01:c0:18:f5:b4:a5:
                    93:da:e1:57:51:27:64:a2:c5:58:ff:c8:0e:77:92:
                    5f:4e:41:2d:07:43:d0:06:ec:ad:93:50:45:78:a7:
                    f6:ff:c4:30:e9:59:9e:42:c0:42:1b:fd:f1:22:de:
                    25:bf:07:01:02:4b:d9:33:3f:33:62:67:ea:11:d3:
                    bb:b8:4c:77:aa:42:45:4b:ee:67:43:85:77:2f:88:
                    39:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:F1:5E:80:54:D3:36:88:47:50:BA:45:A2:C1:EC:F1:D2:C3:6F:C3
            X509v3 Authority Key Identifier:
                keyid:6D:08:8C:EF:28:E0:2A:F7:D0:0F:29:78:16:C5:5F:8E:3C:43:D5:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bQiM7yjgKvfQDyl4FsVfjjxD1TU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/hvFegFTTNohHULpFosHs8dLDb8M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/bQiM7yjgKvfQDyl4FsVfjjxD1TU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.91.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:ac:99:3d:91:48:90:1c:a4:20:40:ab:58:bf:58:db:8d:90:
         9e:cc:db:10:15:73:69:ac:75:39:cd:7f:86:98:31:fe:59:38:
         99:3c:1b:56:44:ce:22:64:fd:a0:cb:37:d7:4e:9f:76:01:10:
         44:03:99:4a:16:bb:16:39:5c:f1:af:c8:f7:b8:b6:89:e0:cf:
         61:e8:d8:d9:ea:58:ae:56:be:43:d7:08:6a:d9:3e:df:fe:e4:
         c9:9a:44:7b:6a:58:b1:4c:2e:6e:54:93:8c:1a:b7:4f:76:6a:
         86:8a:80:89:76:26:06:41:3b:e8:50:fe:af:fa:1e:d6:c1:08:
         eb:90:f6:55:27:d1:c3:ec:cd:48:8e:87:fe:c1:57:25:d1:25:
         03:6e:f6:32:b4:26:17:fa:85:98:1c:34:a0:d7:cb:0a:eb:84:
         c7:d0:e5:65:b5:b9:fa:f2:db:19:ff:f7:f5:04:62:2d:af:86:
         a5:b5:eb:be:dd:1d:5f:16:77:c5:9c:e9:49:62:ff:f6:06:6a:
         0a:64:71:9e:02:c4:d7:44:10:bf:96:a8:0f:91:48:1f:de:d4:
         f1:c9:3c:65:44:7a:15:66:0f:33:02:6b:e5:b3:5f:2c:3d:c2:
         96:7c:cb:51:10:3c:2e:b3:b6:2d:c2:87:70:a3:8e:6e:b0:41:
         a4:6e:4f:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzRm6fr6RHi2G4TA3V9eh5WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMDg4Y2VmMjhlMDJhZjdkMDBmMjk3ODE2YzU1ZjhlM2M0
M2Q1MzUwHhcNMjQwMTAzMjMxNDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmYxNWU4MDU0ZDMzNjg4NDc1MGJhNDVhMmMxZWNmMWQyYzM2ZmMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAykCvlY8wHaJkHog1B16CYsGPo55i
JGHgWb7Dd6SbvIDP7YzGD8A48FsopHE2CUEWg7pO2iMxhUReFMtqyNHnyqtjEJ9G
asZunefWF8PVB5u8WKYdqyp9U8FLlYhjy+N14ZJXnqC9SgCfqxliyWc/96FgyYOU
LS9Hwf1hjFnpPWNYyaGsrXlrwmU1qJXb9rT4hogCeqDp4Sc4BYJQL4JIUsM5QqUL
PKxruq+DOPMBwBj1tKWT2uFXUSdkosVY/8gOd5JfTkEtB0PQBuytk1BFeKf2/8Qw
6VmeQsBCG/3xIt4lvwcBAkvZMz8zYmfqEdO7uEx3qkJFS+5nQ4V3L4g5rwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIbxXoBU0zaIR1C6RaLB7PHSw2/DMB8GA1UdIwQY
MBaAFG0IjO8o4Cr30A8peBbFX448Q9U1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlFpTTd5amdLdmZRRHlsNEZzVmZqanhEMVRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi9kNTdhNjQtYmQzMi00YzkxLWJlMDYt
ZmVlOGVhZjczYjBkLzEvaHZGZWdGVFROb2hIVUxwRm9zSHM4ZExEYjhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi9kNTdhNjQtYmQzMi00YzkxLWJlMDYtZmVlOGVhZjczYjBk
LzEvYlFpTTd5amdLdmZRRHlsNEZzVmZqanhEMVRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVtMMA0G
CSqGSIb3DQEBCwUAA4IBAQAZrJk9kUiQHKQgQKtYv1jbjZCezNsQFXNprHU5zX+G
mDH+WTiZPBtWRM4iZP2gyzfXTp92ARBEA5lKFrsWOVzxr8j3uLaJ4M9h6NjZ6liu
Vr5D1whq2T7f/uTJmkR7alixTC5uVJOMGrdPdmqGioCJdiYGQTvoUP6v+h7WwQjr
kPZVJ9HD7M1Ijof+wVcl0SUDbvYytCYX+oWYHDSg18sK64TH0OVltbn68tsZ//f1
BGItr4alteu+3R1fFnfFnOlJYv/2BmoKZHGeAsTXRBC/lqgPkUgf3tTxyTxlRHoV
Zg8zAmvls18sPcKWfMtREDwus7Ytwodwo45usEGkbk9F
-----END CERTIFICATE-----