Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/tPif9RS4CwW1g7JLynd_uadTkSY.roa
File:                     tPif9RS4CwW1g7JLynd_uadTkSY.roa (raw, json)
Hash identifier:          hGXRnYrAhEeetiEArMxIbchiBmzeJxYjL+AaakcNBks=
Subject key identifier:   B4:F8:9F:F5:14:B8:0B:05:B5:83:B2:4B:CA:77:7F:B9:A7:53:91:26
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       0191B27428D39E86861F9963E12158B86068
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/tPif9RS4CwW1g7JLynd_uadTkSY.roa
Signing time:             Mon 02 Sep 2024 11:17:22 +0000
ROA not before:           Mon 02 Sep 2024 11:17:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     64429
IP address blocks:        77.72.86.0/24 maxlen: 24
                          78.24.200.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:b2:74:28:d3:9e:86:86:1f:99:63:e1:21:58:b8:60:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Sep  2 11:17:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b4f89ff514b80b05b583b24bca777fb9a7539126
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:69:bd:e8:19:96:1e:ac:9d:ff:29:69:74:32:
                    e6:a2:d1:e5:f2:56:91:b8:bd:dc:7c:82:de:78:ba:
                    53:d5:2e:66:4f:6c:9a:0f:e1:0b:56:ef:b1:ee:e2:
                    c3:62:c2:71:d5:eb:eb:34:07:17:13:05:6f:1e:af:
                    e9:41:71:92:30:d7:37:1b:b4:8f:23:5b:f8:ff:a1:
                    f5:e1:ab:58:44:81:b2:dc:92:b7:38:6b:1c:60:2a:
                    0b:1e:cf:f0:7b:2f:38:98:42:bb:cf:cf:3e:10:77:
                    2f:b9:04:06:f2:ec:ac:c3:89:78:4b:71:c6:f5:b6:
                    af:6b:00:21:44:c1:0a:a4:cd:83:16:30:cf:db:34:
                    8c:ad:6b:14:2c:97:63:62:2d:2b:aa:c9:a2:57:f4:
                    e9:bc:75:1c:95:3b:76:0c:ad:52:a3:21:89:07:1b:
                    4a:73:d6:06:e4:a0:e5:0a:a2:aa:54:42:94:85:77:
                    c9:e3:1c:fe:ff:cf:2c:a0:60:53:fc:c5:35:59:b9:
                    4d:8b:06:5a:0b:ef:60:63:6c:f6:a0:79:fa:93:0f:
                    0d:4a:af:25:db:76:3d:a0:a9:3f:dd:7a:52:b4:70:
                    0e:b0:57:43:af:8e:1d:23:4d:0d:49:28:c3:e7:a3:
                    3f:e9:ea:12:f9:d1:7e:9c:f9:9d:4e:16:15:26:f6:
                    a9:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:F8:9F:F5:14:B8:0B:05:B5:83:B2:4B:CA:77:7F:B9:A7:53:91:26
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/tPif9RS4CwW1g7JLynd_uadTkSY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.72.86.0/24
                  78.24.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:10:f4:8e:21:a8:3e:6c:0d:3c:71:b8:58:fd:83:45:28:5e:
         e2:fd:ed:d5:2e:3c:51:26:54:88:84:11:88:5c:d3:d4:f1:d8:
         1c:70:c7:8a:57:03:08:31:50:ea:b2:ed:8b:a6:e4:ba:00:ea:
         9e:97:53:74:ad:9e:bb:9e:5d:b6:5b:f8:c7:45:4b:56:9f:a8:
         24:32:dd:3e:54:3a:ac:87:34:52:05:8b:33:09:96:2d:bf:2a:
         40:a4:98:bd:7b:1c:9b:22:33:85:80:c2:1f:66:db:c5:9e:3d:
         48:8c:9a:68:6b:3b:37:e7:a4:89:a2:2c:1e:fc:4e:48:5e:9a:
         3b:03:6b:62:55:df:9b:66:6e:da:b3:40:01:fc:37:e1:42:34:
         0c:d6:ed:09:2a:fc:e5:eb:94:78:3d:83:ed:b1:0b:c8:99:7f:
         87:ab:e1:14:6f:b5:65:72:51:70:0e:3f:32:42:36:08:66:ae:
         b7:aa:f7:f5:29:f5:a5:8a:9b:0d:ac:18:bd:30:9b:08:88:84:
         5e:ec:51:3c:8b:d6:03:11:db:00:73:19:9c:81:fc:d3:99:6c:
         3c:8b:96:0d:ee:3c:39:f5:a4:ce:8f:b6:dd:58:dd:40:02:37:
         0f:b7:f6:ad:47:f2:18:d9:a1:e9:2c:ba:16:0d:a5:ae:90:ec:
         41:08:4c:7f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZGydCjTnoaGH5lj4SFYuGBoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjQwOTAyMTExNzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGY4OWZmNTE0YjgwYjA1YjU4M2IyNGJjYTc3N2ZiOWE3NTM5MTI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnWm96BmWHqyd/ylpdDLmotHl8laR
uL3cfILeeLpT1S5mT2yaD+ELVu+x7uLDYsJx1evrNAcXEwVvHq/pQXGSMNc3G7SP
I1v4/6H14atYRIGy3JK3OGscYCoLHs/wey84mEK7z88+EHcvuQQG8uysw4l4S3HG
9bavawAhRMEKpM2DFjDP2zSMrWsULJdjYi0rqsmiV/TpvHUclTt2DK1SoyGJBxtK
c9YG5KDlCqKqVEKUhXfJ4xz+/88soGBT/MU1WblNiwZaC+9gY2z2oHn6kw8NSq8l
23Y9oKk/3XpStHAOsFdDr44dI00NSSjD56M/6eoS+dF+nPmdThYVJvapFQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLT4n/UUuAsFtYOyS8p3f7mnU5EmMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvdFBpZjlSUzRDd1cxZzdKTHluZF91YWRUa1NZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATUhWAwQA
ThjIMA0GCSqGSIb3DQEBCwUAA4IBAQAqEPSOIag+bA08cbhY/YNFKF7i/e3VLjxR
JlSIhBGIXNPU8dgccMeKVwMIMVDqsu2LpuS6AOqel1N0rZ67nl22W/jHRUtWn6gk
Mt0+VDqshzRSBYszCZYtvypApJi9exybIjOFgMIfZtvFnj1IjJpoazs356SJoiwe
/E5IXpo7A2tiVd+bZm7as0AB/DfhQjQM1u0JKvzl65R4PYPtsQvImX+Hq+EUb7Vl
clFwDj8yQjYIZq63qvf1KfWlipsNrBi9MJsIiIRe7FE8i9YDEdsAcxmcgfzTmWw8
i5YN7jw59aTOj7bdWN1AAjcPt/atR/IY2aHpLLoWDaWukOxBCEx/
-----END CERTIFICATE-----