Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/idG90DWfAtQknQelzfxnq1xEHZo.roa
File:                     idG90DWfAtQknQelzfxnq1xEHZo.roa (raw, json)
Hash identifier:          MV0kP13IL1CpYTubjPbALIsoOYTTBCnqo93eNkiKG4o=
Subject key identifier:   89:D1:BD:D0:35:9F:02:D4:24:9D:07:A5:CD:FC:67:AB:5C:44:1D:9A
Certificate issuer:       /CN=19426325acb8ce609a686fa655b058968809b346
Certificate serial:       019307E3FB47B37755B86B474B3FE6AE2437
Authority key identifier: 19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/idG90DWfAtQknQelzfxnq1xEHZo.roa
Signing time:             Thu 07 Nov 2024 18:30:01 +0000
ROA not before:           Thu 07 Nov 2024 18:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208485
IP address blocks:        77.47.178.0/24 maxlen: 24
                          77.47.242.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:07:e3:fb:47:b3:77:55:b8:6b:47:4b:3f:e6:ae:24:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19426325acb8ce609a686fa655b058968809b346
        Validity
            Not Before: Nov  7 18:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=89d1bdd0359f02d4249d07a5cdfc67ab5c441d9a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:82:21:82:1a:65:ef:47:23:71:77:ce:cf:a6:
                    8e:91:d1:df:55:b2:7e:14:a5:8c:5a:31:90:0e:c5:
                    84:30:98:be:b8:8c:18:7e:35:aa:7a:99:70:f1:75:
                    35:51:e5:9e:77:61:07:b3:a8:ef:1d:39:0b:eb:f3:
                    4e:c0:23:b6:e9:b1:d0:2d:57:15:b4:f1:43:35:d0:
                    d0:4c:ef:6b:08:7a:45:37:06:9f:fd:f3:61:8e:af:
                    ed:34:84:fc:37:af:4e:27:c5:34:12:0b:bc:66:7a:
                    9c:87:12:58:fe:1d:f5:4c:42:b5:d8:9d:d2:ac:d7:
                    e6:f1:b9:e5:d4:c9:7a:46:ed:1f:25:50:89:e5:f8:
                    6a:62:06:8c:5f:fc:3c:94:9c:b7:82:d6:64:39:49:
                    06:d4:f4:be:45:ef:4a:0d:80:4a:e4:74:24:75:e3:
                    3c:2a:af:6a:c5:5c:9b:30:c5:a0:84:47:1f:cb:83:
                    78:95:3f:16:3f:a6:2a:76:68:12:04:e3:4f:6a:5f:
                    5d:57:c0:00:ac:d8:43:bd:f9:74:e2:2c:ce:f2:17:
                    bd:b6:10:4a:f2:5d:62:ed:f5:a1:bd:1f:95:78:5e:
                    c5:2a:39:76:c9:83:49:fb:4a:3b:46:c7:af:a8:e7:
                    6a:9c:07:43:90:4e:a1:1d:e3:78:fc:1b:f5:1d:e9:
                    8b:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:D1:BD:D0:35:9F:02:D4:24:9D:07:A5:CD:FC:67:AB:5C:44:1D:9A
            X509v3 Authority Key Identifier:
                keyid:19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/idG90DWfAtQknQelzfxnq1xEHZo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.47.178.0/24
                  77.47.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:3b:f7:c2:f3:d3:32:91:23:57:40:f2:cc:cf:2c:22:80:f1:
         b0:cc:a6:5e:d3:eb:24:e5:d1:a8:9a:e8:7a:c1:04:f0:1b:73:
         4f:50:26:29:fa:71:bb:80:ce:89:f9:d3:5b:16:17:1f:e2:f4:
         e8:ac:9b:23:dd:cb:f2:b2:27:b5:73:aa:76:0d:9c:06:ba:3e:
         c8:ed:4b:8e:4b:66:40:91:3f:fd:8c:68:20:8f:72:10:ac:2d:
         98:fe:0b:0a:2e:82:29:95:6c:79:e5:2f:4f:e0:17:b6:e5:c2:
         d7:42:3c:32:42:b8:c9:4c:4c:f7:48:4e:f0:ae:1b:3d:bb:4a:
         8b:21:95:1a:76:ab:bd:29:17:e7:42:6a:08:34:60:06:ab:a4:
         05:c7:95:08:ac:6f:31:67:dd:ed:3d:03:77:ab:55:a9:18:f1:
         b1:57:e8:3c:48:26:f9:fa:0f:a9:21:04:8b:36:fd:6b:0f:b0:
         02:94:fd:da:ab:0a:a1:16:4b:97:b4:22:8b:58:79:57:86:ba:
         d2:c0:58:6b:ed:68:ee:cd:5b:68:51:e0:e7:7e:b8:61:b5:31:
         ad:b3:8a:56:42:4f:2c:34:e6:09:3d:84:c9:00:fd:0b:1d:86:
         f8:ee:21:8e:27:cc:1f:90:59:ea:c6:91:59:5b:f5:b2:47:f0:
         a7:ce:e9:ee
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZMH4/tHs3dVuGtHSz/mriQ3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5NDI2MzI1YWNiOGNlNjA5YTY4NmZhNjU1YjA1ODk2ODgw
OWIzNDYwHhcNMjQxMTA3MTgzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWQxYmRkMDM1OWYwMmQ0MjQ5ZDA3YTVjZGZjNjdhYjVjNDQxZDlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl4Ihghpl70cjcXfOz6aOkdHfVbJ+
FKWMWjGQDsWEMJi+uIwYfjWqeplw8XU1UeWed2EHs6jvHTkL6/NOwCO26bHQLVcV
tPFDNdDQTO9rCHpFNwaf/fNhjq/tNIT8N69OJ8U0Egu8ZnqchxJY/h31TEK12J3S
rNfm8bnl1Ml6Ru0fJVCJ5fhqYgaMX/w8lJy3gtZkOUkG1PS+Re9KDYBK5HQkdeM8
Kq9qxVybMMWghEcfy4N4lT8WP6YqdmgSBONPal9dV8AArNhDvfl04izO8he9thBK
8l1i7fWhvR+VeF7FKjl2yYNJ+0o7RsevqOdqnAdDkE6hHeN4/Bv1HemL4QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFInRvdA1nwLUJJ0Hpc38Z6tcRB2aMB8GA1UdIwQY
MBaAFBlCYyWsuM5gmmhvplWwWJaICbNGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQt
MDNmNGM3MTEzYzM0LzEvaWRHOTBEV2ZBdFFrblFlbHpmeG5xMXhFSFpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQtMDNmNGM3MTEzYzM0
LzEvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATS+yAwQA
TS/yMA0GCSqGSIb3DQEBCwUAA4IBAQAhO/fC89MykSNXQPLMzywigPGwzKZe0+sk
5dGomuh6wQTwG3NPUCYp+nG7gM6J+dNbFhcf4vTorJsj3cvysie1c6p2DZwGuj7I
7UuOS2ZAkT/9jGggj3IQrC2Y/gsKLoIplWx55S9P4Be25cLXQjwyQrjJTEz3SE7w
rhs9u0qLIZUadqu9KRfnQmoINGAGq6QFx5UIrG8xZ93tPQN3q1WpGPGxV+g8SCb5
+g+pIQSLNv1rD7AClP3aqwqhFkuXtCKLWHlXhrrSwFhr7WjuzVtoUeDnfrhhtTGt
s4pWQk8sNOYJPYTJAP0LHYb47iGOJ8wfkFnqxpFZW/WyR/Cnzunu
-----END CERTIFICATE-----