Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/c52293-0678-4b42-8ae0-4891653eeb67/1/SQ1aWAb5msrQOCUGwIYnnPEG4lU.roa
File:                     SQ1aWAb5msrQOCUGwIYnnPEG4lU.roa (raw, json)
Hash identifier:          lhQ2F1aZ5QupFrD0wXHOh4y8Sjk5TPzopDlWFCaavuc=
Subject key identifier:   49:0D:5A:58:06:F9:9A:CA:D0:38:25:06:C0:86:27:9C:F1:06:E2:55
Certificate issuer:       /CN=e78ba5d98d48cebd5ad04c08bf09082b12a7e3ab
Certificate serial:       018CC3B7326E5E321F715BBB6D832218C553
Authority key identifier: E7:8B:A5:D9:8D:48:CE:BD:5A:D0:4C:08:BF:09:08:2B:12:A7:E3:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/54ul2Y1Izr1a0EwIvwkIKxKn46s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/c52293-0678-4b42-8ae0-4891653eeb67/1/SQ1aWAb5msrQOCUGwIYnnPEG4lU.roa
Signing time:             Mon 01 Jan 2024 06:30:12 +0000
ROA not before:           Mon 01 Jan 2024 06:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        77.81.0.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/c52293-0678-4b42-8ae0-4891653eeb67/1/54ul2Y1Izr1a0EwIvwkIKxKn46s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/c52293-0678-4b42-8ae0-4891653eeb67/1/54ul2Y1Izr1a0EwIvwkIKxKn46s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/54ul2Y1Izr1a0EwIvwkIKxKn46s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 12:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:32:6e:5e:32:1f:71:5b:bb:6d:83:22:18:c5:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e78ba5d98d48cebd5ad04c08bf09082b12a7e3ab
        Validity
            Not Before: Jan  1 06:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=490d5a5806f99acad0382506c086279cf106e255
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:57:36:24:c7:b9:95:89:d4:1f:30:3b:28:b0:
                    c3:b9:bd:23:54:7f:5f:bf:28:06:51:aa:05:2c:e6:
                    a0:d5:0e:f9:2d:1f:77:85:b2:90:0e:75:d1:f3:e1:
                    96:21:b9:14:35:fb:73:6b:9e:68:67:c9:41:49:2d:
                    9c:ed:0d:a7:69:d2:1d:8e:7d:7f:44:da:27:cb:28:
                    63:94:43:ea:92:93:46:9d:56:5b:ce:34:28:27:9d:
                    4c:f4:b4:e6:38:12:32:47:ed:a5:72:bf:6a:c1:4c:
                    a7:d5:69:e4:7c:0f:73:b4:4e:52:fb:68:ee:eb:d6:
                    30:4d:78:0f:73:16:a7:b7:5e:c1:bb:ad:37:d1:9f:
                    40:35:af:c0:a3:a3:0d:2a:57:e7:df:05:bd:fe:62:
                    1e:5d:f5:e8:45:da:3c:fe:4f:ee:21:29:94:e7:8d:
                    1f:c9:b4:e0:15:9e:25:4b:25:38:6a:c4:75:46:03:
                    d9:f0:9f:ae:fd:49:9e:b0:f2:d7:b8:b3:98:27:38:
                    af:a4:0f:c1:3a:66:5f:1e:95:26:d6:e5:d7:a3:a3:
                    b0:89:5a:83:97:bf:e7:51:d6:52:99:79:1e:a0:52:
                    43:5a:c2:04:18:a1:0d:e1:f4:73:a3:22:fd:7a:78:
                    87:6b:d3:e7:32:d1:cb:41:ca:e9:e6:f2:ab:f0:66:
                    64:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:0D:5A:58:06:F9:9A:CA:D0:38:25:06:C0:86:27:9C:F1:06:E2:55
            X509v3 Authority Key Identifier:
                keyid:E7:8B:A5:D9:8D:48:CE:BD:5A:D0:4C:08:BF:09:08:2B:12:A7:E3:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/54ul2Y1Izr1a0EwIvwkIKxKn46s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/c52293-0678-4b42-8ae0-4891653eeb67/1/SQ1aWAb5msrQOCUGwIYnnPEG4lU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/c52293-0678-4b42-8ae0-4891653eeb67/1/54ul2Y1Izr1a0EwIvwkIKxKn46s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.81.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:fe:06:4e:e5:25:b1:6a:ee:5d:26:84:76:ba:c8:aa:1b:6a:
         cc:a5:15:27:07:b1:15:e3:c1:7a:00:64:ae:15:13:11:6c:29:
         76:52:96:3a:a7:d0:2b:b3:06:20:54:70:73:55:65:fd:2c:0d:
         e7:e3:99:10:3c:82:c2:5b:ba:04:4b:53:cd:71:8a:a7:8b:51:
         5b:07:1a:38:0a:24:7f:16:76:17:0b:a1:54:63:1f:ba:9b:e8:
         6f:3b:23:c2:ba:29:10:ca:58:60:28:c2:31:cd:b0:7e:71:dd:
         55:f9:3f:97:1b:9f:9e:8e:09:11:56:68:be:e4:d3:74:e5:f2:
         8a:49:58:89:0a:43:d8:7d:9a:18:1c:a7:87:83:40:bf:06:1e:
         dd:2b:3f:e1:18:d9:46:c2:60:d2:3f:04:78:61:b4:8c:be:99:
         bd:99:6c:45:3b:6e:3d:91:2c:67:87:44:6e:74:e4:bd:94:0a:
         16:4f:7e:f7:96:8b:a0:a8:e8:35:48:0d:52:ca:26:e7:f1:74:
         a7:dc:74:4d:64:1f:3c:0d:b1:c0:44:a1:06:35:c7:95:ae:09:
         5b:8a:1c:ab:2e:5e:77:2f:71:86:ea:74:be:b0:c3:3b:5a:49:
         64:62:81:8c:23:86:80:01:a9:df:4f:f5:21:bf:3c:7a:f4:1b:
         4b:d2:61:f2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtzJuXjIfcVu7bYMiGMVTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3OGJhNWQ5OGQ0OGNlYmQ1YWQwNGMwOGJmMDkwODJiMTJh
N2UzYWIwHhcNMjQwMTAxMDYzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTBkNWE1ODA2Zjk5YWNhZDAzODI1MDZjMDg2Mjc5Y2YxMDZlMjU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAglc2JMe5lYnUHzA7KLDDub0jVH9f
vygGUaoFLOag1Q75LR93hbKQDnXR8+GWIbkUNftza55oZ8lBSS2c7Q2nadIdjn1/
RNonyyhjlEPqkpNGnVZbzjQoJ51M9LTmOBIyR+2lcr9qwUyn1WnkfA9ztE5S+2ju
69YwTXgPcxant17Bu6030Z9ANa/Ao6MNKlfn3wW9/mIeXfXoRdo8/k/uISmU540f
ybTgFZ4lSyU4asR1RgPZ8J+u/UmesPLXuLOYJzivpA/BOmZfHpUm1uXXo6OwiVqD
l7/nUdZSmXkeoFJDWsIEGKEN4fRzoyL9eniHa9PnMtHLQcrp5vKr8GZkowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEkNWlgG+ZrK0DglBsCGJ5zxBuJVMB8GA1UdIwQY
MBaAFOeLpdmNSM69WtBMCL8JCCsSp+OrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTR1bDJZMUl6cjFhMEV3SXZ3a0lLeEtuNDZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC9jNTIyOTMtMDY3OC00YjQyLThhZTAt
NDg5MTY1M2VlYjY3LzEvU1ExYVdBYjVtc3JRT0NVR3dJWW5uUEVHNGxVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC9jNTIyOTMtMDY3OC00YjQyLThhZTAtNDg5MTY1M2VlYjY3
LzEvNTR1bDJZMUl6cjFhMEV3SXZ3a0lLeEtuNDZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVEAMA0G
CSqGSIb3DQEBCwUAA4IBAQBT/gZO5SWxau5dJoR2usiqG2rMpRUnB7EV48F6AGSu
FRMRbCl2UpY6p9ArswYgVHBzVWX9LA3n45kQPILCW7oES1PNcYqni1FbBxo4CiR/
FnYXC6FUYx+6m+hvOyPCuikQylhgKMIxzbB+cd1V+T+XG5+ejgkRVmi+5NN05fKK
SViJCkPYfZoYHKeHg0C/Bh7dKz/hGNlGwmDSPwR4YbSMvpm9mWxFO249kSxnh0Ru
dOS9lAoWT373lougqOg1SA1Syibn8XSn3HRNZB88DbHARKEGNceVrglbihyrLl53
L3GG6nS+sMM7WklkYoGMI4aAAanfT/Uhvzx69BtL0mHy
-----END CERTIFICATE-----