Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/b77IgHc-0C0Rr_dfvuGtS4avGl0.roa
File:                     b77IgHc-0C0Rr_dfvuGtS4avGl0.roa (raw, json)
Hash identifier:          pUFCLnY0Uuj86mPeajrETTuvcuysKr2jMpqMVsvwa6w=
Subject key identifier:   6F:BE:C8:80:77:3E:D0:2D:11:AF:F7:5F:BE:E1:AD:4B:86:AF:1A:5D
Certificate issuer:       /CN=d08da9cf00d4d58b854ffc62010f235b06df354a
Certificate serial:       0194221FEDFF9D7E2CBA6FA4C257F818EB8C
Authority key identifier: D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/b77IgHc-0C0Rr_dfvuGtS4avGl0.roa
Signing time:             Wed 01 Jan 2025 13:48:25 +0000
ROA not before:           Wed 01 Jan 2025 13:48:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9008
IP address blocks:        207.244.196.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 04:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:ed:ff:9d:7e:2c:ba:6f:a4:c2:57:f8:18:eb:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d08da9cf00d4d58b854ffc62010f235b06df354a
        Validity
            Not Before: Jan  1 13:48:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6fbec880773ed02d11aff75fbee1ad4b86af1a5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:1a:d6:8d:78:7f:8d:3d:2c:81:6d:bd:4d:ec:
                    54:86:5c:63:93:8c:4a:0e:26:01:3e:18:e1:fc:98:
                    39:e1:14:68:17:76:97:65:65:20:6c:c0:07:cf:46:
                    d7:17:3e:de:2d:e3:e1:88:33:1b:ba:c1:05:1a:77:
                    59:68:8e:a6:80:53:f1:e1:99:5b:b6:ab:8b:58:43:
                    5f:fb:81:45:bb:ab:88:d9:c7:c9:a9:2d:83:50:dc:
                    41:93:72:e7:fe:e8:56:a0:39:5b:9c:d5:0a:da:29:
                    f4:a7:02:a4:f9:7d:13:fb:bf:b9:ce:11:a4:ef:8f:
                    c5:ee:7f:c7:01:4b:52:ac:dc:d3:d6:f2:79:8f:e5:
                    0c:d3:3b:03:ae:94:1c:23:69:45:fa:b2:53:db:2b:
                    86:2f:f2:83:a6:12:80:ff:6c:3d:39:57:eb:51:13:
                    e5:61:19:22:16:9c:e1:21:c4:52:21:6b:40:8b:03:
                    ee:e4:8e:76:84:2d:e2:e7:7a:5d:21:ac:45:ee:f0:
                    34:ac:94:34:72:1b:96:13:d6:b5:6d:94:3c:5d:1e:
                    66:e3:ec:75:fb:aa:31:46:77:37:19:8e:a2:ed:24:
                    f9:36:b3:12:25:d2:d0:47:73:98:9f:15:25:5b:41:
                    f1:bd:b0:9d:88:5b:89:36:3f:91:6d:82:34:05:fc:
                    53:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:BE:C8:80:77:3E:D0:2D:11:AF:F7:5F:BE:E1:AD:4B:86:AF:1A:5D
            X509v3 Authority Key Identifier:
                keyid:D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/b77IgHc-0C0Rr_dfvuGtS4avGl0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  207.244.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:7e:0c:54:c1:33:37:8e:27:cd:1c:e4:23:4b:e5:68:a8:70:
         9a:22:9e:23:22:4c:18:0d:22:a6:dd:29:73:68:20:b3:16:cf:
         47:29:74:de:ad:b6:cd:d2:f9:29:09:96:4f:bd:b7:fc:88:9b:
         d1:1e:aa:7b:e6:49:49:28:93:84:47:f8:f4:41:1f:2f:0c:e1:
         07:73:18:73:75:2b:0f:49:82:ba:88:94:52:8a:4b:13:6b:30:
         ed:ac:df:93:27:23:b8:f2:ba:95:fd:75:cd:61:e2:1c:95:65:
         d9:6a:cc:b5:18:f9:f3:b4:9e:18:12:e2:93:a3:46:23:ed:0e:
         f3:8a:14:c9:ce:2b:70:49:d1:f3:38:8a:40:a7:45:ab:bd:7e:
         0f:26:6c:2c:0f:b2:06:39:41:05:3b:34:28:b0:0c:1a:66:3a:
         3d:d2:d0:ef:b3:13:d8:f2:2e:b6:67:65:22:ff:58:e1:90:3b:
         f7:35:84:f3:a5:a8:fa:64:bc:35:b9:ae:df:eb:0e:77:5b:55:
         d0:60:cd:cd:81:22:a3:ac:d5:9b:2b:db:31:25:15:71:f5:79:
         81:11:0e:e3:3d:24:2b:26:d9:2a:17:48:87:b3:b5:f5:67:c9:
         5d:40:16:d0:1e:b9:6e:30:97:c6:54:17:bc:92:28:ec:0e:05:
         29:dd:d2:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH+3/nX4sum+kwlf4GOuMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwOGRhOWNmMDBkNGQ1OGI4NTRmZmM2MjAxMGYyMzViMDZk
ZjM1NGEwHhcNMjUwMTAxMTM0ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmJlYzg4MDc3M2VkMDJkMTFhZmY3NWZiZWUxYWQ0Yjg2YWYxYTVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAphrWjXh/jT0sgW29TexUhlxjk4xK
DiYBPhjh/Jg54RRoF3aXZWUgbMAHz0bXFz7eLePhiDMbusEFGndZaI6mgFPx4Zlb
tquLWENf+4FFu6uI2cfJqS2DUNxBk3Ln/uhWoDlbnNUK2in0pwKk+X0T+7+5zhGk
74/F7n/HAUtSrNzT1vJ5j+UM0zsDrpQcI2lF+rJT2yuGL/KDphKA/2w9OVfrURPl
YRkiFpzhIcRSIWtAiwPu5I52hC3i53pdIaxF7vA0rJQ0chuWE9a1bZQ8XR5m4+x1
+6oxRnc3GY6i7ST5NrMSJdLQR3OYnxUlW0HxvbCdiFuJNj+RbYI0BfxTFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG++yIB3PtAtEa/3X77hrUuGrxpdMB8GA1UdIwQY
MBaAFNCNqc8A1NWLhU/8YgEPI1sG3zVKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYt
MjBlMTk3ODBjYjJlLzEvYjc3SWdIYy0wQzBScl9kZnZ1R3RTNGF2R2wwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYtMjBlMTk3ODBjYjJl
LzEvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAz/TEMA0G
CSqGSIb3DQEBCwUAA4IBAQAffgxUwTM3jifNHOQjS+VoqHCaIp4jIkwYDSKm3Slz
aCCzFs9HKXTerbbN0vkpCZZPvbf8iJvRHqp75klJKJOER/j0QR8vDOEHcxhzdSsP
SYK6iJRSiksTazDtrN+TJyO48rqV/XXNYeIclWXZasy1GPnztJ4YEuKTo0Yj7Q7z
ihTJzitwSdHzOIpAp0WrvX4PJmwsD7IGOUEFOzQosAwaZjo90tDvsxPY8i62Z2Ui
/1jhkDv3NYTzpaj6ZLw1ua7f6w53W1XQYM3NgSKjrNWbK9sxJRVx9XmBEQ7jPSQr
JtkqF0iHs7X1Z8ldQBbQHrluMJfGVBe8kijsDgUp3dJz
-----END CERTIFICATE-----