Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/d61b54-ee9f-4e00-b1e3-f7d027560058/1/CRyrdHGWGPfxSFw65Gh5qcZ2om0.roa
File:                     CRyrdHGWGPfxSFw65Gh5qcZ2om0.roa (raw, json)
Hash identifier:          VrLdw9d6sWpTxjyCAxNSA3DZrBNLZR6ZIZTTIXPdvvA=
Subject key identifier:   09:1C:AB:74:71:96:18:F7:F1:48:5C:3A:E4:68:79:A9:C6:76:A2:6D
Certificate issuer:       /CN=77cc46ade957c8f066a5c6fe25310a4cf5a7e9d4
Certificate serial:       018CC6B897A70EC9074648063474095C8622
Authority key identifier: 77:CC:46:AD:E9:57:C8:F0:66:A5:C6:FE:25:31:0A:4C:F5:A7:E9:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d8xGrelXyPBmpcb-JTEKTPWn6dQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/d61b54-ee9f-4e00-b1e3-f7d027560058/1/CRyrdHGWGPfxSFw65Gh5qcZ2om0.roa
Signing time:             Mon 01 Jan 2024 20:30:35 +0000
ROA not before:           Mon 01 Jan 2024 20:30:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        193.138.90.0/24 maxlen: 24
                          193.110.146.0/24 maxlen: 24
                          194.165.43.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/d61b54-ee9f-4e00-b1e3-f7d027560058/1/d8xGrelXyPBmpcb-JTEKTPWn6dQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/d61b54-ee9f-4e00-b1e3-f7d027560058/1/d8xGrelXyPBmpcb-JTEKTPWn6dQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d8xGrelXyPBmpcb-JTEKTPWn6dQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 22:03:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:97:a7:0e:c9:07:46:48:06:34:74:09:5c:86:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77cc46ade957c8f066a5c6fe25310a4cf5a7e9d4
        Validity
            Not Before: Jan  1 20:30:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=091cab74719618f7f1485c3ae46879a9c676a26d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:6f:7e:d6:10:dc:14:70:70:f7:44:9f:68:bc:
                    94:fb:c5:78:6e:35:ab:b4:30:6e:6f:c3:92:3a:15:
                    81:66:94:1e:28:4f:f6:62:de:c1:82:9d:11:a4:d8:
                    22:47:62:e4:80:3e:93:2b:93:3a:91:50:03:43:5f:
                    09:6d:6b:d9:14:b8:db:7d:ea:0c:4e:b5:87:31:21:
                    7c:ce:53:ef:22:3c:a5:4c:dc:be:f0:10:f5:07:ec:
                    ed:e4:b9:d7:b5:c0:8a:7d:df:c8:b4:7e:44:81:de:
                    73:a0:1d:5e:80:7a:d0:1c:c4:dd:21:db:e2:ab:a7:
                    ac:44:1d:6c:83:a4:99:55:2c:cd:93:0c:16:c7:05:
                    3e:5b:17:61:16:36:65:02:89:d6:75:10:95:b9:d3:
                    52:01:fa:6a:99:1d:a1:ba:2a:4e:66:3b:ab:92:e5:
                    bf:ae:0d:7f:0c:2f:3c:20:34:32:48:e8:e8:9c:8d:
                    5a:9b:6f:76:a4:31:02:38:81:e1:8f:cc:e9:54:bf:
                    c6:a2:99:29:cb:a4:d4:ca:19:20:20:c6:43:ff:7c:
                    24:6a:ce:d2:1d:f0:f3:7f:f8:77:42:25:f5:37:87:
                    88:63:9c:26:59:f9:1e:7d:ef:eb:59:3e:e8:f7:b9:
                    63:1a:54:34:66:17:06:12:04:a3:40:dc:e5:65:34:
                    73:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:1C:AB:74:71:96:18:F7:F1:48:5C:3A:E4:68:79:A9:C6:76:A2:6D
            X509v3 Authority Key Identifier:
                keyid:77:CC:46:AD:E9:57:C8:F0:66:A5:C6:FE:25:31:0A:4C:F5:A7:E9:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8xGrelXyPBmpcb-JTEKTPWn6dQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/d61b54-ee9f-4e00-b1e3-f7d027560058/1/CRyrdHGWGPfxSFw65Gh5qcZ2om0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/d61b54-ee9f-4e00-b1e3-f7d027560058/1/d8xGrelXyPBmpcb-JTEKTPWn6dQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.110.146.0/24
                  193.138.90.0/24
                  194.165.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:9a:66:25:65:d1:4c:2d:fe:14:f1:2e:9a:46:15:15:fc:94:
         9f:df:01:e1:d6:03:d9:38:29:62:4c:cf:99:1c:80:52:cf:31:
         71:10:1d:93:e5:de:cc:f7:0e:e0:13:5b:d4:28:37:6a:70:d1:
         30:96:72:01:cf:05:b7:91:91:4a:ea:50:08:31:4a:11:e6:34:
         83:22:96:07:82:ac:b2:e7:62:f8:a6:89:de:c0:ed:c1:fa:89:
         9c:ee:68:86:5e:c7:e3:cf:bb:b0:bd:8e:6c:77:57:e8:8a:65:
         5b:72:0f:97:1d:53:fb:08:eb:9e:ea:f5:86:00:5d:28:4a:15:
         5c:20:8c:75:19:f8:32:1d:7e:8d:40:f5:d3:bf:45:16:7e:b9:
         5e:d6:07:ff:2f:31:52:e5:5d:a7:3d:36:90:d0:90:d8:ea:27:
         ce:20:45:76:0c:5d:48:12:68:51:e8:f3:56:57:55:c6:ff:48:
         7f:a1:f2:83:9e:55:0e:44:5e:a9:65:b0:c3:47:c7:fd:b9:dd:
         ea:9b:76:e3:0d:fe:8e:c2:ed:a1:eb:85:99:a8:75:40:4f:26:
         bf:cc:98:30:f9:b3:18:71:83:97:73:76:f1:be:bf:72:5d:78:
         e0:ce:39:26:25:70:13:d2:8f:06:fc:09:65:cc:17:9b:3c:b5:
         eb:93:29:50
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzGuJenDskHRkgGNHQJXIYiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3Y2M0NmFkZTk1N2M4ZjA2NmE1YzZmZTI1MzEwYTRjZjVh
N2U5ZDQwHhcNMjQwMTAxMjAzMDM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTFjYWI3NDcxOTYxOGY3ZjE0ODVjM2FlNDY4NzlhOWM2NzZhMjZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnG9+1hDcFHBw90SfaLyU+8V4bjWr
tDBub8OSOhWBZpQeKE/2Yt7Bgp0RpNgiR2LkgD6TK5M6kVADQ18JbWvZFLjbfeoM
TrWHMSF8zlPvIjylTNy+8BD1B+zt5LnXtcCKfd/ItH5Egd5zoB1egHrQHMTdIdvi
q6esRB1sg6SZVSzNkwwWxwU+WxdhFjZlAonWdRCVudNSAfpqmR2huipOZjurkuW/
rg1/DC88IDQySOjonI1am292pDECOIHhj8zpVL/Gopkpy6TUyhkgIMZD/3wkas7S
HfDzf/h3QiX1N4eIY5wmWfkefe/rWT7o97ljGlQ0ZhcGEgSjQNzlZTRz2QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFAkcq3Rxlhj38UhcOuRoeanGdqJtMB8GA1UdIwQY
MBaAFHfMRq3pV8jwZqXG/iUxCkz1p+nUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZDh4R3JlbFh5UEJtcGNiLUpURUtUUFduNmRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9kNjFiNTQtZWU5Zi00ZTAwLWIxZTMt
ZjdkMDI3NTYwMDU4LzEvQ1J5cmRIR1dHUGZ4U0Z3NjVHaDVxY1oyb20wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9kNjFiNTQtZWU5Zi00ZTAwLWIxZTMtZjdkMDI3NTYwMDU4
LzEvZDh4R3JlbFh5UEJtcGNiLUpURUtUUFduNmRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAwW6SAwQA
wYpaAwQAwqUrMA0GCSqGSIb3DQEBCwUAA4IBAQCtmmYlZdFMLf4U8S6aRhUV/JSf
3wHh1gPZOCliTM+ZHIBSzzFxEB2T5d7M9w7gE1vUKDdqcNEwlnIBzwW3kZFK6lAI
MUoR5jSDIpYHgqyy52L4ponewO3B+omc7miGXsfjz7uwvY5sd1foimVbcg+XHVP7
COue6vWGAF0oShVcIIx1GfgyHX6NQPXTv0UWfrle1gf/LzFS5V2nPTaQ0JDY6ifO
IEV2DF1IEmhR6PNWV1XG/0h/ofKDnlUORF6pZbDDR8f9ud3qm3bjDf6Owu2h64WZ
qHVATya/zJgw+bMYcYOXc3bxvr9yXXjgzjkmJXAT0o8G/AllzBebPLXrkylQ
-----END CERTIFICATE-----