Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/xOK-eHnunMnHi-GijrFHIUHZgts.roa
File:                     xOK-eHnunMnHi-GijrFHIUHZgts.roa (raw, json)
Hash identifier:          QMk+yJil7bwzxZPP4+wLdeetoOwHTBkveU1qPsLjKBc=
Subject key identifier:   C4:E2:BE:78:79:EE:9C:C9:C7:8B:E1:A2:8E:B1:47:21:41:D9:82:DB
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0194214404083CCA272B392B558F5CEAEABE
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/xOK-eHnunMnHi-GijrFHIUHZgts.roa
Signing time:             Wed 01 Jan 2025 09:48:13 +0000
ROA not before:           Wed 01 Jan 2025 09:48:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203576
IP address blocks:        77.93.148.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:04:08:3c:ca:27:2b:39:2b:55:8f:5c:ea:ea:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c4e2be7879ee9cc9c78be1a28eb1472141d982db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:d0:d6:b0:3d:11:02:b4:89:e2:10:2a:45:93:
                    03:65:30:da:58:97:36:ca:18:03:8b:a5:38:a0:72:
                    77:80:ad:f8:e3:98:9f:7b:75:c3:ed:95:06:12:37:
                    7b:6e:8b:5c:d7:94:68:6c:a0:08:c9:45:b9:ff:f3:
                    96:38:11:6f:8d:66:54:28:93:80:25:c3:43:10:64:
                    05:cb:07:97:82:51:6e:c1:79:00:56:2a:d2:b3:70:
                    68:c1:1a:29:75:50:57:7e:fc:49:da:66:79:a7:8e:
                    29:ba:42:52:78:76:db:9e:88:2a:dc:91:d4:49:c0:
                    20:92:8f:82:f3:bd:d2:42:b4:fb:ba:e2:ac:bd:10:
                    08:5f:9a:85:48:ab:0a:bf:cf:b5:c3:25:7d:29:be:
                    56:de:9c:b8:b4:95:4d:ef:cb:c9:24:df:98:21:c6:
                    de:cb:12:dd:76:a2:81:4b:08:45:45:bd:f6:fa:77:
                    09:ba:62:e5:76:5c:89:89:1e:58:ca:64:6f:51:c1:
                    33:ee:4e:9e:5e:ce:b8:92:ff:e3:90:9d:50:6b:b4:
                    0d:06:7d:ba:86:74:ea:de:69:42:62:09:21:8d:d8:
                    8d:f1:9a:56:bb:02:fa:c6:c1:56:ba:a8:c9:99:23:
                    1f:dc:75:bc:e3:be:04:2a:9d:c9:8a:41:0d:04:c3:
                    b1:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:E2:BE:78:79:EE:9C:C9:C7:8B:E1:A2:8E:B1:47:21:41:D9:82:DB
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/xOK-eHnunMnHi-GijrFHIUHZgts.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.93.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:98:fd:3f:52:27:76:b3:a1:ef:17:ef:4a:6d:6b:a1:5c:6e:
         1e:de:21:aa:4a:62:b0:c9:60:43:f3:9e:f3:4a:a6:95:6c:17:
         05:9f:17:ec:f0:31:11:47:de:d3:bf:f6:a7:9e:fe:ff:59:e5:
         4a:bd:c5:ac:79:a2:8b:41:5c:83:dc:94:67:39:cf:60:c0:af:
         16:a7:bb:b4:84:6c:bd:8e:13:0c:ab:1c:71:41:19:fa:2f:ca:
         2f:cf:99:54:2d:b5:ac:fb:22:c9:1d:dc:53:eb:11:a5:66:4c:
         08:cf:51:e9:1f:5a:82:8c:a2:b1:a7:9e:73:bb:14:db:95:7e:
         f4:1f:45:b7:86:4d:f5:7e:ae:89:79:6b:7d:fb:e1:42:f0:9e:
         33:d3:77:d0:e3:dd:7b:c7:f7:9b:39:4a:84:bd:87:99:1e:f7:
         a5:f3:c8:30:b2:ac:4f:eb:64:3b:59:b5:06:23:70:70:27:fe:
         d0:90:5d:71:c6:7c:94:30:c9:f2:83:a3:6f:b3:a9:40:2f:6a:
         8a:d6:18:4c:ad:09:ed:11:cc:d7:5c:30:9b:fd:f3:6f:3c:51:
         b1:71:bc:61:68:d2:ac:a2:66:08:92:84:a4:2a:06:55:23:1b:
         91:6c:a4:50:f3:09:ef:c4:f1:9c:cc:64:bf:09:9d:80:78:cd:
         af:4e:45:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRAQIPMonKzkrVY9c6uq+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGUyYmU3ODc5ZWU5Y2M5Yzc4YmUxYTI4ZWIxNDcyMTQxZDk4MmRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAttDWsD0RArSJ4hAqRZMDZTDaWJc2
yhgDi6U4oHJ3gK3445ife3XD7ZUGEjd7botc15RobKAIyUW5//OWOBFvjWZUKJOA
JcNDEGQFyweXglFuwXkAVirSs3BowRopdVBXfvxJ2mZ5p44pukJSeHbbnogq3JHU
ScAgko+C873SQrT7uuKsvRAIX5qFSKsKv8+1wyV9Kb5W3py4tJVN78vJJN+YIcbe
yxLddqKBSwhFRb32+ncJumLldlyJiR5YymRvUcEz7k6eXs64kv/jkJ1Qa7QNBn26
hnTq3mlCYgkhjdiN8ZpWuwL6xsFWuqjJmSMf3HW8474EKp3JikENBMOxTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMTivnh57pzJx4vhoo6xRyFB2YLbMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEveE9LLWVIbnVuTW5IaS1HaWpyRkhJVUhaZ3RzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATV2UMA0G
CSqGSIb3DQEBCwUAA4IBAQBAmP0/Uid2s6HvF+9KbWuhXG4e3iGqSmKwyWBD857z
SqaVbBcFnxfs8DERR97Tv/annv7/WeVKvcWseaKLQVyD3JRnOc9gwK8Wp7u0hGy9
jhMMqxxxQRn6L8ovz5lULbWs+yLJHdxT6xGlZkwIz1HpH1qCjKKxp55zuxTblX70
H0W3hk31fq6JeWt9++FC8J4z03fQ4917x/ebOUqEvYeZHvel88gwsqxP62Q7WbUG
I3BwJ/7QkF1xxnyUMMnyg6Nvs6lAL2qK1hhMrQntEczXXDCb/fNvPFGxcbxhaNKs
omYIkoSkKgZVIxuRbKRQ8wnvxPGczGS/CZ2AeM2vTkWg
-----END CERTIFICATE-----