Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/orS7zkaLrYHJphN4YGB9byd5wLQ.roa
File:                     orS7zkaLrYHJphN4YGB9byd5wLQ.roa (raw, json)
Hash identifier:          PhGvta4wukusaXt2uaq3UHQu/9Qo58Dkoo5ZIGWL0Tk=
Subject key identifier:   A2:B4:BB:CE:46:8B:AD:81:C9:A6:13:78:60:60:7D:6F:27:79:C0:B4
Certificate issuer:       /CN=b9954499977278a75570b3403f4d3aa00b1b36e8
Certificate serial:       018CC64B998B0E149B470ECA2B4559F3B632
Authority key identifier: B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/orS7zkaLrYHJphN4YGB9byd5wLQ.roa
Signing time:             Mon 01 Jan 2024 18:31:32 +0000
ROA not before:           Mon 01 Jan 2024 18:31:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209066
IP address blocks:        77.65.222.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 21:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:99:8b:0e:14:9b:47:0e:ca:2b:45:59:f3:b6:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9954499977278a75570b3403f4d3aa00b1b36e8
        Validity
            Not Before: Jan  1 18:31:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a2b4bbce468bad81c9a6137860607d6f2779c0b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:49:df:0d:5f:c9:1f:2e:07:6f:a2:df:2d:5d:
                    87:d8:21:a5:36:67:9c:8b:3a:b8:a4:72:3d:e7:0e:
                    6a:4e:d9:75:07:0f:24:25:15:ab:99:93:cf:c8:86:
                    c2:15:47:ea:96:cf:e6:65:d6:08:a2:67:44:ab:3d:
                    03:ea:ac:b1:5a:83:3d:65:6d:96:8b:72:cd:ac:79:
                    02:42:13:25:50:8d:52:ea:b2:1d:65:c6:89:d0:a7:
                    8e:67:d3:82:4c:14:af:23:c1:49:4c:31:55:3e:3c:
                    0c:b7:fd:30:e6:11:2b:c1:1b:65:16:6c:8a:83:38:
                    0d:c1:2e:d3:ff:32:0e:b2:96:18:81:64:21:a0:e6:
                    ac:10:bc:3a:e3:2b:1e:d4:78:5d:ba:03:ca:64:7e:
                    de:ac:a7:62:3d:de:d8:17:53:89:0d:17:31:80:6d:
                    cb:ba:de:75:3f:98:24:01:4d:e4:8a:f5:a6:d9:f7:
                    29:f5:06:b7:1c:8f:f5:ec:d1:71:6d:70:ec:d1:16:
                    5c:7d:f4:9e:99:34:e5:d9:f9:d8:ef:53:bd:cf:51:
                    9c:b9:52:d8:1a:ef:75:33:05:73:53:69:d1:a5:ce:
                    f3:3c:22:b0:75:70:6d:2f:5b:52:a1:6b:2d:c2:c1:
                    21:59:14:59:dd:26:ed:f5:7c:96:d0:e3:3c:46:3f:
                    fd:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:B4:BB:CE:46:8B:AD:81:C9:A6:13:78:60:60:7D:6F:27:79:C0:B4
            X509v3 Authority Key Identifier:
                keyid:B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/orS7zkaLrYHJphN4YGB9byd5wLQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.65.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:f5:23:76:06:46:5f:8c:98:76:90:79:4b:24:82:d0:bc:2c:
         29:5d:86:a8:da:56:23:23:34:b6:1e:fa:2f:06:13:31:c0:96:
         f6:06:8b:1a:ae:ee:65:67:d9:9a:95:d6:49:d9:86:60:c3:2b:
         d9:9a:80:d5:7c:91:99:6e:e7:5b:92:c6:63:10:80:6f:88:ee:
         93:38:90:88:67:75:7d:de:36:f3:5b:cb:1e:1f:9d:23:e5:e5:
         a9:94:04:3f:ed:06:ab:69:4e:a1:fd:3b:39:bb:1c:ec:f8:2b:
         f8:c9:8b:68:67:c1:a9:2d:15:50:f4:a8:fc:1a:1b:38:28:ed:
         ca:9d:52:89:8e:52:e3:33:bd:cf:23:36:a2:d9:58:3d:6c:f2:
         2c:d8:41:6e:36:97:6b:b8:a0:a9:42:fb:96:ab:c2:0a:0a:37:
         79:2c:3f:c0:86:da:3e:a6:45:d8:d2:95:00:cc:cf:62:ae:d3:
         db:9e:4b:8b:88:93:92:4b:e0:13:f1:09:52:cd:35:da:2e:ab:
         6e:90:c5:de:3b:58:3f:cd:35:58:d8:ee:50:d4:c8:51:0e:26:
         2d:52:6f:0b:d8:e2:ac:5d:f0:6f:e1:2a:8f:94:15:0f:ee:01:
         d7:17:e7:47:8f:06:55:1d:bf:8d:2a:34:bb:26:83:0d:f1:40:
         69:c3:0b:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS5mLDhSbRw7KK0VZ87YyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5OTU0NDk5OTc3Mjc4YTc1NTcwYjM0MDNmNGQzYWEwMGIx
YjM2ZTgwHhcNMjQwMTAxMTgzMTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMmI0YmJjZTQ2OGJhZDgxYzlhNjEzNzg2MDYwN2Q2ZjI3NzljMGI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgUnfDV/JHy4Hb6LfLV2H2CGlNmec
izq4pHI95w5qTtl1Bw8kJRWrmZPPyIbCFUfqls/mZdYIomdEqz0D6qyxWoM9ZW2W
i3LNrHkCQhMlUI1S6rIdZcaJ0KeOZ9OCTBSvI8FJTDFVPjwMt/0w5hErwRtlFmyK
gzgNwS7T/zIOspYYgWQhoOasELw64yse1HhdugPKZH7erKdiPd7YF1OJDRcxgG3L
ut51P5gkAU3kivWm2fcp9Qa3HI/17NFxbXDs0RZcffSemTTl2fnY71O9z1GcuVLY
Gu91MwVzU2nRpc7zPCKwdXBtL1tSoWstwsEhWRRZ3Sbt9XyW0OM8Rj/90QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKK0u85Gi62ByaYTeGBgfW8necC0MB8GA1UdIwQY
MBaAFLmVRJmXcninVXCzQD9NOqALGzboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAt
MDI0YjE2NTVjMjQ3LzEvb3JTN3prYUxyWUhKcGhONFlHQjlieWQ1d0xRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAtMDI0YjE2NTVjMjQ3
LzEvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATUHeMA0G
CSqGSIb3DQEBCwUAA4IBAQB49SN2BkZfjJh2kHlLJILQvCwpXYao2lYjIzS2Hvov
BhMxwJb2Bosaru5lZ9maldZJ2YZgwyvZmoDVfJGZbudbksZjEIBviO6TOJCIZ3V9
3jbzW8seH50j5eWplAQ/7QaraU6h/Ts5uxzs+Cv4yYtoZ8GpLRVQ9Kj8Ghs4KO3K
nVKJjlLjM73PIzai2Vg9bPIs2EFuNpdruKCpQvuWq8IKCjd5LD/Ahto+pkXY0pUA
zM9irtPbnkuLiJOSS+AT8QlSzTXaLqtukMXeO1g/zTVY2O5Q1MhRDiYtUm8L2OKs
XfBv4SqPlBUP7gHXF+dHjwZVHb+NKjS7JoMN8UBpwwtD
-----END CERTIFICATE-----