Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/acXjyXZbDzNfFna5ZWRHDz6K5YE.roa
File:                     acXjyXZbDzNfFna5ZWRHDz6K5YE.roa (raw, json)
Hash identifier:          sm9lkJZIavBC2tJvS1A50JKwZEAycxeog0lweVtHcXM=
Subject key identifier:   69:C5:E3:C9:76:5B:0F:33:5F:16:76:B9:65:64:47:0F:3E:8A:E5:81
Certificate issuer:       /CN=0692c5f16313653425bc467105875e3a297cff9b
Certificate serial:       01942067F4AABF042EBCE76AE0DEDFB79A61
Authority key identifier: 06:92:C5:F1:63:13:65:34:25:BC:46:71:05:87:5E:3A:29:7C:FF:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BpLF8WMTZTQlvEZxBYdeOil8_5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/acXjyXZbDzNfFna5ZWRHDz6K5YE.roa
Signing time:             Wed 01 Jan 2025 05:47:51 +0000
ROA not before:           Wed 01 Jan 2025 05:47:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49418
IP address blocks:        77.91.97.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/BpLF8WMTZTQlvEZxBYdeOil8_5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/BpLF8WMTZTQlvEZxBYdeOil8_5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BpLF8WMTZTQlvEZxBYdeOil8_5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 02:01:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:f4:aa:bf:04:2e:bc:e7:6a:e0:de:df:b7:9a:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0692c5f16313653425bc467105875e3a297cff9b
        Validity
            Not Before: Jan  1 05:47:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=69c5e3c9765b0f335f1676b96564470f3e8ae581
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:2a:79:69:f7:24:f8:d9:32:94:91:78:01:c4:
                    d6:b2:03:7c:1b:f0:e2:28:e6:5b:c7:22:c1:29:4d:
                    44:bf:84:07:52:62:d2:90:9b:6b:48:62:6a:a7:a3:
                    ae:a2:5e:66:5e:1f:f9:6c:4a:83:d9:38:35:ce:1b:
                    ac:c0:8b:97:47:1e:db:5b:ea:80:5f:5a:30:5c:86:
                    4d:ec:59:4b:9d:d2:65:76:31:79:f1:f0:00:b1:0d:
                    65:21:39:03:93:5e:94:b4:e8:1c:b5:37:54:ac:07:
                    9b:ca:31:9c:5f:3b:8a:5c:3a:c4:b7:1c:08:90:6f:
                    7d:2c:79:75:5c:1c:07:00:19:b7:87:2f:b6:a3:7b:
                    58:76:29:06:ce:57:5f:81:a8:12:ee:b1:c1:9d:9a:
                    e0:fc:0a:60:3c:02:0f:81:d3:c3:4c:71:78:cb:c6:
                    1c:b0:9c:8c:07:82:8b:7d:42:38:af:15:40:79:87:
                    fe:4f:b3:b1:4b:f7:0c:04:9a:0f:2e:56:24:6d:ba:
                    d4:a8:29:a5:d6:83:b0:4a:44:ab:f7:64:21:63:f8:
                    64:92:6a:3f:dd:a5:97:50:a2:d6:a7:dc:82:eb:a4:
                    02:88:ae:a7:11:91:f1:0f:28:5e:ca:fe:ea:ac:02:
                    36:f9:2b:9d:10:60:46:62:8d:e8:bb:50:9c:b7:9a:
                    60:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:C5:E3:C9:76:5B:0F:33:5F:16:76:B9:65:64:47:0F:3E:8A:E5:81
            X509v3 Authority Key Identifier:
                keyid:06:92:C5:F1:63:13:65:34:25:BC:46:71:05:87:5E:3A:29:7C:FF:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BpLF8WMTZTQlvEZxBYdeOil8_5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/acXjyXZbDzNfFna5ZWRHDz6K5YE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/BpLF8WMTZTQlvEZxBYdeOil8_5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.91.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:bb:ea:a7:86:30:fb:73:83:aa:e8:c8:b6:2e:db:d7:e3:78:
         ee:b8:bb:c0:8c:41:14:07:fc:8f:be:0d:c8:16:c8:25:b7:bd:
         b1:0d:fb:45:eb:c5:ee:1a:21:10:e7:1d:c4:7e:d5:02:c5:cf:
         6d:c7:ea:43:fb:56:a1:c8:2c:c2:f2:47:3c:f3:f6:ab:f1:20:
         28:b5:1f:da:b8:d2:56:4d:6d:5c:2f:86:48:ab:82:a8:ae:03:
         3e:0d:55:3f:a0:21:12:c6:a3:a5:17:bd:5e:50:76:19:be:6a:
         df:56:89:7a:92:6b:6a:dc:59:61:a7:90:ca:21:50:c0:4b:b2:
         b3:39:f7:dc:55:d5:8c:b3:01:84:45:44:93:7f:10:4b:86:33:
         85:d9:06:fb:12:a5:5c:62:72:fb:3f:70:28:30:ac:b7:d3:cf:
         90:aa:45:c1:54:85:c2:1a:ec:58:35:38:8b:39:f1:e2:4e:5e:
         14:b8:ad:4a:56:f8:31:fa:90:86:21:9a:80:b8:8b:cc:c4:05:
         99:c2:33:0d:fb:2c:ff:f6:55:45:82:a1:ed:32:0b:3c:d4:e3:
         cc:11:17:b2:e0:ef:dd:94:37:df:c8:a0:1d:d3:58:05:d1:1c:
         7e:f9:a2:b7:0c:ef:4a:c0:91:b1:7a:70:53:c6:f8:c7:ef:f8:
         3f:9b:19:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgZ/SqvwQuvOdq4N7ft5phMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2OTJjNWYxNjMxMzY1MzQyNWJjNDY3MTA1ODc1ZTNhMjk3
Y2ZmOWIwHhcNMjUwMTAxMDU0NzUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWM1ZTNjOTc2NWIwZjMzNWYxNjc2Yjk2NTY0NDcwZjNlOGFlNTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAryp5afck+NkylJF4AcTWsgN8G/Di
KOZbxyLBKU1Ev4QHUmLSkJtrSGJqp6Ouol5mXh/5bEqD2Tg1zhuswIuXRx7bW+qA
X1owXIZN7FlLndJldjF58fAAsQ1lITkDk16UtOgctTdUrAebyjGcXzuKXDrEtxwI
kG99LHl1XBwHABm3hy+2o3tYdikGzldfgagS7rHBnZrg/ApgPAIPgdPDTHF4y8Yc
sJyMB4KLfUI4rxVAeYf+T7OxS/cMBJoPLlYkbbrUqCml1oOwSkSr92QhY/hkkmo/
3aWXUKLWp9yC66QCiK6nEZHxDyheyv7qrAI2+SudEGBGYo3ou1Cct5pgLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGnF48l2Ww8zXxZ2uWVkRw8+iuWBMB8GA1UdIwQY
MBaAFAaSxfFjE2U0JbxGcQWHXjopfP+bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnBMRjhXTVRaVFFsdkVaeEJZZGVPaWw4XzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS83Nzk5MjgtODgxYy00MzNhLWIyNDMt
YzlmNTdlOTU5ZWYxLzEvYWNYanlYWmJEek5mRm5hNVpXUkhEejZLNVlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS83Nzk5MjgtODgxYy00MzNhLWIyNDMtYzlmNTdlOTU5ZWYx
LzEvQnBMRjhXTVRaVFFsdkVaeEJZZGVPaWw4XzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVthMA0G
CSqGSIb3DQEBCwUAA4IBAQA6u+qnhjD7c4Oq6Mi2LtvX43juuLvAjEEUB/yPvg3I
Fsglt72xDftF68XuGiEQ5x3EftUCxc9tx+pD+1ahyCzC8kc88/ar8SAotR/auNJW
TW1cL4ZIq4KorgM+DVU/oCESxqOlF71eUHYZvmrfVol6kmtq3Flhp5DKIVDAS7Kz
OffcVdWMswGERUSTfxBLhjOF2Qb7EqVcYnL7P3AoMKy308+QqkXBVIXCGuxYNTiL
OfHiTl4UuK1KVvgx+pCGIZqAuIvMxAWZwjMN+yz/9lVFgqHtMgs81OPMERey4O/d
lDffyKAd01gF0Rx++aK3DO9KwJGxenBTxvjH7/g/mxmv
-----END CERTIFICATE-----