Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/2c0f0b-7831-41d3-916d-d9655987874a/1/2nLfLY9iuS0QWJUoxMXGuTVNh4Q.roa
File:                     2nLfLY9iuS0QWJUoxMXGuTVNh4Q.roa (raw, json)
Hash identifier:          KGQN3KTkCEm9UO8mNAZfG4hkgxNjImc/0aUX1CErP0M=
Subject key identifier:   DA:72:DF:2D:8F:62:B9:2D:10:58:95:28:C4:C5:C6:B9:35:4D:87:84
Certificate issuer:       /CN=0277acd112f1c6c833bec22f8b53cc70d2390876
Certificate serial:       019420D5C010671A5978E8855B2EBF3F5309
Authority key identifier: 02:77:AC:D1:12:F1:C6:C8:33:BE:C2:2F:8B:53:CC:70:D2:39:08:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Anes0RLxxsgzvsIvi1PMcNI5CHY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/2c0f0b-7831-41d3-916d-d9655987874a/1/2nLfLY9iuS0QWJUoxMXGuTVNh4Q.roa
Signing time:             Wed 01 Jan 2025 07:47:46 +0000
ROA not before:           Wed 01 Jan 2025 07:47:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59973
IP address blocks:        176.58.66.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/2c0f0b-7831-41d3-916d-d9655987874a/1/Anes0RLxxsgzvsIvi1PMcNI5CHY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/2c0f0b-7831-41d3-916d-d9655987874a/1/Anes0RLxxsgzvsIvi1PMcNI5CHY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Anes0RLxxsgzvsIvi1PMcNI5CHY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:c0:10:67:1a:59:78:e8:85:5b:2e:bf:3f:53:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0277acd112f1c6c833bec22f8b53cc70d2390876
        Validity
            Not Before: Jan  1 07:47:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=da72df2d8f62b92d10589528c4c5c6b9354d8784
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:24:85:0e:4e:69:d6:d6:82:0d:f8:c7:6b:71:
                    e1:06:6c:b0:66:97:bf:c8:72:c4:eb:2a:1f:0a:58:
                    ad:ed:b7:93:dd:1f:7d:ea:d5:c8:84:de:5d:68:45:
                    bc:d8:ae:df:47:36:86:79:cb:2a:1c:72:92:be:9c:
                    1b:e8:1d:8c:05:5b:a8:ff:36:87:5e:44:38:0c:7c:
                    a3:d3:93:cc:09:9c:99:98:24:87:9c:91:c7:b1:c4:
                    bf:82:48:4b:a3:ed:20:09:6d:e6:8e:03:f1:0d:b2:
                    8a:ee:1c:70:ca:61:cf:d5:7e:b4:23:be:be:e6:5a:
                    0c:1c:64:2a:86:77:9d:87:d3:cf:3b:46:51:f7:88:
                    7c:d2:3c:08:ed:49:68:59:9a:dc:58:17:b9:d6:30:
                    63:a7:ad:84:ef:82:60:f4:08:80:91:f4:3d:f0:c1:
                    57:63:a0:fc:31:9c:e6:94:f9:2d:ef:83:8d:ba:da:
                    d5:1b:4c:c6:55:95:1f:f8:a8:03:73:6e:cd:25:7b:
                    83:44:83:92:04:df:50:b8:2f:70:9f:61:32:a5:ca:
                    9c:9d:e3:f2:7f:35:fd:4f:f7:2f:1e:0d:90:22:5e:
                    9d:4c:3b:85:46:99:6b:80:14:0e:8f:0d:0d:3c:79:
                    44:8d:03:c5:75:1a:29:16:79:44:69:ee:99:b6:a0:
                    46:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:72:DF:2D:8F:62:B9:2D:10:58:95:28:C4:C5:C6:B9:35:4D:87:84
            X509v3 Authority Key Identifier:
                keyid:02:77:AC:D1:12:F1:C6:C8:33:BE:C2:2F:8B:53:CC:70:D2:39:08:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Anes0RLxxsgzvsIvi1PMcNI5CHY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/2c0f0b-7831-41d3-916d-d9655987874a/1/2nLfLY9iuS0QWJUoxMXGuTVNh4Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/2c0f0b-7831-41d3-916d-d9655987874a/1/Anes0RLxxsgzvsIvi1PMcNI5CHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.58.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:22:a4:03:1c:78:e7:49:30:dd:06:1b:d1:80:4d:a8:14:28:
         85:49:57:90:11:0e:23:f2:c1:66:ad:4a:43:d9:73:c6:d2:83:
         e6:98:10:93:2d:74:8b:7e:ef:5a:f3:af:33:28:5e:35:3e:bc:
         f1:48:07:94:a7:7f:f5:38:39:bb:f4:cc:b5:fe:54:ca:72:63:
         e5:33:54:b9:cf:25:5b:47:d8:43:1c:3e:91:9e:08:c0:49:92:
         09:54:5a:61:5f:70:59:aa:50:d7:26:81:ea:58:0b:81:f7:52:
         02:72:e4:bb:b3:e1:31:79:c4:37:40:7e:58:3f:01:dc:a5:49:
         67:00:69:af:a1:1a:4f:e0:9d:02:d1:2f:bc:bb:43:07:d6:f1:
         b1:24:aa:1b:83:a8:66:94:87:0c:49:28:eb:78:0e:37:c1:0e:
         3c:8d:70:a5:89:ec:fd:f6:90:0a:d4:64:66:3a:39:d7:e3:c4:
         45:1d:b4:5c:45:b6:8e:86:77:38:5e:07:c4:06:65:6a:7e:13:
         3a:58:2a:89:74:ab:4c:f8:57:4d:07:01:8f:d8:6e:e5:2b:d0:
         03:66:c8:b0:93:a0:7a:6c:11:30:74:9e:29:d4:ab:ce:27:1e:
         26:04:20:e3:84:5a:c4:91:87:b4:28:bd:01:81:9a:32:21:99:
         6b:37:8f:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1cAQZxpZeOiFWy6/P1MJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyNzdhY2QxMTJmMWM2YzgzM2JlYzIyZjhiNTNjYzcwZDIz
OTA4NzYwHhcNMjUwMTAxMDc0NzQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTcyZGYyZDhmNjJiOTJkMTA1ODk1MjhjNGM1YzZiOTM1NGQ4Nzg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0iSFDk5p1taCDfjHa3HhBmywZpe/
yHLE6yofClit7beT3R996tXIhN5daEW82K7fRzaGecsqHHKSvpwb6B2MBVuo/zaH
XkQ4DHyj05PMCZyZmCSHnJHHscS/gkhLo+0gCW3mjgPxDbKK7hxwymHP1X60I76+
5loMHGQqhnedh9PPO0ZR94h80jwI7UloWZrcWBe51jBjp62E74Jg9AiAkfQ98MFX
Y6D8MZzmlPkt74ONutrVG0zGVZUf+KgDc27NJXuDRIOSBN9QuC9wn2EypcqcnePy
fzX9T/cvHg2QIl6dTDuFRplrgBQOjw0NPHlEjQPFdRopFnlEae6ZtqBG9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNpy3y2PYrktEFiVKMTFxrk1TYeEMB8GA1UdIwQY
MBaAFAJ3rNES8cbIM77CL4tTzHDSOQh2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQW5lczBSTHh4c2d6dnNJdmkxUE1jTkk1Q0hZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8yYzBmMGItNzgzMS00MWQzLTkxNmQt
ZDk2NTU5ODc4NzRhLzEvMm5MZkxZOWl1UzBRV0pVb3hNWEd1VFZOaDRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8yYzBmMGItNzgzMS00MWQzLTkxNmQtZDk2NTU5ODc4NzRh
LzEvQW5lczBSTHh4c2d6dnNJdmkxUE1jTkk1Q0hZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsDpCMA0G
CSqGSIb3DQEBCwUAA4IBAQBmIqQDHHjnSTDdBhvRgE2oFCiFSVeQEQ4j8sFmrUpD
2XPG0oPmmBCTLXSLfu9a868zKF41PrzxSAeUp3/1ODm79My1/lTKcmPlM1S5zyVb
R9hDHD6RngjASZIJVFphX3BZqlDXJoHqWAuB91ICcuS7s+ExecQ3QH5YPwHcpUln
AGmvoRpP4J0C0S+8u0MH1vGxJKobg6hmlIcMSSjreA43wQ48jXCliez99pAK1GRm
OjnX48RFHbRcRbaOhnc4XgfEBmVqfhM6WCqJdKtM+FdNBwGP2G7lK9ADZsiwk6B6
bBEwdJ4p1KvOJx4mBCDjhFrEkYe0KL0BgZoyIZlrN4+l
-----END CERTIFICATE-----