Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/75d6e2-c7ba-478d-879e-25f4f7430bda/1/2XnqswJhUp8Q7QKYSg6mYnJtPx0.roa
File:                     2XnqswJhUp8Q7QKYSg6mYnJtPx0.roa (raw, json)
Hash identifier:          GVTo7but2rFEi3PE0oMZ20Q2ZfZFSUAgiohCKBnP4LM=
Subject key identifier:   D9:79:EA:B3:02:61:52:9F:10:ED:02:98:4A:0E:A6:62:72:6D:3F:1D
Certificate issuer:       /CN=79259102c16993ce5e13b08cba60eedad7f92773
Certificate serial:       01948DCC56B306610F9F0D2DB9EF33EB7AA9
Authority key identifier: 79:25:91:02:C1:69:93:CE:5E:13:B0:8C:BA:60:EE:DA:D7:F9:27:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eSWRAsFpk85eE7CMumDu2tf5J3M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/75d6e2-c7ba-478d-879e-25f4f7430bda/1/2XnqswJhUp8Q7QKYSg6mYnJtPx0.roa
Signing time:             Wed 22 Jan 2025 11:36:06 +0000
ROA not before:           Wed 22 Jan 2025 11:36:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     40509
IP address blocks:        77.83.140.0/22 maxlen: 24
                          213.188.192.0/19 maxlen: 24
                          2a09:8280::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/75d6e2-c7ba-478d-879e-25f4f7430bda/1/eSWRAsFpk85eE7CMumDu2tf5J3M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/75d6e2-c7ba-478d-879e-25f4f7430bda/1/eSWRAsFpk85eE7CMumDu2tf5J3M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eSWRAsFpk85eE7CMumDu2tf5J3M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:8d:cc:56:b3:06:61:0f:9f:0d:2d:b9:ef:33:eb:7a:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=79259102c16993ce5e13b08cba60eedad7f92773
        Validity
            Not Before: Jan 22 11:36:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d979eab30261529f10ed02984a0ea662726d3f1d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:f7:a9:cd:d7:b7:20:41:1b:bf:5e:38:b8:3b:
                    a1:c7:8f:4c:f0:c1:6f:ff:2e:bc:a1:96:94:d0:cd:
                    fd:99:16:97:e0:4c:ee:74:e1:48:09:eb:c1:da:94:
                    25:3a:b7:b0:75:c9:84:81:b5:7e:2d:c3:4d:52:fe:
                    0e:9a:ae:2d:2b:2a:76:bb:38:a6:cb:ed:48:18:10:
                    14:46:b4:f1:3e:2b:bc:ca:4d:5e:a9:13:b3:d0:b4:
                    46:a7:89:31:11:c4:c6:01:83:3a:84:35:01:d4:8c:
                    6c:1e:bc:ac:70:b2:3d:13:0d:0b:22:0e:6a:82:26:
                    3b:27:bd:0b:3b:c3:89:7e:60:36:bc:8d:7e:7c:65:
                    bd:a3:dc:1a:02:5d:b2:77:a0:7a:56:35:af:b8:b0:
                    c5:7f:1e:ec:37:3c:39:37:61:07:02:91:69:95:5d:
                    31:d0:65:e8:af:97:02:8d:9b:5a:9d:a4:e5:58:a5:
                    f7:ce:bf:55:f3:1d:f1:af:5d:b0:73:d8:42:f4:45:
                    37:58:8a:79:2a:f9:64:78:7e:b4:4c:14:a8:be:05:
                    90:3b:37:54:0f:93:8a:56:1f:81:c4:d5:cd:66:a9:
                    3c:64:77:7a:e6:36:f5:84:87:7c:95:58:92:74:e6:
                    0e:7f:8a:25:e9:38:76:7e:1e:c4:6f:f0:ce:91:51:
                    69:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:79:EA:B3:02:61:52:9F:10:ED:02:98:4A:0E:A6:62:72:6D:3F:1D
            X509v3 Authority Key Identifier:
                keyid:79:25:91:02:C1:69:93:CE:5E:13:B0:8C:BA:60:EE:DA:D7:F9:27:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eSWRAsFpk85eE7CMumDu2tf5J3M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/75d6e2-c7ba-478d-879e-25f4f7430bda/1/2XnqswJhUp8Q7QKYSg6mYnJtPx0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/75d6e2-c7ba-478d-879e-25f4f7430bda/1/eSWRAsFpk85eE7CMumDu2tf5J3M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.83.140.0/22
                  213.188.192.0/19
                IPv6:
                  2a09:8280::/29

    Signature Algorithm: sha256WithRSAEncryption
         91:fb:50:4d:ed:13:51:39:56:1b:a7:ae:80:c9:0e:da:7e:f3:
         90:38:7a:06:28:e3:84:36:64:0e:e4:f3:40:0e:77:46:ae:9d:
         b8:bf:33:0e:cb:4c:d1:86:40:5b:97:14:47:20:6a:c4:82:8b:
         f5:8c:53:44:59:52:b0:f6:6f:a4:57:93:8b:62:a8:91:24:95:
         63:a5:64:a5:3b:bd:5a:be:50:20:66:a2:be:f1:34:4b:2a:85:
         29:d3:df:8d:f2:db:10:80:ab:3b:ec:d6:d4:65:82:ce:65:8e:
         53:e0:e5:b2:29:20:d5:ae:30:d0:64:fe:f2:3d:72:f6:26:93:
         c9:62:21:21:a2:d3:af:0a:62:4c:45:f4:ad:7f:5a:65:60:a1:
         9b:89:91:8b:83:04:20:5f:4b:48:97:3f:07:5d:ce:18:92:3d:
         32:5d:98:2a:65:03:e0:7f:db:05:4f:6f:f4:af:64:26:9e:64:
         50:a4:f3:b1:33:b6:f6:17:8b:46:35:3c:a1:62:c2:04:6e:e9:
         6e:f8:30:b8:58:77:a8:f4:14:97:4f:53:21:d5:b8:34:3d:ae:
         56:e1:6c:54:ff:e8:3a:56:76:21:23:b5:6d:0d:f9:ff:ca:8e:
         1d:1e:79:82:4c:dd:ff:f9:98:43:ce:3d:b3:c9:d1:e2:c4:b5:
         57:15:cd:47
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZSNzFazBmEPnw0tue8z63qpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5MjU5MTAyYzE2OTkzY2U1ZTEzYjA4Y2JhNjBlZWRhZDdm
OTI3NzMwHhcNMjUwMTIyMTEzNjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTc5ZWFiMzAyNjE1MjlmMTBlZDAyOTg0YTBlYTY2MjcyNmQzZjFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Pepzde3IEEbv144uDuhx49M8MFv
/y68oZaU0M39mRaX4EzudOFICevB2pQlOrewdcmEgbV+LcNNUv4Omq4tKyp2uzim
y+1IGBAURrTxPiu8yk1eqROz0LRGp4kxEcTGAYM6hDUB1IxsHryscLI9Ew0LIg5q
giY7J70LO8OJfmA2vI1+fGW9o9waAl2yd6B6VjWvuLDFfx7sNzw5N2EHApFplV0x
0GXor5cCjZtanaTlWKX3zr9V8x3xr12wc9hC9EU3WIp5KvlkeH60TBSovgWQOzdU
D5OKVh+BxNXNZqk8ZHd65jb1hId8lViSdOYOf4ol6Th2fh7Eb/DOkVFpswIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFNl56rMCYVKfEO0CmEoOpmJybT8dMB8GA1UdIwQY
MBaAFHklkQLBaZPOXhOwjLpg7trX+SdzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVNXUkFzRnBrODVlRTdDTXVtRHUydGY1SjNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS83NWQ2ZTItYzdiYS00NzhkLTg3OWUt
MjVmNGY3NDMwYmRhLzEvMlhucXN3SmhVcDhRN1FLWVNnNm1Zbkp0UHgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS83NWQ2ZTItYzdiYS00NzhkLTg3OWUtMjVmNGY3NDMwYmRh
LzEvZVNXUkFzRnBrODVlRTdDTXVtRHUydGY1SjNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCTVOMAwQF
1bzAMA0EAgACMAcDBQMqCYKAMA0GCSqGSIb3DQEBCwUAA4IBAQCR+1BN7RNROVYb
p66AyQ7afvOQOHoGKOOENmQO5PNADndGrp24vzMOy0zRhkBblxRHIGrEgov1jFNE
WVKw9m+kV5OLYqiRJJVjpWSlO71avlAgZqK+8TRLKoUp09+N8tsQgKs77NbUZYLO
ZY5T4OWyKSDVrjDQZP7yPXL2JpPJYiEhotOvCmJMRfStf1plYKGbiZGLgwQgX0tI
lz8HXc4Ykj0yXZgqZQPgf9sFT2/0r2QmnmRQpPOxM7b2F4tGNTyhYsIEbulu+DC4
WHeo9BSXT1Mh1bg0Pa5W4WxU/+g6VnYhI7VtDfn/yo4dHnmCTN3/+ZhDzj2zydHi
xLVXFc1H
-----END CERTIFICATE-----