Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/FH93-OaeippN5t42y288UZnWD5E.roa
File:                     FH93-OaeippN5t42y288UZnWD5E.roa (raw, json)
Hash identifier:          Lptz/0Y3Q0wKxZsBAdl3N4Er2YjK4t59OJhs3vHvnEI=
Subject key identifier:   14:7F:77:F8:E6:9E:8A:9A:4D:E6:DE:36:CB:6F:3C:51:99:D6:0F:91
Certificate issuer:       /CN=5124fba1e401c03e5ba1cd77ae9ee39cfd631bfb
Certificate serial:       0192F621787E2204F4CF5ABC0D1B43A9F8B5
Authority key identifier: 51:24:FB:A1:E4:01:C0:3E:5B:A1:CD:77:AE:9E:E3:9C:FD:63:1B:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/FH93-OaeippN5t42y288UZnWD5E.roa
Signing time:             Mon 04 Nov 2024 07:44:01 +0000
ROA not before:           Mon 04 Nov 2024 07:44:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21859
IP address blocks:        77.246.220.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 16:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:f6:21:78:7e:22:04:f4:cf:5a:bc:0d:1b:43:a9:f8:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5124fba1e401c03e5ba1cd77ae9ee39cfd631bfb
        Validity
            Not Before: Nov  4 07:44:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=147f77f8e69e8a9a4de6de36cb6f3c5199d60f91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:4f:5b:6c:88:84:05:70:e3:d3:7b:86:f1:30:
                    55:72:b2:96:98:c8:f2:24:b7:04:5c:c6:5a:c8:07:
                    4b:45:92:8d:a8:cf:18:fa:05:ea:bc:5d:58:5d:30:
                    94:fd:6d:62:bf:08:a6:e8:4e:17:df:93:2a:36:bb:
                    eb:79:c1:0c:db:e3:de:89:6b:6b:19:f2:fa:43:a7:
                    54:99:48:09:cd:16:85:4f:91:18:82:e4:97:a0:fb:
                    e2:78:79:bc:f2:59:9e:c2:8c:1f:62:78:6f:63:1c:
                    7a:f2:c4:27:a1:60:a5:86:66:a9:67:32:8e:73:1d:
                    2a:8b:7d:26:58:ec:45:86:f4:90:d5:c8:2e:5e:fc:
                    59:15:c8:4e:58:88:30:c2:06:3c:a5:f9:a6:17:59:
                    38:a6:9e:7f:c3:4d:61:bf:ac:d2:d5:6f:98:3d:69:
                    68:0d:2f:41:d3:b8:6e:b4:21:2f:13:6d:66:18:d4:
                    af:c6:98:07:f7:fc:d3:e2:36:6c:e1:d7:cc:ba:e4:
                    b9:80:41:b1:15:d3:0d:fb:0a:01:4c:e8:95:ee:5f:
                    ea:d8:9e:76:05:d8:5c:67:fe:52:e3:5f:00:34:a6:
                    60:66:d9:81:b3:23:60:4b:1f:0c:59:8b:78:24:7f:
                    55:b8:e9:5b:d1:66:2e:c0:a8:cb:cd:95:74:2b:53:
                    7e:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:7F:77:F8:E6:9E:8A:9A:4D:E6:DE:36:CB:6F:3C:51:99:D6:0F:91
            X509v3 Authority Key Identifier:
                keyid:51:24:FB:A1:E4:01:C0:3E:5B:A1:CD:77:AE:9E:E3:9C:FD:63:1B:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/FH93-OaeippN5t42y288UZnWD5E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.246.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:e8:ed:ee:3d:88:d5:72:00:87:a3:ad:4d:82:60:98:28:62:
         89:62:d9:ac:55:cf:28:c0:58:64:4f:e2:dc:45:1e:48:a8:0c:
         5f:52:cf:69:83:b9:19:0c:95:9b:90:5d:69:0c:cd:39:10:2f:
         89:af:a1:2c:fb:1c:bb:0c:95:6f:5e:0a:79:29:5f:73:08:1a:
         d6:ab:4e:c8:d7:5a:b2:fc:42:f4:3f:bc:c8:40:c8:de:8c:54:
         10:c3:ab:5a:88:d8:9b:5f:9f:74:5b:d5:83:0d:a2:5e:9f:9d:
         3c:76:a3:85:4a:cb:a7:ec:29:dd:0a:8f:c1:8b:c5:b1:00:11:
         6b:79:56:5b:6b:a4:7f:14:ad:a2:88:ae:08:1c:16:7e:2e:26:
         e8:51:50:2b:37:01:ae:95:82:0e:f5:65:49:94:d1:06:d2:0e:
         f3:bb:59:d5:76:63:ec:b2:63:33:93:6b:14:83:72:bc:1b:6e:
         f9:3f:3c:51:1a:43:f6:e9:08:3f:48:06:c8:3e:db:56:31:57:
         e2:18:42:8a:cd:94:e9:3c:ce:39:45:b4:6b:f4:44:0b:13:a3:
         4b:32:5a:9b:0e:8a:3c:2e:57:5b:ce:63:71:dd:15:9d:b2:33:
         07:83:7b:c7:ea:dd:a4:85:d7:2f:00:8a:9c:53:a9:a1:26:d4:
         b7:23:67:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZL2IXh+IgT0z1q8DRtDqfi1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxMjRmYmExZTQwMWMwM2U1YmExY2Q3N2FlOWVlMzljZmQ2
MzFiZmIwHhcNMjQxMTA0MDc0NDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDdmNzdmOGU2OWU4YTlhNGRlNmRlMzZjYjZmM2M1MTk5ZDYwZjkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyU9bbIiEBXDj03uG8TBVcrKWmMjy
JLcEXMZayAdLRZKNqM8Y+gXqvF1YXTCU/W1ivwim6E4X35MqNrvrecEM2+PeiWtr
GfL6Q6dUmUgJzRaFT5EYguSXoPvieHm88lmewowfYnhvYxx68sQnoWClhmapZzKO
cx0qi30mWOxFhvSQ1cguXvxZFchOWIgwwgY8pfmmF1k4pp5/w01hv6zS1W+YPWlo
DS9B07hutCEvE21mGNSvxpgH9/zT4jZs4dfMuuS5gEGxFdMN+woBTOiV7l/q2J52
BdhcZ/5S418ANKZgZtmBsyNgSx8MWYt4JH9VuOlb0WYuwKjLzZV0K1N+RQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBR/d/jmnoqaTebeNstvPFGZ1g+RMB8GA1UdIwQY
MBaAFFEk+6HkAcA+W6HNd66e45z9Yxv7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVNUN29lUUJ3RDVib2MxM3JwN2puUDFqR19zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9iNzE0YWQtMWY3OC00YTEwLThlNjEt
YWI4ZjFmMzM4N2VlLzEvRkg5My1PYWVpcHBONXQ0MnkyODhVWm5XRDVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9iNzE0YWQtMWY3OC00YTEwLThlNjEtYWI4ZjFmMzM4N2Vl
LzEvVVNUN29lUUJ3RDVib2MxM3JwN2puUDFqR19zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATfbcMA0G
CSqGSIb3DQEBCwUAA4IBAQBC6O3uPYjVcgCHo61NgmCYKGKJYtmsVc8owFhkT+Lc
RR5IqAxfUs9pg7kZDJWbkF1pDM05EC+Jr6Es+xy7DJVvXgp5KV9zCBrWq07I11qy
/EL0P7zIQMjejFQQw6taiNibX590W9WDDaJen508dqOFSsun7CndCo/Bi8WxABFr
eVZba6R/FK2iiK4IHBZ+LiboUVArNwGulYIO9WVJlNEG0g7zu1nVdmPssmMzk2sU
g3K8G275PzxRGkP26Qg/SAbIPttWMVfiGEKKzZTpPM45RbRr9EQLE6NLMlqbDoo8
LldbzmNx3RWdsjMHg3vH6t2khdcvAIqcU6mhJtS3I2cH
-----END CERTIFICATE-----