Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/77f5b9-5b8c-4546-9a0d-b8c5f84d9687/1/PLwRwWOtSjw-0Pg41XEpQjuSA-U.roa
File:                     PLwRwWOtSjw-0Pg41XEpQjuSA-U.roa (raw, json)
Hash identifier:          lGtM/oEk7N2nkUdCvZFwDApY3dPL/dm/f6h+7RuL+gU=
Subject key identifier:   3C:BC:11:C1:63:AD:4A:3C:3E:D0:F8:38:D5:71:29:42:3B:92:03:E5
Certificate issuer:       /CN=a3ace73daf52102cdb84b7f5681296957a0c9a78
Certificate serial:       019423D6CE4284415FADCE0FD62778DAEB42
Authority key identifier: A3:AC:E7:3D:AF:52:10:2C:DB:84:B7:F5:68:12:96:95:7A:0C:9A:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o6znPa9SECzbhLf1aBKWlXoMmng.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/77f5b9-5b8c-4546-9a0d-b8c5f84d9687/1/PLwRwWOtSjw-0Pg41XEpQjuSA-U.roa
Signing time:             Wed 01 Jan 2025 21:47:47 +0000
ROA not before:           Wed 01 Jan 2025 21:47:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47212
IP address blocks:        79.99.56.0/21 maxlen: 21
                          2a01:a180::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/23/77f5b9-5b8c-4546-9a0d-b8c5f84d9687/1/o6znPa9SECzbhLf1aBKWlXoMmng.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/23/77f5b9-5b8c-4546-9a0d-b8c5f84d9687/1/o6znPa9SECzbhLf1aBKWlXoMmng.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o6znPa9SECzbhLf1aBKWlXoMmng.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 13:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:ce:42:84:41:5f:ad:ce:0f:d6:27:78:da:eb:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a3ace73daf52102cdb84b7f5681296957a0c9a78
        Validity
            Not Before: Jan  1 21:47:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3cbc11c163ad4a3c3ed0f838d57129423b9203e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:12:df:c6:fa:91:d2:fc:2f:b4:b4:b8:09:38:
                    ab:25:38:35:6f:7a:61:73:3a:ff:13:95:43:8d:1e:
                    a2:63:1c:40:58:9d:61:d3:f9:a4:36:a1:89:91:9e:
                    ec:f9:44:31:c3:ce:2a:ec:84:70:ea:5e:7a:3f:37:
                    79:a3:fb:0c:3e:64:b3:74:14:bd:9f:08:51:90:14:
                    71:f6:e0:d1:d7:bd:a7:ac:22:11:ce:ef:34:92:3d:
                    bd:1d:d2:19:2e:0c:a3:bf:89:27:22:6b:1a:ae:99:
                    51:88:9b:d0:49:2d:da:06:e9:81:ce:46:fa:d5:ec:
                    c2:05:9b:0f:0d:f4:b7:2b:bd:80:f9:f9:9d:ff:a1:
                    e1:b8:55:5a:94:5c:21:bd:a0:ce:0b:a6:42:ee:dd:
                    c8:95:29:c5:87:07:04:0d:f9:88:5c:81:cb:79:c2:
                    bb:01:21:70:15:9a:74:6a:ae:84:ef:b9:a5:b4:1d:
                    1d:cf:a3:f5:cd:9c:83:a7:5b:4f:d0:9d:cf:36:4f:
                    8d:85:d0:fa:31:7e:4d:71:f5:d6:ba:24:1a:a1:84:
                    65:da:20:46:9d:0a:64:eb:6b:cf:0c:b6:62:b0:a4:
                    b5:e2:3e:6c:de:a7:90:ac:34:a1:7f:58:b5:e8:15:
                    aa:de:31:03:7d:15:c4:63:9b:dd:28:b8:a2:a5:3e:
                    f1:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:BC:11:C1:63:AD:4A:3C:3E:D0:F8:38:D5:71:29:42:3B:92:03:E5
            X509v3 Authority Key Identifier:
                keyid:A3:AC:E7:3D:AF:52:10:2C:DB:84:B7:F5:68:12:96:95:7A:0C:9A:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o6znPa9SECzbhLf1aBKWlXoMmng.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/77f5b9-5b8c-4546-9a0d-b8c5f84d9687/1/PLwRwWOtSjw-0Pg41XEpQjuSA-U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/77f5b9-5b8c-4546-9a0d-b8c5f84d9687/1/o6znPa9SECzbhLf1aBKWlXoMmng.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.99.56.0/21
                IPv6:
                  2a01:a180::/32

    Signature Algorithm: sha256WithRSAEncryption
         37:96:bf:14:6f:60:aa:e4:d5:ed:ef:13:4c:86:5a:11:12:81:
         30:4b:dd:5c:27:77:30:b9:78:c6:63:c4:68:d5:bd:aa:68:9a:
         2f:49:77:f4:83:9f:c3:3d:6f:9e:2b:b2:24:e4:9a:14:8d:d6:
         2a:29:f8:9c:83:69:67:48:d3:d9:03:11:c2:b8:23:fa:24:7f:
         16:fd:dd:42:6b:68:23:92:23:85:c3:7b:eb:e7:1d:23:40:26:
         02:2e:78:d5:1e:06:b1:da:0c:97:eb:59:98:b0:43:16:c3:42:
         50:0c:5b:02:02:a2:6e:04:42:36:1f:ee:46:ca:dd:41:86:bf:
         7e:08:de:fa:31:c6:78:f1:38:a0:fa:1c:6f:b9:e6:88:74:8a:
         f2:a4:55:60:ac:58:f2:d8:75:9a:14:03:4f:f9:0e:d9:c9:6d:
         41:94:66:39:ab:54:2f:d2:0d:3f:4b:18:15:6c:b8:0e:9a:cb:
         29:db:16:50:24:b4:05:39:a9:84:c3:0a:ab:1b:80:89:b9:51:
         78:20:fe:6c:62:4c:c4:06:ba:52:ba:61:76:af:73:73:ad:92:
         f2:36:f6:d4:c3:c5:fe:34:39:42:02:bd:b6:a0:1f:25:41:15:
         18:c7:d6:5d:f3:80:1b:c7:3b:26:58:16:a1:5b:79:49:e4:0c:
         13:3d:12:40
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQj1s5ChEFfrc4P1id42utCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzYWNlNzNkYWY1MjEwMmNkYjg0YjdmNTY4MTI5Njk1N2Ew
YzlhNzgwHhcNMjUwMTAxMjE0NzQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2JjMTFjMTYzYWQ0YTNjM2VkMGY4MzhkNTcxMjk0MjNiOTIwM2U1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9hLfxvqR0vwvtLS4CTirJTg1b3ph
czr/E5VDjR6iYxxAWJ1h0/mkNqGJkZ7s+UQxw84q7IRw6l56Pzd5o/sMPmSzdBS9
nwhRkBRx9uDR172nrCIRzu80kj29HdIZLgyjv4knImsarplRiJvQSS3aBumBzkb6
1ezCBZsPDfS3K72A+fmd/6HhuFValFwhvaDOC6ZC7t3IlSnFhwcEDfmIXIHLecK7
ASFwFZp0aq6E77mltB0dz6P1zZyDp1tP0J3PNk+NhdD6MX5NcfXWuiQaoYRl2iBG
nQpk62vPDLZisKS14j5s3qeQrDShf1i16BWq3jEDfRXEY5vdKLiipT7xjQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDy8EcFjrUo8PtD4ONVxKUI7kgPlMB8GA1UdIwQY
MBaAFKOs5z2vUhAs24S39WgSlpV6DJp4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzZ6blBhOVNFQ3piaExmMWFCS1dsWG9NbW5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy83N2Y1YjktNWI4Yy00NTQ2LTlhMGQt
YjhjNWY4NGQ5Njg3LzEvUEx3UndXT3RTanctMFBnNDFYRXBRanVTQS1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy83N2Y1YjktNWI4Yy00NTQ2LTlhMGQtYjhjNWY4NGQ5Njg3
LzEvbzZ6blBhOVNFQ3piaExmMWFCS1dsWG9NbW5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDT2M4MA0E
AgACMAcDBQAqAaGAMA0GCSqGSIb3DQEBCwUAA4IBAQA3lr8Ub2Cq5NXt7xNMhloR
EoEwS91cJ3cwuXjGY8Ro1b2qaJovSXf0g5/DPW+eK7Ik5JoUjdYqKficg2lnSNPZ
AxHCuCP6JH8W/d1Ca2gjkiOFw3vr5x0jQCYCLnjVHgax2gyX61mYsEMWw0JQDFsC
AqJuBEI2H+5Gyt1Bhr9+CN76McZ48Tig+hxvueaIdIrypFVgrFjy2HWaFANP+Q7Z
yW1BlGY5q1Qv0g0/SxgVbLgOmssp2xZQJLQFOamEwwqrG4CJuVF4IP5sYkzEBrpS
umF2r3NzrZLyNvbUw8X+NDlCAr22oB8lQRUYx9Zd84AbxzsmWBahW3lJ5AwTPRJA
-----END CERTIFICATE-----