Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/NnE2k7m8loN7JjA5YJ7ygzng9DY.roa
File:                     NnE2k7m8loN7JjA5YJ7ygzng9DY.roa (raw, json)
Hash identifier:          gWCB8XwOn+zZr07iic2AwgV7bpCvUy9R1iTCkBnQFrY=
Subject key identifier:   36:71:36:93:B9:BC:96:83:7B:26:30:39:60:9E:F2:83:39:E0:F4:36
Certificate issuer:       /CN=618478f198fe569010c3df6219142f530c4f5e56
Certificate serial:       0194258F885FDBBCADD778EFAB93E447E89D
Authority key identifier: 61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/NnE2k7m8loN7JjA5YJ7ygzng9DY.roa
Signing time:             Thu 02 Jan 2025 05:49:11 +0000
ROA not before:           Thu 02 Jan 2025 05:49:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35119
IP address blocks:        77.83.75.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 13:02:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:88:5f:db:bc:ad:d7:78:ef:ab:93:e4:47:e8:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=618478f198fe569010c3df6219142f530c4f5e56
        Validity
            Not Before: Jan  2 05:49:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=36713693b9bc96837b263039609ef28339e0f436
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:61:f8:43:cc:ba:8e:c8:ba:b2:e7:35:0d:e3:
                    49:3f:1e:53:2c:92:e3:25:15:bf:f4:2b:5e:e9:16:
                    5c:e8:17:36:cc:db:3d:8f:54:bd:5d:99:e0:f6:aa:
                    a8:2d:97:5e:2d:7c:31:3d:3d:7a:c9:d6:82:ad:ed:
                    0a:9a:51:d7:36:b0:5e:a4:52:82:9f:e6:cd:f1:c9:
                    05:dc:e4:b8:f3:bc:fc:b6:9a:7e:3f:94:0e:58:93:
                    77:78:63:57:dd:3c:4f:78:c3:6e:fa:91:7c:27:00:
                    de:33:2e:e0:7b:e6:3f:14:29:1e:57:dc:15:44:2b:
                    6f:b8:22:cb:7d:2a:9d:58:c1:76:65:de:c7:af:62:
                    ef:3e:f5:cf:48:93:d7:4f:dc:62:3a:fe:b3:e6:d8:
                    2a:97:32:b4:e6:10:9e:38:35:55:0e:f3:50:30:e5:
                    57:f6:72:e5:98:9d:a2:47:c9:0f:2d:14:f0:07:63:
                    49:fb:df:5d:59:e2:05:1e:c3:ce:fb:01:4d:fd:6a:
                    e3:df:55:20:5d:6e:b7:74:59:9d:22:7e:2f:0e:ba:
                    13:dd:89:0d:63:67:df:45:0e:5c:ac:5c:1d:0b:33:
                    1c:80:72:26:0e:bb:ac:ff:37:04:5a:8d:b1:6c:f6:
                    ab:0a:80:63:0b:0f:a6:97:4f:ff:ee:b4:5e:01:41:
                    86:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:71:36:93:B9:BC:96:83:7B:26:30:39:60:9E:F2:83:39:E0:F4:36
            X509v3 Authority Key Identifier:
                keyid:61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/NnE2k7m8loN7JjA5YJ7ygzng9DY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.83.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:d3:46:d0:80:29:d8:e7:b9:52:f6:98:80:68:5a:6c:39:ac:
         9e:ed:aa:99:bb:49:b3:28:18:1e:c2:30:87:e6:44:b8:dc:85:
         56:3b:51:3c:7a:a7:11:04:5a:de:2f:ef:b8:40:a4:bd:0e:ed:
         3e:71:cf:da:9c:58:e2:88:4e:7b:25:64:1e:bf:b5:ec:e0:71:
         97:c2:9f:0e:22:28:22:50:ae:9c:6d:e4:94:79:ba:5c:b5:ed:
         6b:f9:ef:36:c3:cb:e8:51:3a:e6:2a:11:cc:ea:b4:bd:29:e3:
         86:de:67:11:b4:84:aa:15:60:7a:a4:3e:b2:72:55:8c:69:66:
         bc:85:75:6a:66:1c:61:61:06:8e:5f:d4:a2:a8:d4:ed:29:75:
         bf:5a:f3:de:16:55:73:9f:dc:9a:94:a5:82:e2:bc:88:d6:71:
         08:b1:3a:e8:42:12:ce:c2:c4:14:99:06:e8:1f:3a:89:20:22:
         de:8a:03:bb:77:d1:f4:92:05:11:02:18:c1:6d:02:c4:23:9e:
         0a:f6:41:1b:37:b6:d2:4e:de:5a:f6:ce:fd:9f:f7:de:10:d6:
         80:6d:f1:f0:58:36:c1:e1:d6:5b:52:4c:ec:ac:7b:52:75:d2:
         09:e2:63:73:34:4a:7f:06:5e:ef:bc:02:c8:07:4c:c8:b7:04:
         88:0c:ba:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj4hf27yt13jvq5PkR+idMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxODQ3OGYxOThmZTU2OTAxMGMzZGY2MjE5MTQyZjUzMGM0
ZjVlNTYwHhcNMjUwMTAyMDU0OTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjcxMzY5M2I5YmM5NjgzN2IyNjMwMzk2MDllZjI4MzM5ZTBmNDM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw2H4Q8y6jsi6suc1DeNJPx5TLJLj
JRW/9Cte6RZc6Bc2zNs9j1S9XZng9qqoLZdeLXwxPT16ydaCre0KmlHXNrBepFKC
n+bN8ckF3OS487z8tpp+P5QOWJN3eGNX3TxPeMNu+pF8JwDeMy7ge+Y/FCkeV9wV
RCtvuCLLfSqdWMF2Zd7Hr2LvPvXPSJPXT9xiOv6z5tgqlzK05hCeODVVDvNQMOVX
9nLlmJ2iR8kPLRTwB2NJ+99dWeIFHsPO+wFN/Wrj31UgXW63dFmdIn4vDroT3YkN
Y2ffRQ5crFwdCzMcgHImDrus/zcEWo2xbParCoBjCw+ml0//7rReAUGGJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDZxNpO5vJaDeyYwOWCe8oM54PQ2MB8GA1UdIwQY
MBaAFGGEePGY/laQEMPfYhkUL1MMT15WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEt
YmE5OGYxMTIyMTIxLzEvTm5FMms3bThsb043SmpBNVlKN3lnem5nOURZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEtYmE5OGYxMTIyMTIx
LzEvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVNLMA0G
CSqGSIb3DQEBCwUAA4IBAQAj00bQgCnY57lS9piAaFpsOaye7aqZu0mzKBgewjCH
5kS43IVWO1E8eqcRBFreL++4QKS9Du0+cc/anFjiiE57JWQev7Xs4HGXwp8OIigi
UK6cbeSUebpcte1r+e82w8voUTrmKhHM6rS9KeOG3mcRtISqFWB6pD6yclWMaWa8
hXVqZhxhYQaOX9SiqNTtKXW/WvPeFlVzn9yalKWC4ryI1nEIsTroQhLOwsQUmQbo
HzqJICLeigO7d9H0kgURAhjBbQLEI54K9kEbN7bSTt5a9s79n/feENaAbfHwWDbB
4dZbUkzsrHtSddIJ4mNzNEp/Bl7vvALIB0zItwSIDLrh
-----END CERTIFICATE-----