Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/i01v-VgslTnP-y8pWNKMhjduJl0.roa
File:                     i01v-VgslTnP-y8pWNKMhjduJl0.roa (raw, json)
Hash identifier:          FxWRb4BAjljlyuif+m7BxMqMWGHErHUr+rKos6+w6jQ=
Subject key identifier:   8B:4D:6F:F9:58:2C:95:39:CF:FB:2F:29:58:D2:8C:86:37:6E:26:5D
Certificate issuer:       /CN=8f3818554a51808eefb829ec7465a3222f270123
Certificate serial:       019311715A025A714AA81EF2FD08ED672F06
Authority key identifier: 8F:38:18:55:4A:51:80:8E:EF:B8:29:EC:74:65:A3:22:2F:27:01:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jzgYVUpRgI7vuCnsdGWjIi8nASM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/i01v-VgslTnP-y8pWNKMhjduJl0.roa
Signing time:             Sat 09 Nov 2024 15:01:01 +0000
ROA not before:           Sat 09 Nov 2024 15:01:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214201
IP address blocks:        77.73.31.0/24 maxlen: 24
                          81.26.157.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/jzgYVUpRgI7vuCnsdGWjIi8nASM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/jzgYVUpRgI7vuCnsdGWjIi8nASM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jzgYVUpRgI7vuCnsdGWjIi8nASM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:11:71:5a:02:5a:71:4a:a8:1e:f2:fd:08:ed:67:2f:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f3818554a51808eefb829ec7465a3222f270123
        Validity
            Not Before: Nov  9 15:01:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8b4d6ff9582c9539cffb2f2958d28c86376e265d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:09:dc:e8:47:44:22:6d:a6:8e:9d:78:bb:93:
                    da:f7:25:89:8b:03:a3:9c:cb:84:f7:47:75:40:0a:
                    d5:52:cf:5c:9e:e5:0f:61:07:64:98:61:64:de:51:
                    53:2e:38:e2:a0:86:b5:8f:5c:52:b2:8c:a1:44:95:
                    36:8d:cf:94:7d:09:7d:ad:98:e8:dd:aa:03:92:4a:
                    42:bf:64:74:d5:24:9d:d4:c8:f5:67:63:07:ab:f7:
                    a0:d6:f0:c0:2c:e2:d9:20:ac:5c:f7:9c:96:d5:b1:
                    1e:c0:e8:c3:4e:79:7a:39:71:49:10:5a:4d:17:00:
                    0f:22:8d:26:92:a8:4a:3c:b3:06:13:2b:90:dd:10:
                    b0:81:dc:6a:34:32:fc:fc:fa:b9:54:16:6f:b5:6b:
                    aa:dd:59:55:e0:9a:5e:c2:0d:ac:ca:97:4b:19:d7:
                    bc:f3:e4:04:0d:e2:65:70:e0:1c:f7:81:b0:1b:45:
                    6d:f6:10:70:94:54:3c:16:5e:61:18:a7:b6:b2:f5:
                    29:07:cb:d2:14:c8:81:07:37:b0:91:67:63:ea:b0:
                    3b:53:b3:18:87:34:5d:65:76:32:91:37:8c:f4:2b:
                    46:8b:5a:81:c3:61:7a:2a:44:8a:33:01:6f:fb:d9:
                    1d:13:fa:b1:fd:fe:64:79:37:51:47:b2:3f:3b:c9:
                    4a:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:4D:6F:F9:58:2C:95:39:CF:FB:2F:29:58:D2:8C:86:37:6E:26:5D
            X509v3 Authority Key Identifier:
                keyid:8F:38:18:55:4A:51:80:8E:EF:B8:29:EC:74:65:A3:22:2F:27:01:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jzgYVUpRgI7vuCnsdGWjIi8nASM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/i01v-VgslTnP-y8pWNKMhjduJl0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/jzgYVUpRgI7vuCnsdGWjIi8nASM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.73.31.0/24
                  81.26.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:e1:25:10:06:81:c7:58:67:5b:75:cd:b3:9e:67:2e:19:37:
         0a:45:f4:d6:66:7b:92:b5:ca:5d:73:ba:8a:7f:48:d9:b0:ee:
         9e:7c:87:22:62:a6:50:a2:8c:a2:58:ae:c1:28:85:80:7d:3d:
         73:6c:ef:f2:95:2a:34:75:bc:e1:63:64:bf:94:c4:51:c7:2c:
         9c:45:45:c4:3c:1d:84:d9:32:5f:2c:2f:65:1a:62:08:6b:e8:
         5f:73:b9:a2:b6:73:77:f5:95:08:4f:96:4d:44:42:1c:a5:90:
         a5:49:77:83:52:a7:29:c2:13:94:e6:46:1d:84:93:7e:d4:9f:
         df:5c:0e:86:a1:75:05:57:46:a4:79:1a:09:ac:b5:bd:a3:d9:
         0f:a7:c6:79:62:a1:03:e6:dd:f0:e7:e7:27:f1:32:ff:84:95:
         85:dd:49:0d:fa:84:ea:51:5e:cc:a0:1a:63:fe:5f:b6:fe:74:
         2c:74:64:6b:14:68:76:ca:01:33:91:7c:c4:96:96:bd:83:92:
         7b:83:cf:56:38:2a:75:91:ed:81:d8:e9:29:47:ae:93:56:61:
         23:ab:41:1a:af:02:f2:20:1b:ad:b4:a1:4b:a0:4d:d4:c4:e6:
         4f:a8:7b:22:da:4e:35:a5:5c:06:a4:34:f8:c4:62:08:cd:a7:
         b8:81:80:bc
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZMRcVoCWnFKqB7y/QjtZy8GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmMzgxODU1NGE1MTgwOGVlZmI4MjllYzc0NjVhMzIyMmYy
NzAxMjMwHhcNMjQxMTA5MTUwMTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjRkNmZmOTU4MmM5NTM5Y2ZmYjJmMjk1OGQyOGM4NjM3NmUyNjVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtgnc6EdEIm2mjp14u5Pa9yWJiwOj
nMuE90d1QArVUs9cnuUPYQdkmGFk3lFTLjjioIa1j1xSsoyhRJU2jc+UfQl9rZjo
3aoDkkpCv2R01SSd1Mj1Z2MHq/eg1vDALOLZIKxc95yW1bEewOjDTnl6OXFJEFpN
FwAPIo0mkqhKPLMGEyuQ3RCwgdxqNDL8/Pq5VBZvtWuq3VlV4Jpewg2sypdLGde8
8+QEDeJlcOAc94GwG0Vt9hBwlFQ8Fl5hGKe2svUpB8vSFMiBBzewkWdj6rA7U7MY
hzRdZXYykTeM9CtGi1qBw2F6KkSKMwFv+9kdE/qx/f5keTdRR7I/O8lKfwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFItNb/lYLJU5z/svKVjSjIY3biZdMB8GA1UdIwQY
MBaAFI84GFVKUYCO77gp7HRloyIvJwEjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanpnWVZVcFJnSTd2dUNuc2RHV2pJaThuQVNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni8wOWRiYTQtMWM5My00OWQ2LTg4ODgt
YmZiNGJhMzBlNDVhLzEvaTAxdi1WZ3NsVG5QLXk4cFdOS01oamR1SmwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni8wOWRiYTQtMWM5My00OWQ2LTg4ODgtYmZiNGJhMzBlNDVh
LzEvanpnWVZVcFJnSTd2dUNuc2RHV2pJaThuQVNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATUkfAwQA
URqdMA0GCSqGSIb3DQEBCwUAA4IBAQAP4SUQBoHHWGdbdc2znmcuGTcKRfTWZnuS
tcpdc7qKf0jZsO6efIciYqZQooyiWK7BKIWAfT1zbO/ylSo0dbzhY2S/lMRRxyyc
RUXEPB2E2TJfLC9lGmIIa+hfc7mitnN39ZUIT5ZNREIcpZClSXeDUqcpwhOU5kYd
hJN+1J/fXA6GoXUFV0akeRoJrLW9o9kPp8Z5YqED5t3w5+cn8TL/hJWF3UkN+oTq
UV7MoBpj/l+2/nQsdGRrFGh2ygEzkXzElpa9g5J7g89WOCp1ke2B2OkpR66TVmEj
q0EarwLyIButtKFLoE3UxOZPqHsi2k41pVwGpDT4xGIIzae4gYC8
-----END CERTIFICATE-----