Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/0038cd-3975-4893-94f6-3e558ac2465e/1/YRMgmXlRMmsX_th_N_dOFnF28q4.roa
File:                     YRMgmXlRMmsX_th_N_dOFnF28q4.roa (raw, json)
Hash identifier:          KY+Yf6dGM9OO8PrJR+tlkqWSg/2FI2jZztvRouj2dkQ=
Subject key identifier:   61:13:20:99:79:51:32:6B:17:FE:D8:7F:37:F7:4E:16:71:76:F2:AE
Certificate issuer:       /CN=872076f188ea4a6ce5f7767f73176dd4a793941b
Certificate serial:       019316DB750C2DEB1EDFBEC46F531AF14788
Authority key identifier: 87:20:76:F1:88:EA:4A:6C:E5:F7:76:7F:73:17:6D:D4:A7:93:94:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hyB28YjqSmzl93Z_cxdt1KeTlBs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/0038cd-3975-4893-94f6-3e558ac2465e/1/YRMgmXlRMmsX_th_N_dOFnF28q4.roa
Signing time:             Sun 10 Nov 2024 16:15:01 +0000
ROA not before:           Sun 10 Nov 2024 16:15:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        85.193.77.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/0038cd-3975-4893-94f6-3e558ac2465e/1/hyB28YjqSmzl93Z_cxdt1KeTlBs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/0038cd-3975-4893-94f6-3e558ac2465e/1/hyB28YjqSmzl93Z_cxdt1KeTlBs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hyB28YjqSmzl93Z_cxdt1KeTlBs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:16:db:75:0c:2d:eb:1e:df:be:c4:6f:53:1a:f1:47:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=872076f188ea4a6ce5f7767f73176dd4a793941b
        Validity
            Not Before: Nov 10 16:15:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=611320997951326b17fed87f37f74e167176f2ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:e8:33:cf:54:f7:ff:05:df:bf:db:d8:96:39:
                    0f:a2:25:e0:97:23:56:c9:ae:bc:76:03:03:f8:42:
                    69:c8:72:58:99:3f:4e:b8:f5:fa:b0:95:5c:27:d6:
                    07:80:c9:c3:76:b1:5c:50:28:f3:82:20:db:97:83:
                    44:8b:7a:ab:ac:66:c6:74:41:bb:56:8a:63:16:f4:
                    19:8c:b5:1a:45:12:a1:89:47:d3:0c:61:31:4c:e5:
                    7b:b2:ff:4b:f4:58:f2:77:b3:f3:e8:35:1f:c1:b9:
                    70:59:d8:95:63:56:75:06:96:19:0e:a1:fe:60:ea:
                    c2:28:f8:f0:30:77:b4:dd:5a:55:d3:c3:5d:51:a9:
                    55:4a:94:52:c8:ec:a6:86:23:af:f9:34:89:51:2e:
                    08:b7:1f:df:38:49:b8:3f:e3:92:f6:88:72:92:44:
                    f6:fd:bd:69:50:8b:bb:9a:9e:81:b6:58:ce:29:aa:
                    4a:bb:2e:d6:01:93:05:37:33:d4:38:50:eb:a9:fc:
                    2c:6a:1b:b2:82:2b:fa:5a:cf:8c:85:02:18:86:33:
                    8c:60:36:95:ef:2d:b9:86:d6:20:5e:f3:5d:e5:5e:
                    c4:ec:23:b8:97:d2:e8:05:2c:dc:7b:59:22:e3:57:
                    48:b7:9b:64:37:06:47:cd:f2:74:3d:a7:d6:34:82:
                    72:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:13:20:99:79:51:32:6B:17:FE:D8:7F:37:F7:4E:16:71:76:F2:AE
            X509v3 Authority Key Identifier:
                keyid:87:20:76:F1:88:EA:4A:6C:E5:F7:76:7F:73:17:6D:D4:A7:93:94:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hyB28YjqSmzl93Z_cxdt1KeTlBs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/0038cd-3975-4893-94f6-3e558ac2465e/1/YRMgmXlRMmsX_th_N_dOFnF28q4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/0038cd-3975-4893-94f6-3e558ac2465e/1/hyB28YjqSmzl93Z_cxdt1KeTlBs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.193.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:32:f7:c7:a0:dd:e3:0b:3b:3c:a5:a4:f3:8c:13:b7:71:fb:
         c8:53:16:54:f3:5b:e1:63:e1:08:35:c7:27:a5:eb:20:7b:2b:
         18:9f:1a:6b:e2:f8:6e:a9:fb:57:81:0b:d5:96:92:40:e7:0f:
         59:73:3a:5a:83:1f:42:0d:6c:e6:6a:de:f8:66:4c:60:1d:85:
         56:b0:3c:43:c6:fc:f1:dd:5b:eb:45:09:7b:84:a7:86:7d:99:
         ff:c9:be:77:3b:4c:09:39:40:72:ae:78:57:6c:fa:a6:df:34:
         ca:f9:97:7f:84:de:65:74:8a:47:3f:c2:8c:83:20:26:8b:ac:
         86:46:e0:13:24:cd:f0:3d:28:4a:2a:a8:07:a1:23:b9:9a:bb:
         56:41:87:d5:ef:0d:45:b4:02:f6:46:0b:cb:10:82:01:cc:c3:
         37:c6:ea:d3:fb:a5:90:d5:24:6e:04:d5:7e:b8:b4:b9:e5:4a:
         b9:a8:63:07:92:37:48:28:74:dd:88:79:a1:09:07:35:3d:1a:
         7f:0c:d2:d6:a1:1f:ff:74:f9:a8:aa:f7:bd:77:9c:ac:ad:b8:
         83:c2:c9:0d:e6:15:5c:61:d3:81:22:d1:2a:9b:f3:c7:c2:fa:
         f7:64:0b:c3:69:a3:41:b6:92:ee:20:ab:77:18:6b:b3:e7:2b:
         ad:20:64:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMW23UMLese377Eb1Ma8UeIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3MjA3NmYxODhlYTRhNmNlNWY3NzY3ZjczMTc2ZGQ0YTc5
Mzk0MWIwHhcNMjQxMTEwMTYxNTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTEzMjA5OTc5NTEzMjZiMTdmZWQ4N2YzN2Y3NGUxNjcxNzZmMmFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkugzz1T3/wXfv9vYljkPoiXglyNW
ya68dgMD+EJpyHJYmT9OuPX6sJVcJ9YHgMnDdrFcUCjzgiDbl4NEi3qrrGbGdEG7
VopjFvQZjLUaRRKhiUfTDGExTOV7sv9L9Fjyd7Pz6DUfwblwWdiVY1Z1BpYZDqH+
YOrCKPjwMHe03VpV08NdUalVSpRSyOymhiOv+TSJUS4Itx/fOEm4P+OS9ohykkT2
/b1pUIu7mp6BtljOKapKuy7WAZMFNzPUOFDrqfwsahuygiv6Ws+MhQIYhjOMYDaV
7y25htYgXvNd5V7E7CO4l9LoBSzce1ki41dIt5tkNwZHzfJ0PafWNIJyRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGETIJl5UTJrF/7Yfzf3ThZxdvKuMB8GA1UdIwQY
MBaAFIcgdvGI6kps5fd2f3MXbdSnk5QbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHlCMjhZanFTbXpsOTNaX2N4ZHQxS2VUbEJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8wMDM4Y2QtMzk3NS00ODkzLTk0ZjYt
M2U1NThhYzI0NjVlLzEvWVJNZ21YbFJNbXNYX3RoX05fZE9GbkYyOHE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8wMDM4Y2QtMzk3NS00ODkzLTk0ZjYtM2U1NThhYzI0NjVl
LzEvaHlCMjhZanFTbXpsOTNaX2N4ZHQxS2VUbEJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVcFNMA0G
CSqGSIb3DQEBCwUAA4IBAQB5MvfHoN3jCzs8paTzjBO3cfvIUxZU81vhY+EINccn
pesgeysYnxpr4vhuqftXgQvVlpJA5w9Zczpagx9CDWzmat74ZkxgHYVWsDxDxvzx
3VvrRQl7hKeGfZn/yb53O0wJOUByrnhXbPqm3zTK+Zd/hN5ldIpHP8KMgyAmi6yG
RuATJM3wPShKKqgHoSO5mrtWQYfV7w1FtAL2RgvLEIIBzMM3xurT+6WQ1SRuBNV+
uLS55Uq5qGMHkjdIKHTdiHmhCQc1PRp/DNLWoR//dPmoqve9d5ysrbiDwskN5hVc
YdOBItEqm/PHwvr3ZAvDaaNBtpLuIKt3GGuz5yutIGRh
-----END CERTIFICATE-----