Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/GjRu-bQjDJsXQ87zzOMT3jTrWJY.roa
File:                     GjRu-bQjDJsXQ87zzOMT3jTrWJY.roa (raw, json)
Hash identifier:          gqLl9ZYrIZ4MmPrCd8IW91LbfdVIKpMoFCKgF79JISc=
Subject key identifier:   1A:34:6E:F9:B4:23:0C:9B:17:43:CE:F3:CC:E3:13:DE:34:EB:58:96
Certificate issuer:       /CN=d703642076d27e252fa90bf1a4296f8bcd9d0cf1
Certificate serial:       018CC94D9AABA09548688CBBB56645C69A15
Authority key identifier: D7:03:64:20:76:D2:7E:25:2F:A9:0B:F1:A4:29:6F:8B:CD:9D:0C:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1wNkIHbSfiUvqQvxpClvi82dDPE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/GjRu-bQjDJsXQ87zzOMT3jTrWJY.roa
Signing time:             Tue 02 Jan 2024 08:32:35 +0000
ROA not before:           Tue 02 Jan 2024 08:32:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200964
IP address blocks:        77.221.36.0/24 maxlen: 24
                          77.221.37.0/24 maxlen: 24
                          77.221.38.0/24 maxlen: 24
                          77.221.42.0/24 maxlen: 24
                          77.221.39.0/24 maxlen: 24
                          77.221.40.0/24 maxlen: 24
                          77.221.41.0/24 maxlen: 24
                          77.221.50.0/24 maxlen: 24
                          2a10:4941:10::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/1wNkIHbSfiUvqQvxpClvi82dDPE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/1wNkIHbSfiUvqQvxpClvi82dDPE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1wNkIHbSfiUvqQvxpClvi82dDPE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:9a:ab:a0:95:48:68:8c:bb:b5:66:45:c6:9a:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d703642076d27e252fa90bf1a4296f8bcd9d0cf1
        Validity
            Not Before: Jan  2 08:32:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1a346ef9b4230c9b1743cef3cce313de34eb5896
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:29:23:c9:a0:a3:1f:52:3b:49:bf:d7:f9:a7:
                    0d:8c:db:59:72:31:dd:6a:65:3c:97:20:27:1c:c4:
                    ea:94:8f:74:aa:dc:32:6f:43:f6:14:8f:61:60:de:
                    f4:bb:74:e2:00:8c:c9:79:c8:8e:18:c8:17:37:c4:
                    e9:6a:4b:98:df:62:1b:35:31:c0:11:70:53:64:4b:
                    b0:c3:2a:22:c8:e9:db:57:69:ae:e8:67:e0:dc:f7:
                    ea:b8:0d:3e:6a:53:69:f5:62:a8:21:20:07:50:82:
                    8d:24:59:17:5a:60:65:61:99:2f:b5:d2:0f:04:cd:
                    59:f2:fe:2c:34:f4:9c:a2:2d:f7:1c:32:17:e9:fd:
                    40:70:1b:d8:43:d6:7a:9c:4e:a4:74:08:ba:84:af:
                    0c:f8:19:17:5f:b4:61:10:aa:e6:11:9e:aa:e4:06:
                    3b:e4:22:5d:b5:e4:b2:87:03:6d:3a:44:b7:17:71:
                    0b:a6:17:2b:19:fa:94:67:56:35:de:3b:0a:11:ab:
                    3d:aa:4d:b9:c5:6a:bf:12:2f:9b:c7:8b:77:f3:4c:
                    24:7b:b9:94:df:48:e2:67:5b:ad:fa:dc:ae:c2:a2:
                    22:da:7e:89:4c:67:9f:72:0c:76:d2:a3:ef:d2:34:
                    41:0c:fa:69:86:60:80:d7:46:aa:24:9c:00:f5:d5:
                    7d:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:34:6E:F9:B4:23:0C:9B:17:43:CE:F3:CC:E3:13:DE:34:EB:58:96
            X509v3 Authority Key Identifier:
                keyid:D7:03:64:20:76:D2:7E:25:2F:A9:0B:F1:A4:29:6F:8B:CD:9D:0C:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1wNkIHbSfiUvqQvxpClvi82dDPE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/GjRu-bQjDJsXQ87zzOMT3jTrWJY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/1wNkIHbSfiUvqQvxpClvi82dDPE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.221.36.0-77.221.42.255
                  77.221.50.0/24
                IPv6:
                  2a10:4941:10::/44

    Signature Algorithm: sha256WithRSAEncryption
         0c:b7:13:de:b5:bb:35:52:06:5c:5d:15:04:ed:41:8b:c8:31:
         5a:61:c2:b6:02:2c:09:e5:bc:0a:1c:47:5c:61:5e:3c:e9:ac:
         d8:33:46:f3:17:a7:9b:d8:b3:07:e9:32:d5:55:80:88:0f:8c:
         24:17:55:4e:ca:55:f4:fa:2b:29:3e:65:b2:a7:bf:5b:8c:cd:
         9c:4c:ea:79:47:96:3c:5c:95:db:f3:12:41:73:45:7f:a4:fd:
         6f:24:78:11:fe:50:f0:73:ba:73:49:08:21:d7:78:fc:29:8c:
         95:05:1d:25:52:ab:4a:a1:8f:86:b1:fd:47:b3:e4:b5:f4:cb:
         5f:fe:19:3f:d8:4c:5e:8c:55:f1:06:ce:8a:cc:3d:86:f6:62:
         88:d0:06:35:e5:b4:4f:36:37:1c:cf:61:bf:90:bc:22:1a:3d:
         ee:d7:63:dc:73:32:33:a6:c1:d5:e7:17:cb:61:6b:62:ac:85:
         18:f5:a6:1c:d6:50:2d:4a:87:04:d0:0d:40:4a:70:47:d6:17:
         e5:54:9c:74:d1:88:4d:16:0d:21:04:f6:86:e7:08:79:44:51:
         6d:fa:8b:4c:24:b7:4b:e5:e9:eb:07:67:3e:35:2b:85:ae:64:
         00:b0:9c:df:bc:36:14:c7:7f:6e:06:2b:87:01:ff:e7:59:93:
         44:07:9b:1c
-----BEGIN CERTIFICATE-----
MIIFHDCCBASgAwIBAgISAYzJTZqroJVIaIy7tWZFxpoVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3MDM2NDIwNzZkMjdlMjUyZmE5MGJmMWE0Mjk2ZjhiY2Q5
ZDBjZjEwHhcNMjQwMTAyMDgzMjM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTM0NmVmOWI0MjMwYzliMTc0M2NlZjNjY2UzMTNkZTM0ZWI1ODk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0SkjyaCjH1I7Sb/X+acNjNtZcjHd
amU8lyAnHMTqlI90qtwyb0P2FI9hYN70u3TiAIzJeciOGMgXN8TpakuY32IbNTHA
EXBTZEuwwyoiyOnbV2mu6Gfg3PfquA0+alNp9WKoISAHUIKNJFkXWmBlYZkvtdIP
BM1Z8v4sNPScoi33HDIX6f1AcBvYQ9Z6nE6kdAi6hK8M+BkXX7RhEKrmEZ6q5AY7
5CJdteSyhwNtOkS3F3ELphcrGfqUZ1Y13jsKEas9qk25xWq/Ei+bx4t380wke7mU
30jiZ1ut+tyuwqIi2n6JTGefcgx20qPv0jRBDPpphmCA10aqJJwA9dV9EQIDAQAB
o4ICKDCCAiQwHQYDVR0OBBYEFBo0bvm0IwybF0PO88zjE94061iWMB8GA1UdIwQY
MBaAFNcDZCB20n4lL6kL8aQpb4vNnQzxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXdOa0lIYlNmaVV2cVF2eHBDbHZpODJkRFBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8zODEzNmMtZGI1MS00ZjcwLWFkOGIt
NjU0NTA1YTJkMDQ1LzEvR2pSdS1iUWpESnNYUTg3enpPTVQzalRyV0pZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8zODEzNmMtZGI1MS00ZjcwLWFkOGItNjU0NTA1YTJkMDQ1
LzEvMXdOa0lIYlNmaVV2cVF2eHBDbHZpODJkRFBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD4GCCsGAQUFBwEHAQH/BC8wLTAaBAIAATAUMAwDBAJN3SQD
BABN3SoDBABN3TIwDwQCAAIwCQMHBCoQSUEAEDANBgkqhkiG9w0BAQsFAAOCAQEA
DLcT3rW7NVIGXF0VBO1Bi8gxWmHCtgIsCeW8ChxHXGFePOms2DNG8xenm9izB+ky
1VWAiA+MJBdVTspV9PorKT5lsqe/W4zNnEzqeUeWPFyV2/MSQXNFf6T9byR4Ef5Q
8HO6c0kIIdd4/CmMlQUdJVKrSqGPhrH9R7PktfTLX/4ZP9hMXoxV8QbOisw9hvZi
iNAGNeW0TzY3HM9hv5C8Iho97tdj3HMyM6bB1ecXy2FrYqyFGPWmHNZQLUqHBNAN
QEpwR9YX5VScdNGITRYNIQT2hucIeURRbfqLTCS3S+Xp6wdnPjUrha5kALCc37w2
FMd/bgYrhwH/51mTRAebHA==
-----END CERTIFICATE-----
Generated at Sat Nov 23 02:05:59 2024 by rpki-client on console-ams.rpki-client.org