Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/IXAoZlDCQZWlychuo2cs9oMWnzo.roa
File:                     IXAoZlDCQZWlychuo2cs9oMWnzo.roa (raw, json)
Hash identifier:          +ok1/lYQCQ6zgjVAQuTN+GFEZ3C+IbGweR738YfhDMs=
Subject key identifier:   21:70:28:66:50:C2:41:95:A5:C9:C8:6E:A3:67:2C:F6:83:16:9F:3A
Certificate issuer:       /CN=7415fec4ae76b24e4f02991649917b99b740044a
Certificate serial:       018DD1DBEF66F2941E15930BDFA337D50D18
Authority key identifier: 74:15:FE:C4:AE:76:B2:4E:4F:02:99:16:49:91:7B:99:B7:40:04:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dBX-xK52sk5PApkWSZF7mbdABEo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/IXAoZlDCQZWlychuo2cs9oMWnzo.roa
Signing time:             Thu 22 Feb 2024 17:27:48 +0000
ROA not before:           Thu 22 Feb 2024 17:27:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57043
IP address blocks:        77.105.164.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/dBX-xK52sk5PApkWSZF7mbdABEo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/dBX-xK52sk5PApkWSZF7mbdABEo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dBX-xK52sk5PApkWSZF7mbdABEo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 01 Jun 2024 23:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:d1:db:ef:66:f2:94:1e:15:93:0b:df:a3:37:d5:0d:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7415fec4ae76b24e4f02991649917b99b740044a
        Validity
            Not Before: Feb 22 17:27:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2170286650c24195a5c9c86ea3672cf683169f3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:98:4b:4c:90:c2:a2:14:30:1f:a6:b4:4e:cf:
                    e5:2b:db:0f:13:3f:8b:f5:47:b1:12:69:60:5a:26:
                    80:d3:00:f6:be:9c:b1:89:2a:25:5f:cb:c7:84:5d:
                    42:2d:7c:6b:52:25:08:9b:c1:a3:b0:9c:77:eb:94:
                    05:eb:71:5b:80:48:b0:13:70:38:26:11:c6:f3:5a:
                    00:74:9a:3d:30:c8:87:0d:e1:80:b6:56:6d:07:7a:
                    31:6b:b3:b1:89:3d:7e:3d:96:ff:09:65:9f:4f:48:
                    72:b8:14:c7:d4:c3:f8:9e:f4:b9:dd:16:76:48:6a:
                    da:db:86:8b:d0:48:a6:7e:ec:3a:bc:4a:91:65:e6:
                    09:26:dd:69:48:8f:7b:6f:5c:63:29:a8:12:e1:21:
                    3d:e8:64:78:9c:4e:e8:06:e0:a9:0b:4d:81:96:d0:
                    3c:f3:ce:27:07:8a:b5:a6:c7:68:6f:b1:4c:4b:23:
                    10:07:6d:22:d5:65:f4:87:7f:ea:0b:d5:8e:16:8d:
                    72:6e:76:89:d0:61:ab:68:7f:77:8f:08:70:a0:54:
                    0b:c5:68:5b:58:f4:00:9d:46:97:8a:14:1f:e4:48:
                    98:29:b1:d5:05:39:da:95:ba:b8:0b:29:36:ae:ac:
                    64:6b:66:26:67:5b:64:dc:84:b2:25:8f:ed:bb:52:
                    a4:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:70:28:66:50:C2:41:95:A5:C9:C8:6E:A3:67:2C:F6:83:16:9F:3A
            X509v3 Authority Key Identifier:
                keyid:74:15:FE:C4:AE:76:B2:4E:4F:02:99:16:49:91:7B:99:B7:40:04:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dBX-xK52sk5PApkWSZF7mbdABEo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/IXAoZlDCQZWlychuo2cs9oMWnzo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/dBX-xK52sk5PApkWSZF7mbdABEo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.105.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:72:29:1a:d9:ea:e2:3a:22:7b:78:10:94:45:88:35:3b:77:
         54:9b:b6:79:7d:43:07:7f:38:d8:d8:72:06:2d:5f:d8:19:e2:
         aa:b1:01:a6:96:70:a5:97:b3:4a:f2:43:28:f6:07:d4:d0:65:
         f4:87:61:d1:1b:0c:3f:91:0b:25:52:89:ff:22:b4:e0:a1:b8:
         be:c9:35:fd:92:f8:88:8b:b9:a7:54:a8:c0:c5:e9:e5:c1:d4:
         ac:b1:e1:00:23:1f:68:7f:db:37:a1:e0:e7:29:f7:99:c5:23:
         05:66:53:ed:81:52:72:15:e4:5f:bb:05:a8:67:57:bb:16:f8:
         bf:6e:67:f6:35:51:1f:27:30:69:0d:43:99:38:b7:8a:55:5e:
         08:e1:94:fa:66:07:59:69:fc:ff:5b:d9:e4:7b:05:dd:4f:08:
         4f:70:ed:97:11:7d:21:62:3f:fb:0c:46:f9:d7:78:50:90:e6:
         17:d1:f0:66:79:36:29:40:ee:b8:09:5b:e9:15:fb:9f:97:9b:
         48:a7:8f:09:8f:4f:d0:b0:aa:76:86:9c:51:f4:85:2d:ff:b6:
         bf:82:d8:06:0e:8a:ec:85:d5:ae:2f:2f:16:57:38:b1:c3:75:
         2b:51:78:99:84:51:d8:ad:db:bf:1c:24:06:ae:62:86:58:9d:
         12:f3:78:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3R2+9m8pQeFZML36M31Q0YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0MTVmZWM0YWU3NmIyNGU0ZjAyOTkxNjQ5OTE3Yjk5Yjc0
MDA0NGEwHhcNMjQwMjIyMTcyNzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTcwMjg2NjUwYzI0MTk1YTVjOWM4NmVhMzY3MmNmNjgzMTY5ZjNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhphLTJDCohQwH6a0Ts/lK9sPEz+L
9UexEmlgWiaA0wD2vpyxiSolX8vHhF1CLXxrUiUIm8GjsJx365QF63FbgEiwE3A4
JhHG81oAdJo9MMiHDeGAtlZtB3oxa7OxiT1+PZb/CWWfT0hyuBTH1MP4nvS53RZ2
SGra24aL0Eimfuw6vEqRZeYJJt1pSI97b1xjKagS4SE96GR4nE7oBuCpC02BltA8
884nB4q1psdob7FMSyMQB20i1WX0h3/qC9WOFo1ybnaJ0GGraH93jwhwoFQLxWhb
WPQAnUaXihQf5EiYKbHVBTnalbq4Cyk2rqxka2YmZ1tk3ISyJY/tu1KkBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCFwKGZQwkGVpcnIbqNnLPaDFp86MB8GA1UdIwQY
MBaAFHQV/sSudrJOTwKZFkmRe5m3QARKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEJYLXhLNTJzazVQQXBrV1NaRjdtYmRBQkVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy85ODc5NzktOTY5My00NWUzLTg1YmEt
ZWQ1MzU4YjZkYTMxLzEvSVhBb1psRENRWldseWNodW8yY3M5b01XbnpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy85ODc5NzktOTY5My00NWUzLTg1YmEtZWQ1MzU4YjZkYTMx
LzEvZEJYLXhLNTJzazVQQXBrV1NaRjdtYmRBQkVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATWmkMA0G
CSqGSIb3DQEBCwUAA4IBAQCBcika2eriOiJ7eBCURYg1O3dUm7Z5fUMHfzjY2HIG
LV/YGeKqsQGmlnCll7NK8kMo9gfU0GX0h2HRGww/kQslUon/IrTgobi+yTX9kviI
i7mnVKjAxenlwdSsseEAIx9of9s3oeDnKfeZxSMFZlPtgVJyFeRfuwWoZ1e7Fvi/
bmf2NVEfJzBpDUOZOLeKVV4I4ZT6ZgdZafz/W9nkewXdTwhPcO2XEX0hYj/7DEb5
13hQkOYX0fBmeTYpQO64CVvpFfufl5tIp48Jj0/QsKp2hpxR9IUt/7a/gtgGDors
hdWuLy8WVzixw3UrUXiZhFHYrdu/HCQGrmKGWJ0S83iY
-----END CERTIFICATE-----