Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/1-79pq9Zw_dyX1Ql1YX2hbzdLPMM.roa
File:                     1-79pq9Zw_dyX1Ql1YX2hbzdLPMM.roa (raw, json)
Hash identifier:          jslR6tpZ8hK4M/pFGL9x/QW6SmfFP97/ZJsMbm6aaSU=
Subject key identifier:   FB:BF:69:AB:D6:70:FD:DC:97:D5:09:75:61:7D:A1:6F:37:4B:3C:C3
Certificate issuer:       /CN=0692c5f16313653425bc467105875e3a297cff9b
Certificate serial:       018CCA2A92B5FB86387535FC76395D2F114C
Authority key identifier: 06:92:C5:F1:63:13:65:34:25:BC:46:71:05:87:5E:3A:29:7C:FF:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BpLF8WMTZTQlvEZxBYdeOil8_5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/1-79pq9Zw_dyX1Ql1YX2hbzdLPMM.roa
Signing time:             Tue 02 Jan 2024 12:33:56 +0000
ROA not before:           Tue 02 Jan 2024 12:33:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207168
IP address blocks:        77.91.98.0/23 maxlen: 23
                          77.91.125.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/BpLF8WMTZTQlvEZxBYdeOil8_5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/BpLF8WMTZTQlvEZxBYdeOil8_5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BpLF8WMTZTQlvEZxBYdeOil8_5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:92:b5:fb:86:38:75:35:fc:76:39:5d:2f:11:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0692c5f16313653425bc467105875e3a297cff9b
        Validity
            Not Before: Jan  2 12:33:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fbbf69abd670fddc97d50975617da16f374b3cc3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:00:c9:75:e2:15:b1:4d:7a:f4:3a:0f:1e:b2:
                    d5:4c:99:62:ff:2f:22:77:f1:40:62:d2:99:e9:ae:
                    83:c6:3b:fe:b8:9a:ad:0e:7c:fb:85:f6:95:af:58:
                    0d:16:a6:02:93:41:93:16:b7:1a:47:cd:8a:6b:d6:
                    11:37:09:dd:ed:cd:16:ce:2d:6c:46:f4:f9:a3:eb:
                    ca:5b:be:63:0a:02:8e:13:85:2d:3c:13:0a:63:27:
                    0b:80:fe:0b:c6:cd:a4:e1:84:dc:6f:b6:02:40:29:
                    2a:7e:90:b3:75:ff:2a:c6:d1:8f:7a:38:7a:d9:a0:
                    a8:0d:a3:7c:be:f0:e6:ca:79:2e:5a:60:a0:ca:ea:
                    50:3c:6e:fc:e0:5d:f9:b4:01:73:be:45:9e:4d:8d:
                    5e:a3:cc:8e:e0:45:ac:ac:b4:77:eb:45:4e:3a:bd:
                    29:d9:89:15:f7:9a:1b:c4:70:6e:e1:84:e6:aa:18:
                    2e:92:b1:4c:f5:88:8f:eb:71:66:4f:78:b4:70:03:
                    a4:6a:15:8d:2c:77:84:ea:11:f6:43:da:e1:13:ab:
                    89:72:7a:00:d6:44:2c:a7:ab:1d:9d:18:91:7c:c8:
                    e6:95:8b:5c:e7:8e:37:a6:30:24:ca:21:dd:59:e6:
                    37:79:61:bf:f4:80:58:ad:da:95:f0:f9:80:1b:7f:
                    b5:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:BF:69:AB:D6:70:FD:DC:97:D5:09:75:61:7D:A1:6F:37:4B:3C:C3
            X509v3 Authority Key Identifier:
                keyid:06:92:C5:F1:63:13:65:34:25:BC:46:71:05:87:5E:3A:29:7C:FF:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BpLF8WMTZTQlvEZxBYdeOil8_5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/1-79pq9Zw_dyX1Ql1YX2hbzdLPMM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/BpLF8WMTZTQlvEZxBYdeOil8_5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.91.98.0/23
                  77.91.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:09:45:d2:01:0e:46:19:39:39:11:5c:75:68:64:32:ee:8a:
         1b:b8:f8:63:86:e4:05:83:96:16:8d:8c:8f:87:c4:c0:82:1f:
         4e:b3:c6:5d:5f:c5:ac:95:11:41:97:eb:66:b4:07:12:59:cf:
         08:ac:37:79:07:3d:53:31:d9:dd:40:4f:f0:66:bf:ab:c5:3c:
         9b:1b:d4:54:98:ab:db:8e:50:69:eb:18:08:c5:b5:c0:9a:01:
         4b:6e:9a:a7:52:d5:b8:3f:99:5b:d3:a5:d5:b5:37:96:1a:a4:
         74:c7:4c:ae:1d:ce:84:c6:da:99:40:eb:d2:74:09:85:50:6f:
         48:c6:af:e0:17:ef:fb:9b:f1:3e:e6:cd:da:e9:4b:51:fa:17:
         4c:0b:0c:71:c4:48:0e:77:ef:61:62:3f:70:cd:d5:97:8d:ac:
         1a:5b:55:bf:8f:c1:93:82:12:05:15:91:31:6d:66:02:22:43:
         d2:67:76:83:2d:b7:ee:eb:59:99:3e:cd:7b:ab:b5:d9:87:78:
         fd:e8:25:19:44:dc:08:9a:e7:18:92:f3:d8:0a:d4:eb:c4:32:
         d9:80:0e:ed:ed:1a:99:5a:f4:6f:eb:48:56:28:0d:09:6b:f5:
         92:cb:05:54:ea:64:9c:63:59:a6:1b:60:3c:26:90:c9:97:9c:
         70:c3:b6:53
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAYzKKpK1+4Y4dTX8djldLxFMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2OTJjNWYxNjMxMzY1MzQyNWJjNDY3MTA1ODc1ZTNhMjk3
Y2ZmOWIwHhcNMjQwMTAyMTIzMzU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYmJmNjlhYmQ2NzBmZGRjOTdkNTA5NzU2MTdkYTE2ZjM3NGIzY2MzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmwDJdeIVsU169DoPHrLVTJli/y8i
d/FAYtKZ6a6Dxjv+uJqtDnz7hfaVr1gNFqYCk0GTFrcaR82Ka9YRNwnd7c0Wzi1s
RvT5o+vKW75jCgKOE4UtPBMKYycLgP4Lxs2k4YTcb7YCQCkqfpCzdf8qxtGPejh6
2aCoDaN8vvDmynkuWmCgyupQPG784F35tAFzvkWeTY1eo8yO4EWsrLR360VOOr0p
2YkV95obxHBu4YTmqhgukrFM9YiP63FmT3i0cAOkahWNLHeE6hH2Q9rhE6uJcnoA
1kQsp6sdnRiRfMjmlYtc5443pjAkyiHdWeY3eWG/9IBYrdqV8PmAG3+1mwIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFPu/aavWcP3cl9UJdWF9oW83SzzDMB8GA1UdIwQY
MBaAFAaSxfFjE2U0JbxGcQWHXjopfP+bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnBMRjhXTVRaVFFsdkVaeEJZZGVPaWw4XzVzLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS83Nzk5MjgtODgxYy00MzNhLWIyNDMt
YzlmNTdlOTU5ZWYxLzEvMS03OXBxOVp3X2R5WDFRbDFZWDJoYnpkTFBNTS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvM2EvNzc5OTI4LTg4MWMtNDMzYS1iMjQzLWM5ZjU3ZTk1OWVm
MS8xL0JwTEY4V01UWlRRbHZFWnhCWWRlT2lsOF81cy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAU1bYgME
AE1bfTANBgkqhkiG9w0BAQsFAAOCAQEArQlF0gEORhk5ORFcdWhkMu6KG7j4Y4bk
BYOWFo2Mj4fEwIIfTrPGXV/FrJURQZfrZrQHElnPCKw3eQc9UzHZ3UBP8Ga/q8U8
mxvUVJir245QaesYCMW1wJoBS26ap1LVuD+ZW9Ol1bU3lhqkdMdMrh3OhMbamUDr
0nQJhVBvSMav4Bfv+5vxPubN2ulLUfoXTAsMccRIDnfvYWI/cM3Vl42sGltVv4/B
k4ISBRWRMW1mAiJD0md2gy237utZmT7Ne6u12Yd4/eglGUTcCJrnGJLz2ArU68Qy
2YAO7e0amVr0b+tIVigNCWv1kssFVOpknGNZphtgPCaQyZeccMO2Uw==
-----END CERTIFICATE-----