Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/54c70d-f57a-4a56-b20c-1399ad37c4e3/1/07TzuKnh76VoCAzkq24E8kRvxWE.roa
File:                     07TzuKnh76VoCAzkq24E8kRvxWE.roa (raw, json)
Hash identifier:          //syDkAat+oL4v4kpk01yJmynvUn91SVrktzd1aat4w=
Subject key identifier:   D3:B4:F3:B8:A9:E1:EF:A5:68:08:0C:E4:AB:6E:04:F2:44:6F:C5:61
Certificate issuer:       /CN=432ebe0b60bae2ecbf21ef14fc5fdc9ddb9a3f21
Certificate serial:       018CC794D33D649A34B3AAAA42EA3ACA09E5
Authority key identifier: 43:2E:BE:0B:60:BA:E2:EC:BF:21:EF:14:FC:5F:DC:9D:DB:9A:3F:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Qy6-C2C64uy_Ie8U_F_cnduaPyE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/54c70d-f57a-4a56-b20c-1399ad37c4e3/1/07TzuKnh76VoCAzkq24E8kRvxWE.roa
Signing time:             Tue 02 Jan 2024 00:31:08 +0000
ROA not before:           Tue 02 Jan 2024 00:31:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        77.73.210.0/24 maxlen: 24
                          77.73.209.0/24 maxlen: 24
                          77.73.208.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/54c70d-f57a-4a56-b20c-1399ad37c4e3/1/Qy6-C2C64uy_Ie8U_F_cnduaPyE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/54c70d-f57a-4a56-b20c-1399ad37c4e3/1/Qy6-C2C64uy_Ie8U_F_cnduaPyE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Qy6-C2C64uy_Ie8U_F_cnduaPyE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:d3:3d:64:9a:34:b3:aa:aa:42:ea:3a:ca:09:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=432ebe0b60bae2ecbf21ef14fc5fdc9ddb9a3f21
        Validity
            Not Before: Jan  2 00:31:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d3b4f3b8a9e1efa568080ce4ab6e04f2446fc561
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:a3:19:1d:1f:fa:75:25:7b:f0:de:22:ef:e0:
                    28:66:90:f1:5b:b1:38:ff:6c:20:a4:a9:5a:f7:66:
                    44:17:bc:c2:89:df:60:a1:9a:9c:85:09:bb:26:12:
                    47:05:ea:de:2d:8d:32:98:b2:99:92:05:43:5b:05:
                    25:9c:27:98:ad:ca:d4:bb:1e:bf:ad:c0:cf:1e:96:
                    eb:b6:69:cf:b3:ff:63:06:0e:b5:7b:8b:9e:f1:d1:
                    c6:f6:01:89:32:25:2f:87:d4:8a:f3:3f:a0:f9:b0:
                    be:10:a5:0d:7e:aa:60:1a:08:61:f1:14:1b:d0:67:
                    c1:b5:3a:ce:7b:4f:e9:3b:24:9d:6f:03:88:e2:09:
                    a2:f3:cb:6b:8d:1e:6d:0e:e6:b0:e6:08:ef:88:4f:
                    a0:84:31:e6:98:f8:30:e7:2d:ac:a3:f9:5e:c2:fa:
                    07:7e:05:44:7a:b0:e7:17:ea:de:01:9d:9a:86:a5:
                    3e:1b:b3:88:06:40:bd:06:57:93:7c:d2:8d:62:7b:
                    5a:30:50:44:61:b7:10:c4:42:9f:d1:fb:d4:8d:5b:
                    2a:a5:80:57:08:bb:30:c6:af:d2:e4:52:40:2f:d0:
                    48:c9:cb:dc:86:51:a4:c2:7a:7d:d9:d5:11:78:a3:
                    07:bd:a9:72:8d:09:df:cf:10:30:a7:69:e0:26:69:
                    06:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:B4:F3:B8:A9:E1:EF:A5:68:08:0C:E4:AB:6E:04:F2:44:6F:C5:61
            X509v3 Authority Key Identifier:
                keyid:43:2E:BE:0B:60:BA:E2:EC:BF:21:EF:14:FC:5F:DC:9D:DB:9A:3F:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Qy6-C2C64uy_Ie8U_F_cnduaPyE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/54c70d-f57a-4a56-b20c-1399ad37c4e3/1/07TzuKnh76VoCAzkq24E8kRvxWE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/54c70d-f57a-4a56-b20c-1399ad37c4e3/1/Qy6-C2C64uy_Ie8U_F_cnduaPyE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.73.208.0-77.73.210.255

    Signature Algorithm: sha256WithRSAEncryption
         56:0a:07:71:3c:b9:34:e6:55:67:1a:b7:74:47:d3:7e:51:02:
         13:d9:a3:65:e2:4d:e2:e5:90:94:4b:e1:0b:4f:ea:7c:10:cb:
         d8:a0:da:29:bb:28:8f:32:5c:4f:ed:df:cf:dc:f4:f0:d3:6a:
         fb:7e:de:6e:0f:e9:e2:9e:fc:ba:73:5d:56:12:f9:12:37:01:
         aa:d0:6a:83:d3:44:8b:56:db:d7:c8:15:46:d2:80:92:b3:9f:
         dc:c9:29:49:21:c4:b7:3b:2e:f8:d5:11:47:12:b9:1f:94:ec:
         a0:bb:c3:f6:7b:3a:17:2c:2c:6d:91:b8:3b:21:37:6b:ab:35:
         73:88:93:c8:23:39:98:34:54:70:7d:4c:2a:c1:3c:ec:b3:b9:
         1c:83:14:d1:fb:46:ab:00:52:fb:94:cf:b6:80:25:88:55:23:
         83:ca:be:9c:3e:07:5a:f2:75:0b:32:ce:d7:5b:e9:32:fe:94:
         83:97:32:a9:63:fe:39:6c:c1:73:49:07:f4:09:df:f0:ac:90:
         ac:86:b8:68:5d:45:78:c4:b4:c5:5a:4a:8c:4f:83:48:75:dc:
         4d:e7:3c:51:de:ab:35:eb:d2:9c:21:c4:72:0c:2e:b5:af:bb:
         9f:e8:44:0c:e8:67:33:61:0b:a6:21:53:46:97:18:48:f2:a6:
         ab:37:d3:86
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzHlNM9ZJo0s6qqQuo6ygnlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzMmViZTBiNjBiYWUyZWNiZjIxZWYxNGZjNWZkYzlkZGI5
YTNmMjEwHhcNMjQwMTAyMDAzMTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2I0ZjNiOGE5ZTFlZmE1NjgwODBjZTRhYjZlMDRmMjQ0NmZjNTYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjqMZHR/6dSV78N4i7+AoZpDxW7E4
/2wgpKla92ZEF7zCid9goZqchQm7JhJHBereLY0ymLKZkgVDWwUlnCeYrcrUux6/
rcDPHpbrtmnPs/9jBg61e4ue8dHG9gGJMiUvh9SK8z+g+bC+EKUNfqpgGghh8RQb
0GfBtTrOe0/pOySdbwOI4gmi88trjR5tDuaw5gjviE+ghDHmmPgw5y2so/lewvoH
fgVEerDnF+reAZ2ahqU+G7OIBkC9BleTfNKNYntaMFBEYbcQxEKf0fvUjVsqpYBX
CLswxq/S5FJAL9BIycvchlGkwnp92dUReKMHvalyjQnfzxAwp2ngJmkGxwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFNO087ip4e+laAgM5KtuBPJEb8VhMB8GA1UdIwQY
MBaAFEMuvgtguuLsvyHvFPxf3J3bmj8hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXk2LUMyQzY0dXlfSWU4VV9GX2NuZHVhUHlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC81NGM3MGQtZjU3YS00YTU2LWIyMGMt
MTM5OWFkMzdjNGUzLzEvMDdUenVLbmg3NlZvQ0F6a3EyNEU4a1J2eFdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC81NGM3MGQtZjU3YS00YTU2LWIyMGMtMTM5OWFkMzdjNGUz
LzEvUXk2LUMyQzY0dXlfSWU4VV9GX2NuZHVhUHlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBARNSdAD
BABNSdIwDQYJKoZIhvcNAQELBQADggEBAFYKB3E8uTTmVWcat3RH035RAhPZo2Xi
TeLlkJRL4QtP6nwQy9ig2im7KI8yXE/t38/c9PDTavt+3m4P6eKe/LpzXVYS+RI3
AarQaoPTRItW29fIFUbSgJKzn9zJKUkhxLc7LvjVEUcSuR+U7KC7w/Z7OhcsLG2R
uDshN2urNXOIk8gjOZg0VHB9TCrBPOyzuRyDFNH7RqsAUvuUz7aAJYhVI4PKvpw+
B1rydQsyztdb6TL+lIOXMqlj/jlswXNJB/QJ3/CskKyGuGhdRXjEtMVaSoxPg0h1
3E3nPFHeqzXr0pwhxHIMLrWvu5/oRAzoZzNhC6YhU0aXGEjypqs304Y=
-----END CERTIFICATE-----