Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/ZbQeZKRfCsGNfriG8taPdd4Q62U.roa
File:                     ZbQeZKRfCsGNfriG8taPdd4Q62U.roa (raw, json)
Hash identifier:          kpxNLU3S7Lbpo76edKaYR4nQ8SRygHf7xI0j+BGxAVQ=
Subject key identifier:   65:B4:1E:64:A4:5F:0A:C1:8D:7E:B8:86:F2:D6:8F:75:DE:10:EB:65
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       018CC56E0D67940946916159D97DB36C84E4
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/ZbQeZKRfCsGNfriG8taPdd4Q62U.roa
Signing time:             Mon 01 Jan 2024 14:29:33 +0000
ROA not before:           Mon 01 Jan 2024 14:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19437
IP address blocks:        77.105.4.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:0d:67:94:09:46:91:61:59:d9:7d:b3:6c:84:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Jan  1 14:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=65b41e64a45f0ac18d7eb886f2d68f75de10eb65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:37:7c:d6:5d:09:4e:fc:bd:61:e5:d1:3b:d6:
                    90:d6:b0:81:d5:7a:54:3d:85:de:6f:16:63:fd:8a:
                    88:26:31:7c:31:33:06:98:1c:d4:0a:2a:d2:f9:69:
                    df:88:84:76:6c:bb:1f:46:6f:4c:b7:04:40:d3:77:
                    bd:b5:12:e2:08:bb:63:f7:83:88:7d:b7:c4:e2:f1:
                    be:bf:56:ac:84:50:a2:3c:13:97:df:66:d3:35:d2:
                    57:32:a6:1f:61:f0:68:f1:73:59:bd:9e:c9:ef:37:
                    83:80:c5:16:2e:5a:aa:1b:4b:fc:0d:c6:27:9f:4c:
                    8a:df:dd:0c:21:65:6d:00:4e:ad:88:2a:1b:ee:d7:
                    2a:30:f4:90:0e:3a:84:28:bf:aa:1a:4f:59:fd:16:
                    d3:6d:f7:65:3f:61:b0:13:bb:bd:20:64:3c:11:bf:
                    21:ba:e2:c8:80:8b:99:3e:d2:24:94:79:89:b1:ed:
                    01:82:15:ad:22:f8:50:6d:ba:83:3b:db:01:d2:f5:
                    88:88:14:23:e8:ed:f7:43:c8:a4:e3:60:a0:83:57:
                    b1:ca:31:bb:20:ab:98:57:a3:6d:93:b8:c6:83:c8:
                    27:51:63:cb:63:b5:68:56:3b:2f:46:c7:77:28:37:
                    44:a8:2e:96:8b:f8:71:52:12:91:9f:21:8b:4d:06:
                    10:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:B4:1E:64:A4:5F:0A:C1:8D:7E:B8:86:F2:D6:8F:75:DE:10:EB:65
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/ZbQeZKRfCsGNfriG8taPdd4Q62U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.105.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:f1:bc:9d:69:b8:96:04:b4:f2:99:da:53:0c:47:a6:c5:0b:
         fa:a4:b0:62:1f:95:dd:b3:a8:d6:9d:e5:88:c4:f1:72:3a:d2:
         ff:87:ae:66:a9:d0:d6:ea:d3:08:25:b7:ff:b3:a5:c4:5f:18:
         0e:66:94:ea:85:69:90:cf:bd:ea:7d:fe:5e:8f:9c:1d:67:5c:
         8c:7c:a8:58:00:6e:96:5d:23:78:02:fd:c5:1e:60:7a:eb:6e:
         0e:41:64:d5:a4:44:72:34:cb:90:3c:20:78:de:2f:a0:c1:4f:
         56:eb:d9:2b:e5:cd:b2:7c:9c:0b:1c:04:03:6d:80:a8:74:e6:
         ee:11:60:63:4c:6d:15:b2:8a:97:8b:bf:64:3d:47:eb:8c:54:
         4b:f1:37:fa:a0:4e:1d:5f:29:5b:69:90:a5:b3:d6:76:e0:1c:
         5b:59:8e:da:77:c9:bb:90:81:ee:aa:a0:37:e1:f5:5e:4f:29:
         3c:1b:78:cb:a5:ce:33:ed:cf:2f:4d:91:a2:ad:e4:50:5e:71:
         27:e0:88:03:7d:e6:37:69:dc:67:04:e2:92:4a:29:0a:d3:79:
         a4:b2:c9:13:42:e1:b6:c2:64:06:37:39:33:e2:20:67:8e:bf:
         56:0b:93:16:98:d9:27:fe:65:c2:04:b7:30:d8:79:dc:98:ca:
         6e:92:75:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbg1nlAlGkWFZ2X2zbITkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjQwMTAxMTQyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NWI0MWU2NGE0NWYwYWMxOGQ3ZWI4ODZmMmQ2OGY3NWRlMTBlYjY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkjd81l0JTvy9YeXRO9aQ1rCB1XpU
PYXebxZj/YqIJjF8MTMGmBzUCirS+WnfiIR2bLsfRm9MtwRA03e9tRLiCLtj94OI
fbfE4vG+v1ashFCiPBOX32bTNdJXMqYfYfBo8XNZvZ7J7zeDgMUWLlqqG0v8DcYn
n0yK390MIWVtAE6tiCob7tcqMPSQDjqEKL+qGk9Z/RbTbfdlP2GwE7u9IGQ8Eb8h
uuLIgIuZPtIklHmJse0BghWtIvhQbbqDO9sB0vWIiBQj6O33Q8ik42Cgg1exyjG7
IKuYV6Ntk7jGg8gnUWPLY7VoVjsvRsd3KDdEqC6Wi/hxUhKRnyGLTQYQlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGW0HmSkXwrBjX64hvLWj3XeEOtlMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvWmJRZVpLUmZDc0dOZnJpRzh0YVBkZDRRNjJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATWkEMA0G
CSqGSIb3DQEBCwUAA4IBAQBS8bydabiWBLTymdpTDEemxQv6pLBiH5Xds6jWneWI
xPFyOtL/h65mqdDW6tMIJbf/s6XEXxgOZpTqhWmQz73qff5ej5wdZ1yMfKhYAG6W
XSN4Av3FHmB6624OQWTVpERyNMuQPCB43i+gwU9W69kr5c2yfJwLHAQDbYCodObu
EWBjTG0VsoqXi79kPUfrjFRL8Tf6oE4dXylbaZCls9Z24BxbWY7ad8m7kIHuqqA3
4fVeTyk8G3jLpc4z7c8vTZGireRQXnEn4IgDfeY3adxnBOKSSikK03mksskTQuG2
wmQGNzkz4iBnjr9WC5MWmNkn/mXCBLcw2HncmMpuknXi
-----END CERTIFICATE-----