Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/4bcb1b-ff41-48e0-8db8-6212ac49ca3b/1/1j77BTOK55nbFjU9T3CSmHmjr3g.roa
File:                     1j77BTOK55nbFjU9T3CSmHmjr3g.roa (raw, json)
Hash identifier:          tdr1tS/koFdMbxvqrnTYG5UfuWzeMgscZdh7hKIQEuQ=
Subject key identifier:   D6:3E:FB:05:33:8A:E7:99:DB:16:35:3D:4F:70:92:98:79:A3:AF:78
Certificate issuer:       /CN=ddb71471373bb0603c356eeded4b918292b5beee
Certificate serial:       018CC6B9416D15247B0DF22F18AA09A6ECB6
Authority key identifier: DD:B7:14:71:37:3B:B0:60:3C:35:6E:ED:ED:4B:91:82:92:B5:BE:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3bcUcTc7sGA8NW7t7UuRgpK1vu4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/4bcb1b-ff41-48e0-8db8-6212ac49ca3b/1/1j77BTOK55nbFjU9T3CSmHmjr3g.roa
Signing time:             Mon 01 Jan 2024 20:31:18 +0000
ROA not before:           Mon 01 Jan 2024 20:31:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1136
IP address blocks:        145.8.178.0/24 maxlen: 24
                          145.8.177.0/24 maxlen: 24
                          145.8.176.0/24 maxlen: 24
                          145.8.179.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/4bcb1b-ff41-48e0-8db8-6212ac49ca3b/1/3bcUcTc7sGA8NW7t7UuRgpK1vu4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/4bcb1b-ff41-48e0-8db8-6212ac49ca3b/1/3bcUcTc7sGA8NW7t7UuRgpK1vu4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3bcUcTc7sGA8NW7t7UuRgpK1vu4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Jun 2024 09:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:41:6d:15:24:7b:0d:f2:2f:18:aa:09:a6:ec:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ddb71471373bb0603c356eeded4b918292b5beee
        Validity
            Not Before: Jan  1 20:31:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d63efb05338ae799db16353d4f70929879a3af78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:8c:e7:df:9c:4d:3d:a5:8b:d7:ed:53:07:21:
                    64:23:d6:b3:8c:a1:af:eb:38:ff:47:bf:a2:84:32:
                    f0:cd:c7:9b:c6:3a:38:92:5e:9b:dd:55:d0:65:05:
                    fb:27:6f:08:ef:d9:22:f4:91:63:79:11:2c:7a:22:
                    fa:95:a0:86:d6:bf:e1:23:32:38:15:9e:f5:ba:1c:
                    ad:71:ff:f3:86:ae:04:3e:42:fe:31:e3:ad:ce:d7:
                    59:2f:52:0f:e0:84:c3:c1:8e:7a:a9:28:ed:50:61:
                    3f:b3:f8:78:75:49:06:ee:f9:2c:c0:02:75:70:36:
                    14:8f:8b:04:54:28:50:e0:e8:f4:59:17:9d:17:83:
                    7d:51:a0:65:6c:a4:e7:5a:c0:0c:2a:d5:80:28:f5:
                    0d:64:db:c3:b1:ff:d6:60:89:23:fe:88:d0:bf:b6:
                    b1:5c:26:9d:b5:84:42:7a:d1:6a:8a:ee:ad:fc:27:
                    b1:49:2c:56:3e:05:d7:68:bd:df:82:84:86:9c:b7:
                    54:7c:77:14:f1:73:39:de:d0:1b:06:f9:23:e3:26:
                    a7:9a:f0:29:ee:c5:69:fe:c5:f8:ea:5a:b3:ac:9f:
                    8a:b6:86:66:18:00:a6:1a:7a:6e:d8:22:e8:c5:ad:
                    70:9f:03:10:be:6f:69:ef:83:a4:43:fe:0a:06:6c:
                    be:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:3E:FB:05:33:8A:E7:99:DB:16:35:3D:4F:70:92:98:79:A3:AF:78
            X509v3 Authority Key Identifier:
                keyid:DD:B7:14:71:37:3B:B0:60:3C:35:6E:ED:ED:4B:91:82:92:B5:BE:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3bcUcTc7sGA8NW7t7UuRgpK1vu4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/4bcb1b-ff41-48e0-8db8-6212ac49ca3b/1/1j77BTOK55nbFjU9T3CSmHmjr3g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/4bcb1b-ff41-48e0-8db8-6212ac49ca3b/1/3bcUcTc7sGA8NW7t7UuRgpK1vu4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.8.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         11:c6:4a:52:20:2f:1b:d9:2d:34:a1:08:32:6d:55:2f:59:60:
         9d:16:c4:7d:d6:d8:fa:e3:af:37:88:52:4f:12:c5:77:d8:a7:
         69:52:1b:c8:91:0e:1d:9e:3e:6d:23:e5:9d:0a:98:9c:dc:ab:
         c8:c8:61:55:5b:cf:30:f1:43:b3:08:a1:dc:03:30:21:5a:73:
         a2:4b:26:ab:b6:e1:a1:fe:2d:68:a8:38:80:74:bf:41:7e:d6:
         1f:e4:2f:5a:ea:6c:50:b3:3a:f5:8c:9c:8b:24:ad:3e:c3:64:
         09:55:89:fc:e3:51:98:c1:9d:cd:87:a5:40:70:16:a9:07:4d:
         b3:96:fb:9b:3f:99:01:c7:69:ca:38:4d:df:75:6d:99:3b:19:
         e6:b9:a9:66:4c:d7:53:f9:0e:67:88:c4:dd:d9:f2:a2:fe:d3:
         00:78:7f:05:c6:a2:45:8a:f5:3b:d3:d9:3e:19:6a:a2:cd:a0:
         b4:be:2f:7e:8c:e9:29:69:eb:7f:08:b9:e7:42:25:84:4d:d3:
         c0:5f:11:5a:b6:82:d7:16:67:ab:c3:9a:be:54:d6:d6:f4:25:
         5d:6d:a6:c2:7e:af:0e:88:af:0e:1e:51:06:b7:77:55:ef:73:
         30:ee:bd:08:e6:9b:d0:27:71:76:60:31:0c:ce:b4:3f:96:6f:
         55:26:9c:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuUFtFSR7DfIvGKoJpuy2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkYjcxNDcxMzczYmIwNjAzYzM1NmVlZGVkNGI5MTgyOTJi
NWJlZWUwHhcNMjQwMTAxMjAzMTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjNlZmIwNTMzOGFlNzk5ZGIxNjM1M2Q0ZjcwOTI5ODc5YTNhZjc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3ozn35xNPaWL1+1TByFkI9azjKGv
6zj/R7+ihDLwzcebxjo4kl6b3VXQZQX7J28I79ki9JFjeREseiL6laCG1r/hIzI4
FZ71uhytcf/zhq4EPkL+MeOtztdZL1IP4ITDwY56qSjtUGE/s/h4dUkG7vkswAJ1
cDYUj4sEVChQ4Oj0WRedF4N9UaBlbKTnWsAMKtWAKPUNZNvDsf/WYIkj/ojQv7ax
XCadtYRCetFqiu6t/CexSSxWPgXXaL3fgoSGnLdUfHcU8XM53tAbBvkj4yanmvAp
7sVp/sX46lqzrJ+KtoZmGACmGnpu2CLoxa1wnwMQvm9p74OkQ/4KBmy+0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNY++wUziueZ2xY1PU9wkph5o694MB8GA1UdIwQY
MBaAFN23FHE3O7BgPDVu7e1LkYKStb7uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2JjVWNUYzdzR0E4Tlc3dDdVdVJncEsxdnU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy80YmNiMWItZmY0MS00OGUwLThkYjgt
NjIxMmFjNDljYTNiLzEvMWo3N0JUT0s1NW5iRmpVOVQzQ1NtSG1qcjNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy80YmNiMWItZmY0MS00OGUwLThkYjgtNjIxMmFjNDljYTNi
LzEvM2JjVWNUYzdzR0E4Tlc3dDdVdVJncEsxdnU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCkQiwMA0G
CSqGSIb3DQEBCwUAA4IBAQARxkpSIC8b2S00oQgybVUvWWCdFsR91tj64683iFJP
EsV32KdpUhvIkQ4dnj5tI+WdCpic3KvIyGFVW88w8UOzCKHcAzAhWnOiSyartuGh
/i1oqDiAdL9BftYf5C9a6mxQszr1jJyLJK0+w2QJVYn841GYwZ3Nh6VAcBapB02z
lvubP5kBx2nKOE3fdW2ZOxnmualmTNdT+Q5niMTd2fKi/tMAeH8FxqJFivU709k+
GWqizaC0vi9+jOkpaet/CLnnQiWETdPAXxFatoLXFmerw5q+VNbW9CVdbabCfq8O
iK8OHlEGt3dV73Mw7r0I5pvQJ3F2YDEMzrQ/lm9VJpz9
-----END CERTIFICATE-----