Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/2aV3N-zVZuLxH1xgoESnI1WsF2U.roa
File:                     2aV3N-zVZuLxH1xgoESnI1WsF2U.roa (raw, json)
Hash identifier:          kY//omI2YAMe7y/9xDO4ClcNSgGn4TldTCED2msOL0w=
Subject key identifier:   D9:A5:77:37:EC:D5:66:E2:F1:1F:5C:60:A0:44:A7:23:55:AC:17:65
Certificate issuer:       /CN=aefe1c859409ac5de7414c48f86739913be6b7e5
Certificate serial:       01972FCC1B87DE0E59F62AD88C67123E9F8E
Authority key identifier: AE:FE:1C:85:94:09:AC:5D:E7:41:4C:48:F8:67:39:91:3B:E6:B7:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/2aV3N-zVZuLxH1xgoESnI1WsF2U.roa
Signing time:             Mon 02 Jun 2025 08:39:54 +0000
ROA not before:           Mon 02 Jun 2025 08:39:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13055
IP address blocks:        77.93.120.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/rv4chZQJrF3nQUxI-Gc5kTvmt-U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/rv4chZQJrF3nQUxI-Gc5kTvmt-U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 09:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:2f:cc:1b:87:de:0e:59:f6:2a:d8:8c:67:12:3e:9f:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aefe1c859409ac5de7414c48f86739913be6b7e5
        Validity
            Not Before: Jun  2 08:39:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d9a57737ecd566e2f11f5c60a044a72355ac1765
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:ca:89:6a:68:d2:b4:de:d2:0a:ee:cb:46:19:
                    62:20:1e:70:47:6e:81:26:db:84:bd:5e:7d:14:1c:
                    3a:76:c9:b3:51:8c:d8:bd:24:76:73:b8:ee:53:20:
                    3b:ab:5b:78:b8:49:04:ad:a8:3c:7b:29:c2:12:2e:
                    f0:40:44:2c:4c:ba:d5:94:d0:56:2d:3b:28:fb:26:
                    84:de:f0:e3:d8:5a:8e:09:b5:ea:29:c3:89:c2:e6:
                    03:5f:c5:f4:4c:05:6d:ce:b9:86:2e:05:8c:28:d4:
                    64:68:49:95:a1:b7:ab:6a:a1:9b:cf:a0:1c:06:e3:
                    35:d4:24:96:18:92:ee:e4:1a:12:57:1e:03:a6:5c:
                    81:77:a9:22:7d:b8:44:78:72:d8:0c:b8:8c:8d:28:
                    fb:83:56:b9:22:98:7f:c5:c8:04:8e:a3:df:40:4d:
                    97:14:14:f9:00:7f:83:af:59:28:43:b7:a7:39:7a:
                    32:a8:8c:11:44:ee:2b:0c:46:2d:79:c1:6f:3c:db:
                    6e:f5:5b:1c:ca:34:5d:b2:11:17:5e:1d:8a:11:0a:
                    63:81:c2:41:98:47:b4:38:89:52:87:1e:fb:b6:3b:
                    f2:5c:c1:70:dc:89:64:0c:7b:b2:18:e1:cd:be:ad:
                    65:28:73:d3:93:c1:04:c2:66:1e:03:c4:b6:0e:59:
                    ec:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:A5:77:37:EC:D5:66:E2:F1:1F:5C:60:A0:44:A7:23:55:AC:17:65
            X509v3 Authority Key Identifier:
                keyid:AE:FE:1C:85:94:09:AC:5D:E7:41:4C:48:F8:67:39:91:3B:E6:B7:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/2aV3N-zVZuLxH1xgoESnI1WsF2U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/rv4chZQJrF3nQUxI-Gc5kTvmt-U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.93.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         13:14:77:25:3e:b1:5e:d2:32:c5:18:0b:07:47:d4:74:65:5a:
         6a:11:36:82:40:92:15:76:47:47:32:4b:3e:a1:be:cb:70:07:
         8a:1d:0b:7a:bf:4c:8c:53:65:a5:1e:3f:9f:20:ca:7b:02:29:
         dd:1e:a9:a1:5b:28:40:3e:49:87:64:e6:1a:23:97:e7:e9:e9:
         4f:28:e6:31:48:47:f0:75:95:ec:10:76:38:8c:de:0e:38:0e:
         3b:81:81:82:6d:ac:7c:fa:0c:b9:c4:9a:d8:e7:d2:d1:3e:0d:
         ec:b8:d3:79:00:4a:f3:2c:4c:79:26:7a:fb:54:fc:c1:60:8b:
         49:c0:09:68:ef:67:71:2a:2d:63:75:90:11:2d:1d:71:9b:2c:
         dc:84:81:35:c9:32:85:5f:11:9d:f0:bd:2a:f0:f5:bd:cc:b4:
         34:72:35:f2:32:94:68:80:1b:52:d4:29:d8:b7:35:e6:ce:c7:
         44:85:38:b9:34:aa:92:13:44:63:6b:61:e8:29:05:e9:13:47:
         fc:a6:b3:d3:9d:bc:5f:14:76:23:c8:6d:7c:9e:82:da:e6:0d:
         54:c9:f7:d3:b9:1f:f1:c8:bb:e3:74:a9:c6:bd:e4:48:ac:51:
         5e:f1:53:36:48:94:b5:67:fd:ef:01:b9:0f:23:e3:cb:73:df:
         36:e2:ad:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcvzBuH3g5Z9irYjGcSPp+OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlZmUxYzg1OTQwOWFjNWRlNzQxNGM0OGY4NjczOTkxM2Jl
NmI3ZTUwHhcNMjUwNjAyMDgzOTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWE1NzczN2VjZDU2NmUyZjExZjVjNjBhMDQ0YTcyMzU1YWMxNzY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAosqJamjStN7SCu7LRhliIB5wR26B
JtuEvV59FBw6dsmzUYzYvSR2c7juUyA7q1t4uEkErag8eynCEi7wQEQsTLrVlNBW
LTso+yaE3vDj2FqOCbXqKcOJwuYDX8X0TAVtzrmGLgWMKNRkaEmVoberaqGbz6Ac
BuM11CSWGJLu5BoSVx4DplyBd6kifbhEeHLYDLiMjSj7g1a5Iph/xcgEjqPfQE2X
FBT5AH+Dr1koQ7enOXoyqIwRRO4rDEYtecFvPNtu9VscyjRdshEXXh2KEQpjgcJB
mEe0OIlShx77tjvyXMFw3IlkDHuyGOHNvq1lKHPTk8EEwmYeA8S2DlnsMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNmldzfs1Wbi8R9cYKBEpyNVrBdlMB8GA1UdIwQY
MBaAFK7+HIWUCaxd50FMSPhnOZE75rflMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnY0Y2haUUpyRjNuUVV4SS1HYzVrVHZtdC1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS80NTFmMDQtZTNjOS00NGVhLWE2YTEt
NDI4NDU4Njc5Y2U0LzEvMmFWM04telZadUx4SDF4Z29FU25JMVdzRjJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS80NTFmMDQtZTNjOS00NGVhLWE2YTEtNDI4NDU4Njc5Y2U0
LzEvcnY0Y2haUUpyRjNuUVV4SS1HYzVrVHZtdC1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCTV14MA0G
CSqGSIb3DQEBCwUAA4IBAQATFHclPrFe0jLFGAsHR9R0ZVpqETaCQJIVdkdHMks+
ob7LcAeKHQt6v0yMU2WlHj+fIMp7AindHqmhWyhAPkmHZOYaI5fn6elPKOYxSEfw
dZXsEHY4jN4OOA47gYGCbax8+gy5xJrY59LRPg3suNN5AErzLEx5Jnr7VPzBYItJ
wAlo72dxKi1jdZARLR1xmyzchIE1yTKFXxGd8L0q8PW9zLQ0cjXyMpRogBtS1CnY
tzXmzsdEhTi5NKqSE0Rja2HoKQXpE0f8prPTnbxfFHYjyG18noLa5g1UyffTuR/x
yLvjdKnGveRIrFFe8VM2SJS1Z/3vAbkPI+PLc9824q2r
-----END CERTIFICATE-----