Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/3yn0wW_NTM8p5b05NM4e94bN7jM.roa
File:                     3yn0wW_NTM8p5b05NM4e94bN7jM.roa (raw, json)
Hash identifier:          glRkSaBgfvJl+iltiQ2pTAJAg2h9N/zioQezNpYWu2w=
Subject key identifier:   DF:29:F4:C1:6F:CD:4C:CF:29:E5:BD:39:34:CE:1E:F7:86:CD:EE:33
Certificate issuer:       /CN=9aee15c33de358938d6900a1b3c14480a389e85b
Certificate serial:       018FE8293CABB190C405F76A21789A516128
Authority key identifier: 9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/3yn0wW_NTM8p5b05NM4e94bN7jM.roa
Signing time:             Wed 05 Jun 2024 11:29:27 +0000
ROA not before:           Wed 05 Jun 2024 11:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61400
IP address blocks:        77.83.244.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:e8:29:3c:ab:b1:90:c4:05:f7:6a:21:78:9a:51:61:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9aee15c33de358938d6900a1b3c14480a389e85b
        Validity
            Not Before: Jun  5 11:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=df29f4c16fcd4ccf29e5bd3934ce1ef786cdee33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:9f:9e:9c:7b:71:6b:4a:09:55:af:1a:05:c2:
                    ef:b4:9a:9f:55:b6:e9:6f:62:5d:3a:b5:81:de:37:
                    d9:38:97:de:b3:27:ae:15:58:d5:a1:4d:00:b8:e2:
                    b3:8d:81:51:77:a7:43:f2:c2:c2:7c:ca:9c:33:23:
                    23:d8:8e:66:24:8f:72:74:85:c5:36:78:77:0d:06:
                    54:d8:13:4b:05:a2:08:32:3f:09:4f:c1:33:96:e8:
                    9e:9c:10:81:6b:45:1a:2f:3b:09:26:1b:13:c4:11:
                    7d:f2:e5:75:97:ef:c9:64:70:77:f5:9c:c5:07:15:
                    7c:e4:8b:c6:1e:b5:12:b0:69:27:ea:e4:95:30:93:
                    80:4d:ea:99:90:82:fb:4b:1e:5b:a3:6d:d3:68:c7:
                    b4:f3:65:25:6f:00:9e:c4:00:32:eb:e2:e0:87:c4:
                    28:2c:65:d9:48:64:5c:7d:15:c7:40:23:43:cd:b8:
                    56:b7:c5:c5:0b:67:05:46:ee:fa:c8:03:e1:93:7d:
                    01:43:ec:aa:92:42:c2:61:e6:84:83:4d:62:a6:f6:
                    9c:43:e4:f2:af:3a:ef:59:d5:12:9b:26:56:73:16:
                    ef:ed:d1:75:61:55:9e:49:57:4a:b3:e1:c4:95:18:
                    1b:cd:4c:bf:83:aa:5a:1e:16:45:9b:48:31:93:53:
                    e2:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:29:F4:C1:6F:CD:4C:CF:29:E5:BD:39:34:CE:1E:F7:86:CD:EE:33
            X509v3 Authority Key Identifier:
                keyid:9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/3yn0wW_NTM8p5b05NM4e94bN7jM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.83.244.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:3f:0c:d1:f9:bc:30:d0:68:9e:f4:4a:93:0b:f8:ba:f6:e7:
         d6:08:14:04:5a:73:4f:dc:b4:a9:6a:8a:d7:91:a8:81:4c:69:
         e7:c7:02:53:a6:77:da:da:3f:e3:6b:97:58:67:39:73:f4:2f:
         ca:2a:5f:8b:17:98:30:17:21:ac:f6:e4:fe:d3:40:cb:e1:83:
         a6:47:ae:47:ea:45:37:2e:3e:60:2a:57:df:0c:ec:c1:86:1a:
         3c:89:60:f7:f9:41:28:9d:a5:87:1b:26:79:30:f7:9d:14:3c:
         da:4e:82:ce:08:4b:47:94:44:30:b7:9f:f7:56:47:ba:1a:bc:
         76:68:23:45:3d:2a:d7:1f:26:b0:17:01:af:96:91:3a:8f:82:
         98:dc:a2:ad:5b:86:a2:b1:a2:4c:1e:46:3d:9e:19:6d:43:ed:
         9e:46:cb:9f:90:78:14:27:ea:51:15:e5:f6:b3:8b:c5:86:f9:
         f8:fd:48:5b:6f:db:66:29:2c:08:10:de:52:34:f6:fd:55:48:
         bf:7b:03:29:73:b1:42:f1:e0:0c:94:c8:bb:38:4f:bd:9e:77:
         dd:71:b5:ba:2f:d6:3f:0f:aa:b2:3d:dc:50:93:38:e3:65:5e:
         5b:5b:f0:a5:2a:37:0b:3f:29:32:d4:12:09:ad:62:ac:90:c4:
         9c:89:76:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/oKTyrsZDEBfdqIXiaUWEoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhZWUxNWMzM2RlMzU4OTM4ZDY5MDBhMWIzYzE0NDgwYTM4
OWU4NWIwHhcNMjQwNjA1MTEyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjI5ZjRjMTZmY2Q0Y2NmMjllNWJkMzkzNGNlMWVmNzg2Y2RlZTMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA65+enHtxa0oJVa8aBcLvtJqfVbbp
b2JdOrWB3jfZOJfesyeuFVjVoU0AuOKzjYFRd6dD8sLCfMqcMyMj2I5mJI9ydIXF
Nnh3DQZU2BNLBaIIMj8JT8EzluienBCBa0UaLzsJJhsTxBF98uV1l+/JZHB39ZzF
BxV85IvGHrUSsGkn6uSVMJOATeqZkIL7Sx5bo23TaMe082UlbwCexAAy6+Lgh8Qo
LGXZSGRcfRXHQCNDzbhWt8XFC2cFRu76yAPhk30BQ+yqkkLCYeaEg01ipvacQ+Ty
rzrvWdUSmyZWcxbv7dF1YVWeSVdKs+HElRgbzUy/g6paHhZFm0gxk1Pi1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN8p9MFvzUzPKeW9OTTOHveGze4zMB8GA1UdIwQY
MBaAFJruFcM941iTjWkAobPBRICjiehbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjIt
NmVlNTM0ZDkyZTUyLzEvM3luMHdXX05UTThwNWIwNU5NNGU5NGJON2pNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjItNmVlNTM0ZDkyZTUy
LzEvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVP0MA0G
CSqGSIb3DQEBCwUAA4IBAQAiPwzR+bww0Gie9EqTC/i69ufWCBQEWnNP3LSpaorX
kaiBTGnnxwJTpnfa2j/ja5dYZzlz9C/KKl+LF5gwFyGs9uT+00DL4YOmR65H6kU3
Lj5gKlffDOzBhho8iWD3+UEonaWHGyZ5MPedFDzaToLOCEtHlEQwt5/3Vke6Grx2
aCNFPSrXHyawFwGvlpE6j4KY3KKtW4aisaJMHkY9nhltQ+2eRsufkHgUJ+pRFeX2
s4vFhvn4/Uhbb9tmKSwIEN5SNPb9VUi/ewMpc7FC8eAMlMi7OE+9nnfdcbW6L9Y/
D6qyPdxQkzjjZV5bW/ClKjcLPyky1BIJrWKskMSciXZk
-----END CERTIFICATE-----