Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/ed3b2e-f0fe-4460-850d-5847b1469326/1/ATdD3tAa2QgGbpJzUTByMElS9-s.roa
File:                     ATdD3tAa2QgGbpJzUTByMElS9-s.roa (raw, json)
Hash identifier:          xViQDuzjfK9JPpDFVJ5A7KJ3ONXYDYMNZc9Y3JHtHc0=
Subject key identifier:   01:37:43:DE:D0:1A:D9:08:06:6E:92:73:51:30:72:30:49:52:F7:EB
Certificate issuer:       /CN=4d687d862808225b459fa399e65f8a069469aba3
Certificate serial:       0191DA5EC18E1A209AD97CE67F93DE42794C
Authority key identifier: 4D:68:7D:86:28:08:22:5B:45:9F:A3:99:E6:5F:8A:06:94:69:AB:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TWh9higIIltFn6OZ5l-KBpRpq6M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/ed3b2e-f0fe-4460-850d-5847b1469326/1/ATdD3tAa2QgGbpJzUTByMElS9-s.roa
Signing time:             Tue 10 Sep 2024 05:18:48 +0000
ROA not before:           Tue 10 Sep 2024 05:18:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31317
IP address blocks:        77.87.191.0/24 maxlen: 32
                          2001:678:e40::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/ed3b2e-f0fe-4460-850d-5847b1469326/1/TWh9higIIltFn6OZ5l-KBpRpq6M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/ed3b2e-f0fe-4460-850d-5847b1469326/1/TWh9higIIltFn6OZ5l-KBpRpq6M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TWh9higIIltFn6OZ5l-KBpRpq6M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:da:5e:c1:8e:1a:20:9a:d9:7c:e6:7f:93:de:42:79:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d687d862808225b459fa399e65f8a069469aba3
        Validity
            Not Before: Sep 10 05:18:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=013743ded01ad908066e9273513072304952f7eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:7f:d3:6d:cf:7b:0f:a5:27:19:71:8b:fa:57:
                    89:6f:8a:98:1b:c5:85:3c:ba:96:6f:d0:46:0c:d0:
                    b9:3e:db:93:45:71:09:60:6b:ad:65:db:5d:af:f5:
                    72:a2:4d:54:f1:6a:7b:21:89:97:5e:ab:7b:b0:82:
                    58:a0:53:c0:18:59:02:db:25:45:35:67:53:2f:7f:
                    e6:63:5f:5f:65:73:4c:99:a6:85:a8:bc:55:97:48:
                    84:a1:51:67:bd:a9:90:d1:82:f3:19:14:5d:43:e8:
                    5e:5a:81:12:b6:6e:31:19:be:30:12:87:28:8a:90:
                    9a:9d:0c:0d:da:57:7f:9f:5d:be:17:db:57:54:df:
                    e0:06:9a:92:b8:49:dd:ef:b7:bd:9f:dc:e1:10:32:
                    b8:49:f4:a7:d7:fd:35:28:8c:ae:80:3e:e9:53:48:
                    d3:1d:fa:f7:80:df:97:36:41:99:df:19:b2:78:53:
                    41:9c:ec:33:ed:f4:fe:db:58:33:b3:56:a7:f6:3d:
                    13:67:6c:da:30:7a:4f:4e:63:bd:6c:9b:4c:78:57:
                    78:70:62:3d:3e:0b:ef:90:ce:de:89:5b:3c:17:9e:
                    ea:29:5e:c8:ea:7b:d2:0c:2b:7b:6f:67:33:b9:80:
                    28:c4:40:26:35:a5:45:64:b5:bd:ff:f4:8d:9a:7c:
                    f7:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:37:43:DE:D0:1A:D9:08:06:6E:92:73:51:30:72:30:49:52:F7:EB
            X509v3 Authority Key Identifier:
                keyid:4D:68:7D:86:28:08:22:5B:45:9F:A3:99:E6:5F:8A:06:94:69:AB:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TWh9higIIltFn6OZ5l-KBpRpq6M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/ed3b2e-f0fe-4460-850d-5847b1469326/1/ATdD3tAa2QgGbpJzUTByMElS9-s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/ed3b2e-f0fe-4460-850d-5847b1469326/1/TWh9higIIltFn6OZ5l-KBpRpq6M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.87.191.0/24
                IPv6:
                  2001:678:e40::/48

    Signature Algorithm: sha256WithRSAEncryption
         58:3a:3e:77:18:17:8b:8d:2f:52:fa:6a:a8:d4:27:7c:a8:1d:
         b0:f9:1c:ce:de:a0:3c:b3:84:30:f4:b1:96:0f:80:f0:ec:78:
         ad:96:59:4a:52:74:cd:83:f1:fc:0a:5d:89:f5:87:03:25:5c:
         d7:41:e2:0f:2b:4c:2a:e7:b0:bf:27:b0:40:89:27:b6:49:5d:
         cc:9d:d6:2e:05:69:78:1e:57:06:7b:d8:40:6c:dd:9f:57:a9:
         72:6a:f1:e7:7d:77:1d:f5:c6:0c:0c:fe:9a:f5:a4:98:94:89:
         e3:6b:51:78:cc:b4:a0:a1:a7:e4:19:94:e3:79:e2:53:1a:cd:
         6d:e0:e7:02:01:b9:36:83:b9:ba:7f:db:83:49:14:5e:5d:78:
         2d:3d:5a:5d:5b:bc:f5:68:d3:34:f0:f0:7f:e7:0c:86:9e:f8:
         fb:54:c2:01:ad:c7:27:c8:b9:98:40:04:89:0e:df:35:42:90:
         6c:ad:e9:ae:59:fc:7c:ba:87:54:aa:99:d3:2f:36:55:51:95:
         92:b2:04:6c:3f:d7:30:53:a9:be:b7:21:d8:ad:bf:c5:34:28:
         71:b9:08:1a:30:e2:95:d7:3e:d5:bb:51:ef:77:42:c6:03:81:
         47:f8:c4:1d:3e:a4:77:ee:59:55:f6:fc:ed:c6:f1:a2:5e:e8:
         d8:59:05:01
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZHaXsGOGiCa2Xzmf5PeQnlMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkNjg3ZDg2MjgwODIyNWI0NTlmYTM5OWU2NWY4YTA2OTQ2
OWFiYTMwHhcNMjQwOTEwMDUxODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTM3NDNkZWQwMWFkOTA4MDY2ZTkyNzM1MTMwNzIzMDQ5NTJmN2ViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA53/Tbc97D6UnGXGL+leJb4qYG8WF
PLqWb9BGDNC5PtuTRXEJYGutZdtdr/Vyok1U8Wp7IYmXXqt7sIJYoFPAGFkC2yVF
NWdTL3/mY19fZXNMmaaFqLxVl0iEoVFnvamQ0YLzGRRdQ+heWoEStm4xGb4wEoco
ipCanQwN2ld/n12+F9tXVN/gBpqSuEnd77e9n9zhEDK4SfSn1/01KIyugD7pU0jT
Hfr3gN+XNkGZ3xmyeFNBnOwz7fT+21gzs1an9j0TZ2zaMHpPTmO9bJtMeFd4cGI9
PgvvkM7eiVs8F57qKV7I6nvSDCt7b2czuYAoxEAmNaVFZLW9//SNmnz3swIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAE3Q97QGtkIBm6Sc1EwcjBJUvfrMB8GA1UdIwQY
MBaAFE1ofYYoCCJbRZ+jmeZfigaUaaujMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFdoOWhpZ0lJbHRGbjZPWjVsLUtCcFJwcTZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi9lZDNiMmUtZjBmZS00NDYwLTg1MGQt
NTg0N2IxNDY5MzI2LzEvQVRkRDN0QWEyUWdHYnBKelVUQnlNRWxTOS1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi9lZDNiMmUtZjBmZS00NDYwLTg1MGQtNTg0N2IxNDY5MzI2
LzEvVFdoOWhpZ0lJbHRGbjZPWjVsLUtCcFJwcTZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQATVe/MA8E
AgACMAkDBwAgAQZ4DkAwDQYJKoZIhvcNAQELBQADggEBAFg6PncYF4uNL1L6aqjU
J3yoHbD5HM7eoDyzhDD0sZYPgPDseK2WWUpSdM2D8fwKXYn1hwMlXNdB4g8rTCrn
sL8nsECJJ7ZJXcyd1i4FaXgeVwZ72EBs3Z9XqXJq8ed9dx31xgwM/pr1pJiUieNr
UXjMtKChp+QZlON54lMazW3g5wIBuTaDubp/24NJFF5deC09Wl1bvPVo0zTw8H/n
DIae+PtUwgGtxyfIuZhABIkO3zVCkGyt6a5Z/Hy6h1SqmdMvNlVRlZKyBGw/1zBT
qb63Iditv8U0KHG5CBow4pXXPtW7Ue93QsYDgUf4xB0+pHfuWVX2/O3G8aJe6NhZ
BQE=
-----END CERTIFICATE-----