Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/e3bbc9-78c3-43a2-b9b0-48acef672e4a/1/J0A7-nt5XeCgS9gAAAVlx1i-rJY.roa
File:                     J0A7-nt5XeCgS9gAAAVlx1i-rJY.roa (raw, json)
Hash identifier:          JlA22eRwTHKygk6Rjp3JxHNqhS3iEPaNZklqvUMhvwg=
Subject key identifier:   27:40:3B:FA:7B:79:5D:E0:A0:4B:D8:00:00:05:65:C7:58:BE:AC:96
Certificate issuer:       /CN=bd82e60d072e5185435a900e323f463806d433c9
Certificate serial:       018CC56DFF79939C059010E8CF92DAC4B559
Authority key identifier: BD:82:E6:0D:07:2E:51:85:43:5A:90:0E:32:3F:46:38:06:D4:33:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vYLmDQcuUYVDWpAOMj9GOAbUM8k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/e3bbc9-78c3-43a2-b9b0-48acef672e4a/1/J0A7-nt5XeCgS9gAAAVlx1i-rJY.roa
Signing time:             Mon 01 Jan 2024 14:29:29 +0000
ROA not before:           Mon 01 Jan 2024 14:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43356
IP address blocks:        77.92.2.0/24 maxlen: 24
                          77.92.3.0/24 maxlen: 24
                          77.92.0.0/20 maxlen: 20
                          77.92.1.0/24 maxlen: 24
                          77.92.4.0/24 maxlen: 24
                          77.92.6.0/24 maxlen: 24
                          77.92.7.0/24 maxlen: 24
                          193.201.128.0/24 maxlen: 24
                          77.92.5.0/24 maxlen: 24
                          193.201.131.0/24 maxlen: 24
                          193.201.129.0/24 maxlen: 24
                          193.201.130.0/24 maxlen: 24
                          77.92.8.0/22 maxlen: 22
                          77.92.16.0/22 maxlen: 22
                          77.92.15.0/24 maxlen: 24
                          77.92.13.0/24 maxlen: 24
                          77.92.14.0/24 maxlen: 24
                          77.92.12.0/24 maxlen: 24
                          77.92.20.0/24 maxlen: 24
                          77.92.21.0/24 maxlen: 24
                          77.92.23.0/24 maxlen: 24
                          77.92.24.0/24 maxlen: 24
                          77.92.22.0/24 maxlen: 24
                          77.92.25.0/24 maxlen: 24
                          77.92.26.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/e3bbc9-78c3-43a2-b9b0-48acef672e4a/1/vYLmDQcuUYVDWpAOMj9GOAbUM8k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/e3bbc9-78c3-43a2-b9b0-48acef672e4a/1/vYLmDQcuUYVDWpAOMj9GOAbUM8k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vYLmDQcuUYVDWpAOMj9GOAbUM8k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:ff:79:93:9c:05:90:10:e8:cf:92:da:c4:b5:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd82e60d072e5185435a900e323f463806d433c9
        Validity
            Not Before: Jan  1 14:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=27403bfa7b795de0a04bd800000565c758beac96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:c7:fb:87:31:ad:d8:dd:ea:6a:20:3c:59:c5:
                    fd:b9:63:7a:ba:e7:ce:5e:50:5c:d7:a4:b6:dc:57:
                    19:aa:51:ab:6c:84:50:b0:cf:f6:63:68:15:9d:70:
                    06:56:db:1a:c0:49:30:58:d2:b3:45:2b:b4:83:1e:
                    d4:a4:1e:28:a9:12:79:3e:87:d8:ef:87:c3:9c:e7:
                    87:02:1e:fc:84:b1:27:74:3c:1f:85:75:5d:11:b2:
                    b9:7f:44:50:c5:b1:37:8d:29:7a:80:1f:96:c6:7c:
                    e6:1b:54:b7:aa:b7:5b:77:ea:f9:d9:30:26:2c:bc:
                    82:72:0c:72:82:5d:89:a8:bb:e6:5a:e3:71:35:0f:
                    ed:3f:37:c0:7c:b2:bc:6a:45:d6:a4:4a:4d:49:fe:
                    3b:9e:40:4b:dd:8f:ae:76:0d:2a:e6:a9:a6:02:7f:
                    b7:2a:e1:f4:04:04:d0:92:14:f0:69:43:16:49:fe:
                    53:d1:e0:72:1f:62:f9:53:df:72:2d:dc:2d:81:0f:
                    ae:95:25:6c:2e:f9:9c:99:f9:2e:6c:7a:b8:63:3b:
                    b2:33:dc:05:6e:36:ca:0e:e3:30:49:f7:1e:39:eb:
                    7f:d2:2f:72:69:48:71:1b:f2:4e:72:61:92:e2:ac:
                    00:b3:2a:7a:ea:b1:52:b0:d5:f2:34:97:08:43:ab:
                    14:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:40:3B:FA:7B:79:5D:E0:A0:4B:D8:00:00:05:65:C7:58:BE:AC:96
            X509v3 Authority Key Identifier:
                keyid:BD:82:E6:0D:07:2E:51:85:43:5A:90:0E:32:3F:46:38:06:D4:33:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vYLmDQcuUYVDWpAOMj9GOAbUM8k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/e3bbc9-78c3-43a2-b9b0-48acef672e4a/1/J0A7-nt5XeCgS9gAAAVlx1i-rJY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/e3bbc9-78c3-43a2-b9b0-48acef672e4a/1/vYLmDQcuUYVDWpAOMj9GOAbUM8k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.92.0.0-77.92.26.255
                  193.201.128.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a6:ea:2e:97:26:57:34:3e:94:0c:99:69:42:c4:5e:9b:77:7c:
         43:e3:8b:ff:a4:32:4a:0d:8e:84:93:d6:e2:81:83:73:ba:66:
         03:ca:4f:2e:2a:6a:69:f8:b0:3c:cd:97:e7:a4:65:60:f3:3e:
         d1:a3:88:eb:60:02:e6:35:c6:57:7d:37:e9:9b:83:b4:75:50:
         1d:60:a5:a5:44:d8:50:d1:77:2e:f0:5b:d2:85:b1:9a:a6:0c:
         50:a5:73:ff:9f:eb:8b:38:cf:ee:0e:4b:37:32:a6:03:6c:dd:
         a1:a6:cf:7b:d9:d0:8d:d7:16:f1:29:3e:83:34:a3:23:9e:e0:
         87:bc:ee:21:0a:a7:2d:58:f8:e9:7b:d5:90:65:f8:92:4a:f8:
         89:5d:f4:b9:e2:93:bf:6f:73:a1:a8:5b:0b:8a:35:71:d3:93:
         c5:e2:03:d8:08:88:39:b8:e1:03:37:e4:ef:93:b3:5a:d5:e6:
         b2:fa:99:0b:89:6f:9a:86:81:bd:fb:23:e7:e7:a6:88:b6:75:
         fb:76:af:5d:ce:68:e4:6c:ad:03:03:4c:ba:91:d4:82:3f:9c:
         42:b4:9c:69:c0:68:fa:f7:ee:d5:94:33:b4:84:ea:80:cf:d9:
         42:b3:16:b2:b2:f9:29:71:16:d0:d3:00:41:f2:aa:33:e6:a7:
         1e:9c:9b:5a
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgISAYzFbf95k5wFkBDoz5LaxLVZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkODJlNjBkMDcyZTUxODU0MzVhOTAwZTMyM2Y0NjM4MDZk
NDMzYzkwHhcNMjQwMTAxMTQyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzQwM2JmYTdiNzk1ZGUwYTA0YmQ4MDAwMDA1NjVjNzU4YmVhYzk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgMf7hzGt2N3qaiA8WcX9uWN6uufO
XlBc16S23FcZqlGrbIRQsM/2Y2gVnXAGVtsawEkwWNKzRSu0gx7UpB4oqRJ5PofY
74fDnOeHAh78hLEndDwfhXVdEbK5f0RQxbE3jSl6gB+WxnzmG1S3qrdbd+r52TAm
LLyCcgxygl2JqLvmWuNxNQ/tPzfAfLK8akXWpEpNSf47nkBL3Y+udg0q5qmmAn+3
KuH0BATQkhTwaUMWSf5T0eByH2L5U99yLdwtgQ+ulSVsLvmcmfkubHq4YzuyM9wF
bjbKDuMwSfceOet/0i9yaUhxG/JOcmGS4qwAsyp66rFSsNXyNJcIQ6sUGwIDAQAB
o4ICFjCCAhIwHQYDVR0OBBYEFCdAO/p7eV3goEvYAAAFZcdYvqyWMB8GA1UdIwQY
MBaAFL2C5g0HLlGFQ1qQDjI/RjgG1DPJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdllMbURRY3VVWVZEV3BBT01qOUdPQWJVTThrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9lM2JiYzktNzhjMy00M2EyLWI5YjAt
NDhhY2VmNjcyZTRhLzEvSjBBNy1udDVYZUNnUzlnQUFBVmx4MWktckpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9lM2JiYzktNzhjMy00M2EyLWI5YjAtNDhhY2VmNjcyZTRh
LzEvdllMbURRY3VVWVZEV3BBT01qOUdPQWJVTThrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCwGCCsGAQUFBwEHAQH/BB0wGzAZBAIAATATMAsDAwJNXAME
AE1cGgMEAsHJgDANBgkqhkiG9w0BAQsFAAOCAQEApuoulyZXND6UDJlpQsRem3d8
Q+OL/6QySg2OhJPW4oGDc7pmA8pPLipqafiwPM2X56RlYPM+0aOI62AC5jXGV303
6ZuDtHVQHWClpUTYUNF3LvBb0oWxmqYMUKVz/5/rizjP7g5LNzKmA2zdoabPe9nQ
jdcW8Sk+gzSjI57gh7zuIQqnLVj46XvVkGX4kkr4iV30ueKTv29zoahbC4o1cdOT
xeID2AiIObjhAzfk75OzWtXmsvqZC4lvmoaBvfsj5+emiLZ1+3avXc5o5GytAwNM
upHUgj+cQrScacBo+vfu1ZQztITqgM/ZQrMWsrL5KXEW0NMAQfKqM+anHpybWg==
-----END CERTIFICATE-----
Generated at Wed Nov 27 01:02:51 2024 by rpki-client on console-fra.rpki-client.org