Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/xugNET8hV_lUs8mzNctovD3Hbyo.roa
File:                     xugNET8hV_lUs8mzNctovD3Hbyo.roa (raw, json)
Hash identifier:          TQ1WgR1j2gmGPeQpvDAECIUuPsOaIzykpwxvxZkOo5s=
Subject key identifier:   C6:E8:0D:11:3F:21:57:F9:54:B3:C9:B3:35:CB:68:BC:3D:C7:6F:2A
Certificate issuer:       /CN=7415fec4ae76b24e4f02991649917b99b740044a
Certificate serial:       019206B661ABF2CCE1B9DC828803839AEE3D
Authority key identifier: 74:15:FE:C4:AE:76:B2:4E:4F:02:99:16:49:91:7B:99:B7:40:04:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dBX-xK52sk5PApkWSZF7mbdABEo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/xugNET8hV_lUs8mzNctovD3Hbyo.roa
Signing time:             Wed 18 Sep 2024 19:57:48 +0000
ROA not before:           Wed 18 Sep 2024 19:57:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214422
IP address blocks:        77.105.164.0/24 maxlen: 24
                          92.42.102.0/24 maxlen: 24
                          185.225.202.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/dBX-xK52sk5PApkWSZF7mbdABEo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/dBX-xK52sk5PApkWSZF7mbdABEo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dBX-xK52sk5PApkWSZF7mbdABEo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:06:b6:61:ab:f2:cc:e1:b9:dc:82:88:03:83:9a:ee:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7415fec4ae76b24e4f02991649917b99b740044a
        Validity
            Not Before: Sep 18 19:57:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c6e80d113f2157f954b3c9b335cb68bc3dc76f2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:08:bb:99:25:bb:91:6b:e7:be:fd:6e:ff:9f:
                    b3:2e:7b:6b:31:c1:59:d1:e0:f8:3f:10:a8:d5:d9:
                    5b:91:33:32:03:ce:72:d4:bc:9a:02:1d:bb:15:cd:
                    89:8b:db:37:53:9b:c7:20:3a:c6:60:af:47:db:28:
                    30:0d:ac:b1:c8:6e:ee:a5:db:50:97:13:8a:16:5e:
                    ad:18:8d:a9:d7:4a:dc:ed:fb:f3:f6:6d:e5:06:36:
                    d2:0e:92:da:95:19:0d:70:08:6c:da:10:ae:34:c0:
                    68:f9:61:e8:23:9b:37:1c:96:db:24:27:b9:7a:83:
                    b7:9f:ab:15:0b:f4:be:e6:29:b2:08:00:85:d8:85:
                    c6:fd:fa:11:af:71:4e:49:71:0d:76:20:37:c9:36:
                    52:9d:45:0b:3b:84:44:19:7f:d6:ef:dc:8d:18:9f:
                    3f:aa:0c:13:5c:45:17:a4:72:05:ee:26:16:83:32:
                    10:d5:86:08:78:2d:10:7a:ef:5e:51:40:43:fd:18:
                    d2:82:13:00:ee:2d:cd:9c:ba:31:ee:a0:09:6a:04:
                    cf:a8:46:44:fd:30:e6:7e:ae:d4:41:b8:f9:2a:0e:
                    2e:87:b7:36:fe:b7:c9:a6:fe:9c:19:6f:8d:27:cc:
                    1c:e6:91:d2:5a:58:0a:72:bc:22:db:43:a0:44:3a:
                    dd:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:E8:0D:11:3F:21:57:F9:54:B3:C9:B3:35:CB:68:BC:3D:C7:6F:2A
            X509v3 Authority Key Identifier:
                keyid:74:15:FE:C4:AE:76:B2:4E:4F:02:99:16:49:91:7B:99:B7:40:04:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dBX-xK52sk5PApkWSZF7mbdABEo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/xugNET8hV_lUs8mzNctovD3Hbyo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/dBX-xK52sk5PApkWSZF7mbdABEo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.105.164.0/24
                  92.42.102.0/24
                  185.225.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:b4:b7:f4:6d:73:3d:b8:06:1d:05:f3:bc:94:a3:85:0b:37:
         cd:0b:b7:f1:f3:5e:58:79:40:50:99:92:18:3e:05:84:db:09:
         b7:c3:f9:a5:d7:f9:74:ac:93:55:a0:28:58:18:9c:4a:a5:c0:
         42:df:47:cd:66:f6:39:26:11:05:5c:4f:36:de:82:02:5a:50:
         86:68:78:b0:87:cc:7b:17:99:2f:6b:cc:8e:bf:6c:b1:66:ce:
         d2:0b:8f:89:96:2b:bf:f6:0d:5a:f9:e7:dc:a4:a5:95:87:c7:
         a8:8f:5d:ce:fd:99:cd:72:03:c6:3b:d6:26:8d:e6:9d:69:31:
         c3:65:3f:5a:c0:21:66:6d:30:f6:29:7d:22:f7:cc:f0:85:30:
         14:3f:1d:2f:aa:d0:e8:5c:dc:4d:dd:17:b9:bb:d3:35:23:3a:
         d9:23:81:51:45:33:50:78:a3:30:27:91:08:e7:27:3d:47:39:
         2d:36:0d:82:cd:5f:3e:81:92:b4:41:23:6a:a0:b6:3b:8c:bb:
         25:52:a2:46:1a:6a:73:46:d0:6b:0e:a9:00:f0:8b:9a:40:de:
         84:80:96:c9:b0:46:aa:3a:5f:84:f0:76:3c:47:39:34:fa:a1:
         fe:40:0a:ab:53:36:2f:d2:5e:50:42:ca:54:b1:38:e5:ba:a5:
         e6:56:79:9a
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZIGtmGr8szhudyCiAODmu49MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0MTVmZWM0YWU3NmIyNGU0ZjAyOTkxNjQ5OTE3Yjk5Yjc0
MDA0NGEwHhcNMjQwOTE4MTk1NzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNmU4MGQxMTNmMjE1N2Y5NTRiM2M5YjMzNWNiNjhiYzNkYzc2ZjJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6wi7mSW7kWvnvv1u/5+zLntrMcFZ
0eD4PxCo1dlbkTMyA85y1LyaAh27Fc2Ji9s3U5vHIDrGYK9H2ygwDayxyG7updtQ
lxOKFl6tGI2p10rc7fvz9m3lBjbSDpLalRkNcAhs2hCuNMBo+WHoI5s3HJbbJCe5
eoO3n6sVC/S+5imyCACF2IXG/foRr3FOSXENdiA3yTZSnUULO4REGX/W79yNGJ8/
qgwTXEUXpHIF7iYWgzIQ1YYIeC0Qeu9eUUBD/RjSghMA7i3NnLox7qAJagTPqEZE
/TDmfq7UQbj5Kg4uh7c2/rfJpv6cGW+NJ8wc5pHSWlgKcrwi20OgRDrd2wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMboDRE/IVf5VLPJszXLaLw9x28qMB8GA1UdIwQY
MBaAFHQV/sSudrJOTwKZFkmRe5m3QARKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEJYLXhLNTJzazVQQXBrV1NaRjdtYmRBQkVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy85ODc5NzktOTY5My00NWUzLTg1YmEt
ZWQ1MzU4YjZkYTMxLzEveHVnTkVUOGhWX2xVczhtek5jdG92RDNIYnlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy85ODc5NzktOTY5My00NWUzLTg1YmEtZWQ1MzU4YjZkYTMx
LzEvZEJYLXhLNTJzazVQQXBrV1NaRjdtYmRBQkVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQATWmkAwQA
XCpmAwQAueHKMA0GCSqGSIb3DQEBCwUAA4IBAQAAtLf0bXM9uAYdBfO8lKOFCzfN
C7fx815YeUBQmZIYPgWE2wm3w/ml1/l0rJNVoChYGJxKpcBC30fNZvY5JhEFXE82
3oICWlCGaHiwh8x7F5kva8yOv2yxZs7SC4+Jliu/9g1a+efcpKWVh8eoj13O/ZnN
cgPGO9YmjeadaTHDZT9awCFmbTD2KX0i98zwhTAUPx0vqtDoXNxN3Re5u9M1IzrZ
I4FRRTNQeKMwJ5EI5yc9RzktNg2CzV8+gZK0QSNqoLY7jLslUqJGGmpzRtBrDqkA
8IuaQN6EgJbJsEaqOl+E8HY8Rzk0+qH+QAqrUzYv0l5QQspUsTjluqXmVnma
-----END CERTIFICATE-----