Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/0f6470-e7f4-4151-8ad9-d3b27a0225b0/1/GjRTUlniyanmn4Afv90LXdtB2CM.roa
File:                     GjRTUlniyanmn4Afv90LXdtB2CM.roa (raw, json)
Hash identifier:          H05QDr/ZorYcXmze9XYmHh1Yk5vgO9UM/lypXH5003s=
Subject key identifier:   1A:34:53:52:59:E2:C9:A9:E6:9F:80:1F:BF:DD:0B:5D:DB:41:D8:23
Certificate issuer:       /CN=d73e83146a43869f657451e76d0a305f15a7aee9
Certificate serial:       019425FD467B38820E8E3D2331B043B63B04
Authority key identifier: D7:3E:83:14:6A:43:86:9F:65:74:51:E7:6D:0A:30:5F:15:A7:AE:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1z6DFGpDhp9ldFHnbQowXxWnruk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/0f6470-e7f4-4151-8ad9-d3b27a0225b0/1/GjRTUlniyanmn4Afv90LXdtB2CM.roa
Signing time:             Thu 02 Jan 2025 07:49:03 +0000
ROA not before:           Thu 02 Jan 2025 07:49:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43905
IP address blocks:        80.77.184.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/0f6470-e7f4-4151-8ad9-d3b27a0225b0/1/1z6DFGpDhp9ldFHnbQowXxWnruk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/0f6470-e7f4-4151-8ad9-d3b27a0225b0/1/1z6DFGpDhp9ldFHnbQowXxWnruk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1z6DFGpDhp9ldFHnbQowXxWnruk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:46:7b:38:82:0e:8e:3d:23:31:b0:43:b6:3b:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d73e83146a43869f657451e76d0a305f15a7aee9
        Validity
            Not Before: Jan  2 07:49:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1a34535259e2c9a9e69f801fbfdd0b5ddb41d823
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:d3:39:90:cf:41:46:e9:80:cb:01:2e:d0:20:
                    04:20:9e:99:62:1d:58:80:61:a2:46:71:20:62:8f:
                    2d:df:ab:56:5f:1d:24:b3:a1:f6:60:9b:83:f7:36:
                    41:07:df:71:28:88:b2:5d:18:03:ce:8b:56:a4:70:
                    90:29:75:0f:f6:a9:c6:fb:d2:94:8f:3d:54:3e:44:
                    e4:d8:25:44:ef:9f:55:ca:50:4e:dc:70:27:ad:9f:
                    37:8f:04:d4:32:68:96:ec:34:a5:6e:fd:54:69:d2:
                    89:2f:e0:a5:c6:05:ed:1d:14:4c:67:6c:75:0c:94:
                    14:ec:37:9c:15:e0:b8:e4:7b:2f:9d:0c:ae:7c:f7:
                    ff:e7:8e:63:5c:19:c2:46:89:1f:bd:d6:7a:00:ee:
                    c3:5b:7b:d4:e7:c9:29:54:06:cd:8f:07:de:99:d1:
                    0f:f2:b4:52:1c:9c:b4:2b:0a:0f:38:dc:98:39:30:
                    30:32:48:31:5e:f6:8c:d6:6a:f5:a1:da:b7:0a:dc:
                    e3:df:78:7e:f8:0d:84:5a:95:ee:1f:6e:2e:5b:9d:
                    22:b7:b4:ba:a3:dd:a3:89:17:a2:8c:84:ce:55:db:
                    6b:f5:5f:e6:0c:c3:89:61:71:f5:92:16:6c:4b:3e:
                    ef:ee:22:c6:3c:03:b7:cb:08:36:40:6b:f0:6c:ed:
                    f3:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:34:53:52:59:E2:C9:A9:E6:9F:80:1F:BF:DD:0B:5D:DB:41:D8:23
            X509v3 Authority Key Identifier:
                keyid:D7:3E:83:14:6A:43:86:9F:65:74:51:E7:6D:0A:30:5F:15:A7:AE:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1z6DFGpDhp9ldFHnbQowXxWnruk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/0f6470-e7f4-4151-8ad9-d3b27a0225b0/1/GjRTUlniyanmn4Afv90LXdtB2CM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/0f6470-e7f4-4151-8ad9-d3b27a0225b0/1/1z6DFGpDhp9ldFHnbQowXxWnruk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.77.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:4e:bb:98:71:67:05:a0:21:2b:ac:e8:18:12:12:6f:83:f0:
         cc:e2:85:6d:29:7a:65:90:70:fa:a7:13:14:e0:7d:d1:c0:4a:
         7c:0b:9f:96:8d:e4:3c:33:3c:5b:5e:44:fe:5a:08:08:7c:ed:
         c7:92:17:73:e0:2b:ac:55:4d:8d:9d:e2:fe:75:e2:9d:14:62:
         0d:d4:56:62:08:a7:63:88:ce:c3:df:84:08:4d:4c:40:c3:09:
         4b:9c:de:c9:f3:69:bb:29:54:89:6b:73:24:76:22:6f:90:a2:
         05:d6:c0:9d:b4:f4:0b:0b:fb:53:13:14:35:70:86:a3:38:df:
         ea:39:d2:7b:ae:d5:ca:d9:75:33:ea:3b:95:d1:60:14:e9:74:
         c3:26:b8:36:db:89:ef:ee:60:13:74:82:f9:69:3c:57:39:af:
         30:78:e3:8f:42:dc:34:04:99:33:5b:67:a4:bd:d8:ea:1c:dc:
         13:c7:e5:81:fa:61:1a:41:b8:9c:7f:96:cf:2c:50:da:80:02:
         6a:61:49:11:08:ca:49:80:0d:22:2e:25:f1:e9:93:f8:77:4b:
         a9:78:2f:95:20:77:5f:cf:03:54:18:01:dc:1d:97:fe:24:fa:
         ab:28:2c:42:f0:07:bc:ab:a2:12:06:db:3c:2d:f9:83:83:5e:
         df:47:c8:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/UZ7OIIOjj0jMbBDtjsEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3M2U4MzE0NmE0Mzg2OWY2NTc0NTFlNzZkMGEzMDVmMTVh
N2FlZTkwHhcNMjUwMTAyMDc0OTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTM0NTM1MjU5ZTJjOWE5ZTY5ZjgwMWZiZmRkMGI1ZGRiNDFkODIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmNM5kM9BRumAywEu0CAEIJ6ZYh1Y
gGGiRnEgYo8t36tWXx0ks6H2YJuD9zZBB99xKIiyXRgDzotWpHCQKXUP9qnG+9KU
jz1UPkTk2CVE759VylBO3HAnrZ83jwTUMmiW7DSlbv1UadKJL+ClxgXtHRRMZ2x1
DJQU7DecFeC45HsvnQyufPf/545jXBnCRokfvdZ6AO7DW3vU58kpVAbNjwfemdEP
8rRSHJy0KwoPONyYOTAwMkgxXvaM1mr1odq3Ctzj33h++A2EWpXuH24uW50it7S6
o92jiReijITOVdtr9V/mDMOJYXH1khZsSz7v7iLGPAO3ywg2QGvwbO3zcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBo0U1JZ4smp5p+AH7/dC13bQdgjMB8GA1UdIwQY
MBaAFNc+gxRqQ4afZXRR520KMF8Vp67pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXo2REZHcERocDlsZEZIbmJRb3dYeFducnVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS8wZjY0NzAtZTdmNC00MTUxLThhZDkt
ZDNiMjdhMDIyNWIwLzEvR2pSVFVsbml5YW5tbjRBZnY5MExYZHRCMkNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS8wZjY0NzAtZTdmNC00MTUxLThhZDktZDNiMjdhMDIyNWIw
LzEvMXo2REZHcERocDlsZEZIbmJRb3dYeFducnVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUE24MA0G
CSqGSIb3DQEBCwUAA4IBAQAuTruYcWcFoCErrOgYEhJvg/DM4oVtKXplkHD6pxMU
4H3RwEp8C5+WjeQ8MzxbXkT+WggIfO3Hkhdz4CusVU2NneL+deKdFGIN1FZiCKdj
iM7D34QITUxAwwlLnN7J82m7KVSJa3MkdiJvkKIF1sCdtPQLC/tTExQ1cIajON/q
OdJ7rtXK2XUz6juV0WAU6XTDJrg224nv7mATdIL5aTxXOa8weOOPQtw0BJkzW2ek
vdjqHNwTx+WB+mEaQbicf5bPLFDagAJqYUkRCMpJgA0iLiXx6ZP4d0upeC+VIHdf
zwNUGAHcHZf+JPqrKCxC8Ae8q6ISBts8LfmDg17fR8jS
-----END CERTIFICATE-----