Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/e08b8e-bf22-435c-8b1f-46bb7aec1f30/1/tvvtG9QmQJgYe2JwUxzTO_FBtig.roa
File:                     tvvtG9QmQJgYe2JwUxzTO_FBtig.roa (raw, json)
Hash identifier:          oxhM6fgCGvEuu16HVG0oDTw6/6wsm6kqDzZHxt8WXes=
Subject key identifier:   B6:FB:ED:1B:D4:26:40:98:18:7B:62:70:53:1C:D3:3B:F1:41:B6:28
Certificate issuer:       /CN=af2f2e86dd7cc9101658ff8d5a5241445fcd1d6a
Certificate serial:       018CCA2A432B3FD5CEB65A53D4319EAF0A45
Authority key identifier: AF:2F:2E:86:DD:7C:C9:10:16:58:FF:8D:5A:52:41:44:5F:CD:1D:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ry8uht18yRAWWP-NWlJBRF_NHWo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/e08b8e-bf22-435c-8b1f-46bb7aec1f30/1/tvvtG9QmQJgYe2JwUxzTO_FBtig.roa
Signing time:             Tue 02 Jan 2024 12:33:36 +0000
ROA not before:           Tue 02 Jan 2024 12:33:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61317
IP address blocks:        77.81.77.0/24 maxlen: 24
                          188.214.234.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/e08b8e-bf22-435c-8b1f-46bb7aec1f30/1/ry8uht18yRAWWP-NWlJBRF_NHWo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/e08b8e-bf22-435c-8b1f-46bb7aec1f30/1/ry8uht18yRAWWP-NWlJBRF_NHWo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ry8uht18yRAWWP-NWlJBRF_NHWo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:43:2b:3f:d5:ce:b6:5a:53:d4:31:9e:af:0a:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af2f2e86dd7cc9101658ff8d5a5241445fcd1d6a
        Validity
            Not Before: Jan  2 12:33:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b6fbed1bd4264098187b6270531cd33bf141b628
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:42:6e:2d:6c:fe:65:9a:39:5e:0d:f0:b6:27:
                    c8:db:05:60:1c:77:90:cf:f0:4f:7f:b8:6c:27:ba:
                    ba:63:e5:d7:65:d8:33:be:b2:15:a3:e1:19:06:eb:
                    77:ed:1a:1c:ba:88:0c:d4:0e:2b:5c:0f:94:b1:90:
                    b0:64:34:02:89:1c:ff:e8:49:89:29:5d:da:27:b4:
                    49:1d:c3:6f:95:a1:b2:37:8c:ab:cb:08:07:b2:e2:
                    03:d8:05:17:87:73:f5:71:20:29:2d:c7:d6:4b:db:
                    bd:e4:e5:7b:f8:50:4f:d6:e5:d8:6a:cb:ff:4d:a2:
                    23:b3:94:b4:5c:57:e9:3f:00:6d:69:fc:3d:1a:03:
                    32:e9:b4:57:fe:bd:09:e6:f9:c0:0d:1c:85:33:f2:
                    ef:bc:02:80:11:c5:b6:98:54:4c:10:08:b1:37:61:
                    17:70:66:53:ad:4e:66:28:59:cc:e9:a8:f8:ea:20:
                    83:b5:3c:cf:42:96:62:1a:51:b1:eb:58:0c:32:c6:
                    da:02:be:77:00:4a:59:c8:a4:ee:ea:5d:0f:41:aa:
                    46:ad:06:b1:46:fe:89:b8:dc:1d:ae:1c:11:07:a5:
                    fb:11:c9:44:6c:ca:0d:9f:01:86:b6:91:69:90:4d:
                    6b:2d:bc:1c:c0:e0:d7:0d:67:b1:e0:23:eb:69:dd:
                    01:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:FB:ED:1B:D4:26:40:98:18:7B:62:70:53:1C:D3:3B:F1:41:B6:28
            X509v3 Authority Key Identifier:
                keyid:AF:2F:2E:86:DD:7C:C9:10:16:58:FF:8D:5A:52:41:44:5F:CD:1D:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ry8uht18yRAWWP-NWlJBRF_NHWo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/e08b8e-bf22-435c-8b1f-46bb7aec1f30/1/tvvtG9QmQJgYe2JwUxzTO_FBtig.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/e08b8e-bf22-435c-8b1f-46bb7aec1f30/1/ry8uht18yRAWWP-NWlJBRF_NHWo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.81.77.0/24
                  188.214.234.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0c:ea:f9:d1:67:28:68:aa:c2:be:1e:e2:f5:71:03:7e:a0:7c:
         f4:d2:55:a7:ef:90:26:08:09:ca:4f:92:31:67:51:95:35:ca:
         02:4c:c6:7c:d6:85:d1:71:d1:c3:c7:80:25:4c:ac:e1:70:c0:
         b2:0b:b3:d7:97:3f:10:97:8a:5f:47:22:2c:a6:73:fb:be:77:
         d1:bd:bc:3b:85:22:5a:c9:5b:12:0b:f0:d9:24:00:95:8c:c2:
         de:c5:2b:9a:44:be:bc:9f:a1:8a:c1:37:f1:b9:28:a3:f8:49:
         89:5f:15:3a:74:57:fa:19:60:41:fa:bc:34:66:e1:cd:77:db:
         5f:12:f6:3d:f6:63:35:bb:df:3c:e6:4d:15:b6:a8:a0:77:8c:
         18:de:2e:41:98:44:a0:3a:15:6b:11:6c:8e:2a:7a:60:97:b3:
         16:88:82:6d:64:7b:b5:23:89:63:25:f6:e1:ca:49:a9:44:6c:
         6e:e3:3f:ac:45:e9:03:8f:be:e9:b8:08:92:05:41:a7:c8:f8:
         ff:89:d0:f2:23:42:2c:2e:9f:9f:f4:7f:fa:6e:39:d5:6e:b6:
         f5:4c:c6:5b:c7:3f:79:d2:cf:2b:78:73:10:71:22:74:80:65:
         04:2f:ed:3e:ed:e2:bc:39:8f:c3:b8:96:3d:26:a7:4d:b4:ff:
         ca:2e:7e:b5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKKkMrP9XOtlpT1DGerwpFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmMmYyZTg2ZGQ3Y2M5MTAxNjU4ZmY4ZDVhNTI0MTQ0NWZj
ZDFkNmEwHhcNMjQwMTAyMTIzMzM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmZiZWQxYmQ0MjY0MDk4MTg3YjYyNzA1MzFjZDMzYmYxNDFiNjI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAokJuLWz+ZZo5Xg3wtifI2wVgHHeQ
z/BPf7hsJ7q6Y+XXZdgzvrIVo+EZBut37RocuogM1A4rXA+UsZCwZDQCiRz/6EmJ
KV3aJ7RJHcNvlaGyN4yrywgHsuID2AUXh3P1cSApLcfWS9u95OV7+FBP1uXYasv/
TaIjs5S0XFfpPwBtafw9GgMy6bRX/r0J5vnADRyFM/LvvAKAEcW2mFRMEAixN2EX
cGZTrU5mKFnM6aj46iCDtTzPQpZiGlGx61gMMsbaAr53AEpZyKTu6l0PQapGrQax
Rv6JuNwdrhwRB6X7EclEbMoNnwGGtpFpkE1rLbwcwODXDWex4CPrad0BkwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLb77RvUJkCYGHticFMc0zvxQbYoMB8GA1UdIwQY
MBaAFK8vLobdfMkQFlj/jVpSQURfzR1qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnk4dWh0MTh5UkFXV1AtTldsSkJSRl9OSFdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC9lMDhiOGUtYmYyMi00MzVjLThiMWYt
NDZiYjdhZWMxZjMwLzEvdHZ2dEc5UW1RSmdZZTJKd1V4elRPX0ZCdGlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC9lMDhiOGUtYmYyMi00MzVjLThiMWYtNDZiYjdhZWMxZjMw
LzEvcnk4dWh0MTh5UkFXV1AtTldsSkJSRl9OSFdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATVFNAwQB
vNbqMA0GCSqGSIb3DQEBCwUAA4IBAQAM6vnRZyhoqsK+HuL1cQN+oHz00lWn75Am
CAnKT5IxZ1GVNcoCTMZ81oXRcdHDx4AlTKzhcMCyC7PXlz8Ql4pfRyIspnP7vnfR
vbw7hSJayVsSC/DZJACVjMLexSuaRL68n6GKwTfxuSij+EmJXxU6dFf6GWBB+rw0
ZuHNd9tfEvY99mM1u9885k0Vtqigd4wY3i5BmESgOhVrEWyOKnpgl7MWiIJtZHu1
I4ljJfbhykmpRGxu4z+sRekDj77puAiSBUGnyPj/idDyI0IsLp+f9H/6bjnVbrb1
TMZbxz950s8reHMQcSJ0gGUEL+0+7eK8OY/DuJY9JqdNtP/KLn61
-----END CERTIFICATE-----