Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/OtnhSr9Dv-X-GkN26mh0tJPvbbg.roa
File:                     OtnhSr9Dv-X-GkN26mh0tJPvbbg.roa (raw, json)
Hash identifier:          JaNt1W290aGwu3hurLzEvo/kAeCJXgjyJqCL86c/e8A=
Subject key identifier:   3A:D9:E1:4A:BF:43:BF:E5:FE:1A:43:76:EA:68:74:B4:93:EF:6D:B8
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       018CC3B6C2579A5C1302D3567C47D3473D00
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/OtnhSr9Dv-X-GkN26mh0tJPvbbg.roa
Signing time:             Mon 01 Jan 2024 06:29:43 +0000
ROA not before:           Mon 01 Jan 2024 06:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211936
IP address blocks:        77.242.149.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 08:39:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:c2:57:9a:5c:13:02:d3:56:7c:47:d3:47:3d:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Jan  1 06:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3ad9e14abf43bfe5fe1a4376ea6874b493ef6db8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:24:64:3d:70:7a:c6:a5:d6:76:c6:23:ed:bc:
                    19:1c:83:2d:e7:d9:96:ad:bc:60:ef:cd:d5:69:4b:
                    02:8c:b5:ff:44:96:79:c3:bb:ed:74:b3:1c:4e:24:
                    6e:27:fe:5a:f7:4c:8f:bd:d4:97:ac:e4:b4:c0:95:
                    d7:f4:93:b3:e7:9c:66:b4:eb:d1:73:c6:00:2e:b3:
                    98:2f:f3:5b:49:ca:9c:77:35:73:5c:ec:6a:b9:9d:
                    6a:1b:14:db:17:0c:e6:f9:20:8c:d6:ee:e2:37:6f:
                    93:9b:93:06:57:63:6f:57:21:1f:1a:d3:8c:37:8a:
                    6a:4c:94:d9:27:52:68:bc:12:4c:e1:b3:ba:7b:3b:
                    70:4e:25:3f:c0:69:74:d0:9b:28:18:45:9d:d6:4d:
                    95:7a:9c:14:22:a5:20:79:f1:b8:13:8c:88:8a:e4:
                    05:8b:56:17:9f:4c:9a:ad:36:4f:cb:f9:3c:a6:06:
                    b1:c2:9a:a4:d8:bf:de:90:b1:67:7b:d2:4a:39:f7:
                    45:73:fe:35:f0:fa:a5:55:44:24:e2:4d:41:02:fb:
                    8d:d6:0c:8c:0c:f6:0c:22:71:e9:96:33:93:6f:98:
                    83:3f:66:29:bb:27:30:36:4e:3d:10:5c:ec:a7:9d:
                    15:1f:71:44:19:e2:f2:bc:9a:10:20:d5:dd:35:73:
                    f0:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:D9:E1:4A:BF:43:BF:E5:FE:1A:43:76:EA:68:74:B4:93:EF:6D:B8
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/OtnhSr9Dv-X-GkN26mh0tJPvbbg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.242.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:bc:33:fe:ed:b7:84:01:ed:df:3c:25:bc:94:9c:4c:7d:44:
         71:43:d2:3b:07:1b:55:90:7e:81:36:3f:a5:1f:31:d3:16:c3:
         9a:5d:a8:09:aa:bb:99:ed:a7:f5:08:7d:a6:b8:85:d0:3b:51:
         0b:ab:15:c7:b5:9c:92:9f:a0:33:7c:c2:90:1c:ed:a1:8d:24:
         e5:0a:d9:a0:fa:f2:6c:32:32:eb:ac:31:fe:56:f8:81:e6:0f:
         70:3d:56:e6:39:d6:43:8b:a3:f8:7b:66:3e:2c:40:55:d9:a1:
         b9:07:36:86:e4:fd:2e:67:91:8a:b1:21:9c:60:e1:f8:ce:9d:
         b2:20:45:36:d1:8f:12:33:e7:45:02:24:f3:cf:bd:52:e1:2b:
         0e:d4:d4:f4:8a:aa:6a:7d:67:e3:52:85:96:89:c9:50:86:5b:
         52:be:e8:ea:63:97:ac:48:e1:96:b8:06:9e:33:55:ac:71:ad:
         e7:5b:47:50:1c:94:ef:3c:e2:22:63:7c:67:f5:8f:ba:bb:4f:
         cd:11:ba:e7:42:03:a2:bf:c3:45:94:b6:5c:80:94:3b:ee:6c:
         6a:44:d6:fa:6a:a8:36:5c:99:3d:1a:6b:d2:11:a1:a7:32:2d:
         3b:7b:b2:2b:82:a6:8a:fa:6b:a3:26:53:7c:f7:fb:2b:e4:80:
         16:8d:3a:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtsJXmlwTAtNWfEfTRz0AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjQwMTAxMDYyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYWQ5ZTE0YWJmNDNiZmU1ZmUxYTQzNzZlYTY4NzRiNDkzZWY2ZGI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoyRkPXB6xqXWdsYj7bwZHIMt59mW
rbxg783VaUsCjLX/RJZ5w7vtdLMcTiRuJ/5a90yPvdSXrOS0wJXX9JOz55xmtOvR
c8YALrOYL/NbScqcdzVzXOxquZ1qGxTbFwzm+SCM1u7iN2+Tm5MGV2NvVyEfGtOM
N4pqTJTZJ1JovBJM4bO6eztwTiU/wGl00JsoGEWd1k2VepwUIqUgefG4E4yIiuQF
i1YXn0yarTZPy/k8pgaxwpqk2L/ekLFne9JKOfdFc/418PqlVUQk4k1BAvuN1gyM
DPYMInHpljOTb5iDP2YpuycwNk49EFzsp50VH3FEGeLyvJoQINXdNXPwPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDrZ4Uq/Q7/l/hpDdupodLST7224MB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvT3RuaFNyOUR2LVgtR2tOMjZtaDB0SlB2YmJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATfKVMA0G
CSqGSIb3DQEBCwUAA4IBAQBhvDP+7beEAe3fPCW8lJxMfURxQ9I7BxtVkH6BNj+l
HzHTFsOaXagJqruZ7af1CH2muIXQO1ELqxXHtZySn6AzfMKQHO2hjSTlCtmg+vJs
MjLrrDH+VviB5g9wPVbmOdZDi6P4e2Y+LEBV2aG5BzaG5P0uZ5GKsSGcYOH4zp2y
IEU20Y8SM+dFAiTzz71S4SsO1NT0iqpqfWfjUoWWiclQhltSvujqY5esSOGWuAae
M1Wsca3nW0dQHJTvPOIiY3xn9Y+6u0/NEbrnQgOiv8NFlLZcgJQ77mxqRNb6aqg2
XJk9GmvSEaGnMi07e7IrgqaK+mujJlN89/sr5IAWjTr2
-----END CERTIFICATE-----