Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/3XZ4vQmmWDsiBHdfPDUWDY6jlfU.roa
File:                     3XZ4vQmmWDsiBHdfPDUWDY6jlfU.roa (raw, json)
Hash identifier:          Jr8jQtbMv+cjaUftHkFQsZkWWfTIrWxZLBFFBF13/WE=
Subject key identifier:   DD:76:78:BD:09:A6:58:3B:22:04:77:5F:3C:35:16:0D:8E:A3:95:F5
Certificate issuer:       /CN=8fc69646457a8bf8ef9569b9b427e9f2c462e56e
Certificate serial:       018F13EB266EEA28048C7CB16756EB3D334D
Authority key identifier: 8F:C6:96:46:45:7A:8B:F8:EF:95:69:B9:B4:27:E9:F2:C4:62:E5:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j8aWRkV6i_jvlWm5tCfp8sRi5W4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/3XZ4vQmmWDsiBHdfPDUWDY6jlfU.roa
Signing time:             Thu 25 Apr 2024 06:22:08 +0000
ROA not before:           Thu 25 Apr 2024 06:22:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212477
IP address blocks:        45.131.79.0/24 maxlen: 24
                          79.110.236.0/24 maxlen: 24
                          146.19.160.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/j8aWRkV6i_jvlWm5tCfp8sRi5W4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/j8aWRkV6i_jvlWm5tCfp8sRi5W4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j8aWRkV6i_jvlWm5tCfp8sRi5W4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:13:eb:26:6e:ea:28:04:8c:7c:b1:67:56:eb:3d:33:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8fc69646457a8bf8ef9569b9b427e9f2c462e56e
        Validity
            Not Before: Apr 25 06:22:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dd7678bd09a6583b2204775f3c35160d8ea395f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:04:9c:9e:89:ec:4e:a7:57:b7:77:be:6e:3e:
                    89:b6:f7:38:ba:fe:35:fd:aa:0b:21:17:ab:da:9d:
                    56:e3:c6:a7:9c:34:50:38:ff:cb:27:2d:bb:ec:80:
                    ea:cb:df:26:07:84:f9:71:ad:4e:b1:13:ae:09:96:
                    c0:cd:4c:22:11:e9:9a:9a:ef:eb:72:90:f2:51:58:
                    50:6c:83:1f:6c:b2:2d:26:8c:53:e8:ed:ec:95:d0:
                    10:2d:89:af:07:fa:0a:84:47:09:7c:48:30:83:77:
                    78:60:41:42:a4:11:1f:5c:fb:e1:5a:f4:81:78:43:
                    89:db:83:b6:1e:68:84:78:6d:a4:ab:3a:ee:46:3a:
                    45:6f:d6:82:90:0c:03:f2:72:22:45:05:e8:de:3a:
                    01:be:33:0b:99:4c:93:30:0e:ff:38:17:02:09:7a:
                    d8:ab:d4:6d:b0:28:d2:90:ef:74:dc:ee:7f:f2:62:
                    77:ad:0a:d6:85:25:53:bb:fa:7c:c2:51:2a:50:ec:
                    26:37:0f:e5:d1:d5:a2:05:4c:fa:ee:47:51:86:f6:
                    52:53:e1:b1:b7:7e:8a:f0:c4:08:ba:0f:8b:ab:fb:
                    7a:64:66:ed:25:6d:51:b1:0f:fd:5c:fd:16:47:b9:
                    63:ec:c8:04:47:cc:9f:b4:5c:94:e6:e5:fc:dd:2e:
                    52:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:76:78:BD:09:A6:58:3B:22:04:77:5F:3C:35:16:0D:8E:A3:95:F5
            X509v3 Authority Key Identifier:
                keyid:8F:C6:96:46:45:7A:8B:F8:EF:95:69:B9:B4:27:E9:F2:C4:62:E5:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j8aWRkV6i_jvlWm5tCfp8sRi5W4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/3XZ4vQmmWDsiBHdfPDUWDY6jlfU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/j8aWRkV6i_jvlWm5tCfp8sRi5W4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.131.79.0/24
                  79.110.236.0/24
                  146.19.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:1f:b7:3a:c8:6c:65:da:54:e4:4d:5a:c6:41:4b:31:63:11:
         5b:9f:64:a2:7f:53:3c:8b:55:4b:09:b2:ff:21:ad:f3:fc:8b:
         dd:c9:f6:ab:4c:07:8a:93:e1:93:9e:26:a4:9c:c8:05:45:0d:
         18:5f:28:3b:07:9e:2c:58:3b:2f:a4:bf:5b:7b:8a:2d:39:a1:
         27:92:77:0d:b2:00:23:67:c0:5f:96:16:ce:11:ae:02:ea:66:
         26:11:01:07:ac:25:e9:9c:0f:ee:73:22:5f:dc:4a:54:8b:43:
         56:9e:47:2c:68:a7:86:57:fa:b4:da:f8:2c:90:ac:38:c0:0b:
         8d:c2:a7:0d:81:6a:03:11:72:5d:59:41:30:a8:9b:12:8a:d8:
         89:96:a0:81:a6:4e:34:79:bf:c4:98:5f:89:af:bf:5d:a7:d6:
         8c:bb:3c:13:42:14:bb:01:3c:9e:d5:55:d3:68:78:01:94:ed:
         3e:90:54:97:7b:fe:61:0c:bf:12:80:0a:d9:c7:21:be:88:58:
         b4:a3:8c:f4:4b:32:a4:61:e5:56:7c:70:36:0e:32:8a:45:92:
         41:98:03:6b:85:d8:09:69:4d:f5:47:b1:21:a7:6e:07:28:f4:
         e6:d7:40:12:c9:28:67:aa:21:3b:02:d7:06:de:12:e8:fb:09:
         59:a9:c7:aa
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY8T6yZu6igEjHyxZ1brPTNNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmYzY5NjQ2NDU3YThiZjhlZjk1NjliOWI0MjdlOWYyYzQ2
MmU1NmUwHhcNMjQwNDI1MDYyMjA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDc2NzhiZDA5YTY1ODNiMjIwNDc3NWYzYzM1MTYwZDhlYTM5NWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtgScnonsTqdXt3e+bj6Jtvc4uv41
/aoLIRer2p1W48annDRQOP/LJy277IDqy98mB4T5ca1OsROuCZbAzUwiEemamu/r
cpDyUVhQbIMfbLItJoxT6O3sldAQLYmvB/oKhEcJfEgwg3d4YEFCpBEfXPvhWvSB
eEOJ24O2HmiEeG2kqzruRjpFb9aCkAwD8nIiRQXo3joBvjMLmUyTMA7/OBcCCXrY
q9RtsCjSkO903O5/8mJ3rQrWhSVTu/p8wlEqUOwmNw/l0dWiBUz67kdRhvZSU+Gx
t36K8MQIug+Lq/t6ZGbtJW1RsQ/9XP0WR7lj7MgER8yftFyU5uX83S5SiQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFN12eL0Jplg7IgR3Xzw1Fg2Oo5X1MB8GA1UdIwQY
MBaAFI/GlkZFeov475VpubQn6fLEYuVuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvajhhV1JrVjZpX2p2bFdtNXRDZnA4c1JpNVc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny85ZmFiNWMtZTEzOC00ZWY2LTg3OTkt
YjBiMzVhMzRlMzg4LzEvM1haNHZRbW1XRHNpQkhkZlBEVVdEWTZqbGZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny85ZmFiNWMtZTEzOC00ZWY2LTg3OTktYjBiMzVhMzRlMzg4
LzEvajhhV1JrVjZpX2p2bFdtNXRDZnA4c1JpNVc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALYNPAwQA
T27sAwQAkhOgMA0GCSqGSIb3DQEBCwUAA4IBAQBZH7c6yGxl2lTkTVrGQUsxYxFb
n2Sif1M8i1VLCbL/Ia3z/IvdyfarTAeKk+GTniaknMgFRQ0YXyg7B54sWDsvpL9b
e4otOaEnkncNsgAjZ8BflhbOEa4C6mYmEQEHrCXpnA/ucyJf3EpUi0NWnkcsaKeG
V/q02vgskKw4wAuNwqcNgWoDEXJdWUEwqJsSitiJlqCBpk40eb/EmF+Jr79dp9aM
uzwTQhS7ATye1VXTaHgBlO0+kFSXe/5hDL8SgArZxyG+iFi0o4z0SzKkYeVWfHA2
DjKKRZJBmANrhdgJaU31R7Ehp24HKPTm10ASyShnqiE7AtcG3hLo+wlZqceq
-----END CERTIFICATE-----