Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/ObSdlipmAk1iKYNkZ9YITqbsels.roa
File:                     ObSdlipmAk1iKYNkZ9YITqbsels.roa (raw, json)
Hash identifier:          tPQFjJrY+wen1/5SD/k4Zg54R2Lo8i/vJsy2VPUGnxQ=
Subject key identifier:   39:B4:9D:96:2A:66:02:4D:62:29:83:64:67:D6:08:4E:A6:EC:7A:5B
Certificate issuer:       /CN=68c510fc9b865d96e3afc7c56056efad9a330c5b
Certificate serial:       019425FCB47A32FC3953E4C3922122B03F63
Authority key identifier: 68:C5:10:FC:9B:86:5D:96:E3:AF:C7:C5:60:56:EF:AD:9A:33:0C:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/ObSdlipmAk1iKYNkZ9YITqbsels.roa
Signing time:             Thu 02 Jan 2025 07:48:25 +0000
ROA not before:           Thu 02 Jan 2025 07:48:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201615
IP address blocks:        77.79.204.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:b4:7a:32:fc:39:53:e4:c3:92:21:22:b0:3f:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68c510fc9b865d96e3afc7c56056efad9a330c5b
        Validity
            Not Before: Jan  2 07:48:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=39b49d962a66024d6229836467d6084ea6ec7a5b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:a4:7f:75:f3:38:ee:63:66:cb:85:bc:c6:2a:
                    0a:fd:a0:82:aa:77:a9:af:41:f6:fd:c5:b6:31:28:
                    d1:50:37:db:94:5b:30:74:60:ef:f2:af:2c:7d:20:
                    df:52:35:92:dc:08:54:b1:8c:f1:90:03:09:ad:df:
                    64:4c:bf:d4:dc:3a:34:8b:cb:b5:11:bf:c7:5e:98:
                    f3:f7:06:21:57:bd:ee:28:dd:dc:50:11:a4:1a:cd:
                    54:a7:9c:a0:7b:e6:91:6b:ad:ae:2c:ec:b4:95:9b:
                    19:58:5c:e4:eb:23:00:cb:b3:5b:8b:18:a8:00:c2:
                    de:3f:65:e6:5c:2b:c4:57:bb:30:af:db:08:e4:00:
                    d0:58:0b:75:7c:ef:dd:77:1f:4d:23:79:da:92:e4:
                    af:92:62:7e:c0:65:46:29:e0:9f:1f:66:e9:24:ff:
                    77:77:2b:8a:69:a0:76:aa:46:91:75:f7:5a:16:eb:
                    be:7d:55:91:8c:7e:b3:68:56:c8:8e:e3:2d:81:2b:
                    d2:3a:16:0b:2f:98:a0:34:c9:e1:d8:6d:f9:1e:f6:
                    f8:4d:bb:54:21:e6:b2:13:69:d0:ce:e4:b1:84:46:
                    17:16:30:ed:92:3d:87:6f:11:5c:66:0a:63:8c:79:
                    1c:4c:7a:4b:f1:0a:27:be:1c:a4:3a:18:fd:77:2c:
                    25:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:B4:9D:96:2A:66:02:4D:62:29:83:64:67:D6:08:4E:A6:EC:7A:5B
            X509v3 Authority Key Identifier:
                keyid:68:C5:10:FC:9B:86:5D:96:E3:AF:C7:C5:60:56:EF:AD:9A:33:0C:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/ObSdlipmAk1iKYNkZ9YITqbsels.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.79.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:00:4e:2b:0e:e2:98:e6:ca:4e:d1:51:98:8e:e5:db:21:12:
         8b:32:71:63:6a:10:65:1e:ff:42:54:e3:47:e6:9b:80:eb:9a:
         55:0c:3f:0b:ce:85:9f:4f:ab:3e:5d:1a:41:22:6c:21:c1:3a:
         a1:94:76:bb:fa:95:f6:69:16:ff:75:02:60:1b:26:63:00:61:
         cd:6b:33:f7:9b:b7:c6:0c:c8:f3:7c:c5:68:1f:e5:90:3a:99:
         de:0f:2e:7b:1d:1b:66:96:30:1b:61:ee:cb:c4:69:22:de:a9:
         19:6e:ae:c6:a6:f9:75:05:b4:92:21:ea:ab:20:b5:bb:6f:d5:
         1b:7a:23:1c:f9:2e:7e:11:65:a3:71:75:46:40:f4:dd:33:e1:
         b5:29:f8:8c:84:e9:94:ca:27:82:40:f3:49:6f:0c:fc:19:7a:
         04:3d:12:25:5e:28:e4:21:80:4d:cc:fe:1d:c4:06:3e:70:b2:
         9e:e7:0f:11:ff:89:bb:60:02:b4:08:cf:07:51:71:43:e6:81:
         20:0d:3a:c3:2c:c3:17:d4:53:99:f5:2f:51:32:d7:f0:82:61:
         bc:3b:c3:47:82:6c:f5:b8:0b:42:16:3f:a7:96:86:cc:de:da:
         50:15:21:d7:67:07:e3:ce:ea:68:c4:c0:3a:a5:b7:99:a0:69:
         9a:26:7d:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/LR6Mvw5U+TDkiEisD9jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4YzUxMGZjOWI4NjVkOTZlM2FmYzdjNTYwNTZlZmFkOWEz
MzBjNWIwHhcNMjUwMTAyMDc0ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOWI0OWQ5NjJhNjYwMjRkNjIyOTgzNjQ2N2Q2MDg0ZWE2ZWM3YTViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArKR/dfM47mNmy4W8xioK/aCCqnep
r0H2/cW2MSjRUDfblFswdGDv8q8sfSDfUjWS3AhUsYzxkAMJrd9kTL/U3Do0i8u1
Eb/HXpjz9wYhV73uKN3cUBGkGs1Up5yge+aRa62uLOy0lZsZWFzk6yMAy7Nbixio
AMLeP2XmXCvEV7swr9sI5ADQWAt1fO/ddx9NI3nakuSvkmJ+wGVGKeCfH2bpJP93
dyuKaaB2qkaRdfdaFuu+fVWRjH6zaFbIjuMtgSvSOhYLL5igNMnh2G35Hvb4TbtU
IeayE2nQzuSxhEYXFjDtkj2HbxFcZgpjjHkcTHpL8QonvhykOhj9dywllwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDm0nZYqZgJNYimDZGfWCE6m7HpbMB8GA1UdIwQY
MBaAFGjFEPybhl2W46/HxWBW762aMwxbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYU1VUV9KdUdYWmJqcjhmRllGYnZyWm96REZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9lMGYyZjYtM2E4YS00ZGFhLTgyNzEt
NWQ2NjVlOTk4ZjZhLzEvT2JTZGxpcG1BazFpS1lOa1o5WUlUcWJzZWxzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9lMGYyZjYtM2E4YS00ZGFhLTgyNzEtNWQ2NjVlOTk4ZjZh
LzEvYU1VUV9KdUdYWmJqcjhmRllGYnZyWm96REZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATU/MMA0G
CSqGSIb3DQEBCwUAA4IBAQCAAE4rDuKY5spO0VGYjuXbIRKLMnFjahBlHv9CVONH
5puA65pVDD8LzoWfT6s+XRpBImwhwTqhlHa7+pX2aRb/dQJgGyZjAGHNazP3m7fG
DMjzfMVoH+WQOpneDy57HRtmljAbYe7LxGki3qkZbq7Gpvl1BbSSIeqrILW7b9Ub
eiMc+S5+EWWjcXVGQPTdM+G1KfiMhOmUyieCQPNJbwz8GXoEPRIlXijkIYBNzP4d
xAY+cLKe5w8R/4m7YAK0CM8HUXFD5oEgDTrDLMMX1FOZ9S9RMtfwgmG8O8NHgmz1
uAtCFj+nlobM3tpQFSHXZwfjzupoxMA6pbeZoGmaJn0Z
-----END CERTIFICATE-----