Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/jZuJ0nxZDnRsLrHh7RFNCVCL9ps.roa
File:                     jZuJ0nxZDnRsLrHh7RFNCVCL9ps.roa (raw, json)
Hash identifier:          IJ3WHY8EaulpXRVnHfuYPe69PZ2S1j4weCYmy7UqhuE=
Subject key identifier:   8D:9B:89:D2:7C:59:0E:74:6C:2E:B1:E1:ED:11:4D:09:50:8B:F6:9B
Certificate issuer:       /CN=352ae33b11b36a319ba81347d852480d8e74c87d
Certificate serial:       018CCA99A25E691C2EF39D2DAB378A1190B0
Authority key identifier: 35:2A:E3:3B:11:B3:6A:31:9B:A8:13:47:D8:52:48:0D:8E:74:C8:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NSrjOxGzajGbqBNH2FJIDY50yH0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/jZuJ0nxZDnRsLrHh7RFNCVCL9ps.roa
Signing time:             Tue 02 Jan 2024 14:35:15 +0000
ROA not before:           Tue 02 Jan 2024 14:35:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207412
IP address blocks:        77.231.176.0/24 maxlen: 24
                          77.227.23.0/24 maxlen: 24
                          77.227.24.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/NSrjOxGzajGbqBNH2FJIDY50yH0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/NSrjOxGzajGbqBNH2FJIDY50yH0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NSrjOxGzajGbqBNH2FJIDY50yH0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:a2:5e:69:1c:2e:f3:9d:2d:ab:37:8a:11:90:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=352ae33b11b36a319ba81347d852480d8e74c87d
        Validity
            Not Before: Jan  2 14:35:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8d9b89d27c590e746c2eb1e1ed114d09508bf69b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:51:34:3c:a0:48:43:07:79:0b:1a:ff:c5:03:
                    2d:16:57:4b:ee:f6:59:87:08:69:6c:5f:91:31:b5:
                    74:2a:38:a9:f9:50:2e:4b:86:b2:dc:51:2c:cb:b0:
                    98:20:59:8b:c1:c9:d1:2e:e8:ab:e5:7c:7c:2e:82:
                    bc:03:f7:5f:85:9a:e8:b5:c6:26:bc:9f:e2:95:5f:
                    74:11:da:d3:3d:42:32:f7:09:88:00:9f:8d:48:f3:
                    6b:14:e9:85:05:7f:49:29:4c:80:7a:52:c3:fc:43:
                    0d:29:fa:ff:db:53:04:25:ce:a4:26:79:fc:71:c1:
                    42:fa:ba:ed:68:6a:8d:43:5a:ba:8d:d7:54:86:46:
                    35:a8:84:68:5b:a2:f2:9e:84:bf:f4:7a:c1:b0:3f:
                    54:29:f2:a6:c4:a4:b7:62:7b:23:82:f7:21:97:5f:
                    ce:d0:d0:86:e1:d2:e2:88:91:8a:e1:5c:fd:69:d7:
                    a1:2d:c7:53:ad:ed:73:1b:f8:a6:62:1f:a0:38:5c:
                    95:97:e9:00:7a:cc:55:c9:b8:0a:01:7f:cc:26:5d:
                    fd:df:c6:52:63:cd:1a:69:6d:fb:3a:2e:bf:9d:83:
                    ce:39:c5:6d:f7:48:f6:7f:96:bb:11:36:5a:3f:13:
                    87:91:f5:7c:54:c5:c3:1e:59:07:6e:a3:d6:e2:99:
                    13:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:9B:89:D2:7C:59:0E:74:6C:2E:B1:E1:ED:11:4D:09:50:8B:F6:9B
            X509v3 Authority Key Identifier:
                keyid:35:2A:E3:3B:11:B3:6A:31:9B:A8:13:47:D8:52:48:0D:8E:74:C8:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NSrjOxGzajGbqBNH2FJIDY50yH0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/jZuJ0nxZDnRsLrHh7RFNCVCL9ps.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/NSrjOxGzajGbqBNH2FJIDY50yH0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.227.23.0-77.227.24.255
                  77.231.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:72:f5:64:4f:9a:a1:11:95:9b:44:f0:b9:a6:3e:8b:ae:0f:
         a5:1d:11:1a:f9:c2:d5:24:45:5e:92:03:60:88:27:09:a8:1f:
         cf:dd:68:27:b2:c6:0b:74:73:8c:31:92:1a:22:f2:00:98:94:
         ab:db:4c:23:bf:69:8c:6b:12:93:89:4f:af:52:8d:4b:7b:90:
         41:52:48:00:4b:90:92:07:f1:97:82:86:88:8f:60:0b:ed:7a:
         98:75:94:78:8e:13:fc:be:98:90:7b:db:dc:0d:45:1c:7f:6a:
         7e:42:ab:dd:6b:d2:24:a1:ec:b4:97:8b:d6:f4:6d:ee:58:0c:
         08:d8:62:df:23:e5:5f:b0:1d:7d:1d:c8:f9:32:ab:a1:2b:8c:
         ae:72:d6:b8:e3:55:c1:fa:25:03:cd:25:9e:df:c8:39:9e:5c:
         54:05:df:2b:f2:e2:19:67:d5:a5:85:bb:6a:6d:14:7c:87:bf:
         10:1e:dd:ac:99:d1:d5:66:c1:e9:70:cb:32:ea:b3:bb:c2:16:
         ac:14:5c:f7:40:49:13:d9:7b:a3:e5:3a:17:94:55:d4:bb:83:
         de:d4:e9:e7:84:8f:df:2f:56:ca:a5:f7:bb:7c:ce:a7:d6:78:
         13:f6:bf:76:67:d6:59:ac:a3:5a:18:33:28:3b:44:e1:c8:da:
         a6:a1:77:ec
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzKmaJeaRwu850tqzeKEZCwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MmFlMzNiMTFiMzZhMzE5YmE4MTM0N2Q4NTI0ODBkOGU3
NGM4N2QwHhcNMjQwMTAyMTQzNTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDliODlkMjdjNTkwZTc0NmMyZWIxZTFlZDExNGQwOTUwOGJmNjliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo1E0PKBIQwd5Cxr/xQMtFldL7vZZ
hwhpbF+RMbV0Kjip+VAuS4ay3FEsy7CYIFmLwcnRLuir5Xx8LoK8A/dfhZrotcYm
vJ/ilV90EdrTPUIy9wmIAJ+NSPNrFOmFBX9JKUyAelLD/EMNKfr/21MEJc6kJnn8
ccFC+rrtaGqNQ1q6jddUhkY1qIRoW6LynoS/9HrBsD9UKfKmxKS3Ynsjgvchl1/O
0NCG4dLiiJGK4Vz9adehLcdTre1zG/imYh+gOFyVl+kAesxVybgKAX/MJl3938ZS
Y80aaW37Oi6/nYPOOcVt90j2f5a7ETZaPxOHkfV8VMXDHlkHbqPW4pkT5wIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFI2bidJ8WQ50bC6x4e0RTQlQi/abMB8GA1UdIwQY
MBaAFDUq4zsRs2oxm6gTR9hSSA2OdMh9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlNyak94R3phakdicUJOSDJGSklEWTUweUgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9jNTVhYjAtZWEyMi00YTE5LThiMzMt
MjUwNTBjNTkzYWExLzEvalp1SjBueFpEblJzTHJIaDdSRk5DVkNMOXBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9jNTVhYjAtZWEyMi00YTE5LThiMzMtMjUwNTBjNTkzYWEx
LzEvTlNyak94R3phakdicUJOSDJGSklEWTUweUgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBABN4xcD
BABN4xgDBABN57AwDQYJKoZIhvcNAQELBQADggEBAKpy9WRPmqERlZtE8LmmPouu
D6UdERr5wtUkRV6SA2CIJwmoH8/daCeyxgt0c4wxkhoi8gCYlKvbTCO/aYxrEpOJ
T69SjUt7kEFSSABLkJIH8ZeChoiPYAvteph1lHiOE/y+mJB729wNRRx/an5Cq91r
0iSh7LSXi9b0be5YDAjYYt8j5V+wHX0dyPkyq6ErjK5y1rjjVcH6JQPNJZ7fyDme
XFQF3yvy4hln1aWFu2ptFHyHvxAe3ayZ0dVmwelwyzLqs7vCFqwUXPdASRPZe6Pl
OheUVdS7g97U6eeEj98vVsql97t8zqfWeBP2v3Zn1lmso1oYMyg7ROHI2qahd+w=
-----END CERTIFICATE-----