Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/kdirFnVZVoElu1y7Yw-zrN35Xso.roa
File:                     kdirFnVZVoElu1y7Yw-zrN35Xso.roa (raw, json)
Hash identifier:          ZUbd6lfECVdXELUR9rKzGeUiE94Vj68BChM/vHNEiGU=
Subject key identifier:   91:D8:AB:16:75:59:56:81:25:BB:5C:BB:63:0F:B3:AC:DD:F9:5E:CA
Certificate issuer:       /CN=6d088cef28e02af7d00f297816c55f8e3c43d535
Certificate serial:       018CC9BC07F5FF32B9DAB0DCE8F35B96C34E
Authority key identifier: 6D:08:8C:EF:28:E0:2A:F7:D0:0F:29:78:16:C5:5F:8E:3C:43:D5:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bQiM7yjgKvfQDyl4FsVfjjxD1TU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/kdirFnVZVoElu1y7Yw-zrN35Xso.roa
Signing time:             Tue 02 Jan 2024 10:33:12 +0000
ROA not before:           Tue 02 Jan 2024 10:33:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62240
IP address blocks:        77.91.67.0/24 maxlen: 24
                          77.91.71.0/24 maxlen: 24
                          77.91.79.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/bQiM7yjgKvfQDyl4FsVfjjxD1TU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/bQiM7yjgKvfQDyl4FsVfjjxD1TU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bQiM7yjgKvfQDyl4FsVfjjxD1TU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:07:f5:ff:32:b9:da:b0:dc:e8:f3:5b:96:c3:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d088cef28e02af7d00f297816c55f8e3c43d535
        Validity
            Not Before: Jan  2 10:33:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=91d8ab167559568125bb5cbb630fb3acddf95eca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:9c:f5:e0:87:4c:5a:d0:1c:fa:b6:e8:ff:1e:
                    bb:eb:c3:96:ce:a0:c1:79:62:1f:e0:c9:4f:e4:7d:
                    c9:83:cb:e7:e3:c9:f8:94:dc:16:27:6e:31:11:7b:
                    3f:bb:c6:96:19:b8:1c:08:f6:33:f0:4b:d1:76:90:
                    79:71:f2:e2:37:24:6e:76:96:10:87:5a:70:2e:a6:
                    cb:17:a5:28:2e:43:e2:17:58:35:a6:5d:78:92:bc:
                    cf:41:40:72:81:b7:fb:8e:4f:4d:8c:18:85:ac:4a:
                    da:7f:ab:32:3e:f1:e2:70:f7:b2:20:12:80:ff:0f:
                    83:51:8e:35:20:8d:da:f5:fe:2d:d0:1b:50:68:43:
                    8e:af:10:a5:90:b9:85:c7:67:1c:da:57:0e:da:9c:
                    d6:60:5d:71:9b:b1:13:24:dc:2a:6d:c9:ec:3c:fd:
                    4a:c0:97:45:d4:c1:23:c5:57:d5:eb:03:dc:6d:6a:
                    33:24:e3:07:8f:2e:68:0a:a4:9a:d8:5e:fa:b1:bd:
                    b8:4b:40:96:ce:7c:9c:18:fe:23:ea:35:39:a3:cc:
                    7e:27:74:92:8e:2f:7e:29:b4:c4:6e:df:b8:38:7e:
                    19:ad:a3:eb:24:bc:63:cd:65:5e:d2:a4:86:1b:16:
                    24:e6:a4:e0:f1:8a:eb:16:25:86:2c:25:82:1b:ac:
                    f7:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:D8:AB:16:75:59:56:81:25:BB:5C:BB:63:0F:B3:AC:DD:F9:5E:CA
            X509v3 Authority Key Identifier:
                keyid:6D:08:8C:EF:28:E0:2A:F7:D0:0F:29:78:16:C5:5F:8E:3C:43:D5:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bQiM7yjgKvfQDyl4FsVfjjxD1TU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/kdirFnVZVoElu1y7Yw-zrN35Xso.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/bQiM7yjgKvfQDyl4FsVfjjxD1TU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.91.67.0/24
                  77.91.71.0/24
                  77.91.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:1b:6c:a2:13:08:3b:d4:5f:b3:fc:1c:7b:1f:9a:58:7e:2d:
         9c:90:f4:64:a6:ee:96:fc:f5:dd:d6:39:7f:43:e2:80:1c:02:
         6e:22:3f:7d:ac:68:19:91:5a:82:18:12:64:86:d0:0a:de:d7:
         53:7a:2b:d5:57:c3:fb:37:c1:f3:d7:6e:3e:90:c2:47:69:f8:
         4e:cf:0a:eb:90:a6:70:b4:69:b1:7d:b6:74:46:b9:62:d8:2a:
         43:86:d5:53:03:3d:cf:85:4a:74:a7:23:d9:5a:cf:4f:e2:28:
         dd:c0:22:3a:af:05:21:6b:16:57:ec:e0:92:8a:c5:e7:f7:d6:
         1c:5a:3f:9b:21:a7:53:d2:5b:08:7b:37:fe:80:31:97:bc:cf:
         18:7b:3b:99:69:17:48:b5:4f:52:5c:b9:c6:83:d5:67:1e:24:
         b5:88:07:fe:92:7a:04:6c:94:16:c7:ad:5f:2b:9a:93:58:b2:
         6b:e7:6e:3d:af:c5:48:0e:40:e7:df:06:1c:cd:35:77:92:9e:
         3f:7c:4a:65:ea:c1:a0:bb:38:30:e7:6b:ce:f9:5d:2c:44:a4:
         98:8b:a7:82:c7:1c:88:d1:88:11:7a:ac:5f:9f:f4:5f:c4:f9:
         9e:11:58:9e:4c:9d:13:7c:41:5a:81:2d:81:a7:a5:31:ec:83:
         d6:87:0d:65
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzJvAf1/zK52rDc6PNblsNOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMDg4Y2VmMjhlMDJhZjdkMDBmMjk3ODE2YzU1ZjhlM2M0
M2Q1MzUwHhcNMjQwMTAyMTAzMzEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWQ4YWIxNjc1NTk1NjgxMjViYjVjYmI2MzBmYjNhY2RkZjk1ZWNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqJz14IdMWtAc+rbo/x6768OWzqDB
eWIf4MlP5H3Jg8vn48n4lNwWJ24xEXs/u8aWGbgcCPYz8EvRdpB5cfLiNyRudpYQ
h1pwLqbLF6UoLkPiF1g1pl14krzPQUBygbf7jk9NjBiFrEraf6syPvHicPeyIBKA
/w+DUY41II3a9f4t0BtQaEOOrxClkLmFx2cc2lcO2pzWYF1xm7ETJNwqbcnsPP1K
wJdF1MEjxVfV6wPcbWozJOMHjy5oCqSa2F76sb24S0CWznycGP4j6jU5o8x+J3SS
ji9+KbTEbt+4OH4ZraPrJLxjzWVe0qSGGxYk5qTg8YrrFiWGLCWCG6z3OwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJHYqxZ1WVaBJbtcu2MPs6zd+V7KMB8GA1UdIwQY
MBaAFG0IjO8o4Cr30A8peBbFX448Q9U1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlFpTTd5amdLdmZRRHlsNEZzVmZqanhEMVRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi9kNTdhNjQtYmQzMi00YzkxLWJlMDYt
ZmVlOGVhZjczYjBkLzEva2RpckZuVlpWb0VsdTF5N1l3LXpyTjM1WHNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi9kNTdhNjQtYmQzMi00YzkxLWJlMDYtZmVlOGVhZjczYjBk
LzEvYlFpTTd5amdLdmZRRHlsNEZzVmZqanhEMVRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQATVtDAwQA
TVtHAwQATVtPMA0GCSqGSIb3DQEBCwUAA4IBAQAmG2yiEwg71F+z/Bx7H5pYfi2c
kPRkpu6W/PXd1jl/Q+KAHAJuIj99rGgZkVqCGBJkhtAK3tdTeivVV8P7N8Hz124+
kMJHafhOzwrrkKZwtGmxfbZ0Rrli2CpDhtVTAz3PhUp0pyPZWs9P4ijdwCI6rwUh
axZX7OCSisXn99YcWj+bIadT0lsIezf+gDGXvM8YezuZaRdItU9SXLnGg9VnHiS1
iAf+knoEbJQWx61fK5qTWLJr5249r8VIDkDn3wYczTV3kp4/fEpl6sGguzgw52vO
+V0sRKSYi6eCxxyI0YgReqxfn/RfxPmeEVieTJ0TfEFagS2Bp6Ux7IPWhw1l
-----END CERTIFICATE-----