Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/f8314e-a3bc-45e9-a9f5-4c98d9a51405/1/dog3664EseJse-5wmd-aQpAvXfc.roa
File:                     dog3664EseJse-5wmd-aQpAvXfc.roa (raw, json)
Hash identifier:          iI7FAuZl7EZh1kXkLyH8MUmcheQBzumkzFurBgFrSME=
Subject key identifier:   76:88:37:EB:AE:04:B1:E2:6C:7B:EE:70:99:DF:9A:42:90:2F:5D:F7
Certificate issuer:       /CN=c441738baab988b1d68693bb05e29bfbb4f0f671
Certificate serial:       018CC50152117AFA0FF37EA68BBF80F041DE
Authority key identifier: C4:41:73:8B:AA:B9:88:B1:D6:86:93:BB:05:E2:9B:FB:B4:F0:F6:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xEFzi6q5iLHWhpO7BeKb-7Tw9nE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/f8314e-a3bc-45e9-a9f5-4c98d9a51405/1/dog3664EseJse-5wmd-aQpAvXfc.roa
Signing time:             Mon 01 Jan 2024 12:30:47 +0000
ROA not before:           Mon 01 Jan 2024 12:30:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8540
IP address blocks:        77.220.109.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/f8314e-a3bc-45e9-a9f5-4c98d9a51405/1/xEFzi6q5iLHWhpO7BeKb-7Tw9nE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/f8314e-a3bc-45e9-a9f5-4c98d9a51405/1/xEFzi6q5iLHWhpO7BeKb-7Tw9nE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xEFzi6q5iLHWhpO7BeKb-7Tw9nE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:52:11:7a:fa:0f:f3:7e:a6:8b:bf:80:f0:41:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c441738baab988b1d68693bb05e29bfbb4f0f671
        Validity
            Not Before: Jan  1 12:30:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=768837ebae04b1e26c7bee7099df9a42902f5df7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:ab:b7:b5:b6:4d:9c:a6:5f:96:a3:3c:cc:3f:
                    19:0d:d5:ba:54:a0:6f:2b:65:fa:a5:14:c5:49:36:
                    37:05:f4:82:08:44:54:51:d0:2b:4f:64:25:2f:49:
                    39:70:6e:e2:c0:05:6d:63:81:7f:0e:4f:1b:8d:0d:
                    9e:95:50:d4:66:c5:59:2e:e8:ad:c9:13:08:11:90:
                    c3:a1:be:91:85:15:80:e7:79:82:dd:61:39:47:0c:
                    f7:e6:82:d4:c8:ac:99:5c:7a:0f:e3:58:2b:8f:16:
                    ac:72:24:08:ac:0b:73:68:cd:14:71:93:1c:88:71:
                    3b:94:4f:e3:19:e1:1b:6b:6f:38:76:ef:26:64:64:
                    15:00:b3:87:31:51:77:6d:c8:18:e8:b3:a5:cf:9e:
                    88:81:30:3b:a5:cc:44:df:bf:df:f2:c1:41:9c:06:
                    7d:4d:0a:b2:1b:e6:a2:13:bb:9c:3a:0d:23:d0:e6:
                    74:ed:c3:a6:5d:41:46:d1:27:d2:73:9d:0d:9e:58:
                    f9:1d:5b:df:f5:af:77:10:79:73:67:0f:be:c3:95:
                    fd:90:de:ad:9e:51:3e:2d:c2:65:a5:b6:d0:5f:6d:
                    b5:a4:43:da:26:d0:36:00:4a:cf:a2:8b:b8:c1:f5:
                    09:30:43:09:cb:22:20:58:66:86:cd:f7:43:dd:96:
                    8f:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:88:37:EB:AE:04:B1:E2:6C:7B:EE:70:99:DF:9A:42:90:2F:5D:F7
            X509v3 Authority Key Identifier:
                keyid:C4:41:73:8B:AA:B9:88:B1:D6:86:93:BB:05:E2:9B:FB:B4:F0:F6:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xEFzi6q5iLHWhpO7BeKb-7Tw9nE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/f8314e-a3bc-45e9-a9f5-4c98d9a51405/1/dog3664EseJse-5wmd-aQpAvXfc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/f8314e-a3bc-45e9-a9f5-4c98d9a51405/1/xEFzi6q5iLHWhpO7BeKb-7Tw9nE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.220.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b7:01:9c:85:67:98:5a:21:fc:33:63:96:e4:c9:b3:5e:76:64:
         97:79:69:c5:95:fb:f6:c9:4d:ea:c3:63:9f:bd:1e:9c:04:b3:
         80:3d:c3:9e:f9:5d:2a:f8:e2:e4:7b:94:c5:c7:8a:c7:16:7d:
         da:3d:f8:cc:5e:17:4c:04:c0:23:94:82:6a:78:b7:ef:6b:cc:
         e7:1b:ba:5a:05:8d:87:37:59:56:24:2a:fb:29:d2:0e:ba:56:
         a3:b4:b5:0c:65:fc:0c:82:37:49:e6:84:30:18:3b:64:73:dd:
         a3:bd:75:72:74:1f:50:72:a3:95:5e:6c:3b:63:01:64:d4:00:
         d1:a7:22:cb:72:ee:85:c2:0b:e4:e4:37:20:7c:eb:6e:36:05:
         31:d6:e5:33:34:cd:35:89:72:1a:bb:e1:c3:0f:22:49:79:e0:
         89:5e:d1:8e:d4:99:d6:bf:d0:b0:03:10:0d:5a:dd:bd:f9:b0:
         8b:6b:01:ac:58:5e:34:69:79:36:06:d4:74:b8:c3:6a:31:c9:
         d0:c8:a5:d4:53:f3:43:6b:25:e5:15:4c:aa:86:85:62:d8:62:
         c7:83:57:c2:2b:f8:fd:b0:50:01:20:d5:69:91:de:16:5d:5f:
         78:b0:9a:aa:f5:b3:81:3c:cf:6e:26:c9:51:a3:03:3c:ca:23:
         5a:dc:1d:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAVIRevoP836mi7+A8EHeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0NDE3MzhiYWFiOTg4YjFkNjg2OTNiYjA1ZTI5YmZiYjRm
MGY2NzEwHhcNMjQwMTAxMTIzMDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Njg4MzdlYmFlMDRiMWUyNmM3YmVlNzA5OWRmOWE0MjkwMmY1ZGY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApau3tbZNnKZflqM8zD8ZDdW6VKBv
K2X6pRTFSTY3BfSCCERUUdArT2QlL0k5cG7iwAVtY4F/Dk8bjQ2elVDUZsVZLuit
yRMIEZDDob6RhRWA53mC3WE5Rwz35oLUyKyZXHoP41grjxasciQIrAtzaM0UcZMc
iHE7lE/jGeEba284du8mZGQVALOHMVF3bcgY6LOlz56IgTA7pcxE37/f8sFBnAZ9
TQqyG+aiE7ucOg0j0OZ07cOmXUFG0SfSc50Nnlj5HVvf9a93EHlzZw++w5X9kN6t
nlE+LcJlpbbQX221pEPaJtA2AErPoou4wfUJMEMJyyIgWGaGzfdD3ZaPZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHaIN+uuBLHibHvucJnfmkKQL133MB8GA1UdIwQY
MBaAFMRBc4uquYix1oaTuwXim/u08PZxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveEVGemk2cTVpTEhXaHBPN0JlS2ItN1R3OW5FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My9mODMxNGUtYTNiYy00NWU5LWE5ZjUt
NGM5OGQ5YTUxNDA1LzEvZG9nMzY2NEVzZUpzZS01d21kLWFRcEF2WGZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My9mODMxNGUtYTNiYy00NWU5LWE5ZjUtNGM5OGQ5YTUxNDA1
LzEveEVGemk2cTVpTEhXaHBPN0JlS2ItN1R3OW5FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATdxtMA0G
CSqGSIb3DQEBCwUAA4IBAQC3AZyFZ5haIfwzY5bkybNedmSXeWnFlfv2yU3qw2Of
vR6cBLOAPcOe+V0q+OLke5TFx4rHFn3aPfjMXhdMBMAjlIJqeLfva8znG7paBY2H
N1lWJCr7KdIOulajtLUMZfwMgjdJ5oQwGDtkc92jvXVydB9QcqOVXmw7YwFk1ADR
pyLLcu6Fwgvk5DcgfOtuNgUx1uUzNM01iXIau+HDDyJJeeCJXtGO1JnWv9CwAxAN
Wt29+bCLawGsWF40aXk2BtR0uMNqMcnQyKXUU/NDayXlFUyqhoVi2GLHg1fCK/j9
sFABINVpkd4WXV94sJqq9bOBPM9uJslRowM8yiNa3B1s
-----END CERTIFICATE-----