Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/hUnSKgzf2KYI3R-6Nqa_eN2J7FA.roa
File:                     hUnSKgzf2KYI3R-6Nqa_eN2J7FA.roa (raw, json)
Hash identifier:          Z6fedZ29fapT/ZpmCPKEj9LpyuUhelLQM6+eqPXZ2tk=
Subject key identifier:   85:49:D2:2A:0C:DF:D8:A6:08:DD:1F:BA:36:A6:BF:78:DD:89:EC:50
Certificate issuer:       /CN=c9d57447e3420b853875b6fa40372aade3192ca2
Certificate serial:       018F7C15F927EDB88656612A1CF2BFA8EAD0
Authority key identifier: C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/hUnSKgzf2KYI3R-6Nqa_eN2J7FA.roa
Signing time:             Wed 15 May 2024 11:49:25 +0000
ROA not before:           Wed 15 May 2024 11:49:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207279
IP address blocks:        77.92.154.0/24 maxlen: 24
                          78.135.87.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:7c:15:f9:27:ed:b8:86:56:61:2a:1c:f2:bf:a8:ea:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d57447e3420b853875b6fa40372aade3192ca2
        Validity
            Not Before: May 15 11:49:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8549d22a0cdfd8a608dd1fba36a6bf78dd89ec50
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:cb:53:63:2f:b4:cd:2f:18:53:d9:87:05:c9:
                    c7:d1:59:e3:05:bc:0e:d2:8a:93:d7:7a:e0:ec:98:
                    09:19:82:75:24:23:c9:c6:a6:f0:c5:bb:c4:a2:bb:
                    7d:53:f7:a1:17:2a:db:84:76:72:e7:1b:5b:97:e0:
                    88:e7:a0:24:55:5e:ff:b1:57:b4:84:5a:9a:df:a8:
                    c0:54:4c:e1:58:5a:55:08:36:3e:0f:70:d6:17:96:
                    68:ea:66:62:71:94:f9:aa:a5:0e:38:05:70:c4:81:
                    27:66:9c:6a:01:6a:4b:d2:83:44:36:1a:d1:2c:db:
                    6b:21:48:5f:f0:b6:0d:e9:2f:26:3c:ae:4f:1d:6d:
                    b4:5d:19:81:9b:31:65:89:d9:0a:ed:36:23:25:73:
                    72:38:e6:1e:2a:0d:28:83:ef:9c:b0:ea:d3:d6:1c:
                    11:e6:c3:2b:e4:0f:0e:5f:38:9f:82:3a:e3:a0:40:
                    37:6d:a5:dd:7c:dc:d8:21:14:ec:ef:9e:e2:1e:4f:
                    40:3a:46:5f:72:c3:b3:3f:87:11:5d:38:ef:71:cf:
                    9b:66:f2:ec:d8:39:b7:92:0b:46:68:57:cc:34:ed:
                    20:96:70:18:f5:bb:22:9c:8e:68:27:8b:50:bc:d9:
                    0d:fa:81:aa:a7:81:8d:93:ea:af:31:b1:73:f4:b8:
                    8f:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:49:D2:2A:0C:DF:D8:A6:08:DD:1F:BA:36:A6:BF:78:DD:89:EC:50
            X509v3 Authority Key Identifier:
                keyid:C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/hUnSKgzf2KYI3R-6Nqa_eN2J7FA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.92.154.0/24
                  78.135.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:cb:1f:0a:fc:e5:30:2b:d9:88:96:22:76:c5:71:b7:07:53:
         3c:7f:76:6d:99:57:61:c1:a7:69:72:58:3e:21:dd:6a:bd:68:
         de:c5:bd:4c:a4:b5:31:2b:d3:c2:8d:a2:3f:80:99:12:cb:db:
         9c:80:a3:16:b7:2c:5e:62:f0:6e:93:1a:ab:b5:c6:db:90:aa:
         39:ca:df:2c:cf:72:c5:5d:33:b2:cc:07:99:72:29:bf:09:e4:
         09:8a:f7:30:f9:63:dd:a9:69:9d:7f:3e:98:46:cc:b5:d1:f6:
         3c:cc:7e:5f:27:ff:16:b8:77:83:5f:fd:08:0c:ce:59:d8:84:
         89:b0:e7:29:7e:7c:aa:70:28:0e:b8:19:01:5f:b9:eb:7d:3f:
         19:9e:dd:5f:9f:52:29:1e:3d:3f:c0:14:72:1e:01:71:5b:7b:
         f7:5e:5c:a4:ef:1f:d0:f9:63:34:c5:e1:44:3b:5c:42:01:a0:
         70:d5:f1:2a:4d:36:52:fc:de:54:cb:4b:6a:97:85:d4:6c:6a:
         56:f1:4d:86:8f:94:52:92:2c:d4:b5:e2:95:f0:79:89:55:9b:
         91:9a:5a:f5:a0:75:b5:9e:62:76:8c:dd:50:c1:0d:c1:5d:33:
         90:77:cb:75:01:3d:75:91:5f:90:d3:ef:1c:ca:78:ef:17:df:
         31:df:e3:0d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY98Ffkn7biGVmEqHPK/qOrQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDU3NDQ3ZTM0MjBiODUzODc1YjZmYTQwMzcyYWFkZTMx
OTJjYTIwHhcNMjQwNTE1MTE0OTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTQ5ZDIyYTBjZGZkOGE2MDhkZDFmYmEzNmE2YmY3OGRkODllYzUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArMtTYy+0zS8YU9mHBcnH0VnjBbwO
0oqT13rg7JgJGYJ1JCPJxqbwxbvEort9U/ehFyrbhHZy5xtbl+CI56AkVV7/sVe0
hFqa36jAVEzhWFpVCDY+D3DWF5Zo6mZicZT5qqUOOAVwxIEnZpxqAWpL0oNENhrR
LNtrIUhf8LYN6S8mPK5PHW20XRmBmzFlidkK7TYjJXNyOOYeKg0og++csOrT1hwR
5sMr5A8OXzifgjrjoEA3baXdfNzYIRTs757iHk9AOkZfcsOzP4cRXTjvcc+bZvLs
2Dm3kgtGaFfMNO0glnAY9bsinI5oJ4tQvNkN+oGqp4GNk+qvMbFz9LiPMQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIVJ0ioM39imCN0fujamv3jdiexQMB8GA1UdIwQY
MBaAFMnVdEfjQguFOHW2+kA3Kq3jGSyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTkt
NGUxOThmMGE2MDEzLzEvaFVuU0tnemYyS1lJM1ItNk5xYV9lTjJKN0ZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTktNGUxOThmMGE2MDEz
LzEveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATVyaAwQA
TodXMA0GCSqGSIb3DQEBCwUAA4IBAQBhyx8K/OUwK9mIliJ2xXG3B1M8f3ZtmVdh
wadpclg+Id1qvWjexb1MpLUxK9PCjaI/gJkSy9ucgKMWtyxeYvBukxqrtcbbkKo5
yt8sz3LFXTOyzAeZcim/CeQJivcw+WPdqWmdfz6YRsy10fY8zH5fJ/8WuHeDX/0I
DM5Z2ISJsOcpfnyqcCgOuBkBX7nrfT8Znt1fn1IpHj0/wBRyHgFxW3v3Xlyk7x/Q
+WM0xeFEO1xCAaBw1fEqTTZS/N5Uy0tql4XUbGpW8U2Gj5RSkizUteKV8HmJVZuR
mlr1oHW1nmJ2jN1QwQ3BXTOQd8t1AT11kV+Q0+8cynjvF98x3+MN
-----END CERTIFICATE-----