Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/77NO6tLNxkae4veGuwNzZGue28E.roa
File:                     77NO6tLNxkae4veGuwNzZGue28E.roa (raw, json)
Hash identifier:          XywBxLSCNRuvCGQoMpHjh0m7Hml44UnaDQnBtQ5YIFQ=
Subject key identifier:   EF:B3:4E:EA:D2:CD:C6:46:9E:E2:F7:86:BB:03:73:64:6B:9E:DB:C1
Certificate issuer:       /CN=ba9d30e6035be8b8386061f271481c707e04ce2b
Certificate serial:       018CC56E975F974B122CEB48CBB890327C95
Authority key identifier: BA:9D:30:E6:03:5B:E8:B8:38:60:61:F2:71:48:1C:70:7E:04:CE:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/77NO6tLNxkae4veGuwNzZGue28E.roa
Signing time:             Mon 01 Jan 2024 14:30:08 +0000
ROA not before:           Mon 01 Jan 2024 14:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206995
IP address blocks:        176.42.9.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 20:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:97:5f:97:4b:12:2c:eb:48:cb:b8:90:32:7c:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba9d30e6035be8b8386061f271481c707e04ce2b
        Validity
            Not Before: Jan  1 14:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=efb34eead2cdc6469ee2f786bb0373646b9edbc1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:e7:82:11:51:ae:d3:d4:18:59:cb:03:3e:22:
                    3d:f2:98:da:d5:46:e7:c4:e2:00:c2:d4:fb:a5:9d:
                    34:3f:86:c6:57:7d:ee:00:01:5d:5c:20:75:26:06:
                    bc:af:a2:4b:c9:7e:66:9b:e5:01:6a:f7:b0:29:a4:
                    d5:35:b1:96:d4:cf:7a:1f:8c:d7:39:7c:ad:ac:59:
                    bf:46:4e:be:56:a4:62:1b:86:db:95:b0:7d:5d:01:
                    a5:3c:ae:87:b2:ab:3a:18:28:d2:7c:50:8c:d0:0c:
                    a7:75:c4:e5:d4:f2:c5:be:48:7b:a2:5f:05:20:0f:
                    ba:d8:ff:14:fc:de:6e:7d:6b:9c:32:43:ed:5e:5d:
                    9f:df:94:39:57:69:d1:d3:ff:6e:40:5c:34:78:c4:
                    8b:8b:19:1f:18:b4:2d:55:c1:15:10:96:c0:75:45:
                    ae:d5:71:47:5e:4a:da:d0:26:60:b0:dd:29:76:5d:
                    83:90:d9:62:84:b7:9c:a2:a9:22:8e:37:09:de:b4:
                    ad:3c:a7:77:1c:5b:38:e2:db:92:97:c2:e9:80:be:
                    35:a8:62:48:f3:b6:b4:73:6d:e5:d6:c7:76:0e:06:
                    ca:1f:1d:9e:34:dc:aa:ae:54:4d:d7:d8:5a:13:cf:
                    a8:7e:a4:14:5d:a4:41:75:68:5e:9d:12:45:96:bb:
                    0d:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:B3:4E:EA:D2:CD:C6:46:9E:E2:F7:86:BB:03:73:64:6B:9E:DB:C1
            X509v3 Authority Key Identifier:
                keyid:BA:9D:30:E6:03:5B:E8:B8:38:60:61:F2:71:48:1C:70:7E:04:CE:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/77NO6tLNxkae4veGuwNzZGue28E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.42.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:68:7b:62:f3:2d:51:c5:4c:88:0b:af:c2:14:27:3a:2c:95:
         c0:37:23:a9:a2:34:63:af:f1:ed:a6:12:59:d0:60:1b:a7:64:
         a7:51:76:3f:66:25:c3:b4:f4:3f:71:ca:77:7a:9b:40:c5:25:
         f1:5b:1a:4a:e2:99:7b:b7:64:17:f7:78:e8:08:5e:2c:31:8e:
         85:57:ed:8b:49:0a:55:f1:d8:15:6c:f9:db:79:de:30:6e:51:
         98:6f:34:60:44:dd:be:a5:38:89:98:50:1b:49:c3:94:e3:18:
         6a:ea:67:07:6f:04:26:78:d7:16:0e:6a:fd:d4:a0:e9:d7:4c:
         83:ff:7a:d1:72:79:22:53:04:46:ac:72:ae:b6:d2:e5:4e:ef:
         a1:22:55:2b:45:2a:68:73:38:62:a7:94:42:90:36:b0:09:b5:
         36:4a:9a:dd:6e:b1:d1:76:2c:25:e7:ad:b3:10:9f:d0:db:ba:
         53:80:28:69:49:4d:96:d3:9d:97:73:88:33:25:37:a0:bb:13:
         1e:e6:6a:25:bc:78:7a:49:ff:24:95:ad:dc:ec:8e:81:f2:7d:
         50:98:a2:6b:06:c5:e2:e9:e8:db:fe:2a:5e:d0:80:81:16:e3:
         a6:be:00:86:59:10:fb:0a:b3:2c:f2:4c:80:e9:37:4e:9e:5f:
         01:7a:8a:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbpdfl0sSLOtIy7iQMnyVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhOWQzMGU2MDM1YmU4YjgzODYwNjFmMjcxNDgxYzcwN2Uw
NGNlMmIwHhcNMjQwMTAxMTQzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZmIzNGVlYWQyY2RjNjQ2OWVlMmY3ODZiYjAzNzM2NDZiOWVkYmMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnOeCEVGu09QYWcsDPiI98pja1Ubn
xOIAwtT7pZ00P4bGV33uAAFdXCB1Jga8r6JLyX5mm+UBavewKaTVNbGW1M96H4zX
OXytrFm/Rk6+VqRiG4bblbB9XQGlPK6Hsqs6GCjSfFCM0AyndcTl1PLFvkh7ol8F
IA+62P8U/N5ufWucMkPtXl2f35Q5V2nR0/9uQFw0eMSLixkfGLQtVcEVEJbAdUWu
1XFHXkra0CZgsN0pdl2DkNlihLecoqkijjcJ3rStPKd3HFs44tuSl8LpgL41qGJI
87a0c23l1sd2DgbKHx2eNNyqrlRN19haE8+ofqQUXaRBdWhenRJFlrsNswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO+zTurSzcZGnuL3hrsDc2RrntvBMB8GA1UdIwQY
MBaAFLqdMOYDW+i4OGBh8nFIHHB+BM4rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXAwdzVnTmI2TGc0WUdIeWNVZ2NjSDRFemlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hYzljMzItN2RiYy00ZDZjLWJjMDgt
NWQ1ODRmYmM1ZDI3LzEvNzdOTzZ0TE54a2FlNHZlR3V3TnpaR3VlMjhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hYzljMzItN2RiYy00ZDZjLWJjMDgtNWQ1ODRmYmM1ZDI3
LzEvdXAwdzVnTmI2TGc0WUdIeWNVZ2NjSDRFemlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsCoJMA0G
CSqGSIb3DQEBCwUAA4IBAQAWaHti8y1RxUyIC6/CFCc6LJXANyOpojRjr/HtphJZ
0GAbp2SnUXY/ZiXDtPQ/ccp3eptAxSXxWxpK4pl7t2QX93joCF4sMY6FV+2LSQpV
8dgVbPnbed4wblGYbzRgRN2+pTiJmFAbScOU4xhq6mcHbwQmeNcWDmr91KDp10yD
/3rRcnkiUwRGrHKuttLlTu+hIlUrRSpoczhip5RCkDawCbU2SprdbrHRdiwl562z
EJ/Q27pTgChpSU2W052Xc4gzJTeguxMe5molvHh6Sf8kla3c7I6B8n1QmKJrBsXi
6ejb/ipe0ICBFuOmvgCGWRD7CrMs8kyA6TdOnl8BeoqN
-----END CERTIFICATE-----