Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/xLuTtEmxYwGHIRVl0oJ6NNru8-s.roa
File:                     xLuTtEmxYwGHIRVl0oJ6NNru8-s.roa (raw, json)
Hash identifier:          cgJCCCp5yxUrniiLptsl8cycqw+rkKPWD+IzeKZhgTE=
Subject key identifier:   C4:BB:93:B4:49:B1:63:01:87:21:15:65:D2:82:7A:34:DA:EE:F3:EB
Certificate issuer:       /CN=68c510fc9b865d96e3afc7c56056efad9a330c5b
Certificate serial:       018CCA2BC0EB2686E4066543226B459C79D5
Authority key identifier: 68:C5:10:FC:9B:86:5D:96:E3:AF:C7:C5:60:56:EF:AD:9A:33:0C:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/xLuTtEmxYwGHIRVl0oJ6NNru8-s.roa
Signing time:             Tue 02 Jan 2024 12:35:14 +0000
ROA not before:           Tue 02 Jan 2024 12:35:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202904
IP address blocks:        77.79.207.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jul 2024 06:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:c0:eb:26:86:e4:06:65:43:22:6b:45:9c:79:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68c510fc9b865d96e3afc7c56056efad9a330c5b
        Validity
            Not Before: Jan  2 12:35:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c4bb93b449b1630187211565d2827a34daeef3eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:fd:27:2d:04:28:e7:70:a7:cf:10:85:35:5d:
                    29:a7:04:e9:68:df:c5:f2:22:64:97:75:77:2c:32:
                    cc:72:8c:1d:af:c0:d5:ed:7c:7d:bf:ed:fd:ce:16:
                    94:98:a3:d4:ec:8e:36:10:92:86:9c:c3:64:9c:24:
                    1b:44:47:a4:a0:ea:bb:2d:10:80:39:3f:46:c1:df:
                    ee:ce:ea:6d:3c:19:de:bb:64:11:d3:6e:13:87:7a:
                    d1:03:6f:1b:e4:7b:d7:c0:0f:2c:d8:ea:b1:88:8a:
                    b6:fe:ad:d1:09:9c:c5:73:2d:e7:bd:7f:7b:16:1c:
                    15:29:78:25:fc:be:6c:4a:2f:d4:9c:7b:9f:e2:dc:
                    e3:58:28:32:09:ac:fc:c8:d3:fe:ff:8c:f6:e7:9b:
                    25:54:23:b8:3d:12:8c:35:7d:1a:36:57:21:f8:5e:
                    13:39:f6:26:a6:3b:3c:2a:fc:82:d4:5e:0e:24:ad:
                    3d:5b:e6:f0:af:3e:6d:76:93:6f:e3:c7:84:c7:0c:
                    d1:e4:51:ce:30:e6:b9:29:64:1d:ec:3f:11:56:06:
                    f4:15:4f:1f:6f:a8:91:10:c6:ab:4b:a4:8e:dc:31:
                    ba:01:72:29:16:de:ba:f6:dd:3e:5e:c1:aa:ad:a7:
                    73:a0:e9:74:1b:35:1f:29:85:a3:fd:ef:a4:bf:bc:
                    90:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:BB:93:B4:49:B1:63:01:87:21:15:65:D2:82:7A:34:DA:EE:F3:EB
            X509v3 Authority Key Identifier:
                keyid:68:C5:10:FC:9B:86:5D:96:E3:AF:C7:C5:60:56:EF:AD:9A:33:0C:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/xLuTtEmxYwGHIRVl0oJ6NNru8-s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.79.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:eb:98:f0:39:7c:ff:5c:e7:cf:f3:f0:00:22:13:8d:0e:41:
         27:3d:2b:35:4c:a4:b9:22:93:35:9d:57:f3:02:ee:8a:ef:5c:
         16:b2:6d:6a:c5:c6:ad:66:07:92:98:7e:49:b5:1e:d9:b3:6e:
         aa:87:ec:25:06:78:f4:95:ea:48:fe:13:7a:99:81:8f:d6:5a:
         d6:c7:9f:24:36:c6:64:55:7d:80:b7:8a:2e:97:31:af:07:2b:
         da:78:e7:b9:62:54:9b:16:a4:bc:1b:de:ed:25:3f:a5:f2:7d:
         66:9e:5f:98:24:77:8a:e9:84:8f:0a:df:da:2c:09:46:dd:6f:
         b4:ea:e3:1d:fc:49:df:67:79:6d:9b:00:75:a6:d6:45:68:64:
         cd:9c:99:4f:85:25:fc:b4:fc:04:9c:f4:ba:6c:60:65:b6:55:
         eb:77:6c:0b:d6:c5:9c:a5:ef:76:c5:f1:3a:a6:e7:3e:ca:a5:
         6c:00:75:66:cf:72:f4:96:5f:63:69:a1:a3:7c:ed:39:e4:34:
         a0:05:fa:81:ba:63:d8:a0:d6:82:0d:da:2d:44:67:3d:9b:b8:
         bf:15:19:d6:b6:17:82:40:ad:2e:4b:5f:7b:93:86:c4:6e:d1:
         3c:97:d0:5f:2a:48:f2:73:c2:12:1b:5b:90:12:23:d9:f6:54:
         37:91:cb:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK8DrJobkBmVDImtFnHnVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4YzUxMGZjOWI4NjVkOTZlM2FmYzdjNTYwNTZlZmFkOWEz
MzBjNWIwHhcNMjQwMTAyMTIzNTE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGJiOTNiNDQ5YjE2MzAxODcyMTE1NjVkMjgyN2EzNGRhZWVmM2ViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv/0nLQQo53CnzxCFNV0ppwTpaN/F
8iJkl3V3LDLMcowdr8DV7Xx9v+39zhaUmKPU7I42EJKGnMNknCQbREekoOq7LRCA
OT9Gwd/uzuptPBneu2QR024Th3rRA28b5HvXwA8s2OqxiIq2/q3RCZzFcy3nvX97
FhwVKXgl/L5sSi/UnHuf4tzjWCgyCaz8yNP+/4z255slVCO4PRKMNX0aNlch+F4T
OfYmpjs8KvyC1F4OJK09W+bwrz5tdpNv48eExwzR5FHOMOa5KWQd7D8RVgb0FU8f
b6iREMarS6SO3DG6AXIpFt669t0+XsGqradzoOl0GzUfKYWj/e+kv7yQKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMS7k7RJsWMBhyEVZdKCejTa7vPrMB8GA1UdIwQY
MBaAFGjFEPybhl2W46/HxWBW762aMwxbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYU1VUV9KdUdYWmJqcjhmRllGYnZyWm96REZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9lMGYyZjYtM2E4YS00ZGFhLTgyNzEt
NWQ2NjVlOTk4ZjZhLzEveEx1VHRFbXhZd0dISVJWbDBvSjZOTnJ1OC1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9lMGYyZjYtM2E4YS00ZGFhLTgyNzEtNWQ2NjVlOTk4ZjZh
LzEvYU1VUV9KdUdYWmJqcjhmRllGYnZyWm96REZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATU/PMA0G
CSqGSIb3DQEBCwUAA4IBAQAr65jwOXz/XOfP8/AAIhONDkEnPSs1TKS5IpM1nVfz
Au6K71wWsm1qxcatZgeSmH5JtR7Zs26qh+wlBnj0lepI/hN6mYGP1lrWx58kNsZk
VX2At4oulzGvByvaeOe5YlSbFqS8G97tJT+l8n1mnl+YJHeK6YSPCt/aLAlG3W+0
6uMd/EnfZ3ltmwB1ptZFaGTNnJlPhSX8tPwEnPS6bGBltlXrd2wL1sWcpe92xfE6
puc+yqVsAHVmz3L0ll9jaaGjfO055DSgBfqBumPYoNaCDdotRGc9m7i/FRnWtheC
QK0uS197k4bEbtE8l9BfKkjyc8ISG1uQEiPZ9lQ3kcsw
-----END CERTIFICATE-----