Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/IFhKc7IRVkVkPnSwY9UTxNSzK-w.roa
File:                     IFhKc7IRVkVkPnSwY9UTxNSzK-w.roa (raw, json)
Hash identifier:          gsydlIHtQa8wu6z5CHA5oXPR1dZKQqCX0GXCb1NRVao=
Subject key identifier:   20:58:4A:73:B2:11:56:45:64:3E:74:B0:63:D5:13:C4:D4:B3:2B:EC
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       01934F99588B4486EB395B58761637B3C8A0
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/IFhKc7IRVkVkPnSwY9UTxNSzK-w.roa
Signing time:             Thu 21 Nov 2024 16:41:09 +0000
ROA not before:           Thu 21 Nov 2024 16:41:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     174
IP address blocks:        77.90.153.0/24 maxlen: 24
                          77.90.164.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 16:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:4f:99:58:8b:44:86:eb:39:5b:58:76:16:37:b3:c8:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Nov 21 16:41:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=20584a73b2115645643e74b063d513c4d4b32bec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:18:9a:49:74:a2:56:9d:3a:6c:3d:b3:a6:42:
                    a9:19:86:87:7d:eb:ab:db:23:30:0f:25:6d:7d:b3:
                    aa:4f:b8:23:c3:4f:70:2c:fb:aa:37:aa:73:4e:fc:
                    50:7f:f7:50:2a:5b:54:b2:a7:ad:7a:31:90:54:da:
                    af:09:13:cf:60:35:94:0b:97:68:ea:61:48:54:5f:
                    f4:81:eb:fc:45:da:35:e9:a5:93:d1:3b:bd:8b:98:
                    28:66:f3:85:dd:b1:d9:53:f0:6f:3b:5d:eb:6a:17:
                    46:d4:da:da:fa:2f:dd:05:39:92:d3:01:1e:b4:6a:
                    16:0f:ff:60:85:cb:71:c9:ca:35:dc:b9:5a:a6:64:
                    c3:21:4f:50:39:f5:33:d5:7e:38:a0:75:66:91:f9:
                    3b:d9:d1:69:45:d2:2b:e5:5d:10:2b:98:60:7b:64:
                    d1:f5:0a:fa:5f:c4:36:1c:d8:ca:38:db:a7:e7:73:
                    19:66:95:ab:e1:0e:ed:11:18:49:88:ce:7f:31:81:
                    cf:02:49:31:ff:06:dc:96:6e:ec:17:8f:50:3e:4e:
                    06:da:c0:bb:33:c4:bd:3a:11:16:19:f3:95:fe:2e:
                    4b:1d:52:58:69:e7:6c:94:61:7c:9d:f7:97:d6:c4:
                    3b:47:8f:6c:ea:ce:bd:d4:c6:3f:14:91:d4:00:63:
                    15:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:58:4A:73:B2:11:56:45:64:3E:74:B0:63:D5:13:C4:D4:B3:2B:EC
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/IFhKc7IRVkVkPnSwY9UTxNSzK-w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.153.0/24
                  77.90.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:f7:9f:d5:6c:6a:02:b1:78:6b:b8:df:28:d5:61:80:f2:2c:
         f3:c0:16:8f:51:47:8f:5d:fa:bf:5e:a0:b5:8f:f3:e2:6f:b8:
         9d:b5:8f:04:45:20:e4:62:03:a5:d0:e6:f5:c4:80:af:51:03:
         73:bb:48:3a:2f:fe:13:ad:5e:10:b6:33:31:27:a5:18:2b:f2:
         34:49:a4:3f:35:3b:ca:14:1f:cb:8f:14:59:b7:e5:cd:6e:20:
         bb:ea:c7:9c:86:1c:d7:a7:d4:df:1b:05:c0:0d:6b:41:db:d7:
         18:53:8c:89:9d:5b:fa:0c:d8:29:e5:07:32:7e:5b:ea:70:c9:
         4c:42:60:ed:2c:d0:2a:ed:92:b0:0f:dc:7a:27:ab:14:b2:e2:
         09:e3:63:6c:e8:b0:46:44:36:84:0b:f8:7b:11:60:e1:4f:2c:
         0d:0e:01:9b:4d:a3:1a:20:0c:4c:da:b1:63:35:49:8b:bf:2c:
         c1:24:87:a5:f1:94:44:e1:3a:3f:03:38:e0:05:4c:30:8a:9a:
         22:ee:e3:3b:39:eb:03:c5:6c:bc:4d:f8:c1:4e:d2:dc:3c:8a:
         71:5c:45:7f:16:c0:7b:9d:38:3c:f7:f7:0b:62:b0:04:0f:40:
         ce:1b:68:2c:01:00:42:6c:7b:4b:5e:6e:44:66:22:9a:61:ce:
         2b:df:06:26
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZNPmViLRIbrOVtYdhY3s8igMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjQxMTIxMTY0MTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDU4NGE3M2IyMTE1NjQ1NjQzZTc0YjA2M2Q1MTNjNGQ0YjMyYmVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7BiaSXSiVp06bD2zpkKpGYaHfeur
2yMwDyVtfbOqT7gjw09wLPuqN6pzTvxQf/dQKltUsqetejGQVNqvCRPPYDWUC5do
6mFIVF/0gev8Rdo16aWT0Tu9i5goZvOF3bHZU/BvO13rahdG1Nra+i/dBTmS0wEe
tGoWD/9ghctxyco13LlapmTDIU9QOfUz1X44oHVmkfk72dFpRdIr5V0QK5hge2TR
9Qr6X8Q2HNjKONun53MZZpWr4Q7tERhJiM5/MYHPAkkx/wbclm7sF49QPk4G2sC7
M8S9OhEWGfOV/i5LHVJYaedslGF8nfeX1sQ7R49s6s691MY/FJHUAGMV7wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCBYSnOyEVZFZD50sGPVE8TUsyvsMB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEvSUZoS2M3SVJWa1ZrUG5Td1k5VVR4TlN6Sy13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATVqZAwQA
TVqkMA0GCSqGSIb3DQEBCwUAA4IBAQBt95/VbGoCsXhruN8o1WGA8izzwBaPUUeP
Xfq/XqC1j/Pib7idtY8ERSDkYgOl0Ob1xICvUQNzu0g6L/4TrV4QtjMxJ6UYK/I0
SaQ/NTvKFB/LjxRZt+XNbiC76sechhzXp9TfGwXADWtB29cYU4yJnVv6DNgp5Qcy
flvqcMlMQmDtLNAq7ZKwD9x6J6sUsuIJ42Ns6LBGRDaEC/h7EWDhTywNDgGbTaMa
IAxM2rFjNUmLvyzBJIel8ZRE4To/AzjgBUwwipoi7uM7OesDxWy8TfjBTtLcPIpx
XEV/FsB7nTg89/cLYrAED0DOG2gsAQBCbHtLXm5EZiKaYc4r3wYm
-----END CERTIFICATE-----