Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/1e777f-986b-4e34-8d81-7d4bb2380487/1/IECJbMoTTs3HDtG2dLLrDiAHP3A.roa
File:                     IECJbMoTTs3HDtG2dLLrDiAHP3A.roa (raw, json)
Hash identifier:          tdKrrZ4dZvnS6rxPiMM/j7RUy6DAcg5vVtdj4UT5eqE=
Subject key identifier:   20:40:89:6C:CA:13:4E:CD:C7:0E:D1:B6:74:B2:EB:0E:20:07:3F:70
Certificate issuer:       /CN=0170a169b6cd411022279e9ff997f134ff54ab1c
Certificate serial:       018CC9BCED2225BE954396107FB983B414C7
Authority key identifier: 01:70:A1:69:B6:CD:41:10:22:27:9E:9F:F9:97:F1:34:FF:54:AB:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AXChabbNQRAiJ56f-ZfxNP9Uqxw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/1e777f-986b-4e34-8d81-7d4bb2380487/1/IECJbMoTTs3HDtG2dLLrDiAHP3A.roa
Signing time:             Tue 02 Jan 2024 10:34:11 +0000
ROA not before:           Tue 02 Jan 2024 10:34:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205241
IP address blocks:        91.126.77.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/1e777f-986b-4e34-8d81-7d4bb2380487/1/AXChabbNQRAiJ56f-ZfxNP9Uqxw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/1e777f-986b-4e34-8d81-7d4bb2380487/1/AXChabbNQRAiJ56f-ZfxNP9Uqxw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AXChabbNQRAiJ56f-ZfxNP9Uqxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:ed:22:25:be:95:43:96:10:7f:b9:83:b4:14:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0170a169b6cd411022279e9ff997f134ff54ab1c
        Validity
            Not Before: Jan  2 10:34:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2040896cca134ecdc70ed1b674b2eb0e20073f70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:c1:82:12:63:c6:8f:f0:be:46:87:24:91:be:
                    fd:6b:14:a6:0a:89:58:61:9c:cd:7c:b7:93:a4:63:
                    11:a8:9a:28:40:6c:7c:78:1b:f7:09:d9:8b:4c:f8:
                    d4:9d:71:63:63:19:a9:2a:ca:d1:c2:8e:a8:a1:e2:
                    d4:02:80:ee:d0:26:5e:44:55:a0:29:b7:2d:d3:27:
                    fa:7c:92:7f:6d:de:e6:ff:d1:26:b6:94:e6:7e:0f:
                    16:8c:52:73:5d:92:6a:73:ea:be:17:38:56:0b:e7:
                    dd:12:28:a9:d2:d2:38:f2:21:64:34:ba:b8:e5:46:
                    72:c7:ec:5e:da:d3:9f:4e:89:cc:04:3e:b6:15:bb:
                    ac:11:11:36:2e:60:ea:15:71:25:fb:b3:c8:ac:9f:
                    38:26:b5:a1:14:de:b4:a5:2c:59:2d:ba:39:02:3e:
                    33:2f:70:c1:65:4a:c3:3d:1c:b1:01:73:75:6a:ee:
                    52:da:7b:d9:5e:f6:d7:27:55:7c:cf:87:98:22:0d:
                    17:4a:a6:07:81:98:b7:c9:7d:e0:1a:ca:df:b7:1e:
                    64:af:e3:99:33:c4:8d:c8:f3:2c:4b:f2:8e:a4:95:
                    26:92:f4:a8:c7:3b:84:5b:38:60:b7:47:8a:88:e4:
                    55:d6:d4:ee:91:c5:c6:8b:e3:01:80:88:a9:3a:d2:
                    b4:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:40:89:6C:CA:13:4E:CD:C7:0E:D1:B6:74:B2:EB:0E:20:07:3F:70
            X509v3 Authority Key Identifier:
                keyid:01:70:A1:69:B6:CD:41:10:22:27:9E:9F:F9:97:F1:34:FF:54:AB:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AXChabbNQRAiJ56f-ZfxNP9Uqxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/1e777f-986b-4e34-8d81-7d4bb2380487/1/IECJbMoTTs3HDtG2dLLrDiAHP3A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/1e777f-986b-4e34-8d81-7d4bb2380487/1/AXChabbNQRAiJ56f-ZfxNP9Uqxw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.126.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:ac:34:10:fd:0b:5a:81:71:29:ea:95:3f:38:31:3d:7b:5c:
         b5:38:77:32:ac:e9:76:ee:09:93:9c:83:48:7c:4b:4a:72:16:
         0a:d0:16:b7:59:b2:cb:65:fe:57:35:0b:2c:6e:80:85:7d:ae:
         8a:58:3a:d5:8d:0d:d8:9b:26:de:a5:28:42:67:06:d6:96:f9:
         23:d6:bf:a5:01:72:4c:cd:62:0b:74:35:84:ca:15:c1:51:92:
         59:2b:ff:f4:84:55:d8:de:ad:8f:ad:92:80:96:c2:05:16:ca:
         5b:29:0b:0a:b9:a1:63:c4:db:08:b5:e4:a0:a8:86:fe:7b:af:
         91:ee:7d:ea:66:98:bb:09:2f:ae:12:13:a2:0e:87:ad:90:f5:
         7a:4c:e1:cb:3b:a7:e7:b2:65:1f:6d:3c:3f:c5:e1:08:f2:35:
         96:c0:a8:20:6c:96:66:41:85:68:fb:dc:7b:4d:f6:51:4c:55:
         a2:1e:c0:2e:af:5b:e1:02:9c:f4:b0:92:79:20:91:81:f1:0d:
         39:68:65:4c:74:50:00:e2:0c:a9:26:64:53:c6:0d:8a:76:15:
         f3:1e:45:db:e8:4d:a3:66:95:22:bf:d3:b9:b9:49:63:5c:50:
         74:53:df:bb:60:bf:91:d7:17:21:b5:ec:3e:7d:c1:fd:44:0d:
         ab:0c:7e:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvO0iJb6VQ5YQf7mDtBTHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxNzBhMTY5YjZjZDQxMTAyMjI3OWU5ZmY5OTdmMTM0ZmY1
NGFiMWMwHhcNMjQwMTAyMTAzNDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDQwODk2Y2NhMTM0ZWNkYzcwZWQxYjY3NGIyZWIwZTIwMDczZjcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjcGCEmPGj/C+Rockkb79axSmColY
YZzNfLeTpGMRqJooQGx8eBv3CdmLTPjUnXFjYxmpKsrRwo6ooeLUAoDu0CZeRFWg
Kbct0yf6fJJ/bd7m/9EmtpTmfg8WjFJzXZJqc+q+FzhWC+fdEiip0tI48iFkNLq4
5UZyx+xe2tOfTonMBD62FbusERE2LmDqFXEl+7PIrJ84JrWhFN60pSxZLbo5Aj4z
L3DBZUrDPRyxAXN1au5S2nvZXvbXJ1V8z4eYIg0XSqYHgZi3yX3gGsrftx5kr+OZ
M8SNyPMsS/KOpJUmkvSoxzuEWzhgt0eKiORV1tTukcXGi+MBgIipOtK0oQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCBAiWzKE07Nxw7RtnSy6w4gBz9wMB8GA1UdIwQY
MBaAFAFwoWm2zUEQIieen/mX8TT/VKscMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVhDaGFiYk5RUkFpSjU2Zi1aZnhOUDlVcXh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC8xZTc3N2YtOTg2Yi00ZTM0LThkODEt
N2Q0YmIyMzgwNDg3LzEvSUVDSmJNb1RUczNIRHRHMmRMTHJEaUFIUDNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC8xZTc3N2YtOTg2Yi00ZTM0LThkODEtN2Q0YmIyMzgwNDg3
LzEvQVhDaGFiYk5RUkFpSjU2Zi1aZnhOUDlVcXh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW35NMA0G
CSqGSIb3DQEBCwUAA4IBAQAxrDQQ/QtagXEp6pU/ODE9e1y1OHcyrOl27gmTnINI
fEtKchYK0Ba3WbLLZf5XNQssboCFfa6KWDrVjQ3YmybepShCZwbWlvkj1r+lAXJM
zWILdDWEyhXBUZJZK//0hFXY3q2PrZKAlsIFFspbKQsKuaFjxNsIteSgqIb+e6+R
7n3qZpi7CS+uEhOiDoetkPV6TOHLO6fnsmUfbTw/xeEI8jWWwKggbJZmQYVo+9x7
TfZRTFWiHsAur1vhApz0sJJ5IJGB8Q05aGVMdFAA4gypJmRTxg2KdhXzHkXb6E2j
ZpUiv9O5uUljXFB0U9+7YL+R1xchtew+fcH9RA2rDH6/
-----END CERTIFICATE-----