Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/f9a4be-d79c-4192-a6b3-3b988f188d91/1/AkxBzFahq-o6wjZntexC75GkoQc.roa
File:                     AkxBzFahq-o6wjZntexC75GkoQc.roa (raw, json)
Hash identifier:          XI+dcnOKPlHyd45iksd8y1QhwpvH96atl8vNKM9DQ9c=
Subject key identifier:   02:4C:41:CC:56:A1:AB:EA:3A:C2:36:67:B5:EC:42:EF:91:A4:A1:07
Certificate issuer:       /CN=cad794ac601ce2505b65f975a7d516a2f00a5b31
Certificate serial:       0194258F76EF5F9717BF19D087A350086836
Authority key identifier: CA:D7:94:AC:60:1C:E2:50:5B:65:F9:75:A7:D5:16:A2:F0:0A:5B:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yteUrGAc4lBbZfl1p9UWovAKWzE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/f9a4be-d79c-4192-a6b3-3b988f188d91/1/AkxBzFahq-o6wjZntexC75GkoQc.roa
Signing time:             Thu 02 Jan 2025 05:49:06 +0000
ROA not before:           Thu 02 Jan 2025 05:49:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7018
IP address blocks:        77.90.102.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/f9a4be-d79c-4192-a6b3-3b988f188d91/1/yteUrGAc4lBbZfl1p9UWovAKWzE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/f9a4be-d79c-4192-a6b3-3b988f188d91/1/yteUrGAc4lBbZfl1p9UWovAKWzE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yteUrGAc4lBbZfl1p9UWovAKWzE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:76:ef:5f:97:17:bf:19:d0:87:a3:50:08:68:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cad794ac601ce2505b65f975a7d516a2f00a5b31
        Validity
            Not Before: Jan  2 05:49:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=024c41cc56a1abea3ac23667b5ec42ef91a4a107
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:7a:c6:40:b5:1a:89:98:58:c9:b6:4d:cc:65:
                    27:99:41:69:e8:ec:99:fb:79:3f:46:fe:45:32:2e:
                    ff:96:c2:c1:25:5c:d7:7c:be:c6:77:8d:93:c4:b8:
                    de:c0:5a:e9:ef:84:6e:6c:d9:87:08:a9:f5:50:74:
                    c4:91:4e:93:23:e6:94:93:81:be:2c:fa:2c:33:3c:
                    21:0a:be:14:68:d1:a2:ad:21:a6:d8:ad:bc:37:0e:
                    e0:a5:03:c2:a9:27:90:c1:e6:64:d7:fe:1f:6c:92:
                    be:bb:20:d9:83:f0:89:a0:d4:70:6f:87:96:9b:d8:
                    71:cf:d4:34:21:59:67:4b:3e:13:b3:db:f2:01:79:
                    11:b2:57:73:49:c3:7c:d3:7d:76:f9:68:71:f4:47:
                    05:cd:68:41:fa:2b:ed:dc:da:08:08:17:93:3d:c3:
                    f8:b9:a8:26:54:9c:88:92:bd:bf:60:c6:96:ff:bd:
                    60:8a:e5:a6:82:d4:8e:2e:9b:d1:25:e8:1d:06:6a:
                    67:50:48:0f:82:9a:e5:24:32:37:e3:9c:b6:a5:ff:
                    1c:1c:4e:8c:f9:44:3c:66:ed:ff:ce:80:a3:09:70:
                    25:ef:6a:f4:b8:2d:44:a8:f1:2c:19:d4:d4:9e:07:
                    40:c9:51:af:0a:49:d3:b0:91:80:5d:d7:3a:9f:d4:
                    78:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:4C:41:CC:56:A1:AB:EA:3A:C2:36:67:B5:EC:42:EF:91:A4:A1:07
            X509v3 Authority Key Identifier:
                keyid:CA:D7:94:AC:60:1C:E2:50:5B:65:F9:75:A7:D5:16:A2:F0:0A:5B:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yteUrGAc4lBbZfl1p9UWovAKWzE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/f9a4be-d79c-4192-a6b3-3b988f188d91/1/AkxBzFahq-o6wjZntexC75GkoQc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/f9a4be-d79c-4192-a6b3-3b988f188d91/1/yteUrGAc4lBbZfl1p9UWovAKWzE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:1c:01:cb:92:7c:24:88:39:00:ce:9a:e0:4b:f4:fa:97:14:
         8c:c9:a0:bf:1a:2a:6c:d5:d7:7b:88:b7:b2:49:35:49:f5:13:
         a0:1e:97:3e:53:a4:58:15:b6:d9:fc:92:07:8c:25:77:03:ef:
         20:30:a9:fb:6b:a5:68:91:86:9a:7f:3a:3a:e8:56:cb:12:c7:
         e7:77:20:ff:8a:13:3c:5c:2a:81:51:48:3c:80:4b:5e:5d:90:
         da:96:8d:3e:e7:44:7d:3e:30:10:86:2e:5e:f4:39:91:93:bf:
         7f:11:ed:48:c8:bb:34:06:d5:c7:2a:8a:31:d3:d0:1a:ba:49:
         21:ba:34:a8:1a:ae:d6:97:aa:4a:4d:b9:58:f5:5a:c3:c8:30:
         ff:7e:fd:6c:5d:77:be:84:7a:1d:8c:ad:8e:b2:34:5a:4f:bc:
         f6:73:65:e5:82:41:47:74:fe:fd:94:89:5e:c0:d0:5d:19:b5:
         b9:c1:c1:60:be:9d:ef:c0:3e:ac:c2:a9:ff:a7:82:0e:89:69:
         a2:13:bc:c6:8f:1f:eb:bc:20:78:86:f7:fb:ba:96:63:2a:7a:
         98:bf:25:be:a7:02:98:4c:fd:22:61:6f:05:9b:ad:b6:12:c5:
         b3:8b:ef:72:66:6b:89:70:23:a7:62:9f:5f:c9:3c:6c:31:41:
         9d:22:5b:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj3bvX5cXvxnQh6NQCGg2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhZDc5NGFjNjAxY2UyNTA1YjY1Zjk3NWE3ZDUxNmEyZjAw
YTViMzEwHhcNMjUwMTAyMDU0OTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjRjNDFjYzU2YTFhYmVhM2FjMjM2NjdiNWVjNDJlZjkxYTRhMTA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAznrGQLUaiZhYybZNzGUnmUFp6OyZ
+3k/Rv5FMi7/lsLBJVzXfL7Gd42TxLjewFrp74RubNmHCKn1UHTEkU6TI+aUk4G+
LPosMzwhCr4UaNGirSGm2K28Nw7gpQPCqSeQweZk1/4fbJK+uyDZg/CJoNRwb4eW
m9hxz9Q0IVlnSz4Ts9vyAXkRsldzScN80312+Whx9EcFzWhB+ivt3NoICBeTPcP4
uagmVJyIkr2/YMaW/71giuWmgtSOLpvRJegdBmpnUEgPgprlJDI345y2pf8cHE6M
+UQ8Zu3/zoCjCXAl72r0uC1EqPEsGdTUngdAyVGvCknTsJGAXdc6n9R4GQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAJMQcxWoavqOsI2Z7XsQu+RpKEHMB8GA1UdIwQY
MBaAFMrXlKxgHOJQW2X5dafVFqLwClsxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveXRlVXJHQWM0bEJiWmZsMXA5VVdvdkFLV3pFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi9mOWE0YmUtZDc5Yy00MTkyLWE2YjMt
M2I5ODhmMTg4ZDkxLzEvQWt4QnpGYWhxLW82d2pabnRleEM3NUdrb1FjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi9mOWE0YmUtZDc5Yy00MTkyLWE2YjMtM2I5ODhmMTg4ZDkx
LzEveXRlVXJHQWM0bEJiWmZsMXA5VVdvdkFLV3pFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVpmMA0G
CSqGSIb3DQEBCwUAA4IBAQAfHAHLknwkiDkAzprgS/T6lxSMyaC/Gips1dd7iLey
STVJ9ROgHpc+U6RYFbbZ/JIHjCV3A+8gMKn7a6VokYaafzo66FbLEsfndyD/ihM8
XCqBUUg8gEteXZDalo0+50R9PjAQhi5e9DmRk79/Ee1IyLs0BtXHKoox09Aaukkh
ujSoGq7Wl6pKTblY9VrDyDD/fv1sXXe+hHodjK2OsjRaT7z2c2XlgkFHdP79lIle
wNBdGbW5wcFgvp3vwD6swqn/p4IOiWmiE7zGjx/rvCB4hvf7upZjKnqYvyW+pwKY
TP0iYW8Fm622EsWzi+9yZmuJcCOnYp9fyTxsMUGdIltU
-----END CERTIFICATE-----