Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/ffc349-f326-4096-bcb3-c2c2acb908bc/1/zRL5nV8ChDvmiTDuBEypdG9GWmo.roa
File:                     zRL5nV8ChDvmiTDuBEypdG9GWmo.roa (raw, json)
Hash identifier:          yd0ByyffUPrEaaP/tJ/TTe8vYWt8fqCaSSlHlqF/Afs=
Subject key identifier:   CD:12:F9:9D:5F:02:84:3B:E6:89:30:EE:04:4C:A9:74:6F:46:5A:6A
Certificate issuer:       /CN=040dd3d3c52d4c6fa51b7a833578cefb3ab26649
Certificate serial:       018CC34903478BFCB921372F3AA06E785254
Authority key identifier: 04:0D:D3:D3:C5:2D:4C:6F:A5:1B:7A:83:35:78:CE:FB:3A:B2:66:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BA3T08UtTG-lG3qDNXjO-zqyZkk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/ffc349-f326-4096-bcb3-c2c2acb908bc/1/zRL5nV8ChDvmiTDuBEypdG9GWmo.roa
Signing time:             Mon 01 Jan 2024 04:29:51 +0000
ROA not before:           Mon 01 Jan 2024 04:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43022
IP address blocks:        77.93.32.0/19 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/ffc349-f326-4096-bcb3-c2c2acb908bc/1/BA3T08UtTG-lG3qDNXjO-zqyZkk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/ffc349-f326-4096-bcb3-c2c2acb908bc/1/BA3T08UtTG-lG3qDNXjO-zqyZkk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BA3T08UtTG-lG3qDNXjO-zqyZkk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:03:47:8b:fc:b9:21:37:2f:3a:a0:6e:78:52:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=040dd3d3c52d4c6fa51b7a833578cefb3ab26649
        Validity
            Not Before: Jan  1 04:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cd12f99d5f02843be68930ee044ca9746f465a6a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:8b:f8:54:4c:f0:8d:a8:a8:d0:4f:5a:1e:95:
                    36:f2:9d:13:6a:dc:81:48:b9:cd:53:58:8f:f8:7c:
                    73:69:57:ad:3f:e2:4c:c8:4f:81:4b:4a:34:08:42:
                    34:08:10:b6:57:20:73:ba:bb:5f:49:ad:06:49:57:
                    43:76:d5:fd:67:a8:f5:e6:d8:76:2a:5a:46:bc:72:
                    9b:af:51:5e:3f:32:fe:3b:74:21:83:69:53:7e:c1:
                    8e:f4:b1:1c:82:d8:5d:ef:ff:9b:28:5e:45:57:83:
                    eb:46:11:3d:08:23:06:d1:45:21:1d:80:eb:51:13:
                    19:49:a0:20:d0:cb:e6:f1:4c:12:6b:49:4e:da:4c:
                    1f:8d:49:f3:bf:0c:10:fc:b2:2b:d0:57:aa:7c:7e:
                    be:cf:14:11:4c:e6:12:8e:5a:c0:05:99:01:43:02:
                    5f:c5:ee:85:52:6a:d5:46:db:97:f4:7f:5f:44:b6:
                    25:77:ed:a7:2b:ae:ea:e0:b8:cd:90:02:1b:b6:c1:
                    ce:1a:95:d5:e4:a0:4b:ed:3e:61:ae:b8:77:4a:84:
                    10:47:57:3b:76:56:b1:1a:c8:e5:eb:b0:be:6a:6a:
                    4b:44:96:f9:8a:4b:c7:91:65:e9:3d:f4:96:16:82:
                    a2:89:39:cb:e6:ed:06:bf:d6:bc:e0:c3:02:44:e7:
                    00:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:12:F9:9D:5F:02:84:3B:E6:89:30:EE:04:4C:A9:74:6F:46:5A:6A
            X509v3 Authority Key Identifier:
                keyid:04:0D:D3:D3:C5:2D:4C:6F:A5:1B:7A:83:35:78:CE:FB:3A:B2:66:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BA3T08UtTG-lG3qDNXjO-zqyZkk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/ffc349-f326-4096-bcb3-c2c2acb908bc/1/zRL5nV8ChDvmiTDuBEypdG9GWmo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/ffc349-f326-4096-bcb3-c2c2acb908bc/1/BA3T08UtTG-lG3qDNXjO-zqyZkk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.93.32.0/19

    Signature Algorithm: sha256WithRSAEncryption
         16:a1:e2:37:be:a7:08:22:66:fa:b2:95:71:2b:7b:14:6b:67:
         d0:64:e9:89:06:16:9a:cb:ba:98:3c:ca:ed:33:c5:60:63:96:
         aa:18:a6:7f:b2:d6:be:7d:0c:b5:7d:72:ef:b9:ea:f7:e8:38:
         df:09:c8:9f:f4:8d:a7:6d:df:46:f7:54:a3:9c:6f:cd:01:23:
         d3:10:ab:e1:86:04:54:c2:0a:19:e9:6c:18:8e:ce:8f:9d:08:
         8f:85:55:6e:c5:2a:82:e1:0d:49:87:6d:69:28:fa:c7:9f:a9:
         56:94:07:0e:49:70:3f:e8:0e:6d:3f:bc:d5:0b:37:16:27:57:
         2b:bd:17:ea:14:1d:47:0c:ee:4a:9c:9c:bb:b7:79:14:f8:4a:
         a8:e9:a6:62:7e:b4:f6:12:cc:d6:40:61:1c:d3:97:bb:cd:b7:
         51:67:15:87:51:b0:6d:a3:23:dd:0f:39:52:51:3e:b5:18:67:
         65:0d:e0:8b:50:83:9b:32:2c:a7:33:ae:4d:80:07:d8:20:9f:
         bc:d3:4e:4c:82:24:a4:63:53:ea:6a:c8:14:05:ca:eb:38:2f:
         68:e8:6c:b8:52:74:e3:78:d9:c2:56:64:ff:89:96:7f:90:6e:
         08:bc:bd:9b:76:cc:a9:8b:6d:24:3f:cd:26:e1:1c:9e:03:ac:
         3a:58:d0:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSQNHi/y5ITcvOqBueFJUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0MGRkM2QzYzUyZDRjNmZhNTFiN2E4MzM1NzhjZWZiM2Fi
MjY2NDkwHhcNMjQwMTAxMDQyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDEyZjk5ZDVmMDI4NDNiZTY4OTMwZWUwNDRjYTk3NDZmNDY1YTZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtYv4VEzwjaio0E9aHpU28p0TatyB
SLnNU1iP+HxzaVetP+JMyE+BS0o0CEI0CBC2VyBzurtfSa0GSVdDdtX9Z6j15th2
KlpGvHKbr1FePzL+O3Qhg2lTfsGO9LEcgthd7/+bKF5FV4PrRhE9CCMG0UUhHYDr
URMZSaAg0Mvm8UwSa0lO2kwfjUnzvwwQ/LIr0FeqfH6+zxQRTOYSjlrABZkBQwJf
xe6FUmrVRtuX9H9fRLYld+2nK67q4LjNkAIbtsHOGpXV5KBL7T5hrrh3SoQQR1c7
dlaxGsjl67C+ampLRJb5ikvHkWXpPfSWFoKiiTnL5u0Gv9a84MMCROcA0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM0S+Z1fAoQ75okw7gRMqXRvRlpqMB8GA1UdIwQY
MBaAFAQN09PFLUxvpRt6gzV4zvs6smZJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQkEzVDA4VXRURy1sRzNxRE5Yak8tenF5WmtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC9mZmMzNDktZjMyNi00MDk2LWJjYjMt
YzJjMmFjYjkwOGJjLzEvelJMNW5WOENoRHZtaVREdUJFeXBkRzlHV21vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC9mZmMzNDktZjMyNi00MDk2LWJjYjMtYzJjMmFjYjkwOGJj
LzEvQkEzVDA4VXRURy1sRzNxRE5Yak8tenF5WmtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFTV0gMA0G
CSqGSIb3DQEBCwUAA4IBAQAWoeI3vqcIImb6spVxK3sUa2fQZOmJBhaay7qYPMrt
M8VgY5aqGKZ/sta+fQy1fXLvuer36DjfCcif9I2nbd9G91SjnG/NASPTEKvhhgRU
wgoZ6WwYjs6PnQiPhVVuxSqC4Q1Jh21pKPrHn6lWlAcOSXA/6A5tP7zVCzcWJ1cr
vRfqFB1HDO5KnJy7t3kU+Eqo6aZifrT2EszWQGEc05e7zbdRZxWHUbBtoyPdDzlS
UT61GGdlDeCLUIObMiynM65NgAfYIJ+8005MgiSkY1PqasgUBcrrOC9o6Gy4UnTj
eNnCVmT/iZZ/kG4IvL2bdsypi20kP80m4RyeA6w6WNDC
-----END CERTIFICATE-----