Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/mKKriCrO0GAx6wXUexWslvu8LSc.roa
File:                     mKKriCrO0GAx6wXUexWslvu8LSc.roa (raw, json)
Hash identifier:          FrSN6184kW7xB8iF1RKx9SGTZziePzZZuM0d+5b73JE=
Subject key identifier:   98:A2:AB:88:2A:CE:D0:60:31:EB:05:D4:7B:15:AC:96:FB:BC:2D:27
Certificate issuer:       /CN=0692c5f16313653425bc467105875e3a297cff9b
Certificate serial:       018CCA2A91A98CD902FE5B9AE92C906F167B
Authority key identifier: 06:92:C5:F1:63:13:65:34:25:BC:46:71:05:87:5E:3A:29:7C:FF:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BpLF8WMTZTQlvEZxBYdeOil8_5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/mKKriCrO0GAx6wXUexWslvu8LSc.roa
Signing time:             Tue 02 Jan 2024 12:33:56 +0000
ROA not before:           Tue 02 Jan 2024 12:33:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198178
IP address blocks:        77.91.127.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/BpLF8WMTZTQlvEZxBYdeOil8_5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/BpLF8WMTZTQlvEZxBYdeOil8_5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BpLF8WMTZTQlvEZxBYdeOil8_5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 19:23:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:91:a9:8c:d9:02:fe:5b:9a:e9:2c:90:6f:16:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0692c5f16313653425bc467105875e3a297cff9b
        Validity
            Not Before: Jan  2 12:33:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=98a2ab882aced06031eb05d47b15ac96fbbc2d27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:32:23:32:28:3e:19:4a:f6:64:05:de:d0:52:
                    5a:54:d8:b1:58:6b:0f:36:92:bc:89:32:d3:6e:f1:
                    1c:b4:3f:51:51:6a:3d:8c:20:e5:74:d7:2a:ed:ed:
                    db:ab:b8:4d:d6:3f:ca:cb:d6:d6:91:ba:37:c2:8e:
                    d2:de:ce:5e:b1:95:cb:96:53:59:63:16:1f:d3:27:
                    f8:d0:d4:b8:a0:2a:fd:7f:0d:67:3c:8c:56:05:7d:
                    84:c6:05:21:84:98:7e:a3:ea:ec:96:c1:30:c1:86:
                    39:30:7b:c7:85:c3:65:86:53:6b:15:ee:40:a9:b2:
                    a3:e5:cf:d4:ec:5c:9e:10:1a:3b:6c:53:86:6b:a8:
                    1f:4a:c8:46:cd:8a:df:45:0d:64:1d:22:1b:46:e0:
                    23:5c:af:c7:77:37:39:41:a9:fe:73:5e:c2:5b:83:
                    b8:3c:09:02:e8:9c:f8:00:cb:6c:1b:a7:b1:1f:3d:
                    b7:63:8c:e0:4a:7b:81:61:96:96:d8:b4:6f:ba:56:
                    1f:9b:d9:8d:b8:87:f3:10:6b:89:3b:dd:fd:38:ab:
                    e0:54:7a:81:8a:7d:6c:eb:a2:20:87:7b:9b:86:12:
                    90:b6:f3:1c:98:54:e7:05:a9:8e:ac:6e:4e:23:2a:
                    ff:1d:79:7d:6c:ed:ea:e1:5b:82:82:67:e2:f4:40:
                    44:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:A2:AB:88:2A:CE:D0:60:31:EB:05:D4:7B:15:AC:96:FB:BC:2D:27
            X509v3 Authority Key Identifier:
                keyid:06:92:C5:F1:63:13:65:34:25:BC:46:71:05:87:5E:3A:29:7C:FF:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BpLF8WMTZTQlvEZxBYdeOil8_5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/mKKriCrO0GAx6wXUexWslvu8LSc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/BpLF8WMTZTQlvEZxBYdeOil8_5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.91.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:18:74:04:de:ef:8c:5b:8c:67:3f:26:fa:38:73:d2:c0:a0:
         36:6f:61:43:1f:34:7e:33:68:22:d7:1b:a6:c6:31:d5:53:09:
         80:9a:63:ad:bf:32:0d:7c:de:09:26:48:fc:78:20:e5:09:53:
         cd:5a:a0:53:1d:58:fd:60:42:86:12:fe:a0:a5:c8:c2:66:a1:
         0a:84:0b:af:cf:41:99:31:65:81:c2:73:8f:82:71:a0:59:25:
         00:3a:1d:67:8c:d4:c9:94:82:40:73:4d:23:82:cb:e7:19:8e:
         fb:ea:b0:bd:d6:db:b0:c0:bb:f5:e7:a2:44:85:07:c8:08:15:
         c0:34:1b:4c:e9:98:4e:a9:a4:a5:02:6f:be:87:99:83:72:b5:
         15:74:bd:68:20:d4:e0:92:31:1e:6c:1e:00:ea:3c:86:32:3d:
         35:c8:1f:84:18:d0:a9:b0:a3:d6:f2:a8:ce:eb:81:42:d5:18:
         67:e1:40:a3:68:e0:e7:9b:6e:a0:ee:72:af:a5:d9:e5:7a:9d:
         00:9f:33:ef:c5:11:ba:a4:3b:5b:9c:67:7a:0d:7d:07:a2:30:
         34:30:ce:9d:12:02:ff:f3:9b:b6:9c:bd:23:71:67:42:3c:ae:
         51:d4:88:cc:f2:a3:13:19:2f:23:a3:ac:9a:ef:c8:e8:06:c9:
         8b:14:e3:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKpGpjNkC/lua6SyQbxZ7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2OTJjNWYxNjMxMzY1MzQyNWJjNDY3MTA1ODc1ZTNhMjk3
Y2ZmOWIwHhcNMjQwMTAyMTIzMzU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OGEyYWI4ODJhY2VkMDYwMzFlYjA1ZDQ3YjE1YWM5NmZiYmMyZDI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAljIjMig+GUr2ZAXe0FJaVNixWGsP
NpK8iTLTbvEctD9RUWo9jCDldNcq7e3bq7hN1j/Ky9bWkbo3wo7S3s5esZXLllNZ
YxYf0yf40NS4oCr9fw1nPIxWBX2ExgUhhJh+o+rslsEwwYY5MHvHhcNlhlNrFe5A
qbKj5c/U7FyeEBo7bFOGa6gfSshGzYrfRQ1kHSIbRuAjXK/Hdzc5Qan+c17CW4O4
PAkC6Jz4AMtsG6exHz23Y4zgSnuBYZaW2LRvulYfm9mNuIfzEGuJO939OKvgVHqB
in1s66Igh3ubhhKQtvMcmFTnBamOrG5OIyr/HXl9bO3q4VuCgmfi9EBENwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJiiq4gqztBgMesF1HsVrJb7vC0nMB8GA1UdIwQY
MBaAFAaSxfFjE2U0JbxGcQWHXjopfP+bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnBMRjhXTVRaVFFsdkVaeEJZZGVPaWw4XzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS83Nzk5MjgtODgxYy00MzNhLWIyNDMt
YzlmNTdlOTU5ZWYxLzEvbUtLcmlDck8wR0F4NndYVWV4V3NsdnU4TFNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS83Nzk5MjgtODgxYy00MzNhLWIyNDMtYzlmNTdlOTU5ZWYx
LzEvQnBMRjhXTVRaVFFsdkVaeEJZZGVPaWw4XzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVt/MA0G
CSqGSIb3DQEBCwUAA4IBAQBQGHQE3u+MW4xnPyb6OHPSwKA2b2FDHzR+M2gi1xum
xjHVUwmAmmOtvzINfN4JJkj8eCDlCVPNWqBTHVj9YEKGEv6gpcjCZqEKhAuvz0GZ
MWWBwnOPgnGgWSUAOh1njNTJlIJAc00jgsvnGY776rC91tuwwLv156JEhQfICBXA
NBtM6ZhOqaSlAm++h5mDcrUVdL1oINTgkjEebB4A6jyGMj01yB+EGNCpsKPW8qjO
64FC1Rhn4UCjaODnm26g7nKvpdnlep0AnzPvxRG6pDtbnGd6DX0HojA0MM6dEgL/
85u2nL0jcWdCPK5R1IjM8qMTGS8jo6ya78joBsmLFOPz
-----END CERTIFICATE-----