Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/6d8zEz7ZpwRYYuYAascnHbQvOfw.roa
File:                     6d8zEz7ZpwRYYuYAascnHbQvOfw.roa (raw, json)
Hash identifier:          ZNU33ks+7dcZNtFqJERLf25W0F5DFlinLwIpRxITtRQ=
Subject key identifier:   E9:DF:33:13:3E:D9:A7:04:58:62:E6:00:6A:C7:27:1D:B4:2F:39:FC
Certificate issuer:       /CN=7415fec4ae76b24e4f02991649917b99b740044a
Certificate serial:       018FDFF8AF3EDBDBD042EA5406CC07A55D06
Authority key identifier: 74:15:FE:C4:AE:76:B2:4E:4F:02:99:16:49:91:7B:99:B7:40:04:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dBX-xK52sk5PApkWSZF7mbdABEo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/6d8zEz7ZpwRYYuYAascnHbQvOfw.roa
Signing time:             Mon 03 Jun 2024 21:19:27 +0000
ROA not before:           Mon 03 Jun 2024 21:19:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56862
IP address blocks:        77.105.160.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/dBX-xK52sk5PApkWSZF7mbdABEo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/dBX-xK52sk5PApkWSZF7mbdABEo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dBX-xK52sk5PApkWSZF7mbdABEo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Jun 2024 06:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:df:f8:af:3e:db:db:d0:42:ea:54:06:cc:07:a5:5d:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7415fec4ae76b24e4f02991649917b99b740044a
        Validity
            Not Before: Jun  3 21:19:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e9df33133ed9a7045862e6006ac7271db42f39fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:26:26:7c:be:b4:ad:22:10:e0:b1:1f:55:28:
                    37:88:0a:42:13:a6:9b:44:fd:38:10:cf:61:2c:c8:
                    2d:0a:b6:83:50:dc:c8:86:83:01:60:7f:b4:71:fd:
                    d3:1e:3c:25:65:7f:01:72:08:58:64:a2:67:45:85:
                    32:fd:63:d6:c1:64:5d:a9:d7:61:48:3f:6c:1f:38:
                    11:1f:be:76:de:5a:93:22:01:16:8b:fc:6c:7b:ba:
                    da:ab:97:bf:7c:82:9d:b5:f2:20:23:1b:2c:1a:a1:
                    77:2a:ed:87:44:b9:9e:0a:22:b9:0a:1b:59:fd:95:
                    77:ae:93:d0:92:f7:51:81:9a:91:7d:8a:a7:85:00:
                    4c:40:f1:de:e7:28:8d:60:d0:38:87:23:ab:a3:bc:
                    ed:6f:bd:7c:6e:c9:c5:94:66:78:33:f9:c9:bb:f9:
                    3c:30:52:14:0b:07:48:fd:dd:dd:e1:0d:74:67:39:
                    44:75:2d:ec:01:ce:21:a2:c7:90:68:4a:df:d1:f2:
                    c1:84:a7:62:b3:ad:fa:3a:31:b8:98:e8:15:0f:33:
                    92:6e:3f:a6:5b:0f:d5:aa:41:fb:55:1f:a3:62:08:
                    a6:f9:2d:67:69:91:03:b1:3e:bc:80:b4:cf:f1:03:
                    70:e5:89:2e:e2:18:58:a3:74:a4:3c:db:01:84:fd:
                    8f:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:DF:33:13:3E:D9:A7:04:58:62:E6:00:6A:C7:27:1D:B4:2F:39:FC
            X509v3 Authority Key Identifier:
                keyid:74:15:FE:C4:AE:76:B2:4E:4F:02:99:16:49:91:7B:99:B7:40:04:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dBX-xK52sk5PApkWSZF7mbdABEo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/6d8zEz7ZpwRYYuYAascnHbQvOfw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/dBX-xK52sk5PApkWSZF7mbdABEo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.105.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:3b:e4:d5:f0:c6:ad:ea:46:70:c8:fb:e0:2c:c0:1d:db:2c:
         b1:10:f5:3a:63:d3:94:ae:c6:59:c6:be:72:ce:52:8c:50:6d:
         71:70:89:aa:31:ea:3c:38:e4:8d:07:71:91:2e:40:b6:38:1e:
         07:13:28:5a:6e:e9:01:88:39:f0:23:2e:36:68:6f:e1:5b:9b:
         75:c5:e7:87:13:a4:d9:04:8a:c7:82:80:c4:88:10:fa:69:27:
         da:fd:43:ce:a7:4a:49:9c:21:27:ae:c8:30:ec:71:40:b7:15:
         5b:13:e9:be:8f:e3:31:50:1a:a2:3e:18:55:d3:41:c3:29:72:
         de:51:f8:89:95:4e:6b:59:fd:52:d7:43:60:7e:46:bb:8a:6a:
         27:90:c4:6b:ff:a4:f3:67:0e:79:01:a9:94:4f:cd:b5:da:d6:
         5a:98:ae:ee:89:54:63:47:e8:80:62:5e:3f:59:76:8a:3c:5f:
         9d:3e:0a:3b:77:d1:8e:86:11:84:ad:84:af:e2:07:b8:02:8c:
         9e:ad:de:f5:fb:a5:45:78:3a:0a:23:83:7d:49:87:93:ec:d5:
         7c:e0:50:4a:21:58:31:a3:93:fd:c0:5e:f6:f2:c9:3d:05:ac:
         8c:17:e4:e8:2e:1a:51:32:de:10:75:87:29:99:8e:fd:4f:57:
         7b:b6:41:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/f+K8+29vQQupUBswHpV0GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0MTVmZWM0YWU3NmIyNGU0ZjAyOTkxNjQ5OTE3Yjk5Yjc0
MDA0NGEwHhcNMjQwNjAzMjExOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOWRmMzMxMzNlZDlhNzA0NTg2MmU2MDA2YWM3MjcxZGI0MmYzOWZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtiYmfL60rSIQ4LEfVSg3iApCE6ab
RP04EM9hLMgtCraDUNzIhoMBYH+0cf3THjwlZX8BcghYZKJnRYUy/WPWwWRdqddh
SD9sHzgRH7523lqTIgEWi/xse7raq5e/fIKdtfIgIxssGqF3Ku2HRLmeCiK5ChtZ
/ZV3rpPQkvdRgZqRfYqnhQBMQPHe5yiNYNA4hyOro7ztb718bsnFlGZ4M/nJu/k8
MFIUCwdI/d3d4Q10ZzlEdS3sAc4hoseQaErf0fLBhKdis636OjG4mOgVDzOSbj+m
Ww/VqkH7VR+jYgim+S1naZEDsT68gLTP8QNw5Yku4hhYo3SkPNsBhP2P8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOnfMxM+2acEWGLmAGrHJx20Lzn8MB8GA1UdIwQY
MBaAFHQV/sSudrJOTwKZFkmRe5m3QARKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEJYLXhLNTJzazVQQXBrV1NaRjdtYmRBQkVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy85ODc5NzktOTY5My00NWUzLTg1YmEt
ZWQ1MzU4YjZkYTMxLzEvNmQ4ekV6N1pwd1JZWXVZQWFzY25IYlF2T2Z3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy85ODc5NzktOTY5My00NWUzLTg1YmEtZWQ1MzU4YjZkYTMx
LzEvZEJYLXhLNTJzazVQQXBrV1NaRjdtYmRBQkVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATWmgMA0G
CSqGSIb3DQEBCwUAA4IBAQABO+TV8Mat6kZwyPvgLMAd2yyxEPU6Y9OUrsZZxr5y
zlKMUG1xcImqMeo8OOSNB3GRLkC2OB4HEyhabukBiDnwIy42aG/hW5t1xeeHE6TZ
BIrHgoDEiBD6aSfa/UPOp0pJnCEnrsgw7HFAtxVbE+m+j+MxUBqiPhhV00HDKXLe
UfiJlU5rWf1S10Ngfka7imonkMRr/6TzZw55AamUT8212tZamK7uiVRjR+iAYl4/
WXaKPF+dPgo7d9GOhhGErYSv4ge4Aoyerd71+6VFeDoKI4N9SYeT7NV84FBKIVgx
o5P9wF728sk9BayMF+ToLhpRMt4QdYcpmY79T1d7tkH6
-----END CERTIFICATE-----