Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/4f701a-ed6f-47c8-bf73-f4c5fc3ca2c4/1/DDAn0V8SSoUAqqE5fzd6yTf6vio.roa
File:                     DDAn0V8SSoUAqqE5fzd6yTf6vio.roa (raw, json)
Hash identifier:          rVCSbprtHlhgRB9AzbTbTHTH0ZbS3aC9A5gq4r3O14U=
Subject key identifier:   0C:30:27:D1:5F:12:4A:85:00:AA:A1:39:7F:37:7A:C9:37:FA:BE:2A
Certificate issuer:       /CN=a2900e4655ab349a4632b140719dc97230431725
Certificate serial:       01941F8C98D5D07824AD0D4778CDA0BD42E6
Authority key identifier: A2:90:0E:46:55:AB:34:9A:46:32:B1:40:71:9D:C9:72:30:43:17:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/opAORlWrNJpGMrFAcZ3JcjBDFyU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/4f701a-ed6f-47c8-bf73-f4c5fc3ca2c4/1/DDAn0V8SSoUAqqE5fzd6yTf6vio.roa
Signing time:             Wed 01 Jan 2025 01:48:15 +0000
ROA not before:           Wed 01 Jan 2025 01:48:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61003
IP address blocks:        80.77.166.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/4f701a-ed6f-47c8-bf73-f4c5fc3ca2c4/1/opAORlWrNJpGMrFAcZ3JcjBDFyU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/4f701a-ed6f-47c8-bf73-f4c5fc3ca2c4/1/opAORlWrNJpGMrFAcZ3JcjBDFyU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/opAORlWrNJpGMrFAcZ3JcjBDFyU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:98:d5:d0:78:24:ad:0d:47:78:cd:a0:bd:42:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2900e4655ab349a4632b140719dc97230431725
        Validity
            Not Before: Jan  1 01:48:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0c3027d15f124a8500aaa1397f377ac937fabe2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:79:5e:4b:1a:4c:39:5e:4d:6b:90:72:fd:01:
                    ac:e9:83:c5:e2:51:99:a9:9b:7c:5f:07:7d:9d:56:
                    9d:b6:38:f2:9b:73:09:9d:0b:44:c6:5e:62:ea:ac:
                    a4:da:71:5e:3f:93:d4:53:76:f4:1b:db:38:cb:16:
                    3e:ef:98:01:35:e4:a6:f5:b4:09:7b:78:7d:09:26:
                    1b:c8:81:34:7f:3d:7d:a0:81:26:24:91:1f:e0:3d:
                    3d:51:d4:7f:9a:56:d6:ce:1f:73:47:a1:00:90:97:
                    13:15:f4:c7:5a:7d:25:96:03:cf:5f:98:b7:9d:a7:
                    f7:5e:fb:31:bd:2a:3c:56:61:d6:18:7b:54:0b:5c:
                    bd:5a:c0:d8:61:ed:70:92:46:b2:aa:3f:5b:ac:db:
                    29:62:60:64:b3:7c:5c:9a:87:ba:c3:4e:b3:5e:e7:
                    5e:20:2a:4c:cf:33:28:4e:7f:a6:de:6a:0a:61:3f:
                    25:3d:28:93:49:7b:cf:59:7f:58:78:de:78:46:0b:
                    c7:bb:88:b4:6b:55:c3:bc:30:69:fe:5d:50:ea:03:
                    b1:6d:fb:7f:7e:43:cd:8a:90:b9:04:01:fe:da:89:
                    fb:f3:0d:73:b6:bb:8b:ff:04:4b:f4:b2:09:1b:fd:
                    d3:be:b3:60:0c:16:46:f1:a3:b9:65:42:13:88:f1:
                    e7:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:30:27:D1:5F:12:4A:85:00:AA:A1:39:7F:37:7A:C9:37:FA:BE:2A
            X509v3 Authority Key Identifier:
                keyid:A2:90:0E:46:55:AB:34:9A:46:32:B1:40:71:9D:C9:72:30:43:17:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/opAORlWrNJpGMrFAcZ3JcjBDFyU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/4f701a-ed6f-47c8-bf73-f4c5fc3ca2c4/1/DDAn0V8SSoUAqqE5fzd6yTf6vio.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/4f701a-ed6f-47c8-bf73-f4c5fc3ca2c4/1/opAORlWrNJpGMrFAcZ3JcjBDFyU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.77.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:b1:3a:82:3b:34:9a:24:0e:76:94:87:e7:f6:98:f5:3d:66:
         c5:36:a4:42:a0:ce:81:d7:26:06:36:a9:56:6a:d6:93:85:f7:
         28:c2:79:6d:71:d7:17:42:c7:0b:cb:d4:3c:17:3b:c3:d6:57:
         7e:aa:19:64:d2:59:c3:77:75:d1:ed:b3:f7:fa:ad:51:2d:7a:
         b6:e7:98:dc:19:b2:e1:67:6a:72:33:a7:a7:bb:81:4c:e7:bc:
         5a:31:f7:ac:c4:53:1f:2d:64:8c:b7:45:45:bb:50:fe:ab:c1:
         02:92:78:ac:27:ee:39:c6:92:0d:c8:8a:b8:cc:7f:26:13:19:
         a7:9e:46:81:f7:3c:5e:81:d0:5d:9e:63:de:cf:a4:8c:c0:92:
         ec:59:2d:40:ed:36:83:4b:af:5b:e3:6b:99:57:10:4a:ec:84:
         3c:18:75:b3:64:e9:e1:46:18:43:95:3a:19:62:0d:a9:36:84:
         fe:f0:c6:e7:96:7d:cb:8b:0d:70:fe:82:dc:ea:f2:07:54:32:
         d4:f0:af:da:aa:31:04:c0:7c:ea:4c:13:83:66:63:14:76:c8:
         1b:0c:d2:d9:72:6c:41:8e:b3:de:72:9a:d5:d4:de:ea:4e:2d:
         c0:c1:d0:69:c6:83:97:e6:6f:ff:32:f1:86:0a:86:f7:1a:11:
         53:75:5b:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjJjV0HgkrQ1HeM2gvULmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyOTAwZTQ2NTVhYjM0OWE0NjMyYjE0MDcxOWRjOTcyMzA0
MzE3MjUwHhcNMjUwMTAxMDE0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzMwMjdkMTVmMTI0YTg1MDBhYWExMzk3ZjM3N2FjOTM3ZmFiZTJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuXleSxpMOV5Na5By/QGs6YPF4lGZ
qZt8Xwd9nVadtjjym3MJnQtExl5i6qyk2nFeP5PUU3b0G9s4yxY+75gBNeSm9bQJ
e3h9CSYbyIE0fz19oIEmJJEf4D09UdR/mlbWzh9zR6EAkJcTFfTHWn0llgPPX5i3
naf3XvsxvSo8VmHWGHtUC1y9WsDYYe1wkkayqj9brNspYmBks3xcmoe6w06zXude
ICpMzzMoTn+m3moKYT8lPSiTSXvPWX9YeN54RgvHu4i0a1XDvDBp/l1Q6gOxbft/
fkPNipC5BAH+2on78w1ztruL/wRL9LIJG/3TvrNgDBZG8aO5ZUITiPHn7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAwwJ9FfEkqFAKqhOX83esk3+r4qMB8GA1UdIwQY
MBaAFKKQDkZVqzSaRjKxQHGdyXIwQxclMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3BBT1JsV3JOSnBHTXJGQWNaM0pjakJERnlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC80ZjcwMWEtZWQ2Zi00N2M4LWJmNzMt
ZjRjNWZjM2NhMmM0LzEvRERBbjBWOFNTb1VBcXFFNWZ6ZDZ5VGY2dmlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC80ZjcwMWEtZWQ2Zi00N2M4LWJmNzMtZjRjNWZjM2NhMmM0
LzEvb3BBT1JsV3JOSnBHTXJGQWNaM0pjakJERnlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUE2mMA0G
CSqGSIb3DQEBCwUAA4IBAQB+sTqCOzSaJA52lIfn9pj1PWbFNqRCoM6B1yYGNqlW
ataThfcownltcdcXQscLy9Q8FzvD1ld+qhlk0lnDd3XR7bP3+q1RLXq255jcGbLh
Z2pyM6enu4FM57xaMfesxFMfLWSMt0VFu1D+q8ECknisJ+45xpINyIq4zH8mExmn
nkaB9zxegdBdnmPez6SMwJLsWS1A7TaDS69b42uZVxBK7IQ8GHWzZOnhRhhDlToZ
Yg2pNoT+8Mbnln3Liw1w/oLc6vIHVDLU8K/aqjEEwHzqTBODZmMUdsgbDNLZcmxB
jrPecprV1N7qTi3AwdBpxoOX5m//MvGGCob3GhFTdVth
-----END CERTIFICATE-----