Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/y2DVwPWzM2GlfF2nJbq1lpLP0wU.roa
File:                     y2DVwPWzM2GlfF2nJbq1lpLP0wU.roa (raw, json)
Hash identifier:          aBkfmeRP40OaHcEHql9wOTQHYd9mX8Q9FRP28SOU81U=
Subject key identifier:   CB:60:D5:C0:F5:B3:33:61:A5:7C:5D:A7:25:BA:B5:96:92:CF:D3:05
Certificate issuer:       /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial:       0191E549DCFFD3DBCD2496D2D088DB6CEFB0
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/y2DVwPWzM2GlfF2nJbq1lpLP0wU.roa
Signing time:             Thu 12 Sep 2024 08:11:48 +0000
ROA not before:           Thu 12 Sep 2024 08:11:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200628
IP address blocks:        77.76.2.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:e5:49:dc:ff:d3:db:cd:24:96:d2:d0:88:db:6c:ef:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
        Validity
            Not Before: Sep 12 08:11:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cb60d5c0f5b33361a57c5da725bab59692cfd305
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:f9:d0:12:90:cc:a6:4e:53:1c:5c:bd:71:f3:
                    e0:34:cf:8f:4f:9c:79:d7:e8:e7:f2:e7:69:b5:4c:
                    82:4e:56:3e:90:db:23:92:5f:2e:db:10:5f:0c:77:
                    ea:8e:71:b6:1d:0f:a9:2a:07:c2:ff:69:6d:2a:00:
                    a3:4c:8b:74:6e:4b:44:68:64:de:dd:26:63:6d:75:
                    3c:9b:4e:31:10:af:f0:04:d4:77:3e:e7:17:91:09:
                    ce:1b:5a:37:85:30:f8:82:fd:0c:29:c5:c0:7c:ce:
                    e7:6d:dc:a6:50:c7:2a:56:2b:13:d6:73:72:53:77:
                    80:4d:f2:cc:e3:9c:95:59:e4:cf:a1:42:e4:16:cf:
                    e6:80:8e:93:f8:f7:18:4d:b1:59:ab:80:90:19:56:
                    86:56:f9:93:d4:13:b2:d8:6a:f0:b5:08:ab:d6:62:
                    71:13:ac:1b:5e:09:9f:8c:a7:5f:2d:ed:9f:e1:dd:
                    37:46:40:71:15:5e:ee:14:33:7d:7b:08:bf:76:9c:
                    bd:5e:a0:6c:0a:a7:57:a0:d7:4b:80:4f:90:d1:6d:
                    58:8a:0c:96:f5:29:3f:3d:a0:a9:a7:52:a0:fe:26:
                    c2:00:36:d3:5c:e1:75:29:34:4f:25:e4:94:51:d9:
                    fe:58:9a:0b:03:68:cf:0d:5b:51:e1:80:10:16:7e:
                    02:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:60:D5:C0:F5:B3:33:61:A5:7C:5D:A7:25:BA:B5:96:92:CF:D3:05
            X509v3 Authority Key Identifier:
                keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/y2DVwPWzM2GlfF2nJbq1lpLP0wU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.76.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:6a:30:3c:87:23:00:bc:70:ba:05:74:76:d2:75:1a:f7:19:
         e4:fb:31:0c:da:45:f9:00:de:ce:b1:38:f0:e3:f5:ff:86:2f:
         93:98:60:a5:8f:21:4c:8c:09:c5:e8:6f:25:a4:18:76:c6:a8:
         c3:39:4a:79:c2:14:b5:e4:3c:c1:7b:bc:01:1b:5f:52:a2:f0:
         ea:82:45:e5:48:39:ec:77:b5:e1:29:d4:e3:f1:45:0b:46:24:
         10:a9:a4:53:48:cb:b2:1b:db:46:7a:5c:f2:a4:2e:64:98:18:
         2f:d1:e4:30:f8:3c:56:29:4b:b9:be:e1:3a:96:78:34:a0:b1:
         4f:f0:29:04:5b:ab:4c:eb:ef:e4:f4:25:e2:93:23:47:e2:90:
         53:2f:f7:a7:17:c9:78:e1:ac:7d:74:e5:7a:1f:64:55:f8:68:
         c7:62:fc:72:da:db:14:6c:bb:e5:68:22:c4:07:d6:b3:ad:0c:
         d2:e5:32:c9:ee:5f:0e:a0:e7:af:21:6d:ed:e8:4e:0a:89:fb:
         5c:73:9b:47:72:ce:83:09:29:1a:c9:7d:a5:8b:61:4a:47:58:
         73:a4:d7:ce:7d:4f:33:89:22:e8:8f:f6:28:88:dd:7e:a9:cb:
         db:b9:9c:75:45:95:27:fa:a4:6f:96:40:a7:eb:69:f2:64:42:
         e0:fb:db:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZHlSdz/09vNJJbS0IjbbO+wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjQwOTEyMDgxMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjYwZDVjMGY1YjMzMzYxYTU3YzVkYTcyNWJhYjU5NjkyY2ZkMzA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4fnQEpDMpk5THFy9cfPgNM+PT5x5
1+jn8udptUyCTlY+kNsjkl8u2xBfDHfqjnG2HQ+pKgfC/2ltKgCjTIt0bktEaGTe
3SZjbXU8m04xEK/wBNR3PucXkQnOG1o3hTD4gv0MKcXAfM7nbdymUMcqVisT1nNy
U3eATfLM45yVWeTPoULkFs/mgI6T+PcYTbFZq4CQGVaGVvmT1BOy2GrwtQir1mJx
E6wbXgmfjKdfLe2f4d03RkBxFV7uFDN9ewi/dpy9XqBsCqdXoNdLgE+Q0W1YigyW
9Sk/PaCpp1Kg/ibCADbTXOF1KTRPJeSUUdn+WJoLA2jPDVtR4YAQFn4CzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMtg1cD1szNhpXxdpyW6tZaSz9MFMB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEveTJEVndQV3pNMkdsZkYybkpicTFscExQMHdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATUwCMA0G
CSqGSIb3DQEBCwUAA4IBAQB9ajA8hyMAvHC6BXR20nUa9xnk+zEM2kX5AN7OsTjw
4/X/hi+TmGCljyFMjAnF6G8lpBh2xqjDOUp5whS15DzBe7wBG19SovDqgkXlSDns
d7XhKdTj8UULRiQQqaRTSMuyG9tGelzypC5kmBgv0eQw+DxWKUu5vuE6lng0oLFP
8CkEW6tM6+/k9CXikyNH4pBTL/enF8l44ax9dOV6H2RV+GjHYvxy2tsUbLvlaCLE
B9azrQzS5TLJ7l8OoOevIW3t6E4Kiftcc5tHcs6DCSkayX2li2FKR1hzpNfOfU8z
iSLoj/YoiN1+qcvbuZx1RZUn+qRvlkCn62nyZELg+9vA
-----END CERTIFICATE-----