Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/f9a4be-d79c-4192-a6b3-3b988f188d91/1/4kZ2yhqjeubmr1siDFKzh68iAkM.roa
File:                     4kZ2yhqjeubmr1siDFKzh68iAkM.roa (raw, json)
Hash identifier:          I2JaSis7hzyv37Y9P9FKxfRT3qU8vfNzWobZcPYsnxM=
Subject key identifier:   E2:46:76:CA:1A:A3:7A:E6:E6:AF:5B:22:0C:52:B3:87:AF:22:02:43
Certificate issuer:       /CN=cad794ac601ce2505b65f975a7d516a2f00a5b31
Certificate serial:       01926D6E83120AB4590E402CC48F8AC26E2A
Authority key identifier: CA:D7:94:AC:60:1C:E2:50:5B:65:F9:75:A7:D5:16:A2:F0:0A:5B:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yteUrGAc4lBbZfl1p9UWovAKWzE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/f9a4be-d79c-4192-a6b3-3b988f188d91/1/4kZ2yhqjeubmr1siDFKzh68iAkM.roa
Signing time:             Tue 08 Oct 2024 18:40:11 +0000
ROA not before:           Tue 08 Oct 2024 18:40:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202725
IP address blocks:        77.90.99.0/24 maxlen: 24
                          185.168.12.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/f9a4be-d79c-4192-a6b3-3b988f188d91/1/yteUrGAc4lBbZfl1p9UWovAKWzE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/f9a4be-d79c-4192-a6b3-3b988f188d91/1/yteUrGAc4lBbZfl1p9UWovAKWzE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yteUrGAc4lBbZfl1p9UWovAKWzE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:6d:6e:83:12:0a:b4:59:0e:40:2c:c4:8f:8a:c2:6e:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cad794ac601ce2505b65f975a7d516a2f00a5b31
        Validity
            Not Before: Oct  8 18:40:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e24676ca1aa37ae6e6af5b220c52b387af220243
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:95:2b:34:9a:c1:9f:b0:c2:a1:b7:1a:9a:1d:
                    be:41:77:fd:e2:fe:fa:f4:3f:8f:50:f8:e8:59:82:
                    84:48:5c:66:21:5e:de:3c:f2:79:e9:ac:93:c7:7d:
                    a4:2b:d0:1e:64:c4:cb:50:c2:e4:7b:88:cd:aa:f2:
                    f7:c2:38:72:25:7c:a9:82:0e:4c:71:82:5b:bd:a9:
                    3c:97:45:94:e9:82:63:3e:71:d5:41:db:06:ae:cd:
                    78:fc:cc:61:fd:9d:72:8a:39:8d:c2:44:98:26:ae:
                    63:06:5e:c0:b0:17:33:57:10:06:71:c3:d2:4c:d5:
                    20:c6:e1:1e:c8:6a:94:1a:29:f8:56:45:98:cd:df:
                    b3:de:7c:0f:93:7b:41:79:31:60:1f:3b:e5:ee:93:
                    99:38:5a:c4:05:c6:3a:a7:ce:b6:73:26:d1:34:7f:
                    20:10:a9:4c:b6:1b:e2:75:4c:14:6a:43:73:f7:c0:
                    92:ff:42:07:4e:7f:ae:c9:e8:74:a9:06:d4:9d:65:
                    35:09:dc:5c:ff:95:db:94:19:f2:a5:bd:de:83:07:
                    59:01:9e:48:3d:4a:55:c1:a6:23:3d:bd:51:c0:f3:
                    09:3f:7e:bc:ea:6c:db:9f:b9:49:4e:3b:3f:38:46:
                    72:ee:f8:65:4a:ba:b0:4a:b2:31:4f:e3:ee:ab:0a:
                    bb:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:46:76:CA:1A:A3:7A:E6:E6:AF:5B:22:0C:52:B3:87:AF:22:02:43
            X509v3 Authority Key Identifier:
                keyid:CA:D7:94:AC:60:1C:E2:50:5B:65:F9:75:A7:D5:16:A2:F0:0A:5B:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yteUrGAc4lBbZfl1p9UWovAKWzE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/f9a4be-d79c-4192-a6b3-3b988f188d91/1/4kZ2yhqjeubmr1siDFKzh68iAkM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/f9a4be-d79c-4192-a6b3-3b988f188d91/1/yteUrGAc4lBbZfl1p9UWovAKWzE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.99.0/24
                  185.168.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         62:bc:be:d4:f3:b9:35:76:26:cd:dc:c7:63:ac:10:45:5f:58:
         db:ba:9c:ba:07:c1:7c:fc:42:2f:1c:9e:96:db:a0:57:92:d7:
         42:19:c9:cc:0f:5e:e8:63:72:4c:a1:f7:01:0b:cf:ca:24:08:
         65:0d:9b:3b:1a:cc:c2:21:4c:7a:bb:5f:ef:ae:77:d6:d1:64:
         25:14:b9:3c:d6:8c:5d:98:da:d7:2f:0e:1c:6e:31:e3:07:b6:
         ad:49:98:aa:d9:f1:24:a3:6e:1b:cf:1f:4d:71:3e:48:ec:89:
         20:5f:ef:5f:dc:55:ec:51:e0:2e:50:ca:3c:19:cd:3b:08:ea:
         22:5a:73:49:60:03:d1:ea:fd:52:4d:1a:e4:27:4a:78:ae:48:
         72:15:53:5a:27:96:4e:cb:f7:0b:b9:4b:58:2d:3a:cb:86:87:
         b8:8b:2a:4c:97:be:6e:eb:6c:d2:c2:78:50:5e:af:66:54:ba:
         30:2f:28:13:13:26:d8:0c:9e:28:14:ea:0b:d5:55:e6:62:f6:
         69:0a:16:af:6e:d9:d4:be:43:81:c6:83:37:db:c0:c9:14:8b:
         98:07:30:a8:b5:5e:7d:73:e7:c9:a4:55:11:d1:02:bb:04:2a:
         0c:c6:aa:d8:f8:e5:46:fc:37:d4:7c:00:47:5e:3f:f2:67:05:
         29:b8:60:e1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZJtboMSCrRZDkAsxI+Kwm4qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhZDc5NGFjNjAxY2UyNTA1YjY1Zjk3NWE3ZDUxNmEyZjAw
YTViMzEwHhcNMjQxMDA4MTg0MDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjQ2NzZjYTFhYTM3YWU2ZTZhZjViMjIwYzUyYjM4N2FmMjIwMjQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn5UrNJrBn7DCobcamh2+QXf94v76
9D+PUPjoWYKESFxmIV7ePPJ56ayTx32kK9AeZMTLUMLke4jNqvL3wjhyJXypgg5M
cYJbvak8l0WU6YJjPnHVQdsGrs14/Mxh/Z1yijmNwkSYJq5jBl7AsBczVxAGccPS
TNUgxuEeyGqUGin4VkWYzd+z3nwPk3tBeTFgHzvl7pOZOFrEBcY6p862cybRNH8g
EKlMthvidUwUakNz98CS/0IHTn+uyeh0qQbUnWU1Cdxc/5XblBnypb3egwdZAZ5I
PUpVwaYjPb1RwPMJP3686mzbn7lJTjs/OEZy7vhlSrqwSrIxT+Puqwq7UwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOJGdsoao3rm5q9bIgxSs4evIgJDMB8GA1UdIwQY
MBaAFMrXlKxgHOJQW2X5dafVFqLwClsxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveXRlVXJHQWM0bEJiWmZsMXA5VVdvdkFLV3pFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi9mOWE0YmUtZDc5Yy00MTkyLWE2YjMt
M2I5ODhmMTg4ZDkxLzEvNGtaMnlocWpldWJtcjFzaURGS3poNjhpQWtNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi9mOWE0YmUtZDc5Yy00MTkyLWE2YjMtM2I5ODhmMTg4ZDkx
LzEveXRlVXJHQWM0bEJiWmZsMXA5VVdvdkFLV3pFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATVpjAwQC
uagMMA0GCSqGSIb3DQEBCwUAA4IBAQBivL7U87k1dibN3MdjrBBFX1jbupy6B8F8
/EIvHJ6W26BXktdCGcnMD17oY3JMofcBC8/KJAhlDZs7GszCIUx6u1/vrnfW0WQl
FLk81oxdmNrXLw4cbjHjB7atSZiq2fEko24bzx9NcT5I7IkgX+9f3FXsUeAuUMo8
Gc07COoiWnNJYAPR6v1STRrkJ0p4rkhyFVNaJ5ZOy/cLuUtYLTrLhoe4iypMl75u
62zSwnhQXq9mVLowLygTEybYDJ4oFOoL1VXmYvZpChavbtnUvkOBxoM328DJFIuY
BzCotV59c+fJpFUR0QK7BCoMxqrY+OVG/DfUfABHXj/yZwUpuGDh
-----END CERTIFICATE-----