Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/153788-14b7-4551-9ade-6aea9057c800/1/i77zRhtTVgSwHGvehGehnTj-cY4.roa
File:                     i77zRhtTVgSwHGvehGehnTj-cY4.roa (raw, json)
Hash identifier:          qiY8FfOLDaM+LSyzL9HRKdWU2y0G9obwbDUuFQLr2Zo=
Subject key identifier:   8B:BE:F3:46:1B:53:56:04:B0:1C:6B:DE:84:67:A1:9D:38:FE:71:8E
Certificate issuer:       /CN=aeb66ec5e8f2405f6f8d486e73fb82b8de0dee0f
Certificate serial:       018FEC68E24CE0A573FCEEA8065238A7714D
Authority key identifier: AE:B6:6E:C5:E8:F2:40:5F:6F:8D:48:6E:73:FB:82:B8:DE:0D:EE:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rrZuxejyQF9vjUhuc_uCuN4N7g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/153788-14b7-4551-9ade-6aea9057c800/1/i77zRhtTVgSwHGvehGehnTj-cY4.roa
Signing time:             Thu 06 Jun 2024 07:17:27 +0000
ROA not before:           Thu 06 Jun 2024 07:17:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60507
IP address blocks:        81.94.220.0/22 maxlen: 24
                          81.94.220.0/23 maxlen: 24
                          81.94.223.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/153788-14b7-4551-9ade-6aea9057c800/1/rrZuxejyQF9vjUhuc_uCuN4N7g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/153788-14b7-4551-9ade-6aea9057c800/1/rrZuxejyQF9vjUhuc_uCuN4N7g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rrZuxejyQF9vjUhuc_uCuN4N7g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 19:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:ec:68:e2:4c:e0:a5:73:fc:ee:a8:06:52:38:a7:71:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aeb66ec5e8f2405f6f8d486e73fb82b8de0dee0f
        Validity
            Not Before: Jun  6 07:17:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8bbef3461b535604b01c6bde8467a19d38fe718e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:bd:40:83:71:0c:a6:a1:17:11:66:69:d6:d7:
                    7a:4d:ac:52:41:3f:a8:51:6c:b7:42:9b:fe:6b:d4:
                    8a:ec:be:3b:a0:e5:ab:8d:eb:27:4b:e2:f9:d6:ba:
                    69:eb:85:77:82:3b:85:6b:90:a9:12:11:1c:8a:f3:
                    f2:45:d7:4b:d7:d7:d5:b0:cb:af:b6:31:59:c1:86:
                    e5:f1:44:3b:30:f0:83:09:be:cd:1a:9c:ff:bf:a6:
                    b0:46:55:fa:28:e1:a8:f1:93:74:41:fa:4f:5c:c2:
                    21:71:6b:1c:4a:d9:7a:15:a1:4f:42:b4:90:b6:f9:
                    47:84:9f:c9:1c:b9:3e:9c:ac:ac:83:bb:96:5a:a6:
                    61:d6:cf:42:cf:c7:65:b7:9d:11:9b:48:5b:61:ab:
                    ac:69:f6:b5:57:06:fa:d3:7f:19:05:15:e6:6f:d1:
                    88:d5:42:e6:e0:82:ad:bd:64:14:ae:a1:fa:0c:1c:
                    b2:e3:ff:d6:d8:9d:4b:b8:d4:72:26:50:07:71:c0:
                    af:f8:c8:35:a0:95:64:ad:1a:23:d5:87:da:04:59:
                    97:72:90:17:26:34:68:b8:3c:c3:f9:d3:1c:68:32:
                    a6:24:e0:2c:af:bd:b7:b8:89:b4:1b:d6:5c:64:bc:
                    b3:aa:08:56:f9:24:a7:c7:df:33:d5:9e:ab:b0:af:
                    38:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:BE:F3:46:1B:53:56:04:B0:1C:6B:DE:84:67:A1:9D:38:FE:71:8E
            X509v3 Authority Key Identifier:
                keyid:AE:B6:6E:C5:E8:F2:40:5F:6F:8D:48:6E:73:FB:82:B8:DE:0D:EE:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rrZuxejyQF9vjUhuc_uCuN4N7g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/153788-14b7-4551-9ade-6aea9057c800/1/i77zRhtTVgSwHGvehGehnTj-cY4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/153788-14b7-4551-9ade-6aea9057c800/1/rrZuxejyQF9vjUhuc_uCuN4N7g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.94.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6c:94:5d:1e:d9:47:6a:35:e7:3f:27:24:86:9b:3d:7e:28:86:
         42:bb:86:1d:8f:5d:b1:0b:b3:67:0f:9e:7a:7b:ca:c2:6a:b3:
         57:13:02:21:fb:d9:9d:0e:23:c7:2e:ff:49:51:5a:d2:90:86:
         21:f7:71:e6:99:b4:0e:f0:68:75:ce:3e:ac:96:8f:5c:53:50:
         08:1e:7d:8e:e6:01:80:85:cf:08:d7:14:92:2f:4c:7d:b7:87:
         85:6e:86:be:89:2e:f0:8b:0d:64:38:05:10:cd:68:a6:e6:48:
         3d:50:1b:97:61:85:e9:f1:f5:d9:a5:ac:b2:6a:0c:65:9f:e9:
         8d:b4:6f:c4:29:00:a8:66:41:cb:e6:02:67:3b:ba:ef:bc:99:
         a2:89:93:5f:8b:0f:b8:0e:d2:4c:9d:5f:08:db:12:14:06:1e:
         6c:41:06:c8:64:d2:68:84:84:89:00:df:c1:dc:68:9d:70:01:
         47:0f:a6:dc:0b:a2:f4:ac:b1:4b:04:87:8e:c4:4c:bb:34:65:
         df:85:78:42:7f:64:fa:d1:17:6a:be:ec:34:ae:64:cd:9d:0d:
         54:9d:f4:94:5d:c8:49:d5:cd:94:31:a0:45:a0:de:e0:3b:54:
         a3:33:a1:6d:4e:35:51:82:31:ee:1b:e6:a0:51:24:03:b9:43:
         a1:b0:80:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/saOJM4KVz/O6oBlI4p3FNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlYjY2ZWM1ZThmMjQwNWY2ZjhkNDg2ZTczZmI4MmI4ZGUw
ZGVlMGYwHhcNMjQwNjA2MDcxNzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmJlZjM0NjFiNTM1NjA0YjAxYzZiZGU4NDY3YTE5ZDM4ZmU3MThlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwr1Ag3EMpqEXEWZp1td6TaxSQT+o
UWy3Qpv+a9SK7L47oOWrjesnS+L51rpp64V3gjuFa5CpEhEcivPyRddL19fVsMuv
tjFZwYbl8UQ7MPCDCb7NGpz/v6awRlX6KOGo8ZN0QfpPXMIhcWscStl6FaFPQrSQ
tvlHhJ/JHLk+nKysg7uWWqZh1s9Cz8dlt50Rm0hbYausafa1Vwb6038ZBRXmb9GI
1ULm4IKtvWQUrqH6DByy4//W2J1LuNRyJlAHccCv+Mg1oJVkrRoj1YfaBFmXcpAX
JjRouDzD+dMcaDKmJOAsr723uIm0G9ZcZLyzqghW+SSnx98z1Z6rsK84fQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIu+80YbU1YEsBxr3oRnoZ04/nGOMB8GA1UdIwQY
MBaAFK62bsXo8kBfb41IbnP7grjeDe4PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnJadXhlanlRRjl2alVodWNfdUN1TjRON2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi8xNTM3ODgtMTRiNy00NTUxLTlhZGUt
NmFlYTkwNTdjODAwLzEvaTc3elJodFRWZ1N3SEd2ZWhHZWhuVGotY1k0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi8xNTM3ODgtMTRiNy00NTUxLTlhZGUtNmFlYTkwNTdjODAw
LzEvcnJadXhlanlRRjl2alVodWNfdUN1TjRON2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCUV7cMA0G
CSqGSIb3DQEBCwUAA4IBAQBslF0e2UdqNec/JySGmz1+KIZCu4Ydj12xC7NnD556
e8rCarNXEwIh+9mdDiPHLv9JUVrSkIYh93HmmbQO8Gh1zj6slo9cU1AIHn2O5gGA
hc8I1xSSL0x9t4eFboa+iS7wiw1kOAUQzWim5kg9UBuXYYXp8fXZpayyagxln+mN
tG/EKQCoZkHL5gJnO7rvvJmiiZNfiw+4DtJMnV8I2xIUBh5sQQbIZNJohISJAN/B
3GidcAFHD6bcC6L0rLFLBIeOxEy7NGXfhXhCf2T60Rdqvuw0rmTNnQ1UnfSUXchJ
1c2UMaBFoN7gO1SjM6FtTjVRgjHuG+agUSQDuUOhsIBC
-----END CERTIFICATE-----