Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/pnd3YojRi7DZYpXBXFp9kwat45Y.roa
File:                     pnd3YojRi7DZYpXBXFp9kwat45Y.roa (raw, json)
Hash identifier:          L/sfRRwnOa3q3wB7hNxXjSMDs2syDkgziLpoLHkufh4=
Subject key identifier:   A6:77:77:62:88:D1:8B:B0:D9:62:95:C1:5C:5A:7D:93:06:AD:E3:96
Certificate issuer:       /CN=19426325acb8ce609a686fa655b058968809b346
Certificate serial:       01946ABF41686DE2F56FEE1D384A46CA3049
Authority key identifier: 19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/pnd3YojRi7DZYpXBXFp9kwat45Y.roa
Signing time:             Wed 15 Jan 2025 16:15:06 +0000
ROA not before:           Wed 15 Jan 2025 16:15:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6830
IP address blocks:        77.47.210.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 23:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:6a:bf:41:68:6d:e2:f5:6f:ee:1d:38:4a:46:ca:30:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19426325acb8ce609a686fa655b058968809b346
        Validity
            Not Before: Jan 15 16:15:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a677776288d18bb0d96295c15c5a7d9306ade396
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:34:06:60:7b:43:96:71:33:3b:f1:0b:f8:92:
                    e8:bb:bd:a1:aa:60:85:18:f6:3f:5e:53:ca:57:bf:
                    f9:7c:e1:32:63:64:82:b0:f1:9d:2e:47:5c:94:38:
                    af:45:55:d4:9a:f8:be:60:a3:10:3b:52:ca:3b:6d:
                    58:d9:7f:06:95:2c:73:68:0a:29:0d:f4:be:c3:92:
                    d9:5f:54:e8:4d:08:23:a4:b8:1a:a1:60:ec:c8:06:
                    91:b1:b8:3f:d3:27:bc:a8:35:92:ba:ac:35:b8:e9:
                    ab:80:66:b8:c9:72:f0:95:34:9d:ec:8d:08:11:8a:
                    39:db:96:9d:2f:51:0a:9c:50:87:05:cf:e0:e2:0e:
                    21:18:a4:b0:92:f9:36:f0:e1:c5:83:e8:fc:99:52:
                    e4:03:1e:c7:13:07:3b:d6:9d:65:3b:8f:63:9c:9a:
                    21:c3:7a:04:3e:4a:3c:80:1e:f3:ef:77:3d:7d:48:
                    2e:55:19:24:03:32:44:c7:14:dd:ec:f8:61:9c:bf:
                    07:97:a9:ac:bb:6f:b0:9a:a3:0d:f2:4c:b2:2d:5c:
                    4b:c4:bc:17:11:e9:a3:0f:32:b2:b2:9b:18:04:39:
                    ce:ab:8e:26:31:ed:20:f4:d8:4a:bd:56:f4:e9:50:
                    4b:c3:7a:64:26:68:29:17:a0:47:08:b3:59:10:63:
                    7c:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:77:77:62:88:D1:8B:B0:D9:62:95:C1:5C:5A:7D:93:06:AD:E3:96
            X509v3 Authority Key Identifier:
                keyid:19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/pnd3YojRi7DZYpXBXFp9kwat45Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.47.210.0/23

    Signature Algorithm: sha256WithRSAEncryption
         cc:47:fd:33:61:a6:e1:b1:e8:2b:f0:48:43:f0:88:c9:aa:14:
         79:bd:c4:71:e9:02:5c:18:b6:29:57:19:31:1b:84:00:c1:6e:
         9d:43:27:4b:49:e2:3f:df:80:5a:7f:21:cd:a5:a5:a3:d5:21:
         2d:0f:75:fe:8e:97:f2:e5:1e:d2:e3:d8:db:81:e7:39:86:9c:
         11:6c:bf:b9:8d:98:8c:c3:df:ce:46:24:b7:bc:53:d1:48:b6:
         cc:ff:4d:0e:c5:8f:cf:28:be:17:5e:c2:85:0b:59:87:e7:7b:
         08:c6:6e:38:e2:78:38:44:5b:9a:95:53:68:34:61:89:04:24:
         18:5a:4b:5f:75:1d:09:6f:67:ac:14:d2:bf:cd:af:ce:e0:52:
         68:30:42:90:91:0a:7b:ad:15:ac:26:45:3f:6e:88:16:54:31:
         bd:8c:69:22:99:15:61:5f:f7:0a:45:00:67:70:3f:0a:bd:32:
         c2:4e:69:45:c6:d0:b5:0d:cb:45:8b:bc:2a:ca:a5:6c:56:0e:
         5c:c1:f7:35:ca:b4:02:6b:3a:87:44:46:de:35:88:88:08:b5:
         da:1f:f5:4c:ef:9c:00:e2:65:01:5d:ab:4d:af:7d:50:f6:b5:
         25:59:a1:ee:17:24:1f:73:d0:2a:57:89:62:f9:93:82:a4:d7:
         59:6d:88:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRqv0FobeL1b+4dOEpGyjBJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5NDI2MzI1YWNiOGNlNjA5YTY4NmZhNjU1YjA1ODk2ODgw
OWIzNDYwHhcNMjUwMTE1MTYxNTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjc3Nzc2Mjg4ZDE4YmIwZDk2Mjk1YzE1YzVhN2Q5MzA2YWRlMzk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvjQGYHtDlnEzO/EL+JLou72hqmCF
GPY/XlPKV7/5fOEyY2SCsPGdLkdclDivRVXUmvi+YKMQO1LKO21Y2X8GlSxzaAop
DfS+w5LZX1ToTQgjpLgaoWDsyAaRsbg/0ye8qDWSuqw1uOmrgGa4yXLwlTSd7I0I
EYo525adL1EKnFCHBc/g4g4hGKSwkvk28OHFg+j8mVLkAx7HEwc71p1lO49jnJoh
w3oEPko8gB7z73c9fUguVRkkAzJExxTd7PhhnL8Hl6msu2+wmqMN8kyyLVxLxLwX
EemjDzKyspsYBDnOq44mMe0g9NhKvVb06VBLw3pkJmgpF6BHCLNZEGN8AwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKZ3d2KI0Yuw2WKVwVxafZMGreOWMB8GA1UdIwQY
MBaAFBlCYyWsuM5gmmhvplWwWJaICbNGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQt
MDNmNGM3MTEzYzM0LzEvcG5kM1lvalJpN0RaWXBYQlhGcDlrd2F0NDVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQtMDNmNGM3MTEzYzM0
LzEvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBTS/SMA0G
CSqGSIb3DQEBCwUAA4IBAQDMR/0zYabhsegr8EhD8IjJqhR5vcRx6QJcGLYpVxkx
G4QAwW6dQydLSeI/34BafyHNpaWj1SEtD3X+jpfy5R7S49jbgec5hpwRbL+5jZiM
w9/ORiS3vFPRSLbM/00OxY/PKL4XXsKFC1mH53sIxm444ng4RFualVNoNGGJBCQY
WktfdR0Jb2esFNK/za/O4FJoMEKQkQp7rRWsJkU/bogWVDG9jGkimRVhX/cKRQBn
cD8KvTLCTmlFxtC1DctFi7wqyqVsVg5cwfc1yrQCazqHREbeNYiICLXaH/VM75wA
4mUBXatNr31Q9rUlWaHuFyQfc9AqV4li+ZOCpNdZbYg3
-----END CERTIFICATE-----