Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/c08e1e-f5bd-4a1a-8aba-ccf6454bb24c/1/4ZD2S_AJzN_VK_aOSxyCGJBeF2E.roa
File:                     4ZD2S_AJzN_VK_aOSxyCGJBeF2E.roa (raw, json)
Hash identifier:          4ncvA+i8V7w9arIq0SDF21VGk18LdSQsYmvhy+GpJ48=
Subject key identifier:   E1:90:F6:4B:F0:09:CC:DF:D5:2B:F6:8E:4B:1C:82:18:90:5E:17:61
Certificate issuer:       /CN=380b283a0513940d520a680b8b3d14dbc367770d
Certificate serial:       018FBE05CF3EFDFD9CB702BC3D4258BA2430
Authority key identifier: 38:0B:28:3A:05:13:94:0D:52:0A:68:0B:8B:3D:14:DB:C3:67:77:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OAsoOgUTlA1SCmgLiz0U28Nndw0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/c08e1e-f5bd-4a1a-8aba-ccf6454bb24c/1/4ZD2S_AJzN_VK_aOSxyCGJBeF2E.roa
Signing time:             Tue 28 May 2024 07:06:42 +0000
ROA not before:           Tue 28 May 2024 07:06:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210636
IP address blocks:        37.77.58.0/24 maxlen: 24
                          37.77.59.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/c08e1e-f5bd-4a1a-8aba-ccf6454bb24c/1/OAsoOgUTlA1SCmgLiz0U28Nndw0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/c08e1e-f5bd-4a1a-8aba-ccf6454bb24c/1/OAsoOgUTlA1SCmgLiz0U28Nndw0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OAsoOgUTlA1SCmgLiz0U28Nndw0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:be:05:cf:3e:fd:fd:9c:b7:02:bc:3d:42:58:ba:24:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=380b283a0513940d520a680b8b3d14dbc367770d
        Validity
            Not Before: May 28 07:06:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e190f64bf009ccdfd52bf68e4b1c8218905e1761
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:0d:e9:c6:d9:07:ba:cd:1b:50:f8:61:95:da:
                    14:94:f8:68:9c:16:7a:0c:63:01:9b:fd:3e:84:86:
                    79:9b:e6:53:73:fa:88:08:3d:8e:fc:db:2f:e3:e4:
                    e0:e5:e7:62:f8:20:35:41:71:a4:41:1e:12:7d:69:
                    44:aa:cc:99:ba:dc:d3:c0:9f:1c:e9:1a:e9:de:1a:
                    73:a1:c5:eb:63:24:b9:30:54:29:86:e0:df:39:61:
                    3f:18:6b:4a:f3:6c:9c:bc:d1:fa:94:27:e5:19:a7:
                    2e:af:a4:91:0e:29:09:ab:94:f6:f3:0c:88:bb:8f:
                    7f:f7:0e:c1:56:21:1f:bb:32:fc:0e:cb:d0:57:24:
                    33:87:70:1e:ac:d1:8b:9c:ec:58:df:f1:d0:a4:ee:
                    2c:d0:7c:a6:5e:45:85:72:e2:79:0d:b0:f2:72:e6:
                    70:24:10:2c:23:b9:29:b8:b3:2b:4d:03:c6:d8:9a:
                    18:e6:d9:b3:7b:7a:12:96:6c:48:1e:7f:4c:d2:d0:
                    34:29:7a:48:13:7d:1a:86:4b:33:80:33:ea:2d:0d:
                    50:48:2d:ab:06:09:73:50:a8:da:94:cf:37:8c:95:
                    1e:ae:4f:ca:ee:0e:20:bf:64:9f:a6:f7:8f:39:8a:
                    cb:d7:a3:d3:9f:fe:40:66:8d:20:26:3a:74:e5:33:
                    1d:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:90:F6:4B:F0:09:CC:DF:D5:2B:F6:8E:4B:1C:82:18:90:5E:17:61
            X509v3 Authority Key Identifier:
                keyid:38:0B:28:3A:05:13:94:0D:52:0A:68:0B:8B:3D:14:DB:C3:67:77:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OAsoOgUTlA1SCmgLiz0U28Nndw0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/c08e1e-f5bd-4a1a-8aba-ccf6454bb24c/1/4ZD2S_AJzN_VK_aOSxyCGJBeF2E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/c08e1e-f5bd-4a1a-8aba-ccf6454bb24c/1/OAsoOgUTlA1SCmgLiz0U28Nndw0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.77.58.0/23

    Signature Algorithm: sha256WithRSAEncryption
         26:a4:1b:cb:30:06:57:b4:54:ac:98:24:10:d1:55:a0:d6:31:
         c0:78:6e:d2:bc:b1:e1:b3:c9:b8:49:cb:2c:c8:6c:e2:1a:4e:
         35:b8:0a:88:c5:d3:92:cc:e7:28:f8:19:da:05:32:33:12:eb:
         ee:1e:cd:bb:d1:ae:7c:ae:f8:66:68:fc:f0:0f:6f:a8:8c:94:
         0a:3e:d6:0b:26:3b:60:67:47:ae:12:89:d4:15:91:16:5f:17:
         7a:35:67:4c:ce:4e:28:75:82:80:6e:35:5a:1e:57:1c:94:e6:
         47:45:8d:a5:f5:6c:fd:41:5b:3e:dd:f0:a1:f2:f2:07:34:f4:
         99:77:b1:bf:f6:5f:36:0e:42:4d:db:fd:1d:91:02:88:3e:7b:
         3d:07:80:0b:59:04:fe:46:6e:61:a7:09:bc:6f:6f:73:21:09:
         12:06:a6:ca:88:1e:28:3f:b4:e3:95:ea:d2:09:5e:ce:9a:68:
         41:7b:fb:1e:e6:75:4e:f8:60:58:b2:e8:2d:cb:a8:89:43:a5:
         67:8f:b5:de:68:a0:c2:b2:61:a4:f1:33:26:1a:7b:4f:58:60:
         7a:74:a1:50:66:c1:fa:98:4c:bb:6e:ab:d8:aa:a1:a6:14:8e:
         83:23:ca:3f:d6:15:a8:c5:16:ef:6d:fc:ed:d5:8d:12:e8:22:
         f1:70:48:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY++Bc8+/f2ctwK8PUJYuiQwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4MGIyODNhMDUxMzk0MGQ1MjBhNjgwYjhiM2QxNGRiYzM2
Nzc3MGQwHhcNMjQwNTI4MDcwNjQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTkwZjY0YmYwMDljY2RmZDUyYmY2OGU0YjFjODIxODkwNWUxNzYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAow3pxtkHus0bUPhhldoUlPhonBZ6
DGMBm/0+hIZ5m+ZTc/qICD2O/Nsv4+Tg5edi+CA1QXGkQR4SfWlEqsyZutzTwJ8c
6Rrp3hpzocXrYyS5MFQphuDfOWE/GGtK82ycvNH6lCflGacur6SRDikJq5T28wyI
u49/9w7BViEfuzL8DsvQVyQzh3AerNGLnOxY3/HQpO4s0HymXkWFcuJ5DbDycuZw
JBAsI7kpuLMrTQPG2JoY5tmze3oSlmxIHn9M0tA0KXpIE30ahkszgDPqLQ1QSC2r
BglzUKjalM83jJUerk/K7g4gv2SfpvePOYrL16PTn/5AZo0gJjp05TMdOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOGQ9kvwCczf1Sv2jkscghiQXhdhMB8GA1UdIwQY
MBaAFDgLKDoFE5QNUgpoC4s9FNvDZ3cNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0Fzb09nVVRsQTFTQ21nTGl6MFUyOE5uZHcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS9jMDhlMWUtZjViZC00YTFhLThhYmEt
Y2NmNjQ1NGJiMjRjLzEvNFpEMlNfQUp6Tl9WS19hT1N4eUNHSkJlRjJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS9jMDhlMWUtZjViZC00YTFhLThhYmEtY2NmNjQ1NGJiMjRj
LzEvT0Fzb09nVVRsQTFTQ21nTGl6MFUyOE5uZHcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBJU06MA0G
CSqGSIb3DQEBCwUAA4IBAQAmpBvLMAZXtFSsmCQQ0VWg1jHAeG7SvLHhs8m4Scss
yGziGk41uAqIxdOSzOco+BnaBTIzEuvuHs270a58rvhmaPzwD2+ojJQKPtYLJjtg
Z0euEonUFZEWXxd6NWdMzk4odYKAbjVaHlcclOZHRY2l9Wz9QVs+3fCh8vIHNPSZ
d7G/9l82DkJN2/0dkQKIPns9B4ALWQT+Rm5hpwm8b29zIQkSBqbKiB4oP7TjlerS
CV7OmmhBe/se5nVO+GBYsugty6iJQ6Vnj7XeaKDCsmGk8TMmGntPWGB6dKFQZsH6
mEy7bqvYqqGmFI6DI8o/1hWoxRbvbfzt1Y0S6CLxcEir
-----END CERTIFICATE-----