Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/e6f5d7-1be1-4851-b994-1a143e971cee/1/Ndu8ER6kYPJU5KpyeeZrw9JaQdo.roa
File:                     Ndu8ER6kYPJU5KpyeeZrw9JaQdo.roa (raw, json)
Hash identifier:          xcgBL36CoZfay7uGkptCFVgP6/NpUU31qgNP5IYSAWM=
Subject key identifier:   35:DB:BC:11:1E:A4:60:F2:54:E4:AA:72:79:E6:6B:C3:D2:5A:41:DA
Certificate issuer:       /CN=1a5073145b926e9a6905eba918e21eb4cf1cae10
Certificate serial:       018CC79560B79DFC1DA4767BEA41B0F7AFFD
Authority key identifier: 1A:50:73:14:5B:92:6E:9A:69:05:EB:A9:18:E2:1E:B4:CF:1C:AE:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GlBzFFuSbpppBeupGOIetM8crhA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/e6f5d7-1be1-4851-b994-1a143e971cee/1/Ndu8ER6kYPJU5KpyeeZrw9JaQdo.roa
Signing time:             Tue 02 Jan 2024 00:31:44 +0000
ROA not before:           Tue 02 Jan 2024 00:31:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43061
IP address blocks:        77.94.128.0/19 maxlen: 19
                          2a02:d90::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/e6f5d7-1be1-4851-b994-1a143e971cee/1/GlBzFFuSbpppBeupGOIetM8crhA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/e6f5d7-1be1-4851-b994-1a143e971cee/1/GlBzFFuSbpppBeupGOIetM8crhA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GlBzFFuSbpppBeupGOIetM8crhA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 00:01:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:60:b7:9d:fc:1d:a4:76:7b:ea:41:b0:f7:af:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a5073145b926e9a6905eba918e21eb4cf1cae10
        Validity
            Not Before: Jan  2 00:31:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=35dbbc111ea460f254e4aa7279e66bc3d25a41da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:50:ca:3a:e2:ac:13:67:77:3f:13:c1:84:3c:
                    d5:20:cf:69:6f:8c:83:fb:9b:cc:3f:6b:f6:21:f3:
                    89:93:3a:e3:ad:1c:f1:75:ff:ed:c4:1f:6a:4f:10:
                    c8:bc:c1:49:2b:60:b4:78:58:9e:cc:85:a0:79:a2:
                    0a:52:c7:4a:a3:c4:74:2c:60:22:64:6f:37:5b:0e:
                    ba:b6:01:90:26:f4:a9:f3:01:1e:0a:f5:2f:97:92:
                    00:26:71:4d:10:f4:f1:c2:bd:7f:fa:0d:f2:3e:b5:
                    9e:9b:d1:04:0f:75:3c:12:9a:41:33:7d:d6:92:eb:
                    9f:84:f7:43:b6:a3:b0:4e:8d:7c:8a:55:f3:ec:d5:
                    dc:44:ab:b1:eb:e6:55:f5:86:aa:44:2b:49:76:00:
                    7d:60:65:33:38:3d:0e:03:77:f2:56:d9:15:03:11:
                    4e:8a:0f:b1:91:2e:b4:72:8b:dc:c1:00:6d:f7:0c:
                    5e:73:a1:57:cf:b8:58:6c:38:a7:94:9e:eb:af:ec:
                    81:c3:a2:06:d4:47:d3:25:0f:3d:54:dd:47:fa:72:
                    ef:16:88:66:46:75:9a:27:a5:a3:c1:59:a8:a7:1e:
                    1c:fb:3d:b8:ec:f4:9d:3c:10:ec:9b:9d:17:25:a7:
                    6f:3f:b8:4f:3e:c1:7f:e6:d1:0a:3e:30:c4:6b:e3:
                    22:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:DB:BC:11:1E:A4:60:F2:54:E4:AA:72:79:E6:6B:C3:D2:5A:41:DA
            X509v3 Authority Key Identifier:
                keyid:1A:50:73:14:5B:92:6E:9A:69:05:EB:A9:18:E2:1E:B4:CF:1C:AE:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GlBzFFuSbpppBeupGOIetM8crhA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/e6f5d7-1be1-4851-b994-1a143e971cee/1/Ndu8ER6kYPJU5KpyeeZrw9JaQdo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/e6f5d7-1be1-4851-b994-1a143e971cee/1/GlBzFFuSbpppBeupGOIetM8crhA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.94.128.0/19
                IPv6:
                  2a02:d90::/32

    Signature Algorithm: sha256WithRSAEncryption
         08:30:4b:4d:46:71:a9:3e:77:b5:52:f0:72:fa:d0:0e:53:a7:
         ff:f1:8c:cb:13:ad:3e:81:b6:38:b4:fe:de:0e:24:c7:cc:eb:
         97:92:91:34:0a:0a:47:7e:c2:3c:20:4f:ac:b5:c7:e7:ad:da:
         8c:d3:54:6a:5b:3f:b2:06:83:f1:03:9d:9f:74:73:53:71:70:
         89:a1:6e:b0:1a:b7:e7:56:bc:be:5a:42:bc:13:79:29:7a:af:
         5c:98:b8:24:d3:f5:56:8b:d4:dc:0f:e1:7e:b9:c6:5d:b8:7d:
         c9:f5:16:6a:03:ff:c3:75:67:7f:34:c1:36:e4:86:1b:78:3f:
         e6:d2:a9:55:70:43:3e:7a:ee:c3:d9:17:12:3f:eb:fa:0a:9f:
         83:0f:ac:37:87:e4:91:91:cf:29:22:e9:0a:89:d0:e4:a3:bc:
         25:bf:5a:36:f9:18:7e:ea:16:34:7a:77:4f:f3:7d:80:38:2f:
         7e:e8:c3:91:35:31:2b:80:1d:f2:bf:f1:8f:a4:89:66:91:84:
         f5:44:d2:13:9b:ed:08:90:20:78:48:ae:69:24:60:37:d0:6b:
         19:4e:1e:16:4d:75:9a:5e:7a:fb:39:a4:5b:da:e9:bd:11:a9:
         27:f6:bf:b4:df:a7:7b:95:e1:aa:75:0b:ac:77:46:20:8e:32:
         bd:f9:c3:3f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHlWC3nfwdpHZ76kGw96/9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhNTA3MzE0NWI5MjZlOWE2OTA1ZWJhOTE4ZTIxZWI0Y2Yx
Y2FlMTAwHhcNMjQwMTAyMDAzMTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWRiYmMxMTFlYTQ2MGYyNTRlNGFhNzI3OWU2NmJjM2QyNWE0MWRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyFDKOuKsE2d3PxPBhDzVIM9pb4yD
+5vMP2v2IfOJkzrjrRzxdf/txB9qTxDIvMFJK2C0eFiezIWgeaIKUsdKo8R0LGAi
ZG83Ww66tgGQJvSp8wEeCvUvl5IAJnFNEPTxwr1/+g3yPrWem9EED3U8EppBM33W
kuufhPdDtqOwTo18ilXz7NXcRKux6+ZV9YaqRCtJdgB9YGUzOD0OA3fyVtkVAxFO
ig+xkS60covcwQBt9wxec6FXz7hYbDinlJ7rr+yBw6IG1EfTJQ89VN1H+nLvFohm
RnWaJ6WjwVmopx4c+z247PSdPBDsm50XJadvP7hPPsF/5tEKPjDEa+Mi8QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDXbvBEepGDyVOSqcnnma8PSWkHaMB8GA1UdIwQY
MBaAFBpQcxRbkm6aaQXrqRjiHrTPHK4QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2xCekZGdVNicHBwQmV1cEdPSWV0TThjcmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC9lNmY1ZDctMWJlMS00ODUxLWI5OTQt
MWExNDNlOTcxY2VlLzEvTmR1OEVSNmtZUEpVNUtweWVlWnJ3OUphUWRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC9lNmY1ZDctMWJlMS00ODUxLWI5OTQtMWExNDNlOTcxY2Vl
LzEvR2xCekZGdVNicHBwQmV1cEdPSWV0TThjcmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQFTV6AMA0E
AgACMAcDBQAqAg2QMA0GCSqGSIb3DQEBCwUAA4IBAQAIMEtNRnGpPne1UvBy+tAO
U6f/8YzLE60+gbY4tP7eDiTHzOuXkpE0CgpHfsI8IE+stcfnrdqM01RqWz+yBoPx
A52fdHNTcXCJoW6wGrfnVry+WkK8E3kpeq9cmLgk0/VWi9TcD+F+ucZduH3J9RZq
A//DdWd/NME25IYbeD/m0qlVcEM+eu7D2RcSP+v6Cp+DD6w3h+SRkc8pIukKidDk
o7wlv1o2+Rh+6hY0endP832AOC9+6MORNTErgB3yv/GPpIlmkYT1RNITm+0IkCB4
SK5pJGA30GsZTh4WTXWaXnr7OaRb2um9Eakn9r+036d7leGqdQusd0YgjjK9+cM/
-----END CERTIFICATE-----