Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/nvYpn-C8t4CVQgwctZFjc8fiTYs.roa
File:                     nvYpn-C8t4CVQgwctZFjc8fiTYs.roa (raw, json)
Hash identifier:          PPMZJkuGbSsg5uBD7CLD1gVsOocC5Zb1TdXXvsoTPgI=
Subject key identifier:   9E:F6:29:9F:E0:BC:B7:80:95:42:0C:1C:B5:91:63:73:C7:E2:4D:8B
Certificate issuer:       /CN=77f61fc7c0ab41ce154e7bcb08ef962351a46784
Certificate serial:       018F4836B870ECE64E5B240E2375F9FC3766
Authority key identifier: 77:F6:1F:C7:C0:AB:41:CE:15:4E:7B:CB:08:EF:96:23:51:A4:67:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/nvYpn-C8t4CVQgwctZFjc8fiTYs.roa
Signing time:             Sun 05 May 2024 10:04:56 +0000
ROA not before:           Sun 05 May 2024 10:04:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        87.248.132.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 02:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:48:36:b8:70:ec:e6:4e:5b:24:0e:23:75:f9:fc:37:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77f61fc7c0ab41ce154e7bcb08ef962351a46784
        Validity
            Not Before: May  5 10:04:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9ef6299fe0bcb78095420c1cb5916373c7e24d8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:ca:d8:bb:0f:f0:cc:8c:3a:bd:15:84:fb:30:
                    a8:33:ef:1d:f3:b2:34:46:3f:91:65:1d:cd:05:60:
                    f4:20:6f:21:4e:38:a0:94:fe:96:2a:8b:62:aa:a1:
                    21:40:49:6c:be:3b:5a:50:15:e7:98:44:82:6c:63:
                    d5:4d:d4:9f:02:0f:27:bb:a5:dd:03:d2:46:72:df:
                    26:a3:98:24:fd:75:17:db:40:48:51:f0:7b:5d:b0:
                    7b:be:1d:03:e5:6e:4b:17:2b:de:7d:66:d3:3a:00:
                    54:b1:5a:4e:99:d9:6d:28:bb:2b:75:e5:75:50:ce:
                    94:e6:74:61:3b:7f:10:41:02:15:0f:2a:71:b7:07:
                    f0:24:57:c8:5d:b3:a9:37:a1:e3:a2:8f:94:13:ec:
                    3c:e5:da:e9:f4:a1:5a:b3:58:86:15:66:4a:b5:5b:
                    14:b0:12:e7:bb:f7:b4:0a:9d:ea:04:3e:a0:63:06:
                    28:4f:de:34:28:eb:cf:f1:31:12:d3:85:09:de:05:
                    73:74:00:9c:f1:45:43:89:91:e4:d6:2b:08:85:93:
                    00:05:48:99:38:06:1c:13:90:1a:f8:f9:eb:42:ae:
                    f9:2e:7d:52:98:c7:e0:4d:8b:58:e0:97:76:83:b1:
                    f0:ee:c0:b4:68:ea:40:f6:bf:13:d3:98:0d:c2:ac:
                    70:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:F6:29:9F:E0:BC:B7:80:95:42:0C:1C:B5:91:63:73:C7:E2:4D:8B
            X509v3 Authority Key Identifier:
                keyid:77:F6:1F:C7:C0:AB:41:CE:15:4E:7B:CB:08:EF:96:23:51:A4:67:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/nvYpn-C8t4CVQgwctZFjc8fiTYs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.248.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:44:69:77:ce:04:c7:e9:0c:01:35:0c:9f:d8:c2:77:85:d0:
         9b:43:6d:fc:b5:05:07:0b:d7:50:b7:53:2c:75:8f:80:94:e5:
         98:2c:7f:7e:26:33:77:3a:f7:48:c7:ca:b6:9f:90:2e:e1:c2:
         0d:02:c3:53:44:08:17:e6:85:2d:bb:c7:0e:5d:a9:8e:1d:23:
         40:b2:1b:1b:21:85:68:57:ee:fc:5e:86:e2:73:b6:24:e4:eb:
         79:24:e8:84:05:2d:6d:0c:ad:42:2d:92:07:b8:17:18:7b:a6:
         c7:8f:cf:9b:39:ea:de:67:39:aa:7d:91:d4:61:fd:f9:85:bf:
         32:16:c7:97:34:3c:40:13:f8:1d:22:b8:03:2c:4b:fc:43:d2:
         88:61:5a:c6:e9:e5:8a:ba:4e:e8:b5:95:9d:1c:dd:a3:c3:11:
         c0:3c:61:5b:b2:25:f8:99:78:3b:21:0d:db:f7:51:77:e4:c9:
         0f:83:14:91:87:a0:99:79:bd:18:e0:78:e7:cd:75:29:fe:2b:
         2c:33:45:17:90:a7:e6:a4:98:40:fe:fb:bf:57:48:ae:17:6f:
         df:24:cf:44:df:58:64:c2:df:fb:8a:e5:87:c1:1a:c6:af:e0:
         f0:4d:f6:65:1b:99:3e:f9:e4:ce:23:0f:c3:52:ee:73:0a:f3:
         09:70:a0:fc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9INrhw7OZOWyQOI3X5/DdmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3ZjYxZmM3YzBhYjQxY2UxNTRlN2JjYjA4ZWY5NjIzNTFh
NDY3ODQwHhcNMjQwNTA1MTAwNDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWY2Mjk5ZmUwYmNiNzgwOTU0MjBjMWNiNTkxNjM3M2M3ZTI0ZDhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvMrYuw/wzIw6vRWE+zCoM+8d87I0
Rj+RZR3NBWD0IG8hTjiglP6WKotiqqEhQElsvjtaUBXnmESCbGPVTdSfAg8nu6Xd
A9JGct8mo5gk/XUX20BIUfB7XbB7vh0D5W5LFyvefWbTOgBUsVpOmdltKLsrdeV1
UM6U5nRhO38QQQIVDypxtwfwJFfIXbOpN6Hjoo+UE+w85drp9KFas1iGFWZKtVsU
sBLnu/e0Cp3qBD6gYwYoT940KOvP8TES04UJ3gVzdACc8UVDiZHk1isIhZMABUiZ
OAYcE5Aa+PnrQq75Ln1SmMfgTYtY4Jd2g7Hw7sC0aOpA9r8T05gNwqxw3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ72KZ/gvLeAlUIMHLWRY3PH4k2LMB8GA1UdIwQY
MBaAFHf2H8fAq0HOFU57ywjvliNRpGeEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZF9ZZng4Q3JRYzRWVG52TENPLVdJMUdrWjRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC85MjEzZWMtODVhOS00OGQ2LWFhNjkt
ZWRjOWQwMmZhZjU0LzEvbnZZcG4tQzh0NENWUWd3Y3RaRmpjOGZpVFlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC85MjEzZWMtODVhOS00OGQ2LWFhNjktZWRjOWQwMmZhZjU0
LzEvZF9ZZng4Q3JRYzRWVG52TENPLVdJMUdrWjRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV/iEMA0G
CSqGSIb3DQEBCwUAA4IBAQCRRGl3zgTH6QwBNQyf2MJ3hdCbQ238tQUHC9dQt1Ms
dY+AlOWYLH9+JjN3OvdIx8q2n5Au4cINAsNTRAgX5oUtu8cOXamOHSNAshsbIYVo
V+78Xobic7Yk5Ot5JOiEBS1tDK1CLZIHuBcYe6bHj8+bOereZzmqfZHUYf35hb8y
FseXNDxAE/gdIrgDLEv8Q9KIYVrG6eWKuk7otZWdHN2jwxHAPGFbsiX4mXg7IQ3b
91F35MkPgxSRh6CZeb0Y4HjnzXUp/issM0UXkKfmpJhA/vu/V0iuF2/fJM9E31hk
wt/7iuWHwRrGr+DwTfZlG5k++eTOIw/DUu5zCvMJcKD8
-----END CERTIFICATE-----