Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/5d0b7d-db96-4387-93ec-8469cf659101/1/Ur4R6BEVQ5ZVrCxRAx6kH6PxdNw.roa
File:                     Ur4R6BEVQ5ZVrCxRAx6kH6PxdNw.roa (raw, json)
Hash identifier:          W8F7XyXSIJMD/DWWQji23aFXLuxhBN8ESNtYelMTfZU=
Subject key identifier:   52:BE:11:E8:11:15:43:96:55:AC:2C:51:03:1E:A4:1F:A3:F1:74:DC
Certificate issuer:       /CN=77c7b457f9af042924142373ce090f7fa876257e
Certificate serial:       018D2CA7813CF114DA41DDDCA3D3F7A25759
Authority key identifier: 77:C7:B4:57:F9:AF:04:29:24:14:23:73:CE:09:0F:7F:A8:76:25:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d8e0V_mvBCkkFCNzzgkPf6h2JX4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/5d0b7d-db96-4387-93ec-8469cf659101/1/Ur4R6BEVQ5ZVrCxRAx6kH6PxdNw.roa
Signing time:             Sun 21 Jan 2024 15:33:11 +0000
ROA not before:           Sun 21 Jan 2024 15:33:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49037
IP address blocks:        185.1.72.0/24 maxlen: 32
                          2001:7f8:a3::/48 maxlen: 128

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/5d0b7d-db96-4387-93ec-8469cf659101/1/d8e0V_mvBCkkFCNzzgkPf6h2JX4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/5d0b7d-db96-4387-93ec-8469cf659101/1/d8e0V_mvBCkkFCNzzgkPf6h2JX4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d8e0V_mvBCkkFCNzzgkPf6h2JX4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:2c:a7:81:3c:f1:14:da:41:dd:dc:a3:d3:f7:a2:57:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77c7b457f9af042924142373ce090f7fa876257e
        Validity
            Not Before: Jan 21 15:33:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=52be11e81115439655ac2c51031ea41fa3f174dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:36:29:54:79:e7:bd:21:6a:53:a0:3e:6b:ce:
                    b7:12:14:d4:96:10:c9:37:56:3f:26:f4:93:c0:e2:
                    05:c5:57:40:1e:0b:e1:ec:c8:75:07:1c:49:f4:26:
                    fe:06:c4:6e:63:03:b5:01:64:60:b9:28:11:51:ca:
                    d3:46:41:fd:f3:62:1c:bb:70:14:2c:1e:d6:96:86:
                    2b:a3:a8:07:3c:f6:8b:55:7e:b6:bc:e5:f9:59:63:
                    a0:b3:9b:49:d7:29:40:a5:a7:87:a5:a6:1a:0b:72:
                    23:f7:21:07:1f:7a:25:e2:2c:86:97:97:dc:82:cb:
                    04:57:c1:e9:f0:db:d7:ca:d5:af:ad:5b:38:64:35:
                    1b:2e:00:f1:b4:ec:45:04:82:01:12:c8:39:ab:b3:
                    1d:96:ed:05:3c:54:cd:1a:17:89:0f:ed:8e:f7:b9:
                    18:f8:32:74:2a:52:48:88:11:28:c2:a8:8f:f7:00:
                    69:04:26:3c:62:14:39:57:7c:14:bd:5f:d2:85:53:
                    9b:b1:b9:43:b8:36:0b:18:7b:45:21:aa:d9:c4:02:
                    f5:ab:5d:17:98:2c:b1:1e:40:0d:5c:d5:c9:47:a2:
                    8b:b3:ad:f3:5a:a6:41:45:d4:c6:07:1f:94:0f:3f:
                    42:c2:b6:fb:ae:d4:5e:b6:e5:74:1e:48:48:e0:d7:
                    1d:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:BE:11:E8:11:15:43:96:55:AC:2C:51:03:1E:A4:1F:A3:F1:74:DC
            X509v3 Authority Key Identifier:
                keyid:77:C7:B4:57:F9:AF:04:29:24:14:23:73:CE:09:0F:7F:A8:76:25:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8e0V_mvBCkkFCNzzgkPf6h2JX4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/5d0b7d-db96-4387-93ec-8469cf659101/1/Ur4R6BEVQ5ZVrCxRAx6kH6PxdNw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/5d0b7d-db96-4387-93ec-8469cf659101/1/d8e0V_mvBCkkFCNzzgkPf6h2JX4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.1.72.0/24
                IPv6:
                  2001:7f8:a3::/48

    Signature Algorithm: sha256WithRSAEncryption
         4e:12:c4:de:b1:05:75:74:8e:23:c1:16:27:4b:28:fe:70:ed:
         00:59:20:58:31:09:84:de:ec:c4:e6:e4:91:4f:70:14:24:b4:
         c8:44:bb:43:b8:33:c6:d9:d9:fa:0a:d4:65:8f:29:7c:81:61:
         a0:90:43:cf:da:f3:0d:c0:52:e6:36:d7:9d:1f:52:c0:e2:93:
         d5:3f:46:e8:f9:17:28:ad:9d:1d:ce:b2:a7:cd:a1:45:36:87:
         21:50:37:2a:93:c6:2e:4d:3f:3f:81:f9:39:cc:13:d8:79:58:
         c7:19:27:bd:99:14:4c:ac:93:76:20:e5:4b:68:ae:35:ac:5d:
         bb:de:e5:f2:10:f3:62:5c:69:8e:1c:c0:ff:cc:5b:e0:e3:5d:
         97:99:32:60:01:34:9f:5d:65:a5:df:5a:7f:2c:43:b0:b9:39:
         8c:bb:2f:52:81:6d:2a:2b:8b:2f:65:8a:74:db:14:f0:fd:e7:
         99:19:5c:07:37:31:1d:c5:67:76:93:82:8a:dd:6d:83:13:f0:
         99:e0:52:c0:7b:9a:e8:4e:58:47:57:7f:ec:4a:7d:e3:bf:ce:
         18:c8:1a:15:5e:f9:2f:7a:3f:a3:a8:86:01:f1:ff:91:9f:cf:
         48:81:a0:c9:a3:05:73:31:ad:58:12:d6:2d:55:62:98:b4:a1:
         d2:6e:b3:85
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY0sp4E88RTaQd3co9P3oldZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3YzdiNDU3ZjlhZjA0MjkyNDE0MjM3M2NlMDkwZjdmYTg3
NjI1N2UwHhcNMjQwMTIxMTUzMzExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MmJlMTFlODExMTU0Mzk2NTVhYzJjNTEwMzFlYTQxZmEzZjE3NGRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqTYpVHnnvSFqU6A+a863EhTUlhDJ
N1Y/JvSTwOIFxVdAHgvh7Mh1BxxJ9Cb+BsRuYwO1AWRguSgRUcrTRkH982Icu3AU
LB7WloYro6gHPPaLVX62vOX5WWOgs5tJ1ylApaeHpaYaC3Ij9yEHH3ol4iyGl5fc
gssEV8Hp8NvXytWvrVs4ZDUbLgDxtOxFBIIBEsg5q7Mdlu0FPFTNGheJD+2O97kY
+DJ0KlJIiBEowqiP9wBpBCY8YhQ5V3wUvV/ShVObsblDuDYLGHtFIarZxAL1q10X
mCyxHkANXNXJR6KLs63zWqZBRdTGBx+UDz9Cwrb7rtRetuV0HkhI4NcddwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFK+EegRFUOWVawsUQMepB+j8XTcMB8GA1UdIwQY
MBaAFHfHtFf5rwQpJBQjc84JD3+odiV+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZDhlMFZfbXZCQ2trRkNOenpna1BmNmgySlg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS81ZDBiN2QtZGI5Ni00Mzg3LTkzZWMt
ODQ2OWNmNjU5MTAxLzEvVXI0UjZCRVZRNVpWckN4UkF4NmtINlB4ZE53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS81ZDBiN2QtZGI5Ni00Mzg3LTkzZWMtODQ2OWNmNjU5MTAx
LzEvZDhlMFZfbXZCQ2trRkNOenpna1BmNmgySlg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuQFIMA8E
AgACMAkDBwAgAQf4AKMwDQYJKoZIhvcNAQELBQADggEBAE4SxN6xBXV0jiPBFidL
KP5w7QBZIFgxCYTe7MTm5JFPcBQktMhEu0O4M8bZ2foK1GWPKXyBYaCQQ8/a8w3A
UuY2150fUsDik9U/Ruj5FyitnR3OsqfNoUU2hyFQNyqTxi5NPz+B+TnME9h5WMcZ
J72ZFEysk3Yg5UtorjWsXbve5fIQ82JcaY4cwP/MW+DjXZeZMmABNJ9dZaXfWn8s
Q7C5OYy7L1KBbSoriy9linTbFPD955kZXAc3MR3FZ3aTgordbYMT8JngUsB7muhO
WEdXf+xKfeO/zhjIGhVe+S96P6OohgHx/5Gfz0iBoMmjBXMxrVgS1i1VYpi0odJu
s4U=
-----END CERTIFICATE-----