Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/Z9b9TezS1uaHWlnUNdnpffwtcxo.roa
File:                     Z9b9TezS1uaHWlnUNdnpffwtcxo.roa (raw, json)
Hash identifier:          fAugY6fX+junRVMpyfQesDxtXEs3Ii7ZJDWMC48ALTk=
Subject key identifier:   67:D6:FD:4D:EC:D2:D6:E6:87:5A:59:D4:35:D9:E9:7D:FC:2D:73:1A
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       01934AD05F89DA4ABB01DBCB413361D896EB
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/Z9b9TezS1uaHWlnUNdnpffwtcxo.roa
Signing time:             Wed 20 Nov 2024 18:23:10 +0000
ROA not before:           Wed 20 Nov 2024 18:23:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215365
IP address blocks:        77.90.30.0/24 maxlen: 24
                          77.90.60.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:4a:d0:5f:89:da:4a:bb:01:db:cb:41:33:61:d8:96:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Nov 20 18:23:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=67d6fd4decd2d6e6875a59d435d9e97dfc2d731a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:db:9f:66:73:ae:7b:25:8d:10:31:13:7d:88:
                    13:63:db:09:42:27:0e:95:38:13:d4:93:e1:27:98:
                    81:73:f4:58:15:7c:e6:b3:e9:8c:4e:b8:19:81:d3:
                    0c:82:d0:d7:4a:7e:17:34:50:0d:9f:f8:74:b6:90:
                    88:e9:e0:a1:a5:fa:d4:b1:b1:2e:f2:ce:8f:3d:19:
                    ff:ad:cf:bf:16:9e:72:9e:52:3b:1a:cb:57:79:32:
                    92:a9:11:e1:1d:3e:63:71:bd:1b:5f:52:da:f0:56:
                    bc:bf:d4:62:99:b6:55:3d:d8:3f:63:48:18:a3:bf:
                    d9:e1:ba:38:fa:26:ac:65:67:80:ce:35:2e:39:10:
                    0b:c1:9b:7f:bb:8d:73:6d:12:37:70:53:8e:9d:df:
                    d9:db:43:f0:dc:37:a1:a9:36:82:8f:ab:1c:d9:a5:
                    a9:ab:d5:14:7a:ff:2b:96:84:19:82:de:4c:e7:12:
                    54:14:55:a4:3b:19:4a:ff:9b:fe:9d:e6:98:a1:43:
                    d1:a7:ba:7f:97:90:f2:b5:9c:a0:7a:a4:d6:73:e5:
                    65:fd:62:11:0f:79:b4:e2:3b:10:25:5a:61:5e:09:
                    74:07:42:dd:dd:15:b5:75:24:99:e6:bf:8b:07:e8:
                    a1:b4:12:20:12:e8:0b:a8:20:5d:53:51:8d:b5:a7:
                    e0:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:D6:FD:4D:EC:D2:D6:E6:87:5A:59:D4:35:D9:E9:7D:FC:2D:73:1A
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/Z9b9TezS1uaHWlnUNdnpffwtcxo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.30.0/24
                  77.90.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:ee:15:fe:09:93:0e:54:84:02:11:ce:ce:a5:6e:60:31:b9:
         79:3a:1f:30:fc:fd:aa:61:6a:6a:8b:68:1f:eb:12:41:38:b9:
         72:78:4f:f4:75:8d:59:f8:05:14:97:ae:cc:cf:12:41:19:9d:
         73:ca:05:3f:7f:90:16:ae:d9:5e:81:a1:95:cc:76:74:9c:69:
         1e:cf:b4:6d:93:1f:b1:7d:5f:f8:3d:f1:f0:bd:2a:98:88:63:
         bf:a9:1d:f8:45:07:32:f5:91:9b:70:ac:4b:03:5e:10:d2:33:
         14:93:e7:8e:00:46:b4:3d:b1:04:90:3f:bd:5b:54:57:20:3d:
         db:eb:e7:bb:fb:4a:0b:da:e9:6f:35:0b:63:63:8b:b8:4c:26:
         86:4f:6d:ff:a9:9b:96:dc:e1:ba:44:3e:34:23:e1:03:33:0b:
         40:36:1c:2f:39:d3:8d:4d:41:88:62:f0:4b:1d:1a:ef:75:15:
         a7:9c:10:a6:2f:94:87:5a:52:36:22:5a:0e:ef:01:e9:3c:8e:
         6d:28:22:3f:42:84:f8:0a:81:10:fe:9a:5d:7d:15:69:f5:3c:
         e0:bf:0f:57:ab:46:98:4f:53:5c:2b:a7:e7:a8:b8:5f:99:6c:
         1b:01:7a:12:6a:cd:58:c6:ee:12:43:84:e4:0d:0d:0d:8c:a4:
         af:0a:d7:94
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZNK0F+J2kq7AdvLQTNh2JbrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjQxMTIwMTgyMzEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2Q2ZmQ0ZGVjZDJkNmU2ODc1YTU5ZDQzNWQ5ZTk3ZGZjMmQ3MzFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr9ufZnOueyWNEDETfYgTY9sJQicO
lTgT1JPhJ5iBc/RYFXzms+mMTrgZgdMMgtDXSn4XNFANn/h0tpCI6eChpfrUsbEu
8s6PPRn/rc+/Fp5ynlI7GstXeTKSqRHhHT5jcb0bX1La8Fa8v9RimbZVPdg/Y0gY
o7/Z4bo4+iasZWeAzjUuORALwZt/u41zbRI3cFOOnd/Z20Pw3DehqTaCj6sc2aWp
q9UUev8rloQZgt5M5xJUFFWkOxlK/5v+neaYoUPRp7p/l5DytZygeqTWc+Vl/WIR
D3m04jsQJVphXgl0B0Ld3RW1dSSZ5r+LB+ihtBIgEugLqCBdU1GNtafgWwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGfW/U3s0tbmh1pZ1DXZ6X38LXMaMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvWjliOVRlelMxdWFIV2xuVU5kbnBmZnd0Y3hvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATVoeAwQA
TVo8MA0GCSqGSIb3DQEBCwUAA4IBAQBM7hX+CZMOVIQCEc7OpW5gMbl5Oh8w/P2q
YWpqi2gf6xJBOLlyeE/0dY1Z+AUUl67MzxJBGZ1zygU/f5AWrtlegaGVzHZ0nGke
z7Rtkx+xfV/4PfHwvSqYiGO/qR34RQcy9ZGbcKxLA14Q0jMUk+eOAEa0PbEEkD+9
W1RXID3b6+e7+0oL2ulvNQtjY4u4TCaGT23/qZuW3OG6RD40I+EDMwtANhwvOdON
TUGIYvBLHRrvdRWnnBCmL5SHWlI2IloO7wHpPI5tKCI/QoT4CoEQ/ppdfRVp9Tzg
vw9Xq0aYT1NcK6fnqLhfmWwbAXoSas1Yxu4SQ4TkDQ0NjKSvCteU
-----END CERTIFICATE-----