Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/vYqOOsMdvkf8OP4eA3aMLi14UDw.roa
File:                     vYqOOsMdvkf8OP4eA3aMLi14UDw.roa (raw, json)
Hash identifier:          E4v+J3kjXJV9xECIn4vACJtAjr3oTm3Z6mdqjDlH/U4=
Subject key identifier:   BD:8A:8E:3A:C3:1D:BE:47:FC:38:FE:1E:03:76:8C:2E:2D:78:50:3C
Certificate issuer:       /CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
Certificate serial:       019352EA0B4C6E08E7B118E10F210E0BBDE5
Authority key identifier: 6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/vYqOOsMdvkf8OP4eA3aMLi14UDw.roa
Signing time:             Fri 22 Nov 2024 08:08:10 +0000
ROA not before:           Fri 22 Nov 2024 08:08:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214934
IP address blocks:        217.177.74.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:47:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:52:ea:0b:4c:6e:08:e7:b1:18:e1:0f:21:0e:0b:bd:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
        Validity
            Not Before: Nov 22 08:08:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bd8a8e3ac31dbe47fc38fe1e03768c2e2d78503c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:cb:24:49:8a:63:43:0b:20:72:76:75:83:60:
                    d0:a1:10:75:3a:b4:e5:3a:ae:08:b9:af:f5:ae:3b:
                    6d:a6:c2:37:92:98:a6:af:b0:92:c2:77:51:19:d6:
                    92:b2:33:04:c7:08:d2:3d:c0:ea:0a:59:3a:e8:14:
                    7a:f7:c7:9e:fb:bc:59:ea:96:d0:87:d3:d9:c6:33:
                    b4:7b:95:c0:ae:50:c9:7c:a2:96:df:7d:92:70:c6:
                    75:67:13:29:97:eb:86:1f:58:f6:56:8f:63:ed:14:
                    da:e2:4a:d3:67:0c:70:81:02:36:e0:8e:02:6d:43:
                    d2:39:27:e1:eb:78:7a:b2:a8:6d:f2:05:6b:91:79:
                    b0:a5:13:63:d1:73:5b:c9:bb:79:ed:a4:96:89:85:
                    d4:3c:6e:3c:90:4d:ce:87:45:90:d8:16:f1:97:f3:
                    f9:1c:43:98:c1:06:77:5a:a9:8d:b7:f4:52:bf:be:
                    60:85:c4:c2:e1:a4:67:f7:e0:72:d9:89:54:e8:ff:
                    d9:16:e4:1c:c1:9e:84:3a:f8:ea:12:d1:da:49:9f:
                    e8:52:58:2e:4d:55:27:b7:0e:14:ce:4b:65:1c:13:
                    a0:46:ef:97:02:3e:ec:9b:25:b5:ff:d3:14:0d:30:
                    a1:a3:dc:52:d7:45:3f:59:69:63:f5:2e:37:dd:95:
                    c0:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:8A:8E:3A:C3:1D:BE:47:FC:38:FE:1E:03:76:8C:2E:2D:78:50:3C
            X509v3 Authority Key Identifier:
                keyid:6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/vYqOOsMdvkf8OP4eA3aMLi14UDw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.177.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:8d:df:aa:31:1b:03:87:aa:40:fe:fe:56:ad:2e:8e:7a:a3:
         44:2d:3c:c5:14:fa:7d:22:9c:d1:2b:bd:b6:55:50:92:1f:64:
         43:08:3c:b0:c7:be:6e:d6:05:17:18:59:b9:ea:54:f6:69:a7:
         4f:d2:68:02:8b:b4:a2:21:f5:67:a1:2a:af:ec:a2:32:e4:32:
         e8:1e:49:d7:b8:f6:35:93:65:0b:e4:7d:06:22:2f:aa:d6:37:
         7c:61:95:c9:76:52:3a:82:c0:88:8c:07:8e:f8:df:55:0d:94:
         8c:11:02:f1:70:d3:95:f8:94:85:ca:d2:0f:39:dd:c0:8f:1e:
         3f:0b:51:3e:58:79:ab:24:4a:fa:4b:2c:8b:e4:af:cb:3a:f8:
         3e:15:ea:65:fd:c1:d2:32:da:ac:03:46:5e:36:29:fc:06:67:
         9b:1e:23:3a:5b:00:cf:f0:81:c2:26:61:94:bc:ac:2b:7e:8f:
         dc:8c:84:19:a3:18:07:04:14:7f:99:7c:18:81:fe:0e:53:44:
         45:4a:8b:a1:0d:fb:14:74:fa:2f:e6:a2:bf:33:96:66:0e:1d:
         f6:37:ba:41:f2:e8:e0:f0:5c:16:d2:ef:ac:93:7d:68:ae:fc:
         85:a1:34:22:19:e4:f0:dc:c2:b2:58:5a:ea:ac:95:9d:b0:a9:
         1d:97:58:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNS6gtMbgjnsRjhDyEOC73lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhNTgzNmRkZTliOWRhZWYzNWE4YTdmNzRkNjMyNmY2YjQy
ZGE3NGQwHhcNMjQxMTIyMDgwODEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDhhOGUzYWMzMWRiZTQ3ZmMzOGZlMWUwMzc2OGMyZTJkNzg1MDNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8skSYpjQwsgcnZ1g2DQoRB1OrTl
Oq4Iua/1rjttpsI3kpimr7CSwndRGdaSsjMExwjSPcDqClk66BR698ee+7xZ6pbQ
h9PZxjO0e5XArlDJfKKW332ScMZ1ZxMpl+uGH1j2Vo9j7RTa4krTZwxwgQI24I4C
bUPSOSfh63h6sqht8gVrkXmwpRNj0XNbybt57aSWiYXUPG48kE3Oh0WQ2Bbxl/P5
HEOYwQZ3WqmNt/RSv75ghcTC4aRn9+By2YlU6P/ZFuQcwZ6EOvjqEtHaSZ/oUlgu
TVUntw4UzktlHBOgRu+XAj7smyW1/9MUDTCho9xS10U/WWlj9S433ZXAaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL2KjjrDHb5H/Dj+HgN2jC4teFA8MB8GA1UdIwQY
MBaAFGpYNt3pudrvNain901jJva0LadNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUt
YzE5OTQyNzM3ZTZkLzEvdllxT09zTWR2a2Y4T1A0ZUEzYU1MaTE0VUR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUtYzE5OTQyNzM3ZTZk
LzEvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2bFKMA0G
CSqGSIb3DQEBCwUAA4IBAQCYjd+qMRsDh6pA/v5WrS6OeqNELTzFFPp9IpzRK722
VVCSH2RDCDywx75u1gUXGFm56lT2aadP0mgCi7SiIfVnoSqv7KIy5DLoHknXuPY1
k2UL5H0GIi+q1jd8YZXJdlI6gsCIjAeO+N9VDZSMEQLxcNOV+JSFytIPOd3Ajx4/
C1E+WHmrJEr6SyyL5K/LOvg+Fepl/cHSMtqsA0ZeNin8BmebHiM6WwDP8IHCJmGU
vKwrfo/cjIQZoxgHBBR/mXwYgf4OU0RFSouhDfsUdPov5qK/M5ZmDh32N7pB8ujg
8FwW0u+sk31orvyFoTQiGeTw3MKyWFrqrJWdsKkdl1g8
-----END CERTIFICATE-----