Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/QFSxt0EsW9pEkh5K1m4XZi4VW6o.roa
File:                     QFSxt0EsW9pEkh5K1m4XZi4VW6o.roa (raw, json)
Hash identifier:          CCKQgTgK1m6fDZYtEneFWr0Hg8GjNWlilN6b0ZobPIE=
Subject key identifier:   40:54:B1:B7:41:2C:5B:DA:44:92:1E:4A:D6:6E:17:66:2E:15:5B:AA
Certificate issuer:       /CN=b9954499977278a75570b3403f4d3aa00b1b36e8
Certificate serial:       018CC64B9B666980ECBB86828AE58E924982
Authority key identifier: B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/QFSxt0EsW9pEkh5K1m4XZi4VW6o.roa
Signing time:             Mon 01 Jan 2024 18:31:32 +0000
ROA not before:           Mon 01 Jan 2024 18:31:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210220
IP address blocks:        77.65.176.0/22 maxlen: 24
                          77.65.184.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:9b:66:69:80:ec:bb:86:82:8a:e5:8e:92:49:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9954499977278a75570b3403f4d3aa00b1b36e8
        Validity
            Not Before: Jan  1 18:31:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4054b1b7412c5bda44921e4ad66e17662e155baa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:a6:8b:b5:9a:57:c0:03:48:ee:25:b2:ef:ef:
                    1d:0a:99:f6:10:a4:6c:43:ca:8e:4f:95:48:53:02:
                    0b:c1:54:50:de:81:06:3b:85:75:20:5d:8b:6d:83:
                    06:51:ca:1b:9b:79:70:fa:90:ad:5a:94:ae:94:6a:
                    95:3a:4f:7c:78:cd:db:14:75:a4:c9:8a:4b:c6:ad:
                    81:0a:1b:84:74:09:81:c1:51:21:5f:a4:97:1f:41:
                    6a:60:31:6c:68:88:15:3b:76:d3:93:3e:d9:ec:9d:
                    67:7d:a6:c0:c0:49:93:c4:bc:5a:2c:cf:5b:29:1c:
                    f0:72:9b:0b:5b:98:e3:ac:74:4d:ae:27:f8:3e:b3:
                    66:ff:4c:12:3b:3e:a3:02:7a:0c:44:02:da:4d:c4:
                    f4:e4:6b:fe:31:c8:94:49:c4:89:d8:3e:4d:05:0a:
                    a3:de:f0:79:b5:04:0c:7e:59:11:c8:c1:83:b7:50:
                    c6:ad:5e:69:8c:16:45:7a:24:e3:48:ea:55:a8:46:
                    9a:14:c5:77:28:c4:e7:c9:d5:74:02:09:b8:b4:b7:
                    ed:64:0c:15:d2:75:f8:30:b6:c6:d1:56:3a:14:64:
                    35:95:80:d5:84:0a:26:b5:da:3b:9c:6b:fd:5e:20:
                    48:c9:72:cf:c1:f7:06:d0:ac:05:ef:c2:3e:30:f7:
                    3c:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:54:B1:B7:41:2C:5B:DA:44:92:1E:4A:D6:6E:17:66:2E:15:5B:AA
            X509v3 Authority Key Identifier:
                keyid:B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/QFSxt0EsW9pEkh5K1m4XZi4VW6o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.65.176.0/22
                  77.65.184.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7c:8b:24:cb:b6:e8:53:24:74:0c:0b:35:ec:1e:e1:bb:1f:6e:
         99:f2:63:86:4e:a4:be:fa:3d:d0:98:94:cd:df:cd:de:b6:d4:
         97:a1:90:0f:aa:b4:25:10:7a:9d:e2:3f:51:8b:fe:d5:b6:9d:
         62:26:01:a9:b0:c7:aa:8b:c0:59:8a:3a:3a:ac:db:96:ed:04:
         7b:f6:a6:fa:dc:2d:a3:a9:6f:c5:c9:cf:be:6e:54:74:e2:9d:
         8a:f9:68:f3:19:39:57:32:ed:a5:54:d3:51:e5:a0:a2:8b:24:
         39:c6:83:70:9d:a0:7e:11:e8:bc:2d:eb:3f:3a:9e:85:b5:01:
         57:f6:40:e6:a6:f8:4a:16:99:48:64:c9:60:04:81:7e:76:2b:
         80:ff:0d:ce:37:3c:2d:c3:d7:2e:78:4f:10:d4:a6:ed:dd:93:
         d0:55:41:85:b1:62:1a:55:9d:44:b4:e2:dd:b2:7b:03:2a:ab:
         d6:dc:bf:ce:3a:9d:a3:8a:8c:a4:b6:eb:ee:30:35:ef:7d:f3:
         1b:1c:cb:d9:f4:35:0c:3c:d1:47:f0:e1:60:ca:10:01:3f:81:
         8b:de:2e:87:72:51:fd:39:01:62:3b:84:e5:b4:b7:df:60:df:
         2b:0e:c9:4a:1f:54:7e:c2:a1:47:41:71:b5:58:b1:4b:0d:54:
         3a:a2:b1:fa
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGS5tmaYDsu4aCiuWOkkmCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5OTU0NDk5OTc3Mjc4YTc1NTcwYjM0MDNmNGQzYWEwMGIx
YjM2ZTgwHhcNMjQwMTAxMTgzMTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDU0YjFiNzQxMmM1YmRhNDQ5MjFlNGFkNjZlMTc2NjJlMTU1YmFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyKaLtZpXwANI7iWy7+8dCpn2EKRs
Q8qOT5VIUwILwVRQ3oEGO4V1IF2LbYMGUcobm3lw+pCtWpSulGqVOk98eM3bFHWk
yYpLxq2BChuEdAmBwVEhX6SXH0FqYDFsaIgVO3bTkz7Z7J1nfabAwEmTxLxaLM9b
KRzwcpsLW5jjrHRNrif4PrNm/0wSOz6jAnoMRALaTcT05Gv+MciUScSJ2D5NBQqj
3vB5tQQMflkRyMGDt1DGrV5pjBZFeiTjSOpVqEaaFMV3KMTnydV0Agm4tLftZAwV
0nX4MLbG0VY6FGQ1lYDVhAomtdo7nGv9XiBIyXLPwfcG0KwF78I+MPc8hQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEBUsbdBLFvaRJIeStZuF2YuFVuqMB8GA1UdIwQY
MBaAFLmVRJmXcninVXCzQD9NOqALGzboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAt
MDI0YjE2NTVjMjQ3LzEvUUZTeHQwRXNXOXBFa2g1SzFtNFhaaTRWVzZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAtMDI0YjE2NTVjMjQ3
LzEvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCTUGwAwQC
TUG4MA0GCSqGSIb3DQEBCwUAA4IBAQB8iyTLtuhTJHQMCzXsHuG7H26Z8mOGTqS+
+j3QmJTN383ettSXoZAPqrQlEHqd4j9Ri/7Vtp1iJgGpsMeqi8BZijo6rNuW7QR7
9qb63C2jqW/Fyc++blR04p2K+WjzGTlXMu2lVNNR5aCiiyQ5xoNwnaB+Eei8Les/
Op6FtQFX9kDmpvhKFplIZMlgBIF+diuA/w3ONzwtw9cueE8Q1Kbt3ZPQVUGFsWIa
VZ1EtOLdsnsDKqvW3L/OOp2jioyktuvuMDXvffMbHMvZ9DUMPNFH8OFgyhABP4GL
3i6HclH9OQFiO4TltLffYN8rDslKH1R+wqFHQXG1WLFLDVQ6orH6
-----END CERTIFICATE-----