Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/e1544b-1b2c-4ebd-8658-77839eb5f820/1/WeB7Jjn-sjkxPY6F-L8u6JJCfjg.roa
File:                     WeB7Jjn-sjkxPY6F-L8u6JJCfjg.roa (raw, json)
Hash identifier:          rAerH5OU9bxL2R0kudVcJhJUJN4Lz28Ty4fCMCc4EJU=
Subject key identifier:   59:E0:7B:26:39:FE:B2:39:31:3D:8E:85:F8:BF:2E:E8:92:42:7E:38
Certificate issuer:       /CN=32bdecf2b1a410f6523c20e630826709cb6dac19
Certificate serial:       018CC5DBF9836A1584B144636DEA22E8ABCD
Authority key identifier: 32:BD:EC:F2:B1:A4:10:F6:52:3C:20:E6:30:82:67:09:CB:6D:AC:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Mr3s8rGkEPZSPCDmMIJnCcttrBk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/e1544b-1b2c-4ebd-8658-77839eb5f820/1/WeB7Jjn-sjkxPY6F-L8u6JJCfjg.roa
Signing time:             Mon 01 Jan 2024 16:29:36 +0000
ROA not before:           Mon 01 Jan 2024 16:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42189
IP address blocks:        77.240.96.0/20 maxlen: 24
                          185.115.8.0/22 maxlen: 24
                          2a00:1aa8::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/e1544b-1b2c-4ebd-8658-77839eb5f820/1/Mr3s8rGkEPZSPCDmMIJnCcttrBk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/e1544b-1b2c-4ebd-8658-77839eb5f820/1/Mr3s8rGkEPZSPCDmMIJnCcttrBk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Mr3s8rGkEPZSPCDmMIJnCcttrBk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 13:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:f9:83:6a:15:84:b1:44:63:6d:ea:22:e8:ab:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32bdecf2b1a410f6523c20e630826709cb6dac19
        Validity
            Not Before: Jan  1 16:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=59e07b2639feb239313d8e85f8bf2ee892427e38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:3e:33:22:17:b7:09:92:d0:ea:ec:82:89:35:
                    a6:ec:f1:9a:7e:06:2e:1c:df:7a:b2:ab:5e:e6:65:
                    14:27:26:0a:53:0e:52:86:78:03:86:62:b5:d8:55:
                    69:a8:fd:d6:8e:b5:77:4d:c0:b7:b9:ba:2e:94:a6:
                    7e:4f:d1:84:b6:01:4e:8e:44:4e:95:3a:63:e4:4c:
                    6f:e5:9a:c6:2d:be:7a:9b:94:03:e8:9b:a0:78:71:
                    48:00:63:6d:e6:85:aa:8c:61:94:a1:b5:71:e7:51:
                    07:e1:c0:87:ea:b3:48:97:73:2a:11:80:c7:40:f3:
                    ce:c6:90:07:8e:90:70:ac:62:b3:70:95:f9:9d:67:
                    de:25:94:c7:8a:9d:ea:a2:52:0b:7a:21:99:7e:94:
                    df:89:73:49:81:96:7d:6f:03:55:99:62:64:f4:fd:
                    ea:91:a4:67:da:eb:54:98:85:f3:ff:4b:02:7b:8e:
                    16:13:21:af:26:75:a7:48:79:32:2f:f8:e2:df:28:
                    93:06:5a:96:34:99:e6:43:8a:ef:94:43:d6:f1:bc:
                    c8:5e:d8:16:ac:ae:5c:84:e5:0c:80:f4:ac:22:3c:
                    29:e9:9b:f5:f8:7d:7e:ac:10:ea:4b:a6:aa:41:4b:
                    d5:35:54:31:be:e3:04:8d:5a:be:cd:25:1b:48:1e:
                    51:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:E0:7B:26:39:FE:B2:39:31:3D:8E:85:F8:BF:2E:E8:92:42:7E:38
            X509v3 Authority Key Identifier:
                keyid:32:BD:EC:F2:B1:A4:10:F6:52:3C:20:E6:30:82:67:09:CB:6D:AC:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Mr3s8rGkEPZSPCDmMIJnCcttrBk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/e1544b-1b2c-4ebd-8658-77839eb5f820/1/WeB7Jjn-sjkxPY6F-L8u6JJCfjg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/e1544b-1b2c-4ebd-8658-77839eb5f820/1/Mr3s8rGkEPZSPCDmMIJnCcttrBk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.240.96.0/20
                  185.115.8.0/22
                IPv6:
                  2a00:1aa8::/29

    Signature Algorithm: sha256WithRSAEncryption
         9b:4d:b4:af:37:bc:10:87:ac:69:b1:63:41:7c:1c:16:68:ad:
         a9:d5:59:c7:0d:c2:18:68:89:13:9b:68:d8:41:57:11:78:31:
         ed:4a:3c:fc:eb:96:73:12:88:0d:27:92:82:eb:79:24:81:e1:
         09:0b:b1:c2:29:f3:e4:46:1a:fb:fd:b5:46:7d:6f:60:03:a9:
         23:ff:90:1a:99:4f:7f:77:16:ac:ec:1e:3f:b5:5b:b8:b8:cd:
         e9:1b:ec:f0:72:9a:c1:6f:6a:8c:26:97:7f:e1:a7:c9:98:65:
         27:fa:01:30:5f:0d:fb:2e:99:9b:80:1e:eb:d0:29:e3:94:a0:
         f7:98:15:54:f5:b2:bd:16:4a:ac:78:1c:79:41:b1:bc:6c:c6:
         01:62:1a:8b:9b:65:7c:db:95:e6:4e:1f:4a:23:0d:57:6d:5c:
         40:55:25:9f:ab:34:d6:d9:99:e3:70:b0:ca:1d:4c:5c:40:26:
         b5:0e:bc:54:7d:3e:15:54:c8:15:d3:7e:34:24:c6:eb:42:7e:
         55:62:e6:f4:65:a2:c1:fd:fd:d9:ce:41:f8:2e:17:bc:55:13:
         27:6e:bb:62:d7:7d:5b:41:0f:a7:84:39:bd:21:81:83:fe:f2:
         ab:52:5d:3f:72:fe:d9:27:8a:65:e0:86:ab:3a:8e:7a:6e:21:
         71:58:64:d3
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzF2/mDahWEsURjbeoi6KvNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyYmRlY2YyYjFhNDEwZjY1MjNjMjBlNjMwODI2NzA5Y2I2
ZGFjMTkwHhcNMjQwMTAxMTYyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OWUwN2IyNjM5ZmViMjM5MzEzZDhlODVmOGJmMmVlODkyNDI3ZTM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnz4zIhe3CZLQ6uyCiTWm7PGafgYu
HN96sqte5mUUJyYKUw5ShngDhmK12FVpqP3WjrV3TcC3uboulKZ+T9GEtgFOjkRO
lTpj5Exv5ZrGLb56m5QD6JugeHFIAGNt5oWqjGGUobVx51EH4cCH6rNIl3MqEYDH
QPPOxpAHjpBwrGKzcJX5nWfeJZTHip3qolILeiGZfpTfiXNJgZZ9bwNVmWJk9P3q
kaRn2utUmIXz/0sCe44WEyGvJnWnSHkyL/ji3yiTBlqWNJnmQ4rvlEPW8bzIXtgW
rK5chOUMgPSsIjwp6Zv1+H1+rBDqS6aqQUvVNVQxvuMEjVq+zSUbSB5REQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFFngeyY5/rI5MT2Ohfi/LuiSQn44MB8GA1UdIwQY
MBaAFDK97PKxpBD2Ujwg5jCCZwnLbawZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXIzczhyR2tFUFpTUENEbU1JSm5DY3R0ckJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC9lMTU0NGItMWIyYy00ZWJkLTg2NTgt
Nzc4MzllYjVmODIwLzEvV2VCN0pqbi1zamt4UFk2Ri1MOHU2SkpDZmpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC9lMTU0NGItMWIyYy00ZWJkLTg2NTgtNzc4MzllYjVmODIw
LzEvTXIzczhyR2tFUFpTUENEbU1JSm5DY3R0ckJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQETfBgAwQC
uXMIMA0EAgACMAcDBQMqABqoMA0GCSqGSIb3DQEBCwUAA4IBAQCbTbSvN7wQh6xp
sWNBfBwWaK2p1VnHDcIYaIkTm2jYQVcReDHtSjz865ZzEogNJ5KC63kkgeEJC7HC
KfPkRhr7/bVGfW9gA6kj/5AamU9/dxas7B4/tVu4uM3pG+zwcprBb2qMJpd/4afJ
mGUn+gEwXw37LpmbgB7r0CnjlKD3mBVU9bK9FkqseBx5QbG8bMYBYhqLm2V825Xm
Th9KIw1XbVxAVSWfqzTW2ZnjcLDKHUxcQCa1DrxUfT4VVMgV0340JMbrQn5VYub0
ZaLB/f3ZzkH4Lhe8VRMnbrti131bQQ+nhDm9IYGD/vKrUl0/cv7ZJ4pl4IarOo56
biFxWGTT
-----END CERTIFICATE-----