Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/ms2ZhFjDPZMVQK5o4oOcJgmL1nE.roa
File:                     ms2ZhFjDPZMVQK5o4oOcJgmL1nE.roa (raw, json)
Hash identifier:          3yQg6AHhnKdVTbHh460EKJRp3LHNRUfUzIiKHO+XEbA=
Subject key identifier:   9A:CD:99:84:58:C3:3D:93:15:40:AE:68:E2:83:9C:26:09:8B:D6:71
Certificate issuer:       /CN=b9954499977278a75570b3403f4d3aa00b1b36e8
Certificate serial:       0194266BD956039CFFDD9CF9297684551C35
Authority key identifier: B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/ms2ZhFjDPZMVQK5o4oOcJgmL1nE.roa
Signing time:             Thu 02 Jan 2025 09:49:49 +0000
ROA not before:           Thu 02 Jan 2025 09:49:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42402
IP address blocks:        77.65.136.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:d9:56:03:9c:ff:dd:9c:f9:29:76:84:55:1c:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9954499977278a75570b3403f4d3aa00b1b36e8
        Validity
            Not Before: Jan  2 09:49:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9acd998458c33d931540ae68e2839c26098bd671
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:51:33:5d:1c:e6:9f:63:c4:b5:14:71:e2:a2:
                    7e:25:44:0c:95:69:d6:82:08:4c:09:a7:cc:5c:a8:
                    52:1e:7a:5f:21:71:ff:12:8a:09:5e:86:3a:2e:f1:
                    99:85:46:fc:85:b0:6a:06:5f:cf:76:3a:8b:30:24:
                    cc:0a:01:8d:a3:0d:30:df:fd:37:fd:71:ad:f9:29:
                    46:26:85:a1:d8:62:94:bd:90:20:fb:b1:14:75:87:
                    00:56:94:22:b4:d5:6f:40:56:00:6a:fb:01:98:7c:
                    8e:62:d9:85:a5:d1:18:71:c0:0b:8d:9e:19:10:0b:
                    aa:d5:fb:25:ba:4d:00:5e:30:1a:ee:89:94:0e:2e:
                    21:cf:2e:27:70:b0:96:4f:ec:6c:73:19:7d:eb:86:
                    e5:44:86:27:5f:46:6f:99:c4:0b:7a:a2:03:88:63:
                    d2:9d:50:18:84:75:e5:23:03:6a:88:11:aa:60:8a:
                    a0:fd:9d:7b:cb:20:d3:78:97:cb:91:c2:b3:18:ad:
                    75:99:29:91:9e:df:6d:00:b3:51:7a:69:0f:68:00:
                    0c:bb:83:2f:76:75:33:65:f7:de:c8:88:44:2a:27:
                    e5:45:4a:e3:4f:9b:29:3d:ec:0e:f3:1a:ff:aa:e3:
                    a7:26:e0:eb:49:3c:8a:af:77:6f:86:ac:8d:24:99:
                    9f:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:CD:99:84:58:C3:3D:93:15:40:AE:68:E2:83:9C:26:09:8B:D6:71
            X509v3 Authority Key Identifier:
                keyid:B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/ms2ZhFjDPZMVQK5o4oOcJgmL1nE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.65.136.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5e:95:23:59:44:eb:46:b8:c3:17:76:e5:3e:32:09:35:3f:e6:
         67:9b:04:98:fe:c8:25:01:d1:68:56:fd:a6:c8:1f:c6:d8:73:
         f2:88:00:17:a4:f2:6f:48:5b:aa:6c:8c:45:eb:08:09:e3:3e:
         86:fe:2e:42:f6:df:58:d3:f8:2e:cf:2c:5e:d3:1c:ae:27:b2:
         e4:f3:7f:22:8c:7c:cf:bd:cb:fe:0f:ed:d6:45:75:e5:a3:55:
         23:98:c9:b6:33:45:b6:b4:c3:8f:48:25:11:28:58:78:50:84:
         b5:7b:22:c0:f4:08:b1:8f:6d:0f:0e:af:18:e5:59:e8:5a:4e:
         b7:9c:0e:cf:6a:b2:3d:3f:87:9a:94:8e:d5:31:36:68:19:a4:
         ee:7e:e5:62:02:18:7e:49:c7:03:f3:83:13:30:6d:8e:9e:c5:
         cc:f3:1b:03:2d:a2:96:fb:f0:c6:1c:6c:22:6d:a2:55:78:69:
         94:53:3f:5c:66:f7:43:e0:b2:08:e9:52:aa:67:02:a1:57:8e:
         db:37:5b:3c:52:88:dc:97:3d:93:eb:d6:00:f1:31:25:20:5f:
         7b:e1:cb:94:23:1f:fd:f9:13:77:2b:0c:4c:46:84:ca:c6:df:
         6d:32:0a:bd:cb:c4:00:6e:c2:42:67:72:f5:b6:07:ea:98:25:
         8d:f5:7c:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma9lWA5z/3Zz5KXaEVRw1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5OTU0NDk5OTc3Mjc4YTc1NTcwYjM0MDNmNGQzYWEwMGIx
YjM2ZTgwHhcNMjUwMTAyMDk0OTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YWNkOTk4NDU4YzMzZDkzMTU0MGFlNjhlMjgzOWMyNjA5OGJkNjcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAslEzXRzmn2PEtRRx4qJ+JUQMlWnW
gghMCafMXKhSHnpfIXH/EooJXoY6LvGZhUb8hbBqBl/PdjqLMCTMCgGNow0w3/03
/XGt+SlGJoWh2GKUvZAg+7EUdYcAVpQitNVvQFYAavsBmHyOYtmFpdEYccALjZ4Z
EAuq1fsluk0AXjAa7omUDi4hzy4ncLCWT+xscxl964blRIYnX0ZvmcQLeqIDiGPS
nVAYhHXlIwNqiBGqYIqg/Z17yyDTeJfLkcKzGK11mSmRnt9tALNRemkPaAAMu4Mv
dnUzZffeyIhEKiflRUrjT5spPewO8xr/quOnJuDrSTyKr3dvhqyNJJmf4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJrNmYRYwz2TFUCuaOKDnCYJi9ZxMB8GA1UdIwQY
MBaAFLmVRJmXcninVXCzQD9NOqALGzboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAt
MDI0YjE2NTVjMjQ3LzEvbXMyWmhGakRQWk1WUUs1bzRvT2NKZ21MMW5FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAtMDI0YjE2NTVjMjQ3
LzEvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCTUGIMA0G
CSqGSIb3DQEBCwUAA4IBAQBelSNZROtGuMMXduU+Mgk1P+ZnmwSY/sglAdFoVv2m
yB/G2HPyiAAXpPJvSFuqbIxF6wgJ4z6G/i5C9t9Y0/guzyxe0xyuJ7Lk838ijHzP
vcv+D+3WRXXlo1UjmMm2M0W2tMOPSCURKFh4UIS1eyLA9Aixj20PDq8Y5VnoWk63
nA7ParI9P4ealI7VMTZoGaTufuViAhh+SccD84MTMG2OnsXM8xsDLaKW+/DGHGwi
baJVeGmUUz9cZvdD4LII6VKqZwKhV47bN1s8Uojclz2T69YA8TElIF974cuUIx/9
+RN3KwxMRoTKxt9tMgq9y8QAbsJCZ3L1tgfqmCWN9Xyv
-----END CERTIFICATE-----