Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/dded95-cb8c-4335-aed0-64838df3977a/1/sOFxqYstnBcwOsqr3D0QzeiuP9c.roa
File:                     sOFxqYstnBcwOsqr3D0QzeiuP9c.roa (raw, json)
Hash identifier:          6b7gkiQinp8MQIflFim0tGUketFeDpWfe0SMhoNwxIg=
Subject key identifier:   B0:E1:71:A9:8B:2D:9C:17:30:3A:CA:AB:DC:3D:10:CD:E8:AE:3F:D7
Certificate issuer:       /CN=0195727f07b758f9868476c13cf977654bf380ee
Certificate serial:       018CC6B8B2425786434B6DC0B548983BB320
Authority key identifier: 01:95:72:7F:07:B7:58:F9:86:84:76:C1:3C:F9:77:65:4B:F3:80:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AZVyfwe3WPmGhHbBPPl3ZUvzgO4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/dded95-cb8c-4335-aed0-64838df3977a/1/sOFxqYstnBcwOsqr3D0QzeiuP9c.roa
Signing time:             Mon 01 Jan 2024 20:30:42 +0000
ROA not before:           Mon 01 Jan 2024 20:30:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207228
IP address blocks:        77.243.126.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/dded95-cb8c-4335-aed0-64838df3977a/1/AZVyfwe3WPmGhHbBPPl3ZUvzgO4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/dded95-cb8c-4335-aed0-64838df3977a/1/AZVyfwe3WPmGhHbBPPl3ZUvzgO4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AZVyfwe3WPmGhHbBPPl3ZUvzgO4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:b2:42:57:86:43:4b:6d:c0:b5:48:98:3b:b3:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0195727f07b758f9868476c13cf977654bf380ee
        Validity
            Not Before: Jan  1 20:30:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b0e171a98b2d9c17303acaabdc3d10cde8ae3fd7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:98:ad:7b:b2:2e:8e:23:74:6a:7e:c9:f3:5c:
                    3f:6c:c1:96:ab:08:31:13:22:b3:51:47:bd:57:45:
                    58:69:83:92:9a:fc:ca:10:e7:fb:f3:e7:86:12:9a:
                    8e:00:e0:3e:26:8f:b6:c7:ca:5f:e4:91:9a:87:e3:
                    d1:1b:25:6c:1e:57:89:90:6c:e9:0d:75:5c:41:d1:
                    45:2e:63:09:4e:53:7f:4b:47:b7:6f:ae:9b:78:ff:
                    43:6c:e1:b5:9d:fe:22:49:de:4c:6f:dc:f6:b5:ce:
                    25:be:a9:10:84:a2:06:9d:7b:34:05:5b:8f:a4:1e:
                    19:61:d5:cb:d2:26:b2:27:4b:11:ee:fb:b8:fe:f7:
                    ea:a4:0d:c2:ee:b3:15:14:75:ae:6e:d2:91:3c:88:
                    d1:87:fd:b5:e1:20:70:12:10:24:e1:12:2f:9c:06:
                    81:7d:a8:31:94:74:5d:a9:0c:80:e6:f3:58:bf:31:
                    14:2f:b2:50:1a:2e:8a:92:f4:f7:04:9c:ab:da:4b:
                    db:50:10:96:2b:96:63:a0:db:75:4c:d6:48:7a:7d:
                    3f:e0:1a:41:8e:b6:ae:d0:e6:c8:91:90:81:9d:70:
                    70:51:74:2d:52:d6:9b:4a:3b:e9:c5:fb:31:c3:e5:
                    a0:88:b7:88:16:46:bf:ee:bf:50:52:a2:12:ae:bf:
                    78:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:E1:71:A9:8B:2D:9C:17:30:3A:CA:AB:DC:3D:10:CD:E8:AE:3F:D7
            X509v3 Authority Key Identifier:
                keyid:01:95:72:7F:07:B7:58:F9:86:84:76:C1:3C:F9:77:65:4B:F3:80:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AZVyfwe3WPmGhHbBPPl3ZUvzgO4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/dded95-cb8c-4335-aed0-64838df3977a/1/sOFxqYstnBcwOsqr3D0QzeiuP9c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/dded95-cb8c-4335-aed0-64838df3977a/1/AZVyfwe3WPmGhHbBPPl3ZUvzgO4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.243.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:84:b3:7f:27:5b:8b:4e:20:b1:b5:bf:45:54:44:74:ac:15:
         28:11:6c:6b:02:be:6f:bc:49:96:ee:5b:5d:aa:c5:60:0c:b8:
         03:62:37:49:80:96:c4:f5:76:56:de:af:95:0a:20:f8:13:15:
         84:f6:43:9c:ae:ee:52:c2:02:aa:79:83:b9:05:6e:5b:48:a6:
         c6:8f:3d:38:1c:57:1f:95:76:4b:0d:ed:25:4f:14:45:95:04:
         79:ea:1f:e7:0a:df:7e:83:03:a5:24:5e:f9:e7:3f:e9:f0:6c:
         4e:43:85:94:58:4b:72:4c:85:47:62:c3:8a:81:f5:01:50:0e:
         85:ed:66:46:56:78:1f:24:f0:b9:d1:2c:e3:ed:b5:60:a9:46:
         1d:5a:2c:ca:0f:a0:4e:64:ac:f7:46:e5:18:b7:68:cc:0a:ba:
         9f:1c:53:ed:b4:cf:cd:b0:55:6e:f2:d5:70:72:ea:25:21:73:
         78:0f:ee:e4:fd:eb:47:80:bb:ea:f9:a5:d2:f9:ef:93:a5:78:
         d8:5e:37:2b:91:31:41:49:65:de:fa:4b:a9:77:15:6a:77:fb:
         07:a9:80:28:2c:e9:8d:cb:c4:bb:3e:3b:09:8b:d6:0a:25:16:
         51:f6:e0:b1:2d:27:f3:b2:47:ab:d5:81:1b:51:f0:df:fa:34:
         25:47:f9:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuLJCV4ZDS23AtUiYO7MgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxOTU3MjdmMDdiNzU4Zjk4Njg0NzZjMTNjZjk3NzY1NGJm
MzgwZWUwHhcNMjQwMTAxMjAzMDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGUxNzFhOThiMmQ5YzE3MzAzYWNhYWJkYzNkMTBjZGU4YWUzZmQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Jite7IujiN0an7J81w/bMGWqwgx
EyKzUUe9V0VYaYOSmvzKEOf78+eGEpqOAOA+Jo+2x8pf5JGah+PRGyVsHleJkGzp
DXVcQdFFLmMJTlN/S0e3b66beP9DbOG1nf4iSd5Mb9z2tc4lvqkQhKIGnXs0BVuP
pB4ZYdXL0iayJ0sR7vu4/vfqpA3C7rMVFHWubtKRPIjRh/214SBwEhAk4RIvnAaB
fagxlHRdqQyA5vNYvzEUL7JQGi6KkvT3BJyr2kvbUBCWK5ZjoNt1TNZIen0/4BpB
jrau0ObIkZCBnXBwUXQtUtabSjvpxfsxw+WgiLeIFka/7r9QUqISrr94MQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLDhcamLLZwXMDrKq9w9EM3orj/XMB8GA1UdIwQY
MBaAFAGVcn8Ht1j5hoR2wTz5d2VL84DuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVpWeWZ3ZTNXUG1HaEhiQlBQbDNaVXZ6Z080LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9kZGVkOTUtY2I4Yy00MzM1LWFlZDAt
NjQ4MzhkZjM5NzdhLzEvc09GeHFZc3RuQmN3T3NxcjNEMFF6ZWl1UDljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9kZGVkOTUtY2I4Yy00MzM1LWFlZDAtNjQ4MzhkZjM5Nzdh
LzEvQVpWeWZ3ZTNXUG1HaEhiQlBQbDNaVXZ6Z080LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATfN+MA0G
CSqGSIb3DQEBCwUAA4IBAQCFhLN/J1uLTiCxtb9FVER0rBUoEWxrAr5vvEmW7ltd
qsVgDLgDYjdJgJbE9XZW3q+VCiD4ExWE9kOcru5SwgKqeYO5BW5bSKbGjz04HFcf
lXZLDe0lTxRFlQR56h/nCt9+gwOlJF755z/p8GxOQ4WUWEtyTIVHYsOKgfUBUA6F
7WZGVngfJPC50Szj7bVgqUYdWizKD6BOZKz3RuUYt2jMCrqfHFPttM/NsFVu8tVw
cuolIXN4D+7k/etHgLvq+aXS+e+TpXjYXjcrkTFBSWXe+kupdxVqd/sHqYAoLOmN
y8S7PjsJi9YKJRZR9uCxLSfzsker1YEbUfDf+jQlR/nR
-----END CERTIFICATE-----