Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/j7ESapNLQ3A9TvopIVTmW7eNc4s.roa
File:                     j7ESapNLQ3A9TvopIVTmW7eNc4s.roa (raw, json)
Hash identifier:          Qo9cIsXR2H7h3L4heKHdPkDu8rRMejRtJyFdrj61+ik=
Subject key identifier:   8F:B1:12:6A:93:4B:43:70:3D:4E:FA:29:21:54:E6:5B:B7:8D:73:8B
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       018CC3B6B6BFFCB93D6DEF7D433B03FD7375
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/j7ESapNLQ3A9TvopIVTmW7eNc4s.roa
Signing time:             Mon 01 Jan 2024 06:29:40 +0000
ROA not before:           Mon 01 Jan 2024 06:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3320
IP address blocks:        77.242.149.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:b6:bf:fc:b9:3d:6d:ef:7d:43:3b:03:fd:73:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Jan  1 06:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8fb1126a934b43703d4efa292154e65bb78d738b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:86:c9:91:fc:af:0f:81:b9:28:e5:62:a2:54:
                    f2:51:13:61:f9:72:b7:b1:65:7d:9b:2f:63:ae:57:
                    cc:25:da:7e:fa:88:d5:9a:1e:16:c2:24:a5:ba:af:
                    d4:99:f8:b3:18:52:99:ba:41:b7:e7:60:10:ab:8d:
                    c9:74:97:c9:b5:d6:09:a1:55:30:38:18:1a:6b:83:
                    34:e3:94:36:81:b7:31:37:cb:7f:b0:90:cd:b5:c1:
                    52:54:6d:b9:12:99:58:c8:c8:00:fe:cd:d2:c3:94:
                    b9:54:a0:a3:6c:53:ba:8e:09:4b:d8:8f:9b:b7:44:
                    85:e2:96:ca:ed:3d:21:c1:1b:69:1a:6a:c2:9c:d6:
                    92:27:6c:1e:b7:9d:6d:e6:90:ea:f8:24:3f:5c:4c:
                    d4:2b:29:e6:e8:47:63:25:4c:33:4e:9d:fc:d4:f8:
                    e4:26:22:4e:57:77:f3:aa:3b:5e:1b:06:bd:8d:6d:
                    82:47:f2:ab:74:d8:3b:c9:6e:92:df:dc:93:0d:bb:
                    5c:6c:2a:07:1c:78:52:d2:97:0d:fb:12:b8:fa:eb:
                    44:e6:50:dc:d7:f3:4c:c6:b6:24:c3:1f:4b:83:ce:
                    47:c0:5c:82:a8:65:12:db:55:c4:26:c3:89:6c:a1:
                    74:f6:4f:09:8a:d9:2e:a2:89:3a:47:e2:00:7f:d1:
                    2b:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:B1:12:6A:93:4B:43:70:3D:4E:FA:29:21:54:E6:5B:B7:8D:73:8B
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/j7ESapNLQ3A9TvopIVTmW7eNc4s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.242.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:85:ee:21:33:da:21:05:9b:68:dc:a4:80:76:79:2a:ff:c7:
         a9:40:9f:b8:e0:cc:d5:4a:27:83:5d:81:21:dc:d6:90:1d:d8:
         73:df:50:aa:8d:1e:84:bd:2b:c9:97:e3:88:54:cf:e6:41:ae:
         1a:00:07:44:69:fa:a2:b8:74:62:e4:af:9a:21:45:a5:7f:ec:
         dc:2b:69:34:cc:5b:0d:62:30:fc:bd:a1:ab:7f:a0:d6:26:50:
         cd:51:ae:a1:40:73:db:10:03:04:f2:e0:de:e9:70:b2:57:fa:
         55:6c:52:cc:d8:69:ca:18:7a:2c:5d:ab:af:4d:84:a6:f5:99:
         a1:6f:6f:96:45:47:58:d2:a4:f8:0a:d1:d0:a9:58:44:c2:67:
         c2:fa:45:c9:0d:95:3b:3c:b5:e4:09:12:dc:9f:ee:80:0d:c6:
         11:8f:b9:e5:e7:53:2c:7b:e6:45:63:a5:55:c0:a4:5d:38:0c:
         97:93:c5:70:84:fd:db:bd:b8:fb:d4:3e:c3:df:1a:0a:f5:ae:
         93:82:c5:36:a7:da:f2:9d:19:e0:83:13:af:3f:48:8b:36:0e:
         a1:45:10:b7:25:81:f5:57:91:ee:78:43:c7:e6:01:3c:11:62:
         39:9f:1e:b7:a9:e4:74:50:16:22:48:42:77:25:4c:1e:df:3e:
         e1:30:f8:3b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtra//Lk9be99QzsD/XN1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjQwMTAxMDYyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmIxMTI2YTkzNGI0MzcwM2Q0ZWZhMjkyMTU0ZTY1YmI3OGQ3MzhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqYbJkfyvD4G5KOViolTyURNh+XK3
sWV9my9jrlfMJdp++ojVmh4WwiSluq/UmfizGFKZukG352AQq43JdJfJtdYJoVUw
OBgaa4M045Q2gbcxN8t/sJDNtcFSVG25EplYyMgA/s3Sw5S5VKCjbFO6jglL2I+b
t0SF4pbK7T0hwRtpGmrCnNaSJ2wet51t5pDq+CQ/XEzUKynm6EdjJUwzTp381Pjk
JiJOV3fzqjteGwa9jW2CR/KrdNg7yW6S39yTDbtcbCoHHHhS0pcN+xK4+utE5lDc
1/NMxrYkwx9Lg85HwFyCqGUS21XEJsOJbKF09k8Jitkuook6R+IAf9ErgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI+xEmqTS0NwPU76KSFU5lu3jXOLMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvajdFU2FwTkxRM0E5VHZvcElWVG1XN2VOYzRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATfKVMA0G
CSqGSIb3DQEBCwUAA4IBAQBLhe4hM9ohBZto3KSAdnkq/8epQJ+44MzVSieDXYEh
3NaQHdhz31CqjR6EvSvJl+OIVM/mQa4aAAdEafqiuHRi5K+aIUWlf+zcK2k0zFsN
YjD8vaGrf6DWJlDNUa6hQHPbEAME8uDe6XCyV/pVbFLM2GnKGHosXauvTYSm9Zmh
b2+WRUdY0qT4CtHQqVhEwmfC+kXJDZU7PLXkCRLcn+6ADcYRj7nl51Mse+ZFY6VV
wKRdOAyXk8VwhP3bvbj71D7D3xoK9a6TgsU2p9rynRnggxOvP0iLNg6hRRC3JYH1
V5HueEPH5gE8EWI5nx63qeR0UBYiSEJ3JUwe3z7hMPg7
-----END CERTIFICATE-----