Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/de31a6-aaa3-409d-8d4f-f61554c6c145/1/u-PXxIvLtGFB2NBtpbuBhma3_D0.roa
File:                     u-PXxIvLtGFB2NBtpbuBhma3_D0.roa (raw, json)
Hash identifier:          A86m5FTOUTkY+pxKZ/nEDlLAoGQUS6K+fDJwfzPNXic=
Subject key identifier:   BB:E3:D7:C4:8B:CB:B4:61:41:D8:D0:6D:A5:BB:81:86:66:B7:FC:3D
Certificate issuer:       /CN=815780532ed29a3f80e7ba414efcb379d9ec97c9
Certificate serial:       018CC6B8F78BE02F2017B9E7864D93E54970
Authority key identifier: 81:57:80:53:2E:D2:9A:3F:80:E7:BA:41:4E:FC:B3:79:D9:EC:97:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gVeAUy7Smj-A57pBTvyzednsl8k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/de31a6-aaa3-409d-8d4f-f61554c6c145/1/u-PXxIvLtGFB2NBtpbuBhma3_D0.roa
Signing time:             Mon 01 Jan 2024 20:30:59 +0000
ROA not before:           Mon 01 Jan 2024 20:30:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     17307
IP address blocks:        77.247.0.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/de31a6-aaa3-409d-8d4f-f61554c6c145/1/gVeAUy7Smj-A57pBTvyzednsl8k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/de31a6-aaa3-409d-8d4f-f61554c6c145/1/gVeAUy7Smj-A57pBTvyzednsl8k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gVeAUy7Smj-A57pBTvyzednsl8k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:f7:8b:e0:2f:20:17:b9:e7:86:4d:93:e5:49:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=815780532ed29a3f80e7ba414efcb379d9ec97c9
        Validity
            Not Before: Jan  1 20:30:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bbe3d7c48bcbb46141d8d06da5bb818666b7fc3d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:d0:2a:17:31:f7:82:77:ea:9b:45:51:a4:6b:
                    7a:b6:97:92:bf:ea:23:28:03:e3:35:12:50:52:83:
                    6c:77:cb:30:ed:2d:2c:b4:63:f2:34:56:e0:0c:a8:
                    0a:90:6c:66:35:38:bb:5d:34:91:53:d1:56:fe:2c:
                    aa:c7:83:f1:e6:a6:c6:66:a5:3a:a9:36:0f:86:19:
                    86:03:7e:3a:f8:1a:4b:87:13:ab:19:68:6a:cd:c1:
                    80:85:a5:62:94:47:ec:87:5f:77:89:dd:b2:82:01:
                    4d:70:f3:31:9f:30:a1:5f:70:0b:db:b0:86:40:3a:
                    81:06:ef:8f:29:67:9f:c8:51:cc:b1:f7:64:35:f1:
                    77:9d:92:bb:76:5b:2c:93:59:8a:e7:d9:ca:b5:ae:
                    c7:6b:fb:50:c0:d4:5d:ea:f7:b3:5a:e9:5d:1a:9f:
                    ac:fd:42:1d:ae:b0:86:66:de:51:cc:44:39:c9:02:
                    eb:71:f7:2e:c3:7d:2b:d2:dd:a0:7c:89:16:48:a2:
                    98:3e:c7:2e:97:60:73:e3:32:1b:12:0b:a1:68:c1:
                    d3:63:f0:68:03:31:5b:05:ab:db:1d:88:a2:a4:bd:
                    04:43:00:da:1c:d5:d6:df:44:d2:46:44:5e:11:13:
                    ef:ce:ea:c4:a0:50:c5:1a:02:14:fc:bd:c1:05:72:
                    85:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:E3:D7:C4:8B:CB:B4:61:41:D8:D0:6D:A5:BB:81:86:66:B7:FC:3D
            X509v3 Authority Key Identifier:
                keyid:81:57:80:53:2E:D2:9A:3F:80:E7:BA:41:4E:FC:B3:79:D9:EC:97:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gVeAUy7Smj-A57pBTvyzednsl8k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/de31a6-aaa3-409d-8d4f-f61554c6c145/1/u-PXxIvLtGFB2NBtpbuBhma3_D0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/de31a6-aaa3-409d-8d4f-f61554c6c145/1/gVeAUy7Smj-A57pBTvyzednsl8k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.247.0.0/20

    Signature Algorithm: sha256WithRSAEncryption
         42:2e:56:a2:8d:fa:8a:ee:85:30:4d:43:b1:fa:21:94:56:1f:
         ce:16:c4:6e:cd:cf:8d:c4:ba:0b:64:bf:9a:b4:18:2f:fa:3d:
         8b:93:b1:51:da:20:02:fa:78:5e:38:7b:22:eb:7f:f7:a5:76:
         bd:19:09:58:45:f1:2e:a9:66:b3:ea:b9:77:47:7e:e9:0d:cf:
         7e:d7:d9:9a:f0:cb:6f:5c:b6:21:b9:3f:2a:ee:f0:01:e3:73:
         f2:46:33:2a:2b:96:a8:76:68:d7:93:65:d3:8a:00:11:e0:90:
         21:ec:86:34:26:2f:b6:06:a4:54:52:b2:68:a7:d1:38:41:59:
         1a:37:c9:3f:d9:39:e9:5a:fb:72:fc:48:b4:57:5c:c3:bd:51:
         a5:be:c7:d4:0e:9a:2c:ce:30:08:72:57:ec:e1:d0:90:ca:f6:
         ae:0c:1a:ff:9a:71:ce:c9:2f:d1:a1:2d:5b:2e:04:ce:52:a3:
         88:4f:8e:e6:23:03:84:f4:1c:92:77:55:05:80:37:38:81:5d:
         11:09:2d:f7:d6:85:99:42:9c:9d:a5:57:69:cf:6a:85:d9:e0:
         4e:f3:e3:6b:e2:b0:17:9b:25:92:3d:3b:21:98:c4:f2:e5:70:
         89:96:af:78:7a:49:c6:ca:36:27:89:a0:c6:f1:52:91:50:ef:
         a1:1f:d3:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuPeL4C8gF7nnhk2T5UlwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxNTc4MDUzMmVkMjlhM2Y4MGU3YmE0MTRlZmNiMzc5ZDll
Yzk3YzkwHhcNMjQwMTAxMjAzMDU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYmUzZDdjNDhiY2JiNDYxNDFkOGQwNmRhNWJiODE4NjY2YjdmYzNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg9AqFzH3gnfqm0VRpGt6tpeSv+oj
KAPjNRJQUoNsd8sw7S0stGPyNFbgDKgKkGxmNTi7XTSRU9FW/iyqx4Px5qbGZqU6
qTYPhhmGA346+BpLhxOrGWhqzcGAhaVilEfsh193id2yggFNcPMxnzChX3AL27CG
QDqBBu+PKWefyFHMsfdkNfF3nZK7dlssk1mK59nKta7Ha/tQwNRd6vezWuldGp+s
/UIdrrCGZt5RzEQ5yQLrcfcuw30r0t2gfIkWSKKYPscul2Bz4zIbEguhaMHTY/Bo
AzFbBavbHYiipL0EQwDaHNXW30TSRkReERPvzurEoFDFGgIU/L3BBXKFoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLvj18SLy7RhQdjQbaW7gYZmt/w9MB8GA1UdIwQY
MBaAFIFXgFMu0po/gOe6QU78s3nZ7JfJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1ZlQVV5N1Ntai1BNTdwQlR2eXplZG5zbDhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9kZTMxYTYtYWFhMy00MDlkLThkNGYt
ZjYxNTU0YzZjMTQ1LzEvdS1QWHhJdkx0R0ZCMk5CdHBidUJobWEzX0QwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9kZTMxYTYtYWFhMy00MDlkLThkNGYtZjYxNTU0YzZjMTQ1
LzEvZ1ZlQVV5N1Ntai1BNTdwQlR2eXplZG5zbDhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQETfcAMA0G
CSqGSIb3DQEBCwUAA4IBAQBCLlaijfqK7oUwTUOx+iGUVh/OFsRuzc+NxLoLZL+a
tBgv+j2Lk7FR2iAC+nheOHsi63/3pXa9GQlYRfEuqWaz6rl3R37pDc9+19ma8Mtv
XLYhuT8q7vAB43PyRjMqK5aodmjXk2XTigAR4JAh7IY0Ji+2BqRUUrJop9E4QVka
N8k/2TnpWvty/Ei0V1zDvVGlvsfUDposzjAIclfs4dCQyvauDBr/mnHOyS/RoS1b
LgTOUqOIT47mIwOE9BySd1UFgDc4gV0RCS331oWZQpydpVdpz2qF2eBO8+Nr4rAX
myWSPTshmMTy5XCJlq94eknGyjYniaDG8VKRUO+hH9Pt
-----END CERTIFICATE-----