Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/0917a7-9ebd-45b9-9de2-27473ca612de/1/HSiwKyMoJ6I6zGaHKCL7FsIgGys.roa
File:                     HSiwKyMoJ6I6zGaHKCL7FsIgGys.roa (raw, json)
Hash identifier:          i6y69Y+T/O92kLnvSAm3+5UaYRDFfESGJJXvQ0n1I8E=
Subject key identifier:   1D:28:B0:2B:23:28:27:A2:3A:CC:66:87:28:22:FB:16:C2:20:1B:2B
Certificate issuer:       /CN=b914961f67f22c61e84a66c8ad9c1a8ce51d099b
Certificate serial:       0194282367C747EE46FD713E87A0FD35A1A3
Authority key identifier: B9:14:96:1F:67:F2:2C:61:E8:4A:66:C8:AD:9C:1A:8C:E5:1D:09:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uRSWH2fyLGHoSmbIrZwajOUdCZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/0917a7-9ebd-45b9-9de2-27473ca612de/1/HSiwKyMoJ6I6zGaHKCL7FsIgGys.roa
Signing time:             Thu 02 Jan 2025 17:49:56 +0000
ROA not before:           Thu 02 Jan 2025 17:49:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42325
IP address blocks:        77.72.104.0/21 maxlen: 24
                          77.72.106.0/24 maxlen: 24
                          77.72.107.0/24 maxlen: 24
                          77.72.108.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/0917a7-9ebd-45b9-9de2-27473ca612de/1/uRSWH2fyLGHoSmbIrZwajOUdCZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/0917a7-9ebd-45b9-9de2-27473ca612de/1/uRSWH2fyLGHoSmbIrZwajOUdCZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uRSWH2fyLGHoSmbIrZwajOUdCZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:67:c7:47:ee:46:fd:71:3e:87:a0:fd:35:a1:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b914961f67f22c61e84a66c8ad9c1a8ce51d099b
        Validity
            Not Before: Jan  2 17:49:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1d28b02b232827a23acc66872822fb16c2201b2b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:88:a6:8f:9f:45:9d:a3:b3:9b:9e:a3:5f:35:
                    2b:73:4a:c3:42:32:46:a0:13:98:05:68:dc:82:f1:
                    b5:16:c1:d1:cf:84:ef:da:27:31:8b:86:32:87:aa:
                    91:31:26:9f:41:db:67:df:01:24:db:12:17:84:85:
                    04:75:99:65:0d:83:af:32:c7:8f:12:e0:b0:98:6e:
                    5b:a4:1b:a8:93:06:43:92:01:69:20:2a:9b:46:31:
                    05:2b:72:45:46:12:af:2c:a5:bf:24:72:62:00:77:
                    af:a9:ab:75:25:c5:ba:6c:5d:65:93:e6:6f:3a:16:
                    6f:32:d7:e5:be:4c:57:2f:ac:a7:73:3b:c5:c3:b1:
                    60:b3:dd:7d:2a:2c:6a:0c:3d:e0:d6:f4:8e:f3:8c:
                    ff:a2:4e:32:df:8b:e4:3d:f7:6f:69:17:ad:be:bf:
                    36:75:88:1f:2c:d4:e6:7b:55:4c:88:4a:20:5f:7d:
                    00:ce:42:6c:b5:75:0f:5a:1f:a1:dd:e7:80:98:ce:
                    d6:17:2a:a5:0e:33:c9:29:f5:ae:2b:60:a6:25:e8:
                    b4:71:e4:23:97:d2:ae:71:7c:55:3c:c7:4a:93:80:
                    53:81:84:24:d1:72:ca:7c:97:e6:d2:a0:cb:07:01:
                    63:79:6d:5f:31:83:01:9b:08:00:a6:ce:c3:c1:c6:
                    20:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:28:B0:2B:23:28:27:A2:3A:CC:66:87:28:22:FB:16:C2:20:1B:2B
            X509v3 Authority Key Identifier:
                keyid:B9:14:96:1F:67:F2:2C:61:E8:4A:66:C8:AD:9C:1A:8C:E5:1D:09:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uRSWH2fyLGHoSmbIrZwajOUdCZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/0917a7-9ebd-45b9-9de2-27473ca612de/1/HSiwKyMoJ6I6zGaHKCL7FsIgGys.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/0917a7-9ebd-45b9-9de2-27473ca612de/1/uRSWH2fyLGHoSmbIrZwajOUdCZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.72.104.0/21

    Signature Algorithm: sha256WithRSAEncryption
         38:66:72:9f:e1:1d:36:65:8e:6d:25:de:4c:92:4c:78:3f:3d:
         a6:e3:a8:41:50:32:ca:ec:09:90:32:1c:f7:ea:b7:aa:3e:f2:
         97:ed:db:d8:2d:be:07:ef:d0:0b:4e:54:cb:16:e0:ad:c5:2b:
         99:50:bc:cf:76:46:e5:26:6a:99:27:ac:4e:b2:6b:8f:9b:ad:
         c5:fe:fc:62:f6:de:a8:85:ce:77:6d:7c:15:ca:88:d6:c4:06:
         e3:cc:99:94:13:d1:dd:59:6b:c7:45:c6:3f:8a:15:c1:2b:21:
         24:da:b2:b9:48:76:76:ce:36:0c:89:7f:e9:4a:59:4b:1d:30:
         59:95:8d:11:f0:80:9b:48:f1:e4:de:92:cc:b6:80:e0:57:fd:
         07:a9:ca:da:08:26:7d:60:2d:67:65:1e:c0:a3:df:6e:f8:75:
         3e:65:9e:85:a0:3a:35:1b:33:e9:30:7d:40:cb:2c:d2:ef:29:
         26:af:d9:8a:92:72:06:4e:9e:9b:3c:3f:b1:28:77:69:a1:e3:
         e6:b9:96:ee:67:75:d6:89:97:ce:e4:97:87:56:14:75:e3:75:
         53:5a:3b:69:2f:33:09:71:16:fa:a3:3b:f4:77:3b:11:04:cf:
         4c:da:68:da:2e:5c:d5:97:b7:3c:21:94:9f:e5:5e:85:5b:8c:
         c9:a0:29:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoI2fHR+5G/XE+h6D9NaGjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5MTQ5NjFmNjdmMjJjNjFlODRhNjZjOGFkOWMxYThjZTUx
ZDA5OWIwHhcNMjUwMTAyMTc0OTU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDI4YjAyYjIzMjgyN2EyM2FjYzY2ODcyODIyZmIxNmMyMjAxYjJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlYimj59FnaOzm56jXzUrc0rDQjJG
oBOYBWjcgvG1FsHRz4Tv2icxi4Yyh6qRMSafQdtn3wEk2xIXhIUEdZllDYOvMseP
EuCwmG5bpBuokwZDkgFpICqbRjEFK3JFRhKvLKW/JHJiAHevqat1JcW6bF1lk+Zv
OhZvMtflvkxXL6ynczvFw7Fgs919KixqDD3g1vSO84z/ok4y34vkPfdvaRetvr82
dYgfLNTme1VMiEogX30AzkJstXUPWh+h3eeAmM7WFyqlDjPJKfWuK2CmJei0ceQj
l9KucXxVPMdKk4BTgYQk0XLKfJfm0qDLBwFjeW1fMYMBmwgAps7DwcYgYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB0osCsjKCeiOsxmhygi+xbCIBsrMB8GA1UdIwQY
MBaAFLkUlh9n8ixh6EpmyK2cGozlHQmbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVJTV0gyZnlMR0hvU21iSXJad2FqT1VkQ1pzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8wOTE3YTctOWViZC00NWI5LTlkZTIt
Mjc0NzNjYTYxMmRlLzEvSFNpd0t5TW9KNkk2ekdhSEtDTDdGc0lnR3lzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8wOTE3YTctOWViZC00NWI5LTlkZTItMjc0NzNjYTYxMmRl
LzEvdVJTV0gyZnlMR0hvU21iSXJad2FqT1VkQ1pzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDTUhoMA0G
CSqGSIb3DQEBCwUAA4IBAQA4ZnKf4R02ZY5tJd5Mkkx4Pz2m46hBUDLK7AmQMhz3
6reqPvKX7dvYLb4H79ALTlTLFuCtxSuZULzPdkblJmqZJ6xOsmuPm63F/vxi9t6o
hc53bXwVyojWxAbjzJmUE9HdWWvHRcY/ihXBKyEk2rK5SHZ2zjYMiX/pSllLHTBZ
lY0R8ICbSPHk3pLMtoDgV/0HqcraCCZ9YC1nZR7Ao99u+HU+ZZ6FoDo1GzPpMH1A
yyzS7ykmr9mKknIGTp6bPD+xKHdpoePmuZbuZ3XWiZfO5JeHVhR143VTWjtpLzMJ
cRb6ozv0dzsRBM9M2mjaLlzVl7c8IZSf5V6FW4zJoCnH
-----END CERTIFICATE-----