Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/9c70e9-3df3-4bc7-82e6-006e9bb8ed59/1/dyTeCzkLhQdVFtkjDz8Zy0v0DyI.roa
File:                     dyTeCzkLhQdVFtkjDz8Zy0v0DyI.roa (raw, json)
Hash identifier:          rFNSYghnGp2je7hAuTHweEJrHIShYB9IcRWT9J3w4b0=
Subject key identifier:   77:24:DE:0B:39:0B:85:07:55:16:D9:23:0F:3F:19:CB:4B:F4:0F:22
Certificate issuer:       /CN=71c1690ef57afcffae73bdb9934309f8b70ebb61
Certificate serial:       018CC94E3B70AB602E5612B2BC49EDD67643
Authority key identifier: 71:C1:69:0E:F5:7A:FC:FF:AE:73:BD:B9:93:43:09:F8:B7:0E:BB:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ccFpDvV6_P-uc725k0MJ-LcOu2E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/9c70e9-3df3-4bc7-82e6-006e9bb8ed59/1/dyTeCzkLhQdVFtkjDz8Zy0v0DyI.roa
Signing time:             Tue 02 Jan 2024 08:33:16 +0000
ROA not before:           Tue 02 Jan 2024 08:33:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61154
IP address blocks:        77.87.78.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/9c70e9-3df3-4bc7-82e6-006e9bb8ed59/1/ccFpDvV6_P-uc725k0MJ-LcOu2E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/9c70e9-3df3-4bc7-82e6-006e9bb8ed59/1/ccFpDvV6_P-uc725k0MJ-LcOu2E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ccFpDvV6_P-uc725k0MJ-LcOu2E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 20:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:3b:70:ab:60:2e:56:12:b2:bc:49:ed:d6:76:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=71c1690ef57afcffae73bdb9934309f8b70ebb61
        Validity
            Not Before: Jan  2 08:33:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7724de0b390b85075516d9230f3f19cb4bf40f22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:c7:8f:d7:51:ac:48:f4:53:7b:04:21:ad:2f:
                    33:96:65:92:db:8b:8c:6a:aa:df:76:f8:60:83:f3:
                    f2:c1:02:81:55:79:70:63:5c:f5:07:c7:04:9a:1d:
                    21:41:3b:c6:2a:b4:57:21:64:67:5b:b0:21:a5:18:
                    ec:c7:91:db:fc:bc:8f:73:36:b6:f0:cb:73:9a:b5:
                    4a:ab:ca:f9:19:9e:a5:df:d4:eb:c5:de:40:a3:4e:
                    5b:f6:2b:a6:50:7f:cf:a4:93:52:36:b4:bc:3d:b8:
                    41:c4:d9:23:56:b4:4f:43:24:01:4a:1c:48:0c:ed:
                    1a:4a:f0:3a:28:e7:67:f7:d6:b7:25:54:03:70:22:
                    ce:61:0a:fb:fb:27:fe:fc:3f:27:ed:3c:62:4f:41:
                    b9:9b:e0:3a:0c:df:fb:3c:00:02:68:7b:68:2a:04:
                    b8:98:e3:92:a2:46:c6:17:f2:92:de:81:09:9d:80:
                    7c:c5:80:2f:57:0c:8d:8f:53:f5:a1:8b:ac:f1:a6:
                    a6:37:20:db:a5:33:36:28:0e:23:73:64:16:c4:ed:
                    a5:58:40:80:d0:09:77:ec:91:2c:58:1d:3c:f3:03:
                    11:5d:a4:08:2c:20:87:63:7e:8e:eb:52:74:c0:aa:
                    6a:7a:2d:eb:38:a7:0a:fc:a3:36:3d:53:e2:9c:1c:
                    d0:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:24:DE:0B:39:0B:85:07:55:16:D9:23:0F:3F:19:CB:4B:F4:0F:22
            X509v3 Authority Key Identifier:
                keyid:71:C1:69:0E:F5:7A:FC:FF:AE:73:BD:B9:93:43:09:F8:B7:0E:BB:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ccFpDvV6_P-uc725k0MJ-LcOu2E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/9c70e9-3df3-4bc7-82e6-006e9bb8ed59/1/dyTeCzkLhQdVFtkjDz8Zy0v0DyI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/9c70e9-3df3-4bc7-82e6-006e9bb8ed59/1/ccFpDvV6_P-uc725k0MJ-LcOu2E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.87.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:88:25:05:c7:44:ea:34:ef:2b:ae:d5:ea:66:e0:28:90:0c:
         70:f3:7c:63:06:48:57:5f:35:14:c0:1e:7a:fc:f7:90:98:67:
         0a:a6:b0:30:25:76:33:24:04:c4:b9:5e:5e:0e:f4:e1:94:b1:
         10:16:8b:df:d7:5e:2c:97:ce:8e:cc:3b:fb:b5:3a:50:44:3c:
         dc:58:ec:34:89:39:14:7a:0e:a7:c3:fd:3f:57:c7:a7:1e:ce:
         f4:c2:12:13:d4:b0:0a:7c:9c:3d:2a:47:71:a0:0a:44:b5:64:
         7e:d5:a6:0e:20:bf:6c:04:9b:b5:74:d5:64:92:e8:3f:7f:dc:
         1c:9a:57:14:ef:f8:c2:7b:dd:7d:ca:27:af:8d:41:7c:f3:34:
         48:48:9f:bb:35:c7:0c:78:c2:a3:6c:09:e8:aa:e6:7a:5f:13:
         46:c1:8e:a8:b4:a9:63:10:03:99:b2:b0:6a:2b:7d:e4:ac:ab:
         a6:28:ea:70:f2:b0:db:94:03:95:21:06:85:43:59:ec:ff:cc:
         11:61:a0:3a:ae:d6:a0:b9:87:f4:0b:88:5c:fd:0a:47:7a:ac:
         92:0f:d6:21:d7:c5:f8:28:21:2a:e5:ef:37:52:c2:22:84:88:
         2e:d3:43:dd:ca:20:7d:67:ff:86:77:83:2e:e6:f4:5f:26:a9:
         48:2a:41:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTjtwq2AuVhKyvEnt1nZDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcxYzE2OTBlZjU3YWZjZmZhZTczYmRiOTkzNDMwOWY4Yjcw
ZWJiNjEwHhcNMjQwMTAyMDgzMzE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzI0ZGUwYjM5MGI4NTA3NTUxNmQ5MjMwZjNmMTljYjRiZjQwZjIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnMeP11GsSPRTewQhrS8zlmWS24uM
aqrfdvhgg/PywQKBVXlwY1z1B8cEmh0hQTvGKrRXIWRnW7AhpRjsx5Hb/LyPcza2
8MtzmrVKq8r5GZ6l39Trxd5Ao05b9iumUH/PpJNSNrS8PbhBxNkjVrRPQyQBShxI
DO0aSvA6KOdn99a3JVQDcCLOYQr7+yf+/D8n7TxiT0G5m+A6DN/7PAACaHtoKgS4
mOOSokbGF/KS3oEJnYB8xYAvVwyNj1P1oYus8aamNyDbpTM2KA4jc2QWxO2lWECA
0Al37JEsWB088wMRXaQILCCHY36O61J0wKpqei3rOKcK/KM2PVPinBzQNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHck3gs5C4UHVRbZIw8/GctL9A8iMB8GA1UdIwQY
MBaAFHHBaQ71evz/rnO9uZNDCfi3DrthMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2NGcER2VjZfUC11YzcyNWswTUotTGNPdTJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS85YzcwZTktM2RmMy00YmM3LTgyZTYt
MDA2ZTliYjhlZDU5LzEvZHlUZUN6a0xoUWRWRnRrakR6OFp5MHYwRHlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS85YzcwZTktM2RmMy00YmM3LTgyZTYtMDA2ZTliYjhlZDU5
LzEvY2NGcER2VjZfUC11YzcyNWswTUotTGNPdTJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVdOMA0G
CSqGSIb3DQEBCwUAA4IBAQCQiCUFx0TqNO8rrtXqZuAokAxw83xjBkhXXzUUwB56
/PeQmGcKprAwJXYzJATEuV5eDvThlLEQFovf114sl86OzDv7tTpQRDzcWOw0iTkU
eg6nw/0/V8enHs70whIT1LAKfJw9KkdxoApEtWR+1aYOIL9sBJu1dNVkkug/f9wc
mlcU7/jCe919yievjUF88zRISJ+7NccMeMKjbAnoquZ6XxNGwY6otKljEAOZsrBq
K33krKumKOpw8rDblAOVIQaFQ1ns/8wRYaA6rtaguYf0C4hc/QpHeqySD9Yh18X4
KCEq5e83UsIihIgu00PdyiB9Z/+Gd4Mu5vRfJqlIKkE5
-----END CERTIFICATE-----