Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/379oIVjg6jK22VmJ3nFMJxHmEqg.roa
File:                     379oIVjg6jK22VmJ3nFMJxHmEqg.roa (raw, json)
Hash identifier:          vy7AzK77RGlK6LLBWDADv9bHrlHSM6Xmy3XmaYs9ra8=
Subject key identifier:   DF:BF:68:21:58:E0:EA:32:B6:D9:59:89:DE:71:4C:27:11:E6:12:A8
Certificate issuer:       /CN=7415fec4ae76b24e4f02991649917b99b740044a
Certificate serial:       0191EA80B32B1A159D5C9909D48EA407F591
Authority key identifier: 74:15:FE:C4:AE:76:B2:4E:4F:02:99:16:49:91:7B:99:B7:40:04:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dBX-xK52sk5PApkWSZF7mbdABEo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/379oIVjg6jK22VmJ3nFMJxHmEqg.roa
Signing time:             Fri 13 Sep 2024 08:29:48 +0000
ROA not before:           Fri 13 Sep 2024 08:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216334
IP address blocks:        77.105.133.0/24 maxlen: 24
                          2a00:f9a0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/dBX-xK52sk5PApkWSZF7mbdABEo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/dBX-xK52sk5PApkWSZF7mbdABEo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dBX-xK52sk5PApkWSZF7mbdABEo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:02:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:ea:80:b3:2b:1a:15:9d:5c:99:09:d4:8e:a4:07:f5:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7415fec4ae76b24e4f02991649917b99b740044a
        Validity
            Not Before: Sep 13 08:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dfbf682158e0ea32b6d95989de714c2711e612a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:7d:e5:1d:58:cc:c3:9d:ff:7e:e1:79:91:06:
                    a2:31:1a:86:d0:c2:a0:63:0a:e3:5f:d3:11:50:18:
                    b5:3d:e0:70:d2:60:de:d2:3d:ac:b8:57:ad:2b:a2:
                    43:02:aa:be:2e:35:e4:55:a7:c8:59:5b:b4:98:4d:
                    5b:60:48:e5:6a:b7:73:87:3d:f0:4f:6b:5c:23:39:
                    27:fc:73:11:43:ff:78:51:a2:81:fd:78:41:3e:99:
                    87:3a:d9:f5:1f:d5:b6:05:11:9f:5a:7b:f5:cd:09:
                    5a:fa:36:f9:62:41:d7:83:71:54:6e:68:c6:07:6a:
                    11:2d:88:ba:a7:fa:cd:ce:8b:e4:e0:15:d7:64:e5:
                    05:6d:12:df:b6:98:60:69:fc:e2:31:89:b8:74:9f:
                    f2:bd:a2:d7:29:88:85:0d:2d:f2:be:fc:f0:2e:e8:
                    f9:5a:e3:c8:35:24:13:0c:af:9f:71:e1:6a:f8:bc:
                    7b:6b:57:71:bc:ac:d7:db:68:1a:b9:37:13:d8:93:
                    11:8c:56:a5:1f:38:02:63:92:a2:1c:85:2a:7e:a3:
                    1e:ad:c3:11:91:6d:cf:cf:ca:4e:cb:73:a4:1b:40:
                    60:1e:59:4f:28:85:ec:36:16:3d:ec:fd:55:18:bb:
                    fe:2b:39:b7:9e:c4:fa:9e:0f:6c:37:9d:d5:dc:dd:
                    3d:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:BF:68:21:58:E0:EA:32:B6:D9:59:89:DE:71:4C:27:11:E6:12:A8
            X509v3 Authority Key Identifier:
                keyid:74:15:FE:C4:AE:76:B2:4E:4F:02:99:16:49:91:7B:99:B7:40:04:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dBX-xK52sk5PApkWSZF7mbdABEo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/379oIVjg6jK22VmJ3nFMJxHmEqg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/dBX-xK52sk5PApkWSZF7mbdABEo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.105.133.0/24
                IPv6:
                  2a00:f9a0::/32

    Signature Algorithm: sha256WithRSAEncryption
         ae:e8:f2:b4:7a:4c:7f:18:29:ce:e7:1b:37:f2:7e:5c:9e:9f:
         2c:96:8c:c2:4c:c5:7d:e7:67:90:c2:f8:18:91:19:d6:c9:1d:
         88:23:a3:69:0c:ec:7d:60:58:01:9b:a9:7a:ff:c8:54:04:6d:
         d7:a3:2b:f4:f1:84:1d:37:c0:4a:df:f8:99:62:36:60:82:bf:
         ee:0d:6a:c4:ae:21:be:e7:6a:f0:01:a1:9c:c8:4d:e4:10:33:
         ef:ec:d8:f0:6a:48:3a:e5:7e:8f:70:7a:6e:d3:4a:fb:1c:ba:
         9c:63:9d:4f:52:d2:5d:b5:f3:36:9d:e4:da:20:5c:3c:c0:07:
         80:de:e7:4d:ca:f5:6c:41:a2:7e:92:0d:d3:75:17:2b:3f:a8:
         cb:68:21:80:21:84:c4:e4:41:00:38:d6:a8:fc:32:9c:a1:7b:
         f7:27:5c:56:01:a4:39:1f:0c:18:06:05:ea:b0:bf:19:4e:63:
         1c:d0:49:77:76:51:52:12:9a:f5:23:fc:7f:5e:2a:38:f5:cf:
         65:ba:9a:68:67:2f:02:35:e4:5e:bc:a6:e8:dc:84:e7:44:c9:
         cf:2c:28:2b:33:74:9b:e0:00:55:60:e2:1d:09:66:bb:85:aa:
         50:1d:f6:c3:bd:95:2b:58:b0:1d:ca:71:0d:44:1b:0e:f8:bd:
         10:97:cc:d2
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZHqgLMrGhWdXJkJ1I6kB/WRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0MTVmZWM0YWU3NmIyNGU0ZjAyOTkxNjQ5OTE3Yjk5Yjc0
MDA0NGEwHhcNMjQwOTEzMDgyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmJmNjgyMTU4ZTBlYTMyYjZkOTU5ODlkZTcxNGMyNzExZTYxMmE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq33lHVjMw53/fuF5kQaiMRqG0MKg
YwrjX9MRUBi1PeBw0mDe0j2suFetK6JDAqq+LjXkVafIWVu0mE1bYEjlardzhz3w
T2tcIzkn/HMRQ/94UaKB/XhBPpmHOtn1H9W2BRGfWnv1zQla+jb5YkHXg3FUbmjG
B2oRLYi6p/rNzovk4BXXZOUFbRLftphgafziMYm4dJ/yvaLXKYiFDS3yvvzwLuj5
WuPINSQTDK+fceFq+Lx7a1dxvKzX22gauTcT2JMRjFalHzgCY5KiHIUqfqMercMR
kW3Pz8pOy3OkG0BgHllPKIXsNhY97P1VGLv+Kzm3nsT6ng9sN53V3N092wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFN+/aCFY4OoyttlZid5xTCcR5hKoMB8GA1UdIwQY
MBaAFHQV/sSudrJOTwKZFkmRe5m3QARKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEJYLXhLNTJzazVQQXBrV1NaRjdtYmRBQkVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy85ODc5NzktOTY5My00NWUzLTg1YmEt
ZWQ1MzU4YjZkYTMxLzEvMzc5b0lWamc2aksyMlZtSjNuRk1KeEhtRXFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy85ODc5NzktOTY5My00NWUzLTg1YmEtZWQ1MzU4YjZkYTMx
LzEvZEJYLXhLNTJzazVQQXBrV1NaRjdtYmRBQkVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQATWmFMA0E
AgACMAcDBQAqAPmgMA0GCSqGSIb3DQEBCwUAA4IBAQCu6PK0ekx/GCnO5xs38n5c
np8slozCTMV952eQwvgYkRnWyR2II6NpDOx9YFgBm6l6/8hUBG3Xoyv08YQdN8BK
3/iZYjZggr/uDWrEriG+52rwAaGcyE3kEDPv7Njwakg65X6PcHpu00r7HLqcY51P
UtJdtfM2neTaIFw8wAeA3udNyvVsQaJ+kg3TdRcrP6jLaCGAIYTE5EEAONao/DKc
oXv3J1xWAaQ5HwwYBgXqsL8ZTmMc0El3dlFSEpr1I/x/Xio49c9luppoZy8CNeRe
vKbo3ITnRMnPLCgrM3Sb4ABVYOIdCWa7hapQHfbDvZUrWLAdynENRBsO+L0Ql8zS
-----END CERTIFICATE-----