Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/fe0306-af84-4e8e-8885-b84a9819ead6/1/OMRieelGoAMNDKEzNai9e1QjoOw.roa
File:                     OMRieelGoAMNDKEzNai9e1QjoOw.roa (raw, json)
Hash identifier:          OVbxjOHDC+4kTdPtXBxVuTrBUTNrfRGhiyjR/6/iEuI=
Subject key identifier:   38:C4:62:79:E9:46:A0:03:0D:0C:A1:33:35:A8:BD:7B:54:23:A0:EC
Certificate issuer:       /CN=da4a3ec07b97858e6834a5a1f88eb8fe31bf7b20
Certificate serial:       018CC42540E5E4DA8BCEDC052A9EDBA01DFA
Authority key identifier: DA:4A:3E:C0:7B:97:85:8E:68:34:A5:A1:F8:8E:B8:FE:31:BF:7B:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2ko-wHuXhY5oNKWh-I64_jG_eyA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/fe0306-af84-4e8e-8885-b84a9819ead6/1/OMRieelGoAMNDKEzNai9e1QjoOw.roa
Signing time:             Mon 01 Jan 2024 08:30:24 +0000
ROA not before:           Mon 01 Jan 2024 08:30:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42838
IP address blocks:        77.87.16.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/fe0306-af84-4e8e-8885-b84a9819ead6/1/2ko-wHuXhY5oNKWh-I64_jG_eyA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/fe0306-af84-4e8e-8885-b84a9819ead6/1/2ko-wHuXhY5oNKWh-I64_jG_eyA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2ko-wHuXhY5oNKWh-I64_jG_eyA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 10:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:40:e5:e4:da:8b:ce:dc:05:2a:9e:db:a0:1d:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da4a3ec07b97858e6834a5a1f88eb8fe31bf7b20
        Validity
            Not Before: Jan  1 08:30:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=38c46279e946a0030d0ca13335a8bd7b5423a0ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:52:7e:f3:14:96:4f:2b:da:7d:22:ee:ce:ee:
                    cb:43:7a:6b:0c:96:d9:c5:c1:ab:d1:53:49:53:a9:
                    3d:77:bd:83:32:f2:de:6c:4a:65:1d:ab:38:e5:af:
                    44:e8:ad:e1:29:bd:22:ff:24:c6:05:01:9d:5f:58:
                    e4:10:8b:95:60:3e:7c:eb:c1:5c:01:2f:b5:48:95:
                    9f:a5:d6:8f:12:28:a1:5f:6a:ed:b8:f0:a5:39:28:
                    2a:67:27:98:cc:77:7c:8c:b1:21:ae:f9:4d:80:84:
                    ed:f1:78:5f:10:2f:7d:67:81:f7:b7:f8:6c:b0:b8:
                    a3:dd:0e:8a:4e:d9:8f:02:08:25:e7:19:d1:11:cd:
                    74:b7:92:e9:0e:f9:4b:f0:3a:a0:11:cc:bf:35:9e:
                    07:27:36:46:a1:63:56:7f:c3:a1:01:44:86:a9:6a:
                    e8:d5:65:6c:ac:bf:f6:d6:a4:ac:43:81:5c:fe:de:
                    cb:00:60:f5:c9:b0:de:38:b1:fd:57:06:63:be:0e:
                    81:05:13:65:fd:3c:53:b5:7f:c5:88:0d:5f:62:1e:
                    07:23:ee:4e:8c:d0:e6:89:30:b9:e6:96:74:1f:21:
                    37:aa:fa:34:32:c1:a4:7d:99:04:70:bf:f5:5c:59:
                    3c:6b:c9:b1:30:0e:4c:fa:ae:cc:9f:f8:a1:23:c9:
                    51:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:C4:62:79:E9:46:A0:03:0D:0C:A1:33:35:A8:BD:7B:54:23:A0:EC
            X509v3 Authority Key Identifier:
                keyid:DA:4A:3E:C0:7B:97:85:8E:68:34:A5:A1:F8:8E:B8:FE:31:BF:7B:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2ko-wHuXhY5oNKWh-I64_jG_eyA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/fe0306-af84-4e8e-8885-b84a9819ead6/1/OMRieelGoAMNDKEzNai9e1QjoOw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/fe0306-af84-4e8e-8885-b84a9819ead6/1/2ko-wHuXhY5oNKWh-I64_jG_eyA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.87.16.0/21

    Signature Algorithm: sha256WithRSAEncryption
         55:1f:40:b3:58:0d:7d:51:b3:96:23:77:95:1f:16:71:40:1a:
         a4:2b:b1:70:61:71:eb:c8:52:db:e4:31:10:32:da:05:76:8b:
         90:37:a2:b5:02:a1:ad:74:38:f9:71:36:17:06:50:74:78:77:
         f0:f8:86:e9:10:f2:c2:1a:87:0e:8b:65:a3:d3:7f:5f:de:58:
         f4:1f:85:6a:e1:4c:4d:97:67:26:ac:22:19:db:09:77:09:5f:
         16:ca:62:0d:52:a0:92:84:07:db:7c:45:0c:64:9e:e9:a1:38:
         2d:b7:ff:c7:4b:f5:94:4c:12:f1:1b:d3:80:fc:8f:fc:34:8e:
         83:2d:28:93:da:45:25:3d:6b:21:be:f7:b8:1b:b0:d5:02:4c:
         2d:4b:9c:0d:0c:75:0c:bf:70:a5:44:79:cc:a4:50:2a:d7:9e:
         1a:d4:3e:19:86:48:1b:03:1d:f3:c9:9d:e6:b9:b6:c0:9f:36:
         41:c1:2e:ed:20:3a:d0:38:4a:36:ea:f8:a7:26:67:38:28:a3:
         65:b3:30:a4:07:5e:0d:28:1a:97:88:cf:c5:2f:54:1f:8c:9a:
         a1:eb:82:76:44:71:bb:89:48:77:ba:c6:d6:53:e6:dc:97:22:
         ef:18:ca:79:5a:2a:e8:de:52:88:05:79:b5:7d:d8:e1:eb:ff:
         e3:cd:67:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJUDl5NqLztwFKp7boB36MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhNGEzZWMwN2I5Nzg1OGU2ODM0YTVhMWY4OGViOGZlMzFi
ZjdiMjAwHhcNMjQwMTAxMDgzMDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGM0NjI3OWU5NDZhMDAzMGQwY2ExMzMzNWE4YmQ3YjU0MjNhMGVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0lJ+8xSWTyvafSLuzu7LQ3prDJbZ
xcGr0VNJU6k9d72DMvLebEplHas45a9E6K3hKb0i/yTGBQGdX1jkEIuVYD5868Fc
AS+1SJWfpdaPEiihX2rtuPClOSgqZyeYzHd8jLEhrvlNgITt8XhfEC99Z4H3t/hs
sLij3Q6KTtmPAggl5xnREc10t5LpDvlL8DqgEcy/NZ4HJzZGoWNWf8OhAUSGqWro
1WVsrL/21qSsQ4Fc/t7LAGD1ybDeOLH9VwZjvg6BBRNl/TxTtX/FiA1fYh4HI+5O
jNDmiTC55pZ0HyE3qvo0MsGkfZkEcL/1XFk8a8mxMA5M+q7Mn/ihI8lRUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDjEYnnpRqADDQyhMzWovXtUI6DsMB8GA1UdIwQY
MBaAFNpKPsB7l4WOaDSlofiOuP4xv3sgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmtvLXdIdVhoWTVvTktXaC1JNjRfakdfZXlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC9mZTAzMDYtYWY4NC00ZThlLTg4ODUt
Yjg0YTk4MTllYWQ2LzEvT01SaWVlbEdvQU1OREtFek5haTllMVFqb093LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC9mZTAzMDYtYWY4NC00ZThlLTg4ODUtYjg0YTk4MTllYWQ2
LzEvMmtvLXdIdVhoWTVvTktXaC1JNjRfakdfZXlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDTVcQMA0G
CSqGSIb3DQEBCwUAA4IBAQBVH0CzWA19UbOWI3eVHxZxQBqkK7FwYXHryFLb5DEQ
MtoFdouQN6K1AqGtdDj5cTYXBlB0eHfw+IbpEPLCGocOi2Wj039f3lj0H4Vq4UxN
l2cmrCIZ2wl3CV8WymINUqCShAfbfEUMZJ7poTgtt//HS/WUTBLxG9OA/I/8NI6D
LSiT2kUlPWshvve4G7DVAkwtS5wNDHUMv3ClRHnMpFAq154a1D4ZhkgbAx3zyZ3m
ubbAnzZBwS7tIDrQOEo26vinJmc4KKNlszCkB14NKBqXiM/FL1QfjJqh64J2RHG7
iUh3usbWU+bclyLvGMp5Wiro3lKIBXm1fdjh6//jzWek
-----END CERTIFICATE-----