Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/edffbb-1082-4482-8a08-65f8247ffa91/1/kdew_dLZ1hDZKS81NAYJq2-34us.roa
File:                     kdew_dLZ1hDZKS81NAYJq2-34us.roa (raw, json)
Hash identifier:          kbg7df94jZ6sXry4V5MwY9tvsSHXw7eR9N+2cjbOJJs=
Subject key identifier:   91:D7:B0:FD:D2:D9:D6:10:D9:29:2F:35:34:06:09:AB:6F:B7:E2:EB
Certificate issuer:       /CN=a322f229edc2f314a2fa5ef0d7af1dddb499ea31
Certificate serial:       01929A2AEBD51D7FE621996004389D2D439C
Authority key identifier: A3:22:F2:29:ED:C2:F3:14:A2:FA:5E:F0:D7:AF:1D:DD:B4:99:EA:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oyLyKe3C8xSi-l7w168d3bSZ6jE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/edffbb-1082-4482-8a08-65f8247ffa91/1/kdew_dLZ1hDZKS81NAYJq2-34us.roa
Signing time:             Thu 17 Oct 2024 11:09:17 +0000
ROA not before:           Thu 17 Oct 2024 11:09:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42309
IP address blocks:        77.240.208.0/20 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/edffbb-1082-4482-8a08-65f8247ffa91/1/oyLyKe3C8xSi-l7w168d3bSZ6jE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/edffbb-1082-4482-8a08-65f8247ffa91/1/oyLyKe3C8xSi-l7w168d3bSZ6jE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oyLyKe3C8xSi-l7w168d3bSZ6jE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:9a:2a:eb:d5:1d:7f:e6:21:99:60:04:38:9d:2d:43:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a322f229edc2f314a2fa5ef0d7af1dddb499ea31
        Validity
            Not Before: Oct 17 11:09:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=91d7b0fdd2d9d610d9292f35340609ab6fb7e2eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:90:84:4d:ea:bc:96:0e:15:d6:3b:8b:43:8b:
                    b1:e6:ab:f9:b1:c0:99:2f:0f:bb:09:b7:50:cc:d8:
                    cd:f2:9e:46:34:f1:4f:3d:45:82:7d:e1:bc:14:fc:
                    7c:39:8b:70:33:54:43:e5:11:1a:b1:07:cc:08:e9:
                    0a:e2:b4:b5:bd:1b:40:cc:d4:49:67:a8:96:9e:40:
                    1b:dd:26:74:77:9b:1b:4b:db:73:bc:be:b9:ee:1e:
                    8d:77:d4:43:bf:61:d7:3e:d4:b6:ea:65:1e:f8:c0:
                    47:2f:06:4c:77:71:2d:b8:06:02:14:36:f5:87:8a:
                    86:46:da:c6:60:b4:ff:89:23:34:d3:22:e8:68:98:
                    27:1a:4d:b6:02:3c:1d:9d:f1:98:8a:dc:87:76:fd:
                    6b:fe:b2:2c:5c:7a:32:e5:ad:a1:87:98:0b:ba:7b:
                    37:24:3f:22:cf:71:e1:68:d0:2e:3a:27:a8:9d:de:
                    02:ec:66:c3:e1:f6:db:a1:96:b9:1a:14:dc:b0:f1:
                    2e:1c:af:c7:4a:3d:46:2d:c8:18:65:87:e4:54:71:
                    2a:c0:71:b4:cc:a8:52:c9:20:98:79:2e:f0:0d:38:
                    c4:33:be:52:2a:7e:f1:a2:33:70:7f:e3:50:cf:07:
                    be:96:dd:e6:fb:e5:70:ec:3b:3d:8d:53:8a:b4:fc:
                    38:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:D7:B0:FD:D2:D9:D6:10:D9:29:2F:35:34:06:09:AB:6F:B7:E2:EB
            X509v3 Authority Key Identifier:
                keyid:A3:22:F2:29:ED:C2:F3:14:A2:FA:5E:F0:D7:AF:1D:DD:B4:99:EA:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oyLyKe3C8xSi-l7w168d3bSZ6jE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/edffbb-1082-4482-8a08-65f8247ffa91/1/kdew_dLZ1hDZKS81NAYJq2-34us.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/edffbb-1082-4482-8a08-65f8247ffa91/1/oyLyKe3C8xSi-l7w168d3bSZ6jE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.240.208.0/20

    Signature Algorithm: sha256WithRSAEncryption
         10:c6:94:61:2c:8d:7c:50:c7:b1:01:ba:74:0f:49:60:ef:d2:
         c5:1a:d1:5f:38:71:0b:bb:87:81:d7:0c:e3:92:8c:00:61:27:
         75:2d:e6:b6:c0:1d:b1:e8:ff:ee:bc:85:d8:05:c1:cb:3d:14:
         6d:9d:70:5a:d4:d8:2d:db:a8:8c:98:f5:cb:ff:01:4c:30:1b:
         84:08:e0:22:1e:8a:d1:87:f0:d5:32:f5:01:ef:a6:b9:87:55:
         af:1b:2c:8a:b7:c5:86:8e:cb:0a:c1:0f:a6:34:fe:4d:72:20:
         be:5c:3a:28:e7:ba:1c:47:1f:af:3e:c4:2d:cb:c6:bd:14:49:
         6d:62:17:72:04:b8:c9:5d:20:48:1f:bc:28:8c:3c:79:0e:21:
         d2:90:57:a1:d7:16:ee:e6:f8:d0:62:8f:14:74:19:19:55:1d:
         fc:13:16:ba:c3:1b:fe:49:52:32:92:64:36:6d:ec:18:60:50:
         ea:4b:5d:77:74:1a:10:8d:80:29:72:4f:60:a8:2f:3f:90:82:
         7e:75:9e:ab:3f:d8:86:89:82:8c:fa:91:e4:bd:d5:68:55:13:
         09:85:00:51:35:6e:e9:6b:ec:64:7f:8d:1d:b5:04:f2:b4:7c:
         73:09:11:e8:b4:f3:23:3f:c8:08:50:d2:ea:64:4a:67:e9:68:
         a9:32:eb:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKaKuvVHX/mIZlgBDidLUOcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzMjJmMjI5ZWRjMmYzMTRhMmZhNWVmMGQ3YWYxZGRkYjQ5
OWVhMzEwHhcNMjQxMDE3MTEwOTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWQ3YjBmZGQyZDlkNjEwZDkyOTJmMzUzNDA2MDlhYjZmYjdlMmViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnJCETeq8lg4V1juLQ4ux5qv5scCZ
Lw+7CbdQzNjN8p5GNPFPPUWCfeG8FPx8OYtwM1RD5REasQfMCOkK4rS1vRtAzNRJ
Z6iWnkAb3SZ0d5sbS9tzvL657h6Nd9RDv2HXPtS26mUe+MBHLwZMd3EtuAYCFDb1
h4qGRtrGYLT/iSM00yLoaJgnGk22AjwdnfGYityHdv1r/rIsXHoy5a2hh5gLuns3
JD8iz3HhaNAuOieond4C7GbD4fbboZa5GhTcsPEuHK/HSj1GLcgYZYfkVHEqwHG0
zKhSySCYeS7wDTjEM75SKn7xojNwf+NQzwe+lt3m++Vw7Ds9jVOKtPw44wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJHXsP3S2dYQ2SkvNTQGCatvt+LrMB8GA1UdIwQY
MBaAFKMi8intwvMUovpe8NevHd20meoxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3lMeUtlM0M4eFNpLWw3dzE2OGQzYlNaNmpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC9lZGZmYmItMTA4Mi00NDgyLThhMDgt
NjVmODI0N2ZmYTkxLzEva2Rld19kTFoxaERaS1M4MU5BWUpxMi0zNHVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC9lZGZmYmItMTA4Mi00NDgyLThhMDgtNjVmODI0N2ZmYTkx
LzEvb3lMeUtlM0M4eFNpLWw3dzE2OGQzYlNaNmpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQETfDQMA0G
CSqGSIb3DQEBCwUAA4IBAQAQxpRhLI18UMexAbp0D0lg79LFGtFfOHELu4eB1wzj
kowAYSd1Lea2wB2x6P/uvIXYBcHLPRRtnXBa1Ngt26iMmPXL/wFMMBuECOAiHorR
h/DVMvUB76a5h1WvGyyKt8WGjssKwQ+mNP5NciC+XDoo57ocRx+vPsQty8a9FElt
YhdyBLjJXSBIH7wojDx5DiHSkFeh1xbu5vjQYo8UdBkZVR38Exa6wxv+SVIykmQ2
bewYYFDqS113dBoQjYApck9gqC8/kIJ+dZ6rP9iGiYKM+pHkvdVoVRMJhQBRNW7p
a+xkf40dtQTytHxzCRHotPMjP8gIUNLqZEpn6WipMuvx
-----END CERTIFICATE-----