Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/_xyT8D-W1ASUdultF_eyQQWbvPk.roa
File:                     _xyT8D-W1ASUdultF_eyQQWbvPk.roa (raw, json)
Hash identifier:          +uA5puWW1StFkicUhyZKX4ammMwW5XY9E5OfQcxXSNA=
Subject key identifier:   FF:1C:93:F0:3F:96:D4:04:94:76:E9:6D:17:F7:B2:41:05:9B:BC:F9
Certificate issuer:       /CN=b9954499977278a75570b3403f4d3aa00b1b36e8
Certificate serial:       018CC64BA02D45BD47742F7620D23B4FF2CF
Authority key identifier: B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/_xyT8D-W1ASUdultF_eyQQWbvPk.roa
Signing time:             Mon 01 Jan 2024 18:31:34 +0000
ROA not before:           Mon 01 Jan 2024 18:31:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213174
IP address blocks:        77.65.160.0/21 maxlen: 24
                          77.65.168.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:a0:2d:45:bd:47:74:2f:76:20:d2:3b:4f:f2:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9954499977278a75570b3403f4d3aa00b1b36e8
        Validity
            Not Before: Jan  1 18:31:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ff1c93f03f96d4049476e96d17f7b241059bbcf9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:74:9b:9f:c4:ed:8d:ab:82:be:a7:1c:cf:ce:
                    49:7d:57:68:e6:8a:9c:fe:26:2d:4d:ca:85:6c:e8:
                    d8:0c:e1:54:46:a8:50:0e:d0:5c:c4:cb:41:3a:b4:
                    f5:02:7b:b3:c0:cf:7f:fa:cc:87:03:73:d1:d3:67:
                    38:98:30:86:58:a8:1f:b7:39:61:4d:ab:a3:ac:9d:
                    d1:3c:b6:cf:de:d9:28:cb:a5:df:cb:2c:39:2c:ea:
                    72:eb:c6:5a:a4:e4:70:cb:84:0a:73:d0:19:d8:bd:
                    92:6c:6a:27:40:d3:ad:e7:02:06:fa:8c:5f:26:53:
                    ea:57:ac:b7:88:c1:21:f6:28:b9:23:2f:24:df:59:
                    a9:8a:47:a5:cd:2f:55:0c:7f:66:04:d7:e7:db:11:
                    86:88:dd:99:ec:32:c9:8d:66:34:b9:16:ad:6d:af:
                    9d:22:c0:16:e8:b2:b3:f3:b0:31:29:47:07:fc:52:
                    17:de:a3:04:99:0c:6b:58:af:55:32:00:a0:8c:82:
                    61:2d:93:10:87:34:ca:bb:db:d8:52:bf:41:f9:3e:
                    17:1a:cc:af:25:7d:8c:9a:c3:d8:f0:d2:a1:a9:18:
                    15:91:38:d7:0a:84:52:9e:d6:63:b9:3c:0e:fa:6c:
                    9d:cc:80:92:63:04:06:fd:48:40:de:46:71:ee:11:
                    38:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:1C:93:F0:3F:96:D4:04:94:76:E9:6D:17:F7:B2:41:05:9B:BC:F9
            X509v3 Authority Key Identifier:
                keyid:B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/_xyT8D-W1ASUdultF_eyQQWbvPk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.65.160.0-77.65.169.255

    Signature Algorithm: sha256WithRSAEncryption
         82:a8:f3:e7:ab:5b:1c:bb:a1:9b:24:20:b2:12:2b:ce:a9:a2:
         f7:80:63:8a:f6:ed:1f:64:91:81:c6:ea:81:4d:e4:8b:67:1b:
         a2:20:7f:d3:a1:99:e5:ae:b1:21:26:54:b1:3a:04:f4:02:1e:
         9c:d1:a7:84:2a:2c:5e:83:a9:af:22:02:6e:8f:52:aa:ad:3a:
         e7:47:cc:32:60:b7:14:44:07:04:80:b7:e6:91:61:a0:9b:0b:
         1b:c0:2d:b0:23:5f:1f:70:ab:a0:d4:d8:2b:4d:9d:1e:70:f4:
         89:3d:35:23:9f:ce:c1:92:71:e6:8c:6e:46:06:54:1f:e2:d1:
         2f:7c:66:ae:82:6c:bd:98:0b:46:07:6b:62:fa:24:cb:63:7b:
         41:c7:1d:f3:60:be:cd:a1:26:44:03:58:f9:e7:7e:f5:9c:67:
         2f:f0:e8:97:36:f3:61:99:44:f6:44:43:95:55:75:c1:9e:57:
         4c:10:04:f7:a5:4b:68:25:a6:36:d8:69:70:99:cb:54:f2:17:
         c3:8b:40:ad:99:4b:1f:43:ab:3b:9c:cb:7c:d6:75:6f:d7:8d:
         90:ae:4a:14:2d:84:5f:7d:a5:61:17:7a:58:54:34:80:de:54:
         28:90:36:da:94:90:07:85:18:f5:7f:06:88:dc:dd:f0:d0:b7:
         40:dd:5a:3c
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzGS6AtRb1HdC92INI7T/LPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5OTU0NDk5OTc3Mjc4YTc1NTcwYjM0MDNmNGQzYWEwMGIx
YjM2ZTgwHhcNMjQwMTAxMTgzMTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjFjOTNmMDNmOTZkNDA0OTQ3NmU5NmQxN2Y3YjI0MTA1OWJiY2Y5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn3Sbn8TtjauCvqccz85JfVdo5oqc
/iYtTcqFbOjYDOFURqhQDtBcxMtBOrT1AnuzwM9/+syHA3PR02c4mDCGWKgftzlh
TaujrJ3RPLbP3tkoy6Xfyyw5LOpy68ZapORwy4QKc9AZ2L2SbGonQNOt5wIG+oxf
JlPqV6y3iMEh9ii5Iy8k31mpikelzS9VDH9mBNfn2xGGiN2Z7DLJjWY0uRatba+d
IsAW6LKz87AxKUcH/FIX3qMEmQxrWK9VMgCgjIJhLZMQhzTKu9vYUr9B+T4XGsyv
JX2MmsPY8NKhqRgVkTjXCoRSntZjuTwO+mydzICSYwQG/UhA3kZx7hE4nQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFP8ck/A/ltQElHbpbRf3skEFm7z5MB8GA1UdIwQY
MBaAFLmVRJmXcninVXCzQD9NOqALGzboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAt
MDI0YjE2NTVjMjQ3LzEvX3h5VDhELVcxQVNVZHVsdEZfZXlRUVdidlBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAtMDI0YjE2NTVjMjQ3
LzEvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAVNQaAD
BAFNQagwDQYJKoZIhvcNAQELBQADggEBAIKo8+erWxy7oZskILISK86poveAY4r2
7R9kkYHG6oFN5ItnG6Igf9OhmeWusSEmVLE6BPQCHpzRp4QqLF6Dqa8iAm6PUqqt
OudHzDJgtxREBwSAt+aRYaCbCxvALbAjXx9wq6DU2CtNnR5w9Ik9NSOfzsGSceaM
bkYGVB/i0S98Zq6CbL2YC0YHa2L6JMtje0HHHfNgvs2hJkQDWPnnfvWcZy/w6Jc2
82GZRPZEQ5VVdcGeV0wQBPelS2glpjbYaXCZy1TyF8OLQK2ZSx9Dqzucy3zWdW/X
jZCuShQthF99pWEXelhUNIDeVCiQNtqUkAeFGPV/Bojc3fDQt0DdWjw=
-----END CERTIFICATE-----
Generated at Sat Nov 23 02:04:07 2024 by rpki-client on console-ams.rpki-client.org