Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/a9af0e-e91a-4f1c-b72c-1e2b1c87d317/1/CjdcUk3MOW8Rqup07x2jVDEldW4.roa
File:                     CjdcUk3MOW8Rqup07x2jVDEldW4.roa (raw, json)
Hash identifier:          UaK7I7Eqw7jf6XsvMkrSjnKfCYZKST8b3TEli5jiSHk=
Subject key identifier:   0A:37:5C:52:4D:CC:39:6F:11:AA:EA:74:EF:1D:A3:54:31:25:75:6E
Certificate issuer:       /CN=0a39f9a00278e69d1b3dddaa0bf0cd17d2e66708
Certificate serial:       0194266B453AE25F8933FF311F535DCDF355
Authority key identifier: 0A:39:F9:A0:02:78:E6:9D:1B:3D:DD:AA:0B:F0:CD:17:D2:E6:67:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Cjn5oAJ45p0bPd2qC_DNF9LmZwg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/a9af0e-e91a-4f1c-b72c-1e2b1c87d317/1/CjdcUk3MOW8Rqup07x2jVDEldW4.roa
Signing time:             Thu 02 Jan 2025 09:49:11 +0000
ROA not before:           Thu 02 Jan 2025 09:49:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8866
IP address blocks:        77.76.32.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/a9af0e-e91a-4f1c-b72c-1e2b1c87d317/1/Cjn5oAJ45p0bPd2qC_DNF9LmZwg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/a9af0e-e91a-4f1c-b72c-1e2b1c87d317/1/Cjn5oAJ45p0bPd2qC_DNF9LmZwg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Cjn5oAJ45p0bPd2qC_DNF9LmZwg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:45:3a:e2:5f:89:33:ff:31:1f:53:5d:cd:f3:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a39f9a00278e69d1b3dddaa0bf0cd17d2e66708
        Validity
            Not Before: Jan  2 09:49:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0a375c524dcc396f11aaea74ef1da3543125756e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:11:c4:d3:9e:be:bf:5d:fd:1d:7d:49:20:fb:
                    aa:70:68:3a:27:3c:94:45:93:f2:79:4a:c5:cd:71:
                    0d:26:7d:fb:6a:74:ce:0b:e9:08:24:cd:d1:de:d6:
                    86:ac:04:ad:94:4e:30:d8:be:24:7a:22:ec:c3:d1:
                    64:ff:c5:f5:03:b3:bc:4a:44:7e:96:64:4e:30:84:
                    c5:9c:c9:3d:c4:e3:ff:6e:53:3c:03:17:7d:19:14:
                    37:8c:7d:eb:74:b6:9f:62:2d:6f:29:24:98:ca:a0:
                    d6:ac:64:32:85:bf:91:0f:14:b7:da:f4:70:03:c3:
                    7b:db:68:55:d3:c2:67:ab:dd:d8:67:b5:d4:09:35:
                    2b:60:42:51:3e:9b:64:c0:28:c1:1c:35:7e:e3:e1:
                    64:01:4e:e7:50:71:6d:53:61:8d:38:f0:81:47:49:
                    18:26:26:08:e9:16:59:26:64:4c:00:da:f3:c6:cc:
                    84:72:fb:70:84:b8:ad:a7:f3:38:44:04:99:bf:41:
                    a0:af:1d:1c:fe:60:d9:44:84:69:92:3f:22:22:12:
                    28:6b:13:02:53:8e:09:9f:1c:3f:41:01:7f:a6:db:
                    4a:15:2a:ad:c1:43:85:60:6a:bb:d9:6f:a9:fc:b4:
                    c2:0d:a4:ea:3e:88:14:bb:f3:fe:5b:b9:f2:4e:55:
                    c5:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:37:5C:52:4D:CC:39:6F:11:AA:EA:74:EF:1D:A3:54:31:25:75:6E
            X509v3 Authority Key Identifier:
                keyid:0A:39:F9:A0:02:78:E6:9D:1B:3D:DD:AA:0B:F0:CD:17:D2:E6:67:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Cjn5oAJ45p0bPd2qC_DNF9LmZwg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/a9af0e-e91a-4f1c-b72c-1e2b1c87d317/1/CjdcUk3MOW8Rqup07x2jVDEldW4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/a9af0e-e91a-4f1c-b72c-1e2b1c87d317/1/Cjn5oAJ45p0bPd2qC_DNF9LmZwg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.76.32.0/19

    Signature Algorithm: sha256WithRSAEncryption
         4e:82:ba:50:c5:97:c8:7f:5e:4a:77:69:69:f1:20:45:49:89:
         3d:fc:b9:f5:d1:88:7c:9f:ec:89:b4:0a:9a:fb:83:c6:76:80:
         58:69:49:67:a9:b6:98:f3:49:65:eb:81:1d:52:01:4c:6d:f3:
         01:73:66:e8:4f:bf:34:4d:1f:67:83:c6:03:a1:42:7d:e7:4e:
         55:27:af:92:7f:fa:1b:f5:1b:83:f4:fa:73:53:5e:f5:0a:f0:
         5c:7c:05:1f:bd:e7:44:6d:bc:b7:ae:7a:c4:d0:03:e3:81:5c:
         f2:5c:67:d6:7f:fe:e9:d6:59:52:10:f8:00:a4:9a:0b:f7:48:
         32:81:12:5e:f7:37:4d:90:30:72:54:66:82:ba:62:29:9b:5d:
         0d:d7:a8:8e:83:59:c4:4a:77:fa:4f:d9:95:27:b7:3e:e5:63:
         9e:2c:49:62:e7:d2:46:9c:3e:54:f5:5f:c8:f6:ef:0d:c2:13:
         7c:c3:ec:0d:25:f6:56:67:36:19:b5:39:b0:93:a1:37:1b:16:
         00:17:55:7e:4c:4d:3b:13:92:08:31:80:02:82:62:12:b0:a6:
         cf:18:3d:08:b0:26:75:f1:07:0c:47:32:29:64:64:91:c8:a1:
         10:f4:da:ae:82:52:b4:8f:9e:eb:e6:22:34:eb:3e:25:39:cc:
         5d:29:8a:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma0U64l+JM/8xH1NdzfNVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhMzlmOWEwMDI3OGU2OWQxYjNkZGRhYTBiZjBjZDE3ZDJl
NjY3MDgwHhcNMjUwMTAyMDk0OTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTM3NWM1MjRkY2MzOTZmMTFhYWVhNzRlZjFkYTM1NDMxMjU3NTZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5hHE056+v139HX1JIPuqcGg6JzyU
RZPyeUrFzXENJn37anTOC+kIJM3R3taGrAStlE4w2L4keiLsw9Fk/8X1A7O8SkR+
lmROMITFnMk9xOP/blM8Axd9GRQ3jH3rdLafYi1vKSSYyqDWrGQyhb+RDxS32vRw
A8N722hV08Jnq93YZ7XUCTUrYEJRPptkwCjBHDV+4+FkAU7nUHFtU2GNOPCBR0kY
JiYI6RZZJmRMANrzxsyEcvtwhLitp/M4RASZv0Ggrx0c/mDZRIRpkj8iIhIoaxMC
U44Jnxw/QQF/pttKFSqtwUOFYGq72W+p/LTCDaTqPogUu/P+W7nyTlXFWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAo3XFJNzDlvEarqdO8do1QxJXVuMB8GA1UdIwQY
MBaAFAo5+aACeOadGz3dqgvwzRfS5mcIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2puNW9BSjQ1cDBiUGQycUNfRE5GOUxtWndnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS9hOWFmMGUtZTkxYS00ZjFjLWI3MmMt
MWUyYjFjODdkMzE3LzEvQ2pkY1VrM01PVzhScXVwMDd4MmpWREVsZFc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS9hOWFmMGUtZTkxYS00ZjFjLWI3MmMtMWUyYjFjODdkMzE3
LzEvQ2puNW9BSjQ1cDBiUGQycUNfRE5GOUxtWndnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFTUwgMA0G
CSqGSIb3DQEBCwUAA4IBAQBOgrpQxZfIf15Kd2lp8SBFSYk9/Ln10Yh8n+yJtAqa
+4PGdoBYaUlnqbaY80ll64EdUgFMbfMBc2boT780TR9ng8YDoUJ9505VJ6+Sf/ob
9RuD9PpzU171CvBcfAUfvedEbby3rnrE0APjgVzyXGfWf/7p1llSEPgApJoL90gy
gRJe9zdNkDByVGaCumIpm10N16iOg1nESnf6T9mVJ7c+5WOeLEli59JGnD5U9V/I
9u8NwhN8w+wNJfZWZzYZtTmwk6E3GxYAF1V+TE07E5IIMYACgmISsKbPGD0IsCZ1
8QcMRzIpZGSRyKEQ9NquglK0j57r5iI06z4lOcxdKYpC
-----END CERTIFICATE-----