Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/44aa17-2d36-49c3-ba4f-cd14fe2d9571/1/gn0pW4yvQSC2tqur9J6XWhniWN8.roa
File:                     gn0pW4yvQSC2tqur9J6XWhniWN8.roa (raw, json)
Hash identifier:          I4siKf/0Syjrm4QRMFKResE5U/AU4oPV0qrVMl7zWFo=
Subject key identifier:   82:7D:29:5B:8C:AF:41:20:B6:B6:AB:AB:F4:9E:97:5A:19:E2:58:DF
Certificate issuer:       /CN=51b2cf749af6967078c04bd0c70b5141f4e5a60a
Certificate serial:       018CC50132B47834110C45DEC214C2EDCB9E
Authority key identifier: 51:B2:CF:74:9A:F6:96:70:78:C0:4B:D0:C7:0B:51:41:F4:E5:A6:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UbLPdJr2lnB4wEvQxwtRQfTlpgo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/44aa17-2d36-49c3-ba4f-cd14fe2d9571/1/gn0pW4yvQSC2tqur9J6XWhniWN8.roa
Signing time:             Mon 01 Jan 2024 12:30:39 +0000
ROA not before:           Mon 01 Jan 2024 12:30:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213363
IP address blocks:        77.83.122.0/24 maxlen: 24
                          77.83.120.0/24 maxlen: 24
                          77.83.123.0/24 maxlen: 24
                          77.83.120.0/22 maxlen: 22
                          77.83.121.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/44aa17-2d36-49c3-ba4f-cd14fe2d9571/1/UbLPdJr2lnB4wEvQxwtRQfTlpgo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/44aa17-2d36-49c3-ba4f-cd14fe2d9571/1/UbLPdJr2lnB4wEvQxwtRQfTlpgo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UbLPdJr2lnB4wEvQxwtRQfTlpgo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 18:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:32:b4:78:34:11:0c:45:de:c2:14:c2:ed:cb:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=51b2cf749af6967078c04bd0c70b5141f4e5a60a
        Validity
            Not Before: Jan  1 12:30:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=827d295b8caf4120b6b6ababf49e975a19e258df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:b8:d7:6a:4c:f6:da:f4:42:0f:e2:17:e4:63:
                    e9:3e:3a:cb:b1:64:e1:f2:31:1e:89:6f:56:90:91:
                    68:a6:e7:4c:58:d8:5f:8e:7e:fe:4d:13:03:d0:b1:
                    99:f1:7b:c7:ba:fc:89:44:ba:04:de:15:1a:d4:e4:
                    bf:87:48:4a:44:b4:13:bc:7d:0f:e7:8c:18:db:ef:
                    be:59:f1:1d:44:f2:41:f7:07:65:19:ef:ab:0d:d0:
                    c5:f8:30:a2:9d:f3:d1:18:eb:6d:62:6e:11:54:64:
                    ac:25:0b:50:d2:8a:d1:a5:63:d4:3c:73:f9:06:b5:
                    c8:6f:d8:0c:48:17:95:a7:34:3a:3d:c5:1f:28:2e:
                    b2:b4:ad:3e:75:5c:f3:a3:d4:0a:c3:9d:2e:d7:5d:
                    12:7b:3a:b9:67:75:f7:39:ad:49:75:6e:48:94:51:
                    82:37:62:a9:4d:1a:04:18:58:24:3e:a2:bb:6b:a2:
                    ba:38:c8:91:83:2b:a7:9c:e6:be:3a:46:bb:0d:45:
                    8e:67:f0:11:08:ff:f0:83:c9:dd:ee:1c:49:00:e6:
                    9f:e6:aa:26:33:55:33:df:52:10:8c:28:39:c4:a6:
                    80:8e:af:40:de:ac:20:fb:1a:42:ed:c1:fa:e9:42:
                    44:e1:fd:30:05:a5:aa:02:83:c9:be:84:ee:2a:96:
                    ed:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:7D:29:5B:8C:AF:41:20:B6:B6:AB:AB:F4:9E:97:5A:19:E2:58:DF
            X509v3 Authority Key Identifier:
                keyid:51:B2:CF:74:9A:F6:96:70:78:C0:4B:D0:C7:0B:51:41:F4:E5:A6:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UbLPdJr2lnB4wEvQxwtRQfTlpgo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/44aa17-2d36-49c3-ba4f-cd14fe2d9571/1/gn0pW4yvQSC2tqur9J6XWhniWN8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/44aa17-2d36-49c3-ba4f-cd14fe2d9571/1/UbLPdJr2lnB4wEvQxwtRQfTlpgo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.83.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         44:ba:d9:53:2e:13:8c:77:8f:00:e3:56:55:9f:f4:0b:9d:46:
         45:74:4a:03:92:02:32:56:51:7e:d2:89:38:d2:22:6b:6b:d9:
         93:bf:f7:9a:d1:d6:26:4c:9d:da:53:36:67:98:1e:e7:bd:64:
         77:24:f2:0b:82:78:08:af:41:d0:86:8f:52:0a:68:d9:bc:1c:
         89:74:09:5c:58:ad:08:57:81:4b:74:9a:43:19:89:8e:26:7c:
         99:f4:78:c1:0d:d3:15:fa:15:77:ac:a6:ab:b0:32:44:d6:5d:
         60:c6:8a:fb:a7:18:c4:dd:d1:81:fc:fc:11:82:d3:f0:d5:52:
         34:61:98:82:08:a2:8c:9a:78:e3:f9:6b:e2:f4:64:f3:f0:b1:
         f0:44:75:72:0b:c5:8a:46:dd:6c:5b:b4:fd:22:da:bf:37:4d:
         ff:9f:c5:a5:37:5b:bf:b8:fc:1b:be:f3:1a:48:d9:25:6a:f6:
         b0:24:1c:b4:2e:34:2b:2e:01:ac:07:cb:4f:14:3a:13:19:68:
         fc:ba:b9:9c:38:b3:ff:35:32:75:cb:11:ed:20:51:d3:19:2b:
         c6:e2:a5:f3:ec:f5:dc:14:e0:ad:56:21:72:e1:a1:78:2a:03:
         71:de:6f:a0:7b:67:07:d6:0f:05:54:30:be:46:11:c5:6c:56:
         fa:45:e9:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFATK0eDQRDEXewhTC7cueMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxYjJjZjc0OWFmNjk2NzA3OGMwNGJkMGM3MGI1MTQxZjRl
NWE2MGEwHhcNMjQwMTAxMTIzMDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjdkMjk1YjhjYWY0MTIwYjZiNmFiYWJmNDllOTc1YTE5ZTI1OGRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnbjXakz22vRCD+IX5GPpPjrLsWTh
8jEeiW9WkJFopudMWNhfjn7+TRMD0LGZ8XvHuvyJRLoE3hUa1OS/h0hKRLQTvH0P
54wY2+++WfEdRPJB9wdlGe+rDdDF+DCinfPRGOttYm4RVGSsJQtQ0orRpWPUPHP5
BrXIb9gMSBeVpzQ6PcUfKC6ytK0+dVzzo9QKw50u110Sezq5Z3X3Oa1JdW5IlFGC
N2KpTRoEGFgkPqK7a6K6OMiRgyunnOa+Oka7DUWOZ/ARCP/wg8nd7hxJAOaf5qom
M1Uz31IQjCg5xKaAjq9A3qwg+xpC7cH66UJE4f0wBaWqAoPJvoTuKpbtiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIJ9KVuMr0Egtrarq/Sel1oZ4ljfMB8GA1UdIwQY
MBaAFFGyz3Sa9pZweMBL0McLUUH05aYKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWJMUGRKcjJsbkI0d0V2UXh3dFJRZlRscGdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi80NGFhMTctMmQzNi00OWMzLWJhNGYt
Y2QxNGZlMmQ5NTcxLzEvZ24wcFc0eXZRU0MydHF1cjlKNlhXaG5pV044LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi80NGFhMTctMmQzNi00OWMzLWJhNGYtY2QxNGZlMmQ5NTcx
LzEvVWJMUGRKcjJsbkI0d0V2UXh3dFJRZlRscGdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCTVN4MA0G
CSqGSIb3DQEBCwUAA4IBAQBEutlTLhOMd48A41ZVn/QLnUZFdEoDkgIyVlF+0ok4
0iJra9mTv/ea0dYmTJ3aUzZnmB7nvWR3JPILgngIr0HQho9SCmjZvByJdAlcWK0I
V4FLdJpDGYmOJnyZ9HjBDdMV+hV3rKarsDJE1l1gxor7pxjE3dGB/PwRgtPw1VI0
YZiCCKKMmnjj+Wvi9GTz8LHwRHVyC8WKRt1sW7T9Itq/N03/n8WlN1u/uPwbvvMa
SNklavawJBy0LjQrLgGsB8tPFDoTGWj8urmcOLP/NTJ1yxHtIFHTGSvG4qXz7PXc
FOCtViFy4aF4KgNx3m+ge2cH1g8FVDC+RhHFbFb6Reld
-----END CERTIFICATE-----
Generated at Sat Nov 23 02:03:17 2024 by rpki-client on console-ams.rpki-client.org