Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/a3c0a4-3191-4e51-8d80-478c2c8cb2a0/1/7BUAS9lNIJKrmgyqitmt4vjUchs.roa
File:                     7BUAS9lNIJKrmgyqitmt4vjUchs.roa (raw, json)
Hash identifier:          ZW63wkZvkBfaNmwpw8bvuYCpTs0W+QW7Uv70+dpsljM=
Subject key identifier:   EC:15:00:4B:D9:4D:20:92:AB:9A:0C:AA:8A:D9:AD:E2:F8:D4:72:1B
Certificate issuer:       /CN=affa13f1ae053916280ec68ee1b0976f9ebd3ea8
Certificate serial:       0194266BD6132A97A1FEF29FABAC6CEA39AC
Authority key identifier: AF:FA:13:F1:AE:05:39:16:28:0E:C6:8E:E1:B0:97:6F:9E:BD:3E:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r_oT8a4FORYoDsaO4bCXb569Pqg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/a3c0a4-3191-4e51-8d80-478c2c8cb2a0/1/7BUAS9lNIJKrmgyqitmt4vjUchs.roa
Signing time:             Thu 02 Jan 2025 09:49:48 +0000
ROA not before:           Thu 02 Jan 2025 09:49:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207713
IP address blocks:        77.73.133.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/a3c0a4-3191-4e51-8d80-478c2c8cb2a0/1/r_oT8a4FORYoDsaO4bCXb569Pqg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/a3c0a4-3191-4e51-8d80-478c2c8cb2a0/1/r_oT8a4FORYoDsaO4bCXb569Pqg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r_oT8a4FORYoDsaO4bCXb569Pqg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 03:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:d6:13:2a:97:a1:fe:f2:9f:ab:ac:6c:ea:39:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=affa13f1ae053916280ec68ee1b0976f9ebd3ea8
        Validity
            Not Before: Jan  2 09:49:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ec15004bd94d2092ab9a0caa8ad9ade2f8d4721b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:34:c4:94:92:2b:5f:30:68:74:9a:20:40:5d:
                    12:26:79:d8:0a:57:fa:14:60:50:a1:47:16:d2:20:
                    10:0a:42:21:3d:5e:b8:4f:ca:6b:90:3b:1d:1e:4f:
                    0c:0b:06:5e:2c:f6:37:25:5e:c6:e2:d0:4b:de:33:
                    f5:39:98:eb:7d:d1:13:24:56:9a:a9:f3:28:29:23:
                    85:5f:c0:14:f1:a7:96:23:7e:41:2a:d7:0c:ce:8a:
                    7e:8e:50:55:eb:0b:14:af:56:5f:88:4b:07:ea:59:
                    70:45:3c:53:b2:cc:6e:bc:20:85:39:00:f2:54:8d:
                    13:cb:43:1c:e6:38:1a:f1:0c:92:4b:d4:1a:08:ba:
                    eb:b0:71:80:1e:61:65:fa:cd:89:92:7c:0e:2d:00:
                    f4:9b:84:cd:a3:3e:f0:e8:5f:e8:4c:2f:7b:a7:c4:
                    18:fd:09:dc:ce:ae:a5:4b:24:ea:57:3b:a4:9f:4a:
                    28:eb:2c:03:24:b9:04:0b:9f:08:ad:e5:21:39:8a:
                    86:4d:82:7b:61:f8:01:ce:79:0e:86:d8:fc:8e:9b:
                    0a:22:47:0b:56:7c:0b:9d:18:cc:96:45:75:59:10:
                    f3:2b:d5:16:1f:70:66:38:e4:2d:8b:2d:f4:7a:0c:
                    70:2b:b1:f9:af:5c:a2:b9:ba:e6:7e:9b:4f:73:8e:
                    d7:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:15:00:4B:D9:4D:20:92:AB:9A:0C:AA:8A:D9:AD:E2:F8:D4:72:1B
            X509v3 Authority Key Identifier:
                keyid:AF:FA:13:F1:AE:05:39:16:28:0E:C6:8E:E1:B0:97:6F:9E:BD:3E:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r_oT8a4FORYoDsaO4bCXb569Pqg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/a3c0a4-3191-4e51-8d80-478c2c8cb2a0/1/7BUAS9lNIJKrmgyqitmt4vjUchs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/a3c0a4-3191-4e51-8d80-478c2c8cb2a0/1/r_oT8a4FORYoDsaO4bCXb569Pqg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.73.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ca:bb:41:a7:19:b3:16:a6:af:a8:5e:e3:35:92:a2:0c:2f:a1:
         14:06:f5:3c:3d:a1:be:20:2d:01:91:26:c1:8a:71:78:e2:35:
         d7:22:78:26:a0:a4:75:5f:7e:51:65:40:20:ac:03:f9:14:88:
         c3:3b:5e:98:b8:7e:4f:97:f6:8b:f8:7d:fc:25:79:cd:d5:9c:
         8b:c1:88:00:63:31:1c:76:3d:87:10:73:5b:bd:6e:4c:6c:a1:
         9d:ca:ab:95:72:6c:f7:79:2d:cc:25:8f:4d:56:c7:76:22:75:
         de:a8:f0:b4:5d:66:af:fc:c6:aa:54:72:3d:e7:5c:b6:6d:46:
         7a:e0:e8:f1:93:59:49:8a:a0:34:fd:c0:25:b9:69:96:ae:c5:
         36:75:3c:96:2e:57:a4:dc:30:64:91:f0:fa:9c:f2:07:3f:46:
         d6:ce:0d:62:f5:c0:89:87:89:2e:7c:1b:c9:c3:69:56:6e:56:
         59:48:6b:8f:ea:90:a4:ba:b6:28:10:88:f0:1e:58:69:54:ee:
         ce:87:09:1f:12:35:10:87:57:d6:ff:5d:98:2a:58:6b:02:80:
         90:61:07:3c:61:23:05:2e:15:11:57:72:7e:ca:d2:71:21:e0:
         88:fb:f1:75:12:39:71:a5:8f:fa:b8:5b:ce:f7:a3:cf:06:97:
         d4:06:80:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma9YTKpeh/vKfq6xs6jmsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmZmExM2YxYWUwNTM5MTYyODBlYzY4ZWUxYjA5NzZmOWVi
ZDNlYTgwHhcNMjUwMTAyMDk0OTQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzE1MDA0YmQ5NGQyMDkyYWI5YTBjYWE4YWQ5YWRlMmY4ZDQ3MjFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3jTElJIrXzBodJogQF0SJnnYClf6
FGBQoUcW0iAQCkIhPV64T8prkDsdHk8MCwZeLPY3JV7G4tBL3jP1OZjrfdETJFaa
qfMoKSOFX8AU8aeWI35BKtcMzop+jlBV6wsUr1ZfiEsH6llwRTxTssxuvCCFOQDy
VI0Ty0Mc5jga8QySS9QaCLrrsHGAHmFl+s2JknwOLQD0m4TNoz7w6F/oTC97p8QY
/Qnczq6lSyTqVzukn0oo6ywDJLkEC58IreUhOYqGTYJ7YfgBznkOhtj8jpsKIkcL
VnwLnRjMlkV1WRDzK9UWH3BmOOQtiy30egxwK7H5r1yiubrmfptPc47X8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOwVAEvZTSCSq5oMqorZreL41HIbMB8GA1UdIwQY
MBaAFK/6E/GuBTkWKA7GjuGwl2+evT6oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcl9vVDhhNEZPUllvRHNhTzRiQ1hiNTY5UHFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9hM2MwYTQtMzE5MS00ZTUxLThkODAt
NDc4YzJjOGNiMmEwLzEvN0JVQVM5bE5JSktybWd5cWl0bXQ0dmpVY2hzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9hM2MwYTQtMzE5MS00ZTUxLThkODAtNDc4YzJjOGNiMmEw
LzEvcl9vVDhhNEZPUllvRHNhTzRiQ1hiNTY5UHFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATUmFMA0G
CSqGSIb3DQEBCwUAA4IBAQDKu0GnGbMWpq+oXuM1kqIML6EUBvU8PaG+IC0BkSbB
inF44jXXIngmoKR1X35RZUAgrAP5FIjDO16YuH5Pl/aL+H38JXnN1ZyLwYgAYzEc
dj2HEHNbvW5MbKGdyquVcmz3eS3MJY9NVsd2InXeqPC0XWav/MaqVHI951y2bUZ6
4Ojxk1lJiqA0/cAluWmWrsU2dTyWLlek3DBkkfD6nPIHP0bWzg1i9cCJh4kufBvJ
w2lWblZZSGuP6pCkurYoEIjwHlhpVO7OhwkfEjUQh1fW/12YKlhrAoCQYQc8YSMF
LhURV3J+ytJxIeCI+/F1EjlxpY/6uFvO96PPBpfUBoBv
-----END CERTIFICATE-----