Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/TAfUJr6oYDDUvBNf4DIuMHuVAC0.roa
File:                     TAfUJr6oYDDUvBNf4DIuMHuVAC0.roa (raw, json)
Hash identifier:          sNp2Cnr64U/82Og5uiVdrecSs9RnrgfWgeuCxozFNvw=
Subject key identifier:   4C:07:D4:26:BE:A8:60:30:D4:BC:13:5F:E0:32:2E:30:7B:95:00:2D
Certificate issuer:       /CN=b9954499977278a75570b3403f4d3aa00b1b36e8
Certificate serial:       018CC64BA061F0A163F4DF67DE2701EED4F5
Authority key identifier: B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/TAfUJr6oYDDUvBNf4DIuMHuVAC0.roa
Signing time:             Mon 01 Jan 2024 18:31:34 +0000
ROA not before:           Mon 01 Jan 2024 18:31:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213310
IP address blocks:        77.65.192.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 21:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:a0:61:f0:a1:63:f4:df:67:de:27:01:ee:d4:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9954499977278a75570b3403f4d3aa00b1b36e8
        Validity
            Not Before: Jan  1 18:31:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4c07d426bea86030d4bc135fe0322e307b95002d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:b5:70:6a:f9:0d:05:06:80:2a:38:f1:ff:5a:
                    b9:a4:75:b4:90:7e:db:ea:e5:6b:d6:2e:d5:3c:c2:
                    a6:ce:0c:b1:e9:69:87:fc:34:1c:28:26:de:14:b2:
                    28:04:bf:4e:5d:89:39:cc:48:bc:25:9f:fb:ca:9b:
                    94:99:54:ad:15:65:9d:bf:c4:de:85:6b:12:f5:0a:
                    af:49:8d:72:b7:07:f1:ba:9c:c6:64:cc:54:37:95:
                    f7:5a:30:14:8b:07:c7:1c:a2:46:62:b5:41:9e:1c:
                    68:42:82:c0:9f:fb:37:c2:96:bc:61:9b:66:70:30:
                    63:28:c9:60:22:86:60:78:eb:1b:95:fa:d1:d3:33:
                    d8:a1:63:b3:3d:81:7e:eb:1d:df:99:b6:27:be:74:
                    94:b3:61:a7:21:93:05:ef:41:57:bb:06:e3:66:f0:
                    5e:49:96:44:1f:81:bd:47:e8:d5:06:5b:ea:f4:33:
                    c0:99:a6:3c:ab:c5:df:1f:59:b5:c6:f8:dd:70:84:
                    d6:4d:5b:7d:dc:0c:3a:fb:ee:55:68:02:7f:76:30:
                    6d:31:8e:84:f3:1d:be:eb:00:22:f7:b0:31:c1:45:
                    3b:21:35:3e:c8:4e:1e:94:db:1c:52:cc:c0:ee:a6:
                    05:48:5d:96:2e:48:04:1c:e7:15:fc:47:98:42:53:
                    f0:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:07:D4:26:BE:A8:60:30:D4:BC:13:5F:E0:32:2E:30:7B:95:00:2D
            X509v3 Authority Key Identifier:
                keyid:B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/TAfUJr6oYDDUvBNf4DIuMHuVAC0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.65.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:08:b5:92:75:e5:a8:2f:6d:fd:06:84:44:b9:8f:76:a5:9e:
         f8:4a:6b:cb:f3:a3:01:c9:6b:f4:db:06:0d:d6:59:76:d7:3c:
         70:da:bf:02:e7:1c:a3:3c:54:85:80:9f:9e:91:16:d5:d9:f0:
         d8:0b:58:bd:f7:2f:f8:9c:f2:e6:45:4f:8b:28:c7:47:a3:e7:
         79:de:bb:27:2a:64:f5:10:e8:d5:10:3b:39:f5:34:6d:b8:e3:
         15:ce:e1:2d:f1:10:0c:61:95:9a:17:ab:af:ae:2c:8e:4c:d4:
         2a:73:8a:7b:d0:7a:49:ed:a6:17:d5:4b:fe:e4:7e:c2:af:82:
         24:41:7f:51:3c:b6:3f:c4:e4:40:a0:64:c0:a7:96:70:08:93:
         03:38:58:9b:25:fc:e0:ac:d2:ee:33:d4:39:4f:c7:91:71:c8:
         1b:5b:a7:10:bb:86:1d:a7:f0:2a:fd:61:88:e3:3c:d2:cc:45:
         1d:36:95:8c:ed:4d:ee:69:6d:3c:bc:2b:0e:6c:c6:36:c5:72:
         80:6e:c9:e4:44:c9:57:4e:da:a2:c9:ca:86:e1:6b:62:db:0e:
         76:ec:68:43:27:69:87:e1:e5:7b:f1:48:92:14:2d:c9:ac:e4:
         b9:49:27:41:52:70:02:63:59:31:ee:f8:64:e3:8c:ca:fb:47:
         7f:48:cf:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS6Bh8KFj9N9n3icB7tT1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5OTU0NDk5OTc3Mjc4YTc1NTcwYjM0MDNmNGQzYWEwMGIx
YjM2ZTgwHhcNMjQwMTAxMTgzMTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzA3ZDQyNmJlYTg2MDMwZDRiYzEzNWZlMDMyMmUzMDdiOTUwMDJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt7VwavkNBQaAKjjx/1q5pHW0kH7b
6uVr1i7VPMKmzgyx6WmH/DQcKCbeFLIoBL9OXYk5zEi8JZ/7ypuUmVStFWWdv8Te
hWsS9QqvSY1ytwfxupzGZMxUN5X3WjAUiwfHHKJGYrVBnhxoQoLAn/s3wpa8YZtm
cDBjKMlgIoZgeOsblfrR0zPYoWOzPYF+6x3fmbYnvnSUs2GnIZMF70FXuwbjZvBe
SZZEH4G9R+jVBlvq9DPAmaY8q8XfH1m1xvjdcITWTVt93Aw6++5VaAJ/djBtMY6E
8x2+6wAi97AxwUU7ITU+yE4elNscUszA7qYFSF2WLkgEHOcV/EeYQlPwzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEwH1Ca+qGAw1LwTX+AyLjB7lQAtMB8GA1UdIwQY
MBaAFLmVRJmXcninVXCzQD9NOqALGzboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAt
MDI0YjE2NTVjMjQ3LzEvVEFmVUpyNm9ZRERVdkJOZjRESXVNSHVWQUMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAtMDI0YjE2NTVjMjQ3
LzEvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATUHAMA0G
CSqGSIb3DQEBCwUAA4IBAQBeCLWSdeWoL239BoREuY92pZ74SmvL86MByWv02wYN
1ll21zxw2r8C5xyjPFSFgJ+ekRbV2fDYC1i99y/4nPLmRU+LKMdHo+d53rsnKmT1
EOjVEDs59TRtuOMVzuEt8RAMYZWaF6uvriyOTNQqc4p70HpJ7aYX1Uv+5H7Cr4Ik
QX9RPLY/xORAoGTAp5ZwCJMDOFibJfzgrNLuM9Q5T8eRccgbW6cQu4Ydp/Aq/WGI
4zzSzEUdNpWM7U3uaW08vCsObMY2xXKAbsnkRMlXTtqiycqG4Wti2w527GhDJ2mH
4eV78UiSFC3JrOS5SSdBUnACY1kx7vhk44zK+0d/SM+P
-----END CERTIFICATE-----