Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/jpuN0uHq3mJ0GlsqDBhR9MYuur8.roa
File:                     jpuN0uHq3mJ0GlsqDBhR9MYuur8.roa (raw, json)
Hash identifier:          EBYrSXwG++rEY/nrY67zuD9NQvpqpe/4uW030U+MCu0=
Subject key identifier:   8E:9B:8D:D2:E1:EA:DE:62:74:1A:5B:2A:0C:18:51:F4:C6:2E:BA:BF
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       019241DAE4D42289EC828B2E21219C7CB387
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/jpuN0uHq3mJ0GlsqDBhR9MYuur8.roa
Signing time:             Mon 30 Sep 2024 07:35:17 +0000
ROA not before:           Mon 30 Sep 2024 07:35:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204157
IP address blocks:        77.81.99.0/24 maxlen: 24
                          89.45.91.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:41:da:e4:d4:22:89:ec:82:8b:2e:21:21:9c:7c:b3:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Sep 30 07:35:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8e9b8dd2e1eade62741a5b2a0c1851f4c62ebabf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:ec:05:46:2a:10:c1:6b:b4:b5:e2:b4:ab:38:
                    ba:ea:88:6a:70:c0:e1:53:0b:7e:a6:2e:40:5d:9d:
                    d1:da:b9:dd:5d:6e:a4:85:02:8c:0c:b7:b7:cd:fc:
                    47:4a:ab:87:7a:92:8b:43:72:14:81:ce:ae:37:26:
                    53:18:6b:07:72:d6:b1:d7:47:8c:05:97:94:76:67:
                    10:96:a1:82:e2:ee:91:d2:7c:e1:08:b9:7a:3d:fb:
                    03:f0:fe:e4:fb:6b:53:45:3e:83:1f:6c:f4:34:26:
                    b8:d2:57:b5:31:93:ae:2b:3f:d6:58:f5:cf:40:b9:
                    86:45:8b:93:b4:db:3a:ad:26:0b:9e:de:72:d9:8f:
                    fe:45:f0:91:5d:e6:32:54:42:b3:5f:e2:db:9e:fd:
                    a4:42:8e:08:df:ea:44:bc:46:97:8a:7f:63:72:52:
                    f3:36:01:4e:05:5c:0f:57:51:55:34:a5:41:e5:81:
                    33:b3:2e:08:26:39:68:70:41:a7:c7:2f:b6:cf:1e:
                    32:b0:a5:32:a2:29:ab:85:0a:e7:81:28:14:0a:57:
                    53:0a:54:63:1b:ba:2e:be:06:56:13:01:86:59:b7:
                    b5:b5:ac:35:c5:f4:9e:54:5a:db:b0:84:47:9a:ef:
                    b7:96:bb:64:f7:e5:89:85:9f:5f:51:9f:e3:76:24:
                    dc:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:9B:8D:D2:E1:EA:DE:62:74:1A:5B:2A:0C:18:51:F4:C6:2E:BA:BF
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/jpuN0uHq3mJ0GlsqDBhR9MYuur8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.81.99.0/24
                  89.45.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d1:bb:08:74:4a:2e:b9:3a:53:55:ff:7e:25:ca:ef:6e:eb:eb:
         f2:ea:e7:71:70:5d:a9:f9:28:db:3b:c1:78:37:fe:f3:84:fd:
         2f:d1:cd:62:b9:05:33:12:c2:3b:d3:7a:f9:16:7a:70:08:ea:
         c1:ec:5d:b0:0f:30:b0:90:0e:08:6a:76:f9:46:41:e4:4c:8f:
         90:da:84:63:d3:2a:0d:45:db:f9:88:03:70:dd:42:2c:6a:c9:
         f6:9e:43:5b:52:05:90:f0:da:33:0d:0f:ad:2b:a5:e1:fd:63:
         10:8c:fc:23:eb:31:c6:06:81:95:f4:50:3d:c6:80:71:26:39:
         1f:7f:55:a1:24:6b:85:ed:bb:0a:8b:e8:66:4e:81:bc:ea:81:
         fa:93:ca:8c:4e:35:1c:e9:54:8d:d2:77:cd:fa:ef:9a:80:75:
         04:66:cd:e4:bd:36:9c:f4:5b:c3:c1:ba:62:dd:c0:8d:0e:5d:
         d3:9c:2b:45:2f:5e:39:f7:95:9c:d4:a8:fd:01:80:87:8b:32:
         e0:96:07:5e:be:1c:2c:f4:a9:38:62:62:9e:ab:35:e6:92:3e:
         85:d3:fb:4b:90:8a:5d:29:18:23:fd:88:35:f9:aa:04:f5:1d:
         ad:a2:3f:c4:e4:21:42:a0:69:b9:6c:b6:9c:3b:45:10:93:b9:
         6b:a8:73:be
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZJB2uTUIonsgosuISGcfLOHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjQwOTMwMDczNTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTliOGRkMmUxZWFkZTYyNzQxYTViMmEwYzE4NTFmNGM2MmViYWJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAruwFRioQwWu0teK0qzi66ohqcMDh
Uwt+pi5AXZ3R2rndXW6khQKMDLe3zfxHSquHepKLQ3IUgc6uNyZTGGsHctax10eM
BZeUdmcQlqGC4u6R0nzhCLl6PfsD8P7k+2tTRT6DH2z0NCa40le1MZOuKz/WWPXP
QLmGRYuTtNs6rSYLnt5y2Y/+RfCRXeYyVEKzX+Lbnv2kQo4I3+pEvEaXin9jclLz
NgFOBVwPV1FVNKVB5YEzsy4IJjlocEGnxy+2zx4ysKUyoimrhQrngSgUCldTClRj
G7ouvgZWEwGGWbe1taw1xfSeVFrbsIRHmu+3lrtk9+WJhZ9fUZ/jdiTchQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFI6bjdLh6t5idBpbKgwYUfTGLrq/MB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL2pwdU4wdUhxM21KMEdsc3FEQmhSOU1ZdXVyOC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBABNUWMD
BABZLVswDQYJKoZIhvcNAQELBQADggEBANG7CHRKLrk6U1X/fiXK727r6/Lq53Fw
Xan5KNs7wXg3/vOE/S/RzWK5BTMSwjvTevkWenAI6sHsXbAPMLCQDghqdvlGQeRM
j5DahGPTKg1F2/mIA3DdQixqyfaeQ1tSBZDw2jMND60rpeH9YxCM/CPrMcYGgZX0
UD3GgHEmOR9/VaEka4XtuwqL6GZOgbzqgfqTyoxONRzpVI3Sd83675qAdQRmzeS9
Npz0W8PBumLdwI0OXdOcK0UvXjn3lZzUqP0BgIeLMuCWB16+HCz0qThiYp6rNeaS
PoXT+0uQil0pGCP9iDX5qgT1Ha2iP8TkIUKgablstpw7RRCTuWuoc74=
-----END CERTIFICATE-----