Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/9R-lSz-s0GaYXHGuZFOmgl4HbHI.roa
File:                     9R-lSz-s0GaYXHGuZFOmgl4HbHI.roa (raw, json)
Hash identifier:          WEHQ/8Qyt+oIUeEyF3GK+6cSpAUeged5zhWY3IrWyao=
Subject key identifier:   F5:1F:A5:4B:3F:AC:D0:66:98:5C:71:AE:64:53:A6:82:5E:07:6C:72
Certificate issuer:       /CN=618478f198fe569010c3df6219142f530c4f5e56
Certificate serial:       01961414800027CD7FED5FE9C4AA3B82E06A
Authority key identifier: 61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/9R-lSz-s0GaYXHGuZFOmgl4HbHI.roa
Signing time:             Tue 08 Apr 2025 06:26:49 +0000
ROA not before:           Tue 08 Apr 2025 06:26:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50809
IP address blocks:        77.83.73.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 13:00:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:14:14:80:00:27:cd:7f:ed:5f:e9:c4:aa:3b:82:e0:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=618478f198fe569010c3df6219142f530c4f5e56
        Validity
            Not Before: Apr  8 06:26:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f51fa54b3facd066985c71ae6453a6825e076c72
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:19:5b:ca:21:d2:76:51:3b:aa:92:8f:38:80:
                    ff:41:05:b9:55:b3:c5:75:fe:40:e1:7f:d3:fe:4d:
                    9b:05:a5:bc:d2:51:3c:72:fb:36:55:35:5c:21:a3:
                    d7:21:f5:2c:98:3f:9d:20:c9:65:5c:61:cf:47:18:
                    d0:69:4a:28:19:1c:ee:83:08:7a:db:51:e4:9a:3d:
                    05:a6:0f:fe:cb:d8:a0:f9:d9:7c:10:25:28:25:f7:
                    3e:14:13:98:e1:88:2f:70:60:bf:b1:4b:5c:72:8c:
                    4c:ec:ca:51:0f:9c:a4:4e:2d:5e:6d:f8:d4:c8:42:
                    c9:66:cf:9b:fd:0d:d1:b5:c4:11:7a:18:fd:67:f4:
                    47:5e:b8:66:5a:32:e2:b2:a9:83:41:39:b6:59:83:
                    4e:92:55:55:8b:19:c6:a3:00:b2:76:72:78:1d:ff:
                    fc:fb:34:2d:a2:a4:fc:66:95:5a:c0:b8:00:e5:f7:
                    43:77:ec:b2:86:1d:03:f8:b7:97:05:95:21:fa:d4:
                    40:8c:04:42:db:fb:77:9e:cd:ac:55:d0:35:e3:53:
                    f2:23:5f:15:a5:76:72:50:ab:86:35:b4:3a:35:14:
                    8e:a8:92:56:27:4c:d2:56:11:a8:5b:c0:22:82:7b:
                    f6:80:20:ac:28:ab:3a:39:f7:d8:79:05:dd:eb:65:
                    d7:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:1F:A5:4B:3F:AC:D0:66:98:5C:71:AE:64:53:A6:82:5E:07:6C:72
            X509v3 Authority Key Identifier:
                keyid:61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/9R-lSz-s0GaYXHGuZFOmgl4HbHI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.83.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:17:02:a2:e4:1e:2e:4e:9a:5c:b9:c0:8f:63:c7:0d:37:f7:
         e1:5c:ab:88:7e:4b:9e:5a:f5:86:01:16:35:22:ae:9d:35:c3:
         50:87:35:2a:9c:c7:98:a1:98:ca:30:58:c5:1e:ea:e7:f8:e6:
         bc:98:5f:8c:55:b2:7f:21:86:8a:64:d9:4a:1d:0e:7f:27:13:
         86:7c:8d:d8:bc:d9:f9:ed:73:be:a4:1d:d2:01:6f:ba:e9:02:
         d9:0a:b3:df:21:67:6a:c3:e4:17:7e:01:b8:c2:bd:6d:9e:05:
         ac:d4:c1:36:a5:7f:47:51:2f:ed:c1:f9:8a:04:12:59:e8:cd:
         a0:92:81:39:cd:65:e7:84:87:f1:2e:20:fd:a6:d5:1f:54:de:
         1a:2f:b3:4e:7d:ef:4b:eb:0b:91:ab:3d:a8:be:c7:7c:81:68:
         2d:05:70:2a:75:0d:82:6a:a5:b2:ef:60:99:fa:3c:d8:8e:9f:
         90:f9:23:da:fe:c1:80:46:d9:89:6c:9c:56:9a:c0:d8:0f:a2:
         42:0a:1a:70:ad:6a:2e:20:59:30:03:0f:7a:82:8e:56:13:b6:
         c3:6a:85:39:7d:40:d0:8a:c5:f4:4d:92:75:b7:50:c4:17:17:
         99:e4:b7:e3:ae:a1:a2:01:b6:ad:14:36:89:71:2e:31:08:c8:
         43:95:86:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZYUFIAAJ81/7V/pxKo7guBqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxODQ3OGYxOThmZTU2OTAxMGMzZGY2MjE5MTQyZjUzMGM0
ZjVlNTYwHhcNMjUwNDA4MDYyNjQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTFmYTU0YjNmYWNkMDY2OTg1YzcxYWU2NDUzYTY4MjVlMDc2YzcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuxlbyiHSdlE7qpKPOID/QQW5VbPF
df5A4X/T/k2bBaW80lE8cvs2VTVcIaPXIfUsmD+dIMllXGHPRxjQaUooGRzugwh6
21Hkmj0Fpg/+y9ig+dl8ECUoJfc+FBOY4YgvcGC/sUtccoxM7MpRD5ykTi1ebfjU
yELJZs+b/Q3RtcQRehj9Z/RHXrhmWjLisqmDQTm2WYNOklVVixnGowCydnJ4Hf/8
+zQtoqT8ZpVawLgA5fdDd+yyhh0D+LeXBZUh+tRAjARC2/t3ns2sVdA141PyI18V
pXZyUKuGNbQ6NRSOqJJWJ0zSVhGoW8Aignv2gCCsKKs6OffYeQXd62XX4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPUfpUs/rNBmmFxxrmRTpoJeB2xyMB8GA1UdIwQY
MBaAFGGEePGY/laQEMPfYhkUL1MMT15WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEt
YmE5OGYxMTIyMTIxLzEvOVItbFN6LXMwR2FZWEhHdVpGT21nbDRIYkhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEtYmE5OGYxMTIyMTIx
LzEvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVNJMA0G
CSqGSIb3DQEBCwUAA4IBAQCdFwKi5B4uTppcucCPY8cNN/fhXKuIfkueWvWGARY1
Iq6dNcNQhzUqnMeYoZjKMFjFHurn+Oa8mF+MVbJ/IYaKZNlKHQ5/JxOGfI3YvNn5
7XO+pB3SAW+66QLZCrPfIWdqw+QXfgG4wr1tngWs1ME2pX9HUS/twfmKBBJZ6M2g
koE5zWXnhIfxLiD9ptUfVN4aL7NOfe9L6wuRqz2ovsd8gWgtBXAqdQ2CaqWy72CZ
+jzYjp+Q+SPa/sGARtmJbJxWmsDYD6JCChpwrWouIFkwAw96go5WE7bDaoU5fUDQ
isX0TZJ1t1DEFxeZ5LfjrqGiAbatFDaJcS4xCMhDlYY2
-----END CERTIFICATE-----