Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/9c6e07-693f-46ce-8646-d7abcd0ef64a/1/yKZ32kIjhpt4fzIOJBh9216y3Js.roa
File:                     yKZ32kIjhpt4fzIOJBh9216y3Js.roa (raw, json)
Hash identifier:          I9KQPXlADNM7HQ0Dhkk4mbcRvJdC6ja9u2H59Fd+MXQ=
Subject key identifier:   C8:A6:77:DA:42:23:86:9B:78:7F:32:0E:24:18:7D:DB:5E:B2:DC:9B
Certificate issuer:       /CN=8a5a3417fbe25c2e467c18485c181a7776f96ff4
Certificate serial:       018EBD4706DFAA1F8AAE8148B7D0C0671411
Authority key identifier: 8A:5A:34:17:FB:E2:5C:2E:46:7C:18:48:5C:18:1A:77:76:F9:6F:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ilo0F_viXC5GfBhIXBgad3b5b_Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/9c6e07-693f-46ce-8646-d7abcd0ef64a/1/yKZ32kIjhpt4fzIOJBh9216y3Js.roa
Signing time:             Mon 08 Apr 2024 10:35:32 +0000
ROA not before:           Mon 08 Apr 2024 10:35:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5065
IP address blocks:        77.93.138.0/23 maxlen: 24
                          77.93.140.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/9c6e07-693f-46ce-8646-d7abcd0ef64a/1/ilo0F_viXC5GfBhIXBgad3b5b_Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/9c6e07-693f-46ce-8646-d7abcd0ef64a/1/ilo0F_viXC5GfBhIXBgad3b5b_Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ilo0F_viXC5GfBhIXBgad3b5b_Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 14:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:bd:47:06:df:aa:1f:8a:ae:81:48:b7:d0:c0:67:14:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a5a3417fbe25c2e467c18485c181a7776f96ff4
        Validity
            Not Before: Apr  8 10:35:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c8a677da4223869b787f320e24187ddb5eb2dc9b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:83:cc:a6:54:b0:04:ee:3b:7a:ae:69:08:c8:
                    42:43:b7:3c:af:f8:45:00:ec:77:0d:26:c4:04:cf:
                    7a:af:85:5b:d3:94:41:79:38:01:6b:58:ea:24:d0:
                    4b:61:e8:8c:8f:cd:6f:f0:bb:c3:3f:ff:49:60:77:
                    c8:0b:ed:9e:98:c4:ea:67:5c:2a:ab:49:5a:15:f1:
                    55:90:c3:c2:17:6c:e4:13:d7:1f:ab:d2:3d:b2:5c:
                    12:29:b8:ee:b4:64:b8:1a:ae:60:32:3a:e0:d1:11:
                    1a:1c:68:00:0e:d8:e4:1f:a4:ac:a7:81:77:80:dc:
                    54:4b:59:fb:0d:3a:bc:40:3b:fd:ac:6e:80:19:ae:
                    3e:1e:54:b7:d1:17:86:99:f2:63:2b:3a:2d:a7:87:
                    29:47:3d:5b:90:4f:43:96:07:1b:14:3a:73:38:23:
                    02:26:78:f9:3c:49:85:33:3a:0a:6b:db:70:55:4c:
                    f9:7a:02:7a:19:65:bd:df:4c:1b:70:ed:9a:33:1d:
                    57:bc:2a:ea:bc:f8:9b:72:35:6f:2a:c1:f8:57:ca:
                    55:0c:78:19:a5:7d:f8:eb:14:e2:30:df:5f:0f:0d:
                    c3:7b:a1:8a:14:5a:5d:e5:1b:20:e6:ff:92:7f:eb:
                    20:a5:9f:e6:60:2a:fe:20:fd:1f:9b:e0:64:57:58:
                    53:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:A6:77:DA:42:23:86:9B:78:7F:32:0E:24:18:7D:DB:5E:B2:DC:9B
            X509v3 Authority Key Identifier:
                keyid:8A:5A:34:17:FB:E2:5C:2E:46:7C:18:48:5C:18:1A:77:76:F9:6F:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ilo0F_viXC5GfBhIXBgad3b5b_Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/9c6e07-693f-46ce-8646-d7abcd0ef64a/1/yKZ32kIjhpt4fzIOJBh9216y3Js.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/9c6e07-693f-46ce-8646-d7abcd0ef64a/1/ilo0F_viXC5GfBhIXBgad3b5b_Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.93.138.0-77.93.143.255

    Signature Algorithm: sha256WithRSAEncryption
         4b:f6:cd:0b:7d:9f:08:84:4f:ec:a8:7a:ed:22:1c:13:00:b9:
         72:2b:5e:48:c3:60:75:62:5c:4b:fe:aa:48:7a:f5:44:38:82:
         02:f7:2a:70:ef:f2:3d:f7:42:14:ac:8a:3c:2a:6e:a0:e1:92:
         84:03:01:cb:95:72:c0:c5:35:28:29:bc:4c:25:8d:bf:d2:47:
         38:f1:c4:71:0d:dd:df:29:03:d8:42:10:1c:9c:69:d5:61:ae:
         c3:2b:5a:4c:ae:a2:66:d2:1b:b9:d0:68:e3:c1:48:3e:14:0e:
         08:9f:60:08:1a:fb:cf:82:f1:8e:83:73:01:f5:de:9a:0d:1d:
         4e:bc:75:86:f5:79:cc:62:d0:9d:81:6f:94:68:8c:23:b8:7a:
         58:bc:0c:81:b6:7e:1c:fb:75:82:70:6b:36:58:19:11:38:98:
         52:f0:2c:1a:77:d3:e8:4e:bc:a6:50:1d:10:7e:0f:04:19:4d:
         fb:78:04:f1:c3:99:85:72:39:8b:26:a4:49:1e:85:dd:a6:a4:
         4a:f1:ac:7e:58:08:f6:d7:9b:b2:2a:1e:b4:69:06:72:26:1a:
         c5:22:5e:9f:b4:ed:21:99:eb:a1:3e:d0:7c:96:31:5a:e3:0f:
         da:d4:f6:90:3e:79:d3:a4:34:e1:40:9f:5c:f7:b6:26:f5:7e:
         1f:0c:f6:b4
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAY69Rwbfqh+KroFIt9DAZxQRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhNWEzNDE3ZmJlMjVjMmU0NjdjMTg0ODVjMTgxYTc3NzZm
OTZmZjQwHhcNMjQwNDA4MTAzNTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOGE2NzdkYTQyMjM4NjliNzg3ZjMyMGUyNDE4N2RkYjVlYjJkYzliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnIPMplSwBO47eq5pCMhCQ7c8r/hF
AOx3DSbEBM96r4Vb05RBeTgBa1jqJNBLYeiMj81v8LvDP/9JYHfIC+2emMTqZ1wq
q0laFfFVkMPCF2zkE9cfq9I9slwSKbjutGS4Gq5gMjrg0REaHGgADtjkH6Ssp4F3
gNxUS1n7DTq8QDv9rG6AGa4+HlS30ReGmfJjKzotp4cpRz1bkE9DlgcbFDpzOCMC
Jnj5PEmFMzoKa9twVUz5egJ6GWW930wbcO2aMx1XvCrqvPibcjVvKsH4V8pVDHgZ
pX346xTiMN9fDw3De6GKFFpd5Rsg5v+Sf+sgpZ/mYCr+IP0fm+BkV1hTMwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFMimd9pCI4abeH8yDiQYfdtestybMB8GA1UdIwQY
MBaAFIpaNBf74lwuRnwYSFwYGnd2+W/0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWxvMEZfdmlYQzVHZkJoSVhCZ2FkM2I1Yl9RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC85YzZlMDctNjkzZi00NmNlLTg2NDYt
ZDdhYmNkMGVmNjRhLzEveUtaMzJrSWpocHQ0ZnpJT0pCaDkyMTZ5M0pzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC85YzZlMDctNjkzZi00NmNlLTg2NDYtZDdhYmNkMGVmNjRh
LzEvaWxvMEZfdmlYQzVHZkJoSVhCZ2FkM2I1Yl9RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAFNXYoD
BARNXYAwDQYJKoZIhvcNAQELBQADggEBAEv2zQt9nwiET+yoeu0iHBMAuXIrXkjD
YHViXEv+qkh69UQ4ggL3KnDv8j33QhSsijwqbqDhkoQDAcuVcsDFNSgpvEwljb/S
RzjxxHEN3d8pA9hCEBycadVhrsMrWkyuombSG7nQaOPBSD4UDgifYAga+8+C8Y6D
cwH13poNHU68dYb1ecxi0J2Bb5RojCO4eli8DIG2fhz7dYJwazZYGRE4mFLwLBp3
0+hOvKZQHRB+DwQZTft4BPHDmYVyOYsmpEkehd2mpErxrH5YCPbXm7IqHrRpBnIm
GsUiXp+07SGZ66E+0HyWMVrjD9rU9pA+edOkNOFAn1z3tib1fh8M9rQ=
-----END CERTIFICATE-----