Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/d00889-e5ca-4090-a6a4-2ac6ff75beb0/1/_PZYUeOOrXicroh1Axsygx4BC3s.roa
File:                     _PZYUeOOrXicroh1Axsygx4BC3s.roa (raw, json)
Hash identifier:          3TUzUAWQrgvbmCXBHxMPmliieooL+1MDeSyEuXQ8sHY=
Subject key identifier:   FC:F6:58:51:E3:8E:AD:78:9C:AE:88:75:03:1B:32:83:1E:01:0B:7B
Certificate issuer:       /CN=a76dd9dad75877f7d28d14e08dc55b1330bd13b7
Certificate serial:       018CC9BCC58FD3DCA3453076A2C14C22039A
Authority key identifier: A7:6D:D9:DA:D7:58:77:F7:D2:8D:14:E0:8D:C5:5B:13:30:BD:13:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p23Z2tdYd_fSjRTgjcVbEzC9E7c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/d00889-e5ca-4090-a6a4-2ac6ff75beb0/1/_PZYUeOOrXicroh1Axsygx4BC3s.roa
Signing time:             Tue 02 Jan 2024 10:34:00 +0000
ROA not before:           Tue 02 Jan 2024 10:34:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61135
IP address blocks:        185.165.77.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/d00889-e5ca-4090-a6a4-2ac6ff75beb0/1/p23Z2tdYd_fSjRTgjcVbEzC9E7c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/d00889-e5ca-4090-a6a4-2ac6ff75beb0/1/p23Z2tdYd_fSjRTgjcVbEzC9E7c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p23Z2tdYd_fSjRTgjcVbEzC9E7c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:c5:8f:d3:dc:a3:45:30:76:a2:c1:4c:22:03:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a76dd9dad75877f7d28d14e08dc55b1330bd13b7
        Validity
            Not Before: Jan  2 10:34:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fcf65851e38ead789cae8875031b32831e010b7b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:6f:6a:2b:a5:4a:e7:e6:ab:4c:a4:c1:a9:05:
                    2f:1b:97:ac:e9:72:8e:eb:46:1c:b6:6d:21:ac:a1:
                    45:9a:22:a2:10:8a:0b:44:08:ed:27:00:5c:48:cd:
                    48:12:03:a8:9f:23:62:ca:88:67:e7:c0:09:c0:9f:
                    c9:73:6c:e4:eb:d4:1c:b2:84:5e:fc:62:b1:0e:c8:
                    c9:16:7c:7c:bd:29:2c:88:0a:d4:e8:52:97:0a:12:
                    a6:ce:34:69:50:5f:8c:99:d3:6b:66:d6:6c:e3:fd:
                    bc:fc:c4:bf:8d:95:13:b7:e3:bf:0b:c1:e3:3d:a2:
                    83:a6:35:7f:f7:6b:f3:d3:b3:64:7b:ca:9c:69:18:
                    53:fa:f4:ed:8b:06:02:05:29:a0:90:55:25:cb:8d:
                    52:99:d9:07:4b:13:3e:c2:9e:81:43:27:71:7f:1f:
                    bc:54:77:cd:28:b8:b0:e3:f0:ee:f8:c7:57:96:52:
                    d3:ab:17:aa:e8:13:56:27:ef:77:86:8e:05:d2:f3:
                    ba:79:4f:56:55:99:1c:15:1e:b7:27:5e:ba:b0:b1:
                    37:96:04:f7:77:2c:8f:c6:52:0c:0d:83:6c:6b:71:
                    17:34:a1:0d:d3:10:a3:ce:3f:95:76:ed:b9:f2:16:
                    2b:c7:24:58:30:b9:d0:06:77:f5:b2:71:25:b0:f7:
                    1d:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:F6:58:51:E3:8E:AD:78:9C:AE:88:75:03:1B:32:83:1E:01:0B:7B
            X509v3 Authority Key Identifier:
                keyid:A7:6D:D9:DA:D7:58:77:F7:D2:8D:14:E0:8D:C5:5B:13:30:BD:13:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p23Z2tdYd_fSjRTgjcVbEzC9E7c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/d00889-e5ca-4090-a6a4-2ac6ff75beb0/1/_PZYUeOOrXicroh1Axsygx4BC3s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/d00889-e5ca-4090-a6a4-2ac6ff75beb0/1/p23Z2tdYd_fSjRTgjcVbEzC9E7c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.165.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:2f:0b:2d:9e:ac:ad:f9:81:94:54:3f:15:af:e1:56:eb:4e:
         eb:63:c4:9a:41:f2:9e:a9:a9:58:6f:d7:9b:ed:b7:da:cf:ec:
         41:fe:99:5a:12:35:5e:53:8f:80:31:f6:3b:77:11:49:13:58:
         4d:ba:18:f0:14:f7:58:12:0a:55:3e:44:a1:80:f4:aa:5a:65:
         c1:7a:7e:91:06:e5:2a:14:bf:92:82:4b:cb:cb:d2:18:cc:90:
         39:b0:6a:1e:25:07:b8:29:79:94:1d:d4:46:f4:a3:07:6d:8b:
         f0:c7:cd:48:ba:0b:ed:d3:3b:fb:9d:6f:6f:31:ec:28:bf:dd:
         17:9e:99:a2:fc:92:5a:07:1d:3f:75:d1:af:2b:2e:a7:6d:db:
         79:8a:b8:af:22:b7:22:8a:61:bf:01:99:bc:58:be:48:62:ee:
         68:1a:60:bb:fb:6b:2b:e8:eb:70:e5:55:67:2e:41:df:5f:25:
         64:db:f1:e8:9e:8a:52:51:c9:b9:f3:f4:bb:f2:cb:e7:8e:fa:
         35:63:4d:6d:0d:da:88:41:ee:bd:a2:bd:94:2a:d3:d7:13:6f:
         09:bd:14:84:f1:b6:b3:56:da:bb:36:8f:9a:5e:fd:53:54:8d:
         71:b0:e1:3e:53:3e:1c:60:59:ee:0e:a1:f3:f4:98:ae:e9:1c:
         19:25:0f:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvMWP09yjRTB2osFMIgOaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3NmRkOWRhZDc1ODc3ZjdkMjhkMTRlMDhkYzU1YjEzMzBi
ZDEzYjcwHhcNMjQwMTAyMTAzNDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2Y2NTg1MWUzOGVhZDc4OWNhZTg4NzUwMzFiMzI4MzFlMDEwYjdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkG9qK6VK5+arTKTBqQUvG5es6XKO
60Yctm0hrKFFmiKiEIoLRAjtJwBcSM1IEgOonyNiyohn58AJwJ/Jc2zk69QcsoRe
/GKxDsjJFnx8vSksiArU6FKXChKmzjRpUF+MmdNrZtZs4/28/MS/jZUTt+O/C8Hj
PaKDpjV/92vz07Nke8qcaRhT+vTtiwYCBSmgkFUly41SmdkHSxM+wp6BQydxfx+8
VHfNKLiw4/Du+MdXllLTqxeq6BNWJ+93ho4F0vO6eU9WVZkcFR63J166sLE3lgT3
dyyPxlIMDYNsa3EXNKEN0xCjzj+Vdu258hYrxyRYMLnQBnf1snElsPcdzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPz2WFHjjq14nK6IdQMbMoMeAQt7MB8GA1UdIwQY
MBaAFKdt2drXWHf30o0U4I3FWxMwvRO3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcDIzWjJ0ZFlkX2ZTalJUZ2pjVmJFekM5RTdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9kMDA4ODktZTVjYS00MDkwLWE2YTQt
MmFjNmZmNzViZWIwLzEvX1BaWVVlT09yWGljcm9oMUF4c3lneDRCQzNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9kMDA4ODktZTVjYS00MDkwLWE2YTQtMmFjNmZmNzViZWIw
LzEvcDIzWjJ0ZFlkX2ZTalJUZ2pjVmJFekM5RTdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaVNMA0G
CSqGSIb3DQEBCwUAA4IBAQC1Lwstnqyt+YGUVD8Vr+FW607rY8SaQfKeqalYb9eb
7bfaz+xB/plaEjVeU4+AMfY7dxFJE1hNuhjwFPdYEgpVPkShgPSqWmXBen6RBuUq
FL+SgkvLy9IYzJA5sGoeJQe4KXmUHdRG9KMHbYvwx81Iugvt0zv7nW9vMewov90X
npmi/JJaBx0/ddGvKy6nbdt5irivIrciimG/AZm8WL5IYu5oGmC7+2sr6Otw5VVn
LkHfXyVk2/HonopSUcm58/S78svnjvo1Y01tDdqIQe69or2UKtPXE28JvRSE8baz
Vtq7No+aXv1TVI1xsOE+Uz4cYFnuDqHz9Jiu6RwZJQ8S
-----END CERTIFICATE-----