Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/mPIEgyssPqs6bJGBVg1KyAlnTF8.roa
File:                     mPIEgyssPqs6bJGBVg1KyAlnTF8.roa (raw, json)
Hash identifier:          vLIsHxAjYSgIm3zpvV05ojKSpb3Py1iQi3Z3bfaw1DY=
Subject key identifier:   98:F2:04:83:2B:2C:3E:AB:3A:6C:91:81:56:0D:4A:C8:09:67:4C:5F
Certificate issuer:       /CN=1773db17795d2bf1b4b5345c5b29390dbaf4523e
Certificate serial:       0194236A62DF6EA44333079216B6B6AD70D0
Authority key identifier: 17:73:DB:17:79:5D:2B:F1:B4:B5:34:5C:5B:29:39:0D:BA:F4:52:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/mPIEgyssPqs6bJGBVg1KyAlnTF8.roa
Signing time:             Wed 01 Jan 2025 19:49:22 +0000
ROA not before:           Wed 01 Jan 2025 19:49:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        145.78.20.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 19:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:62:df:6e:a4:43:33:07:92:16:b6:b6:ad:70:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1773db17795d2bf1b4b5345c5b29390dbaf4523e
        Validity
            Not Before: Jan  1 19:49:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=98f204832b2c3eab3a6c9181560d4ac809674c5f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:e0:aa:d5:42:20:98:b3:54:fe:aa:cd:26:47:
                    75:cc:34:9f:e5:71:c7:fe:61:7d:62:09:86:5b:5a:
                    2e:64:aa:0f:43:e9:f6:a1:a9:18:8f:8b:ec:40:ec:
                    0a:63:a5:41:3d:95:bf:c3:17:e3:26:8d:4d:09:40:
                    3d:99:af:ff:7b:cf:fc:1d:5e:59:f6:75:8d:5e:2f:
                    2e:15:24:22:8e:ea:b4:26:b5:eb:62:3a:07:86:0e:
                    55:43:97:6f:40:be:0b:69:53:b3:d0:e8:59:68:10:
                    e0:f6:96:56:6e:85:29:31:61:77:a8:0a:b2:e6:c4:
                    6b:4f:d9:82:9d:0f:11:fa:b0:9d:67:ba:84:79:f0:
                    b2:bb:a0:df:29:96:40:29:da:c1:98:f2:b6:50:74:
                    47:54:08:a6:24:07:a1:13:6f:ed:26:ad:ee:4b:1b:
                    4a:0e:48:a7:7e:72:ea:03:c3:0a:40:3f:80:ec:25:
                    ab:fa:be:df:1f:96:ba:3a:91:8a:4c:5a:17:d0:67:
                    15:fe:7e:b6:6b:bf:98:a1:4d:6a:4f:41:bf:33:9e:
                    3e:24:32:0b:da:46:61:81:d5:f5:58:f9:3f:85:ff:
                    8f:55:44:ad:21:66:f8:78:2b:e8:15:b3:8f:e4:a2:
                    15:2c:4f:13:44:27:b9:75:3d:18:49:96:b7:12:20:
                    31:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:F2:04:83:2B:2C:3E:AB:3A:6C:91:81:56:0D:4A:C8:09:67:4C:5F
            X509v3 Authority Key Identifier:
                keyid:17:73:DB:17:79:5D:2B:F1:B4:B5:34:5C:5B:29:39:0D:BA:F4:52:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/mPIEgyssPqs6bJGBVg1KyAlnTF8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.78.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2d:9a:f9:e3:b0:5b:0f:e4:3b:20:f4:f5:58:d2:29:19:42:cc:
         fa:a7:71:37:a7:c4:66:da:fc:d0:0b:cd:81:ed:24:51:32:68:
         c0:13:a7:d0:1f:61:c5:54:b0:2e:b5:a3:eb:01:7b:c4:0b:00:
         17:79:e3:89:a7:86:1a:ca:32:75:17:c7:92:a2:28:a7:2c:0f:
         c9:af:00:b9:16:5b:62:82:0f:0f:68:e1:35:6f:98:db:52:95:
         d3:94:82:8c:1b:c0:7c:63:b9:c6:b5:4a:eb:4b:18:3e:72:95:
         fc:75:10:03:ae:2e:11:ef:ee:2a:dc:d4:8f:6d:2b:0c:7a:97:
         1d:e9:96:05:c3:56:b3:f7:7c:0b:3d:31:13:61:1b:fb:15:2e:
         a4:c3:d2:a8:3b:93:de:2c:2e:79:e1:71:36:a2:0d:e2:79:85:
         69:f3:cc:a3:c3:c1:03:03:b9:31:2c:76:9d:9d:0d:92:f1:9c:
         e5:d1:6b:5d:6b:63:3f:35:79:7b:eb:c6:f4:9a:7f:98:d7:74:
         c7:b7:74:9d:37:e2:3e:6b:4b:92:a1:da:b4:c4:44:a7:c5:8e:
         00:87:df:59:f1:35:f2:81:f3:7a:3d:67:1a:10:17:48:0a:0a:
         b2:a3:2a:57:b1:db:0c:f8:c0:e9:d0:e7:a0:d8:44:58:a6:29:
         e5:24:46:05
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjamLfbqRDMweSFra2rXDQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3NzNkYjE3Nzk1ZDJiZjFiNGI1MzQ1YzViMjkzOTBkYmFm
NDUyM2UwHhcNMjUwMTAxMTk0OTIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OGYyMDQ4MzJiMmMzZWFiM2E2YzkxODE1NjBkNGFjODA5Njc0YzVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzeCq1UIgmLNU/qrNJkd1zDSf5XHH
/mF9YgmGW1ouZKoPQ+n2oakYj4vsQOwKY6VBPZW/wxfjJo1NCUA9ma//e8/8HV5Z
9nWNXi8uFSQijuq0JrXrYjoHhg5VQ5dvQL4LaVOz0OhZaBDg9pZWboUpMWF3qAqy
5sRrT9mCnQ8R+rCdZ7qEefCyu6DfKZZAKdrBmPK2UHRHVAimJAehE2/tJq3uSxtK
DkinfnLqA8MKQD+A7CWr+r7fH5a6OpGKTFoX0GcV/n62a7+YoU1qT0G/M54+JDIL
2kZhgdX1WPk/hf+PVUStIWb4eCvoFbOP5KIVLE8TRCe5dT0YSZa3EiAx5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJjyBIMrLD6rOmyRgVYNSsgJZ0xfMB8GA1UdIwQY
MBaAFBdz2xd5XSvxtLU0XFspOQ269FI+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjNQYkYzbGRLX0cwdFRSY1d5azVEYnIwVWo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC9mNzdjYmQtODkzYi00NjE2LTlkNzYt
NTQ4NjFmMjMyNDlkLzEvbVBJRWd5c3NQcXM2YkpHQlZnMUt5QWxuVEY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC9mNzdjYmQtODkzYi00NjE2LTlkNzYtNTQ4NjFmMjMyNDlk
LzEvRjNQYkYzbGRLX0cwdFRSY1d5azVEYnIwVWo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCkU4UMA0G
CSqGSIb3DQEBCwUAA4IBAQAtmvnjsFsP5Dsg9PVY0ikZQsz6p3E3p8Rm2vzQC82B
7SRRMmjAE6fQH2HFVLAutaPrAXvECwAXeeOJp4YayjJ1F8eSoiinLA/JrwC5Flti
gg8PaOE1b5jbUpXTlIKMG8B8Y7nGtUrrSxg+cpX8dRADri4R7+4q3NSPbSsMepcd
6ZYFw1az93wLPTETYRv7FS6kw9KoO5PeLC554XE2og3ieYVp88yjw8EDA7kxLHad
nQ2S8Zzl0Wtda2M/NXl768b0mn+Y13THt3SdN+I+a0uSodq0xESnxY4Ah99Z8TXy
gfN6PWcaEBdICgqyoypXsdsM+MDp0Oeg2ERYpinlJEYF
-----END CERTIFICATE-----