Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/26mnkGvbtNJGwdcI_FOsIxgpP3o.roa
File:                     26mnkGvbtNJGwdcI_FOsIxgpP3o.roa (raw, json)
Hash identifier:          /OAwDxRlhHLN4Fv27h+DP90vXRw5D+C8fUWiCne3jMQ=
Subject key identifier:   DB:A9:A7:90:6B:DB:B4:D2:46:C1:D7:08:FC:53:AC:23:18:29:3F:7A
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       0192D10548D1FD0B09C96DB7DD39AF286DD8
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/26mnkGvbtNJGwdcI_FOsIxgpP3o.roa
Signing time:             Mon 28 Oct 2024 02:47:17 +0000
ROA not before:           Mon 28 Oct 2024 02:47:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396356
IP address blocks:        77.111.101.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:d1:05:48:d1:fd:0b:09:c9:6d:b7:dd:39:af:28:6d:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: Oct 28 02:47:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dba9a7906bdbb4d246c1d708fc53ac2318293f7a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:3b:49:34:f3:39:7c:98:39:c8:d8:79:bc:7e:
                    21:77:cb:cf:ad:c3:63:d4:d4:c7:c4:22:2b:c9:e1:
                    b1:25:b8:44:a6:ad:19:7f:2b:1d:f3:a4:19:bd:8a:
                    3a:7a:4b:99:b3:3c:48:62:32:85:4c:97:69:f5:8b:
                    63:55:d2:68:14:87:00:c8:fe:e3:68:20:4d:4a:48:
                    86:ac:d4:eb:19:2a:00:2d:6f:a1:84:83:e6:22:cb:
                    3d:45:3b:d7:88:9f:e4:6b:9c:f5:80:8f:05:1d:37:
                    43:87:45:c1:32:fa:cb:33:11:b8:1e:10:9e:78:03:
                    2c:73:f6:2b:5e:4e:af:a1:f4:90:9e:98:c0:2e:ee:
                    96:d9:03:f4:5f:72:6f:74:b5:e3:93:8b:aa:4e:3f:
                    a0:f9:e7:a5:33:6d:7a:41:c3:1d:38:42:7d:c9:f3:
                    c4:ab:17:c2:52:25:cf:73:81:04:99:0f:58:8e:e1:
                    63:71:b3:05:11:5a:cd:74:53:e1:69:b5:e3:67:eb:
                    f2:2c:67:47:ce:2d:f3:c1:ee:44:1f:9a:04:54:f7:
                    9e:70:80:18:f6:40:c5:11:dc:73:9b:ff:ea:f1:8e:
                    bd:03:65:14:36:64:e7:2b:54:3c:c9:cc:45:7f:5c:
                    dc:99:00:fe:95:b9:29:af:dd:dc:8d:c0:b4:32:48:
                    2f:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:A9:A7:90:6B:DB:B4:D2:46:C1:D7:08:FC:53:AC:23:18:29:3F:7A
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/26mnkGvbtNJGwdcI_FOsIxgpP3o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.111.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:bc:ee:9a:0d:2b:cd:e3:b9:50:16:73:46:15:d7:23:73:17:
         24:a7:30:71:b8:5b:2c:58:da:69:38:e6:da:ac:2c:9e:fd:51:
         a4:ad:3b:b3:88:09:77:06:8f:77:35:36:49:bf:bf:4f:83:56:
         77:8c:bd:a3:96:9e:ce:1b:9b:13:f5:d5:d9:4a:e7:fd:dc:08:
         27:51:9a:09:4b:b9:87:bf:a9:24:db:6d:08:34:b2:e4:22:6a:
         89:ff:0d:4b:1a:3e:ab:8f:60:13:47:5b:96:f6:70:9b:eb:41:
         25:f8:fb:22:00:e1:c3:44:a8:e2:b8:48:fd:d7:37:7e:b0:2f:
         f6:cf:34:ab:57:0a:69:c2:9c:04:77:46:91:78:ba:d4:ad:cc:
         5d:aa:b3:3c:b5:78:e1:3e:5f:0f:08:35:7f:d3:db:9e:43:d7:
         a3:88:a1:6d:8f:b9:ff:2c:d6:ed:f3:02:d4:2c:5f:a2:35:b6:
         ae:d3:54:18:f4:70:e7:2a:cb:99:c3:c0:ee:77:c8:f0:96:f4:
         49:81:19:c5:da:55:96:4a:bc:62:6d:af:58:4d:8e:42:a7:54:
         da:c4:56:19:7b:c2:eb:80:1b:c9:ca:c9:e2:eb:ea:99:f7:20:
         aa:1c:47:c6:7a:5b:a0:83:95:ea:02:e6:84:24:77:90:c8:6c:
         ac:cd:f2:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLRBUjR/QsJyW233TmvKG3YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjQxMDI4MDI0NzE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmE5YTc5MDZiZGJiNGQyNDZjMWQ3MDhmYzUzYWMyMzE4MjkzZjdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwDtJNPM5fJg5yNh5vH4hd8vPrcNj
1NTHxCIryeGxJbhEpq0Zfysd86QZvYo6ekuZszxIYjKFTJdp9YtjVdJoFIcAyP7j
aCBNSkiGrNTrGSoALW+hhIPmIss9RTvXiJ/ka5z1gI8FHTdDh0XBMvrLMxG4HhCe
eAMsc/YrXk6vofSQnpjALu6W2QP0X3JvdLXjk4uqTj+g+eelM216QcMdOEJ9yfPE
qxfCUiXPc4EEmQ9YjuFjcbMFEVrNdFPhabXjZ+vyLGdHzi3zwe5EH5oEVPeecIAY
9kDFEdxzm//q8Y69A2UUNmTnK1Q8ycxFf1zcmQD+lbkpr93cjcC0MkgvtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNupp5Br27TSRsHXCPxTrCMYKT96MB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvMjZtbmtHdmJ0TkpHd2RjSV9GT3NJeGdwUDNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATW9lMA0G
CSqGSIb3DQEBCwUAA4IBAQCLvO6aDSvN47lQFnNGFdcjcxckpzBxuFssWNppOOba
rCye/VGkrTuziAl3Bo93NTZJv79Pg1Z3jL2jlp7OG5sT9dXZSuf93AgnUZoJS7mH
v6kk220INLLkImqJ/w1LGj6rj2ATR1uW9nCb60El+PsiAOHDRKjiuEj91zd+sC/2
zzSrVwppwpwEd0aReLrUrcxdqrM8tXjhPl8PCDV/09ueQ9ejiKFtj7n/LNbt8wLU
LF+iNbau01QY9HDnKsuZw8Dud8jwlvRJgRnF2lWWSrxiba9YTY5Cp1TaxFYZe8Lr
gBvJysni6+qZ9yCqHEfGelugg5XqAuaEJHeQyGyszfIT
-----END CERTIFICATE-----