Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/77Zw7FDepP4hT6u3icIQUSIw3Do.roa
File:                     77Zw7FDepP4hT6u3icIQUSIw3Do.roa (raw, json)
Hash identifier:          wTcSXGKU69tpREU3VOv4XXAkJhLVVXG4ZgSZTSA9C7U=
Subject key identifier:   EF:B6:70:EC:50:DE:A4:FE:21:4F:AB:B7:89:C2:10:51:22:30:DC:3A
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018D20FDF9A9B9F947EFA68EF66DC343E96A
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/77Zw7FDepP4hT6u3icIQUSIw3Do.roa
Signing time:             Fri 19 Jan 2024 09:12:11 +0000
ROA not before:           Fri 19 Jan 2024 09:12:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215741
IP address blocks:        89.213.169.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 11 Nov 2024 14:00:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:20:fd:f9:a9:b9:f9:47:ef:a6:8e:f6:6d:c3:43:e9:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan 19 09:12:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=efb670ec50dea4fe214fabb789c210512230dc3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:f5:b3:01:49:b2:9c:d0:81:24:82:1f:9a:7c:
                    01:f0:a2:ff:9c:de:92:16:4e:22:fd:9c:9e:fc:8c:
                    f7:16:7a:60:f6:64:9e:ce:d4:fd:68:b5:da:f6:63:
                    22:f1:6e:f3:e9:cf:44:7f:56:aa:2a:47:0a:c7:be:
                    47:01:a3:ed:d8:46:25:b7:b2:2c:fc:ef:44:bb:a0:
                    2e:fa:3b:c7:a4:b3:22:2e:4f:fb:56:52:a5:28:52:
                    2a:a8:74:d9:98:b9:cc:5e:e1:7a:9c:b5:0d:b1:fb:
                    c8:e8:44:e6:7f:11:6d:27:e0:40:9c:69:95:15:8a:
                    0a:f0:54:2a:7b:73:44:59:28:b7:a5:4f:1d:d9:6c:
                    d7:49:34:4d:ec:2d:db:84:fd:94:8f:50:e1:34:f4:
                    14:a9:9b:a0:fc:4f:3f:ec:76:f3:1f:a9:ad:9a:ee:
                    1d:1b:70:6c:af:05:bc:8c:99:cf:4f:26:a3:7a:bd:
                    65:f8:6e:1a:e4:19:8a:7b:3f:0a:35:2d:39:d9:3f:
                    08:41:fc:00:64:4f:46:f2:95:84:90:38:8f:25:10:
                    93:8c:03:44:ad:80:34:0c:04:29:8f:08:e3:2a:66:
                    87:6d:c0:43:60:ef:ea:f0:e1:78:ad:0a:26:33:0f:
                    d7:98:97:10:c7:ff:5b:74:88:9a:44:4c:a3:34:9b:
                    5c:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:B6:70:EC:50:DE:A4:FE:21:4F:AB:B7:89:C2:10:51:22:30:DC:3A
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/77Zw7FDepP4hT6u3icIQUSIw3Do.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.169.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:dd:45:00:55:6d:f1:a8:dd:30:d7:33:b1:92:03:a6:a7:7b:
         bc:95:f0:7f:2d:a0:a5:08:39:1a:24:6f:17:cb:7c:2a:41:02:
         d8:f5:00:03:07:29:dc:75:6b:e3:ca:96:72:97:8c:bd:5b:49:
         d4:91:8d:5a:be:ac:31:0e:78:ed:51:db:d9:26:32:fa:4e:51:
         0e:08:b7:f6:b3:e8:87:af:4f:4f:f5:a7:ce:cd:74:5b:13:e6:
         c6:be:7f:01:50:04:91:c0:a8:e9:6c:99:a2:71:bb:13:41:f4:
         a4:7a:d7:3d:f7:f5:e4:5e:e7:fc:53:48:6d:76:50:30:60:df:
         4e:74:56:7e:a8:fb:f4:bb:e3:fa:b6:25:ae:30:1e:87:09:fd:
         e1:02:be:63:64:90:3f:67:ce:4a:83:62:b0:9a:19:fe:78:3a:
         c0:9f:33:03:ea:45:da:1d:56:5f:65:f7:79:02:90:13:e1:76:
         46:58:2a:5f:be:1f:4b:fa:11:eb:fc:b6:4e:91:c1:c3:ad:2d:
         6f:2e:6f:00:01:97:d4:19:7b:11:d6:f7:f7:18:d5:c7:05:38:
         70:e2:16:11:04:a0:6e:4d:40:89:79:5a:0f:aa:40:01:da:84:
         e8:2d:74:1a:28:73:4b:3c:f0:0e:61:98:bc:b5:68:6f:ee:0e:
         2d:fc:4e:3d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0g/fmpuflH76aO9m3DQ+lqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMTE5MDkxMjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZmI2NzBlYzUwZGVhNGZlMjE0ZmFiYjc4OWMyMTA1MTIyMzBkYzNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjvWzAUmynNCBJIIfmnwB8KL/nN6S
Fk4i/Zye/Iz3Fnpg9mSeztT9aLXa9mMi8W7z6c9Ef1aqKkcKx75HAaPt2EYlt7Is
/O9Eu6Au+jvHpLMiLk/7VlKlKFIqqHTZmLnMXuF6nLUNsfvI6ETmfxFtJ+BAnGmV
FYoK8FQqe3NEWSi3pU8d2WzXSTRN7C3bhP2Uj1DhNPQUqZug/E8/7HbzH6mtmu4d
G3BsrwW8jJnPTyajer1l+G4a5BmKez8KNS052T8IQfwAZE9G8pWEkDiPJRCTjANE
rYA0DAQpjwjjKmaHbcBDYO/q8OF4rQomMw/XmJcQx/9bdIiaREyjNJtcowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO+2cOxQ3qT+IU+rt4nCEFEiMNw6MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvNzdadzdGRGVwUDRoVDZ1M2ljSVFVU0l3M0RvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdWpMA0G
CSqGSIb3DQEBCwUAA4IBAQA33UUAVW3xqN0w1zOxkgOmp3u8lfB/LaClCDkaJG8X
y3wqQQLY9QADByncdWvjypZyl4y9W0nUkY1avqwxDnjtUdvZJjL6TlEOCLf2s+iH
r09P9afOzXRbE+bGvn8BUASRwKjpbJmicbsTQfSketc99/XkXuf8U0htdlAwYN9O
dFZ+qPv0u+P6tiWuMB6HCf3hAr5jZJA/Z85Kg2Kwmhn+eDrAnzMD6kXaHVZfZfd5
ApAT4XZGWCpfvh9L+hHr/LZOkcHDrS1vLm8AAZfUGXsR1vf3GNXHBThw4hYRBKBu
TUCJeVoPqkAB2oToLXQaKHNLPPAOYZi8tWhv7g4t/E49
-----END CERTIFICATE-----