Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/2b5e0d-19a9-4036-98b6-ca65a9723c59/1/GiJYSZmHP4AF_ON-lln6mBkXaRk.roa
File:                     GiJYSZmHP4AF_ON-lln6mBkXaRk.roa (raw, json)
Hash identifier:          C1PRVClAPoLTLOqGEkfYdyI+UReAPqKicWbGHLAUP6Y=
Subject key identifier:   1A:22:58:49:99:87:3F:80:05:FC:E3:7E:96:59:FA:98:19:17:69:19
Certificate issuer:       /CN=9c46c1d7762005384ed8526cfa1c7496564f50d3
Certificate serial:       019420682CFDA1A1FE50DEC058BEFE150D43
Authority key identifier: 9C:46:C1:D7:76:20:05:38:4E:D8:52:6C:FA:1C:74:96:56:4F:50:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nEbB13YgBThO2FJs-hx0llZPUNM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/2b5e0d-19a9-4036-98b6-ca65a9723c59/1/GiJYSZmHP4AF_ON-lln6mBkXaRk.roa
Signing time:             Wed 01 Jan 2025 05:48:05 +0000
ROA not before:           Wed 01 Jan 2025 05:48:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197390
IP address blocks:        176.28.77.0/24 maxlen: 24
                          176.28.78.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/2b5e0d-19a9-4036-98b6-ca65a9723c59/1/nEbB13YgBThO2FJs-hx0llZPUNM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/2b5e0d-19a9-4036-98b6-ca65a9723c59/1/nEbB13YgBThO2FJs-hx0llZPUNM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nEbB13YgBThO2FJs-hx0llZPUNM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:2c:fd:a1:a1:fe:50:de:c0:58:be:fe:15:0d:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9c46c1d7762005384ed8526cfa1c7496564f50d3
        Validity
            Not Before: Jan  1 05:48:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1a22584999873f8005fce37e9659fa9819176919
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:2f:f0:2a:25:de:7b:d1:cb:21:c3:06:bb:fb:
                    9b:64:22:5d:cd:ea:33:dc:7e:d1:a2:6d:34:a3:a4:
                    09:22:1d:4c:b2:a5:41:b1:60:d7:a7:62:d0:5d:c3:
                    89:1c:ac:c3:d8:bf:3f:2e:ce:4c:4e:cd:7d:a7:a5:
                    e3:c5:22:d0:8b:f0:9f:30:37:fd:65:83:f2:31:7a:
                    a1:ab:22:5f:65:49:60:da:1b:b2:4e:df:9f:83:3d:
                    1b:87:19:86:57:ee:3b:09:d3:98:10:f4:62:56:ac:
                    f5:6e:8d:7e:c3:51:1f:30:1d:82:0f:c0:4b:d4:1c:
                    cf:29:17:c4:b9:81:b3:c4:62:32:52:4c:85:40:f7:
                    46:cb:0c:03:0d:bb:4b:cc:74:0d:02:17:c9:60:05:
                    fd:ec:aa:7f:ba:90:16:09:b4:e5:a0:d7:89:94:e1:
                    ab:ac:30:6f:66:6c:8c:11:b6:d4:53:43:0d:ce:96:
                    e8:f6:14:0d:58:0c:a6:7c:07:ef:0c:7c:5f:13:b9:
                    63:48:f1:d7:f6:01:9f:e3:da:8e:e1:11:23:5e:08:
                    e2:15:0f:59:e5:62:86:15:b7:43:a8:f0:82:6e:2b:
                    11:38:52:19:ec:b6:fb:eb:d6:4e:e8:f4:81:e6:1f:
                    79:ab:23:ee:8a:21:82:c2:69:d3:26:51:10:4b:fe:
                    99:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:22:58:49:99:87:3F:80:05:FC:E3:7E:96:59:FA:98:19:17:69:19
            X509v3 Authority Key Identifier:
                keyid:9C:46:C1:D7:76:20:05:38:4E:D8:52:6C:FA:1C:74:96:56:4F:50:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nEbB13YgBThO2FJs-hx0llZPUNM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/2b5e0d-19a9-4036-98b6-ca65a9723c59/1/GiJYSZmHP4AF_ON-lln6mBkXaRk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/2b5e0d-19a9-4036-98b6-ca65a9723c59/1/nEbB13YgBThO2FJs-hx0llZPUNM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.28.77.0-176.28.78.255

    Signature Algorithm: sha256WithRSAEncryption
         7d:81:07:7d:66:fe:52:f4:0f:63:01:21:71:78:b6:7a:67:a2:
         a8:d6:1e:90:f2:a5:98:95:5c:fb:26:73:84:4d:6e:f3:2f:99:
         63:d2:ef:fd:41:4b:a8:80:52:ac:30:91:56:99:dc:86:b8:ef:
         ba:85:54:23:e3:77:7e:24:62:21:fb:e9:6e:c2:f2:d9:2c:4c:
         70:cf:e8:df:82:6b:24:64:f4:23:b0:54:cd:01:90:5a:cd:0a:
         0d:7d:c7:a9:17:ae:00:fd:80:40:3b:df:6c:8b:6e:d3:ac:ab:
         1f:ea:83:1e:06:4e:d9:cf:1b:0d:d9:40:b5:29:38:28:f3:a6:
         c5:5a:43:dc:49:2d:31:4b:8c:75:de:7a:0b:fa:c8:57:75:37:
         82:0d:9a:0d:44:17:9e:35:a0:10:f6:a0:90:d8:18:de:3b:e3:
         c8:f0:ea:98:e2:a4:e9:d1:0f:16:6b:41:a0:2a:8f:9f:b9:70:
         e3:c3:90:00:9b:11:5d:0d:da:a8:a6:5b:20:59:69:63:69:28:
         c8:aa:3a:10:fe:7d:6b:19:0a:0c:bd:53:d2:da:75:82:a4:ea:
         85:33:0c:7f:4a:ff:d8:b4:91:f0:14:d9:5e:f4:b3:7f:db:1a:
         bc:80:60:4b:bc:db:61:39:1e:c6:6d:df:44:4a:f9:1a:86:bf:
         c4:2e:c1:10
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQgaCz9oaH+UN7AWL7+FQ1DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljNDZjMWQ3NzYyMDA1Mzg0ZWQ4NTI2Y2ZhMWM3NDk2NTY0
ZjUwZDMwHhcNMjUwMTAxMDU0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTIyNTg0OTk5ODczZjgwMDVmY2UzN2U5NjU5ZmE5ODE5MTc2OTE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7i/wKiXee9HLIcMGu/ubZCJdzeoz
3H7Rom00o6QJIh1MsqVBsWDXp2LQXcOJHKzD2L8/Ls5MTs19p6XjxSLQi/CfMDf9
ZYPyMXqhqyJfZUlg2huyTt+fgz0bhxmGV+47CdOYEPRiVqz1bo1+w1EfMB2CD8BL
1BzPKRfEuYGzxGIyUkyFQPdGywwDDbtLzHQNAhfJYAX97Kp/upAWCbTloNeJlOGr
rDBvZmyMEbbUU0MNzpbo9hQNWAymfAfvDHxfE7ljSPHX9gGf49qO4REjXgjiFQ9Z
5WKGFbdDqPCCbisROFIZ7Lb769ZO6PSB5h95qyPuiiGCwmnTJlEQS/6ZfwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFBoiWEmZhz+ABfzjfpZZ+pgZF2kZMB8GA1UdIwQY
MBaAFJxGwdd2IAU4TthSbPocdJZWT1DTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkViQjEzWWdCVGhPMkZKcy1oeDBsbFpQVU5NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC8yYjVlMGQtMTlhOS00MDM2LTk4YjYt
Y2E2NWE5NzIzYzU5LzEvR2lKWVNabUhQNEFGX09OLWxsbjZtQmtYYVJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC8yYjVlMGQtMTlhOS00MDM2LTk4YjYtY2E2NWE5NzIzYzU5
LzEvbkViQjEzWWdCVGhPMkZKcy1oeDBsbFpQVU5NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBACwHE0D
BACwHE4wDQYJKoZIhvcNAQELBQADggEBAH2BB31m/lL0D2MBIXF4tnpnoqjWHpDy
pZiVXPsmc4RNbvMvmWPS7/1BS6iAUqwwkVaZ3Ia477qFVCPjd34kYiH76W7C8tks
THDP6N+CayRk9COwVM0BkFrNCg19x6kXrgD9gEA732yLbtOsqx/qgx4GTtnPGw3Z
QLUpOCjzpsVaQ9xJLTFLjHXeegv6yFd1N4INmg1EF541oBD2oJDYGN4748jw6pji
pOnRDxZrQaAqj5+5cOPDkACbEV0N2qimWyBZaWNpKMiqOhD+fWsZCgy9U9LadYKk
6oUzDH9K/9i0kfAU2V70s3/bGryAYEu822E5HsZt30RK+RqGv8QuwRA=
-----END CERTIFICATE-----