Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/f8314e-a3bc-45e9-a9f5-4c98d9a51405/1/kXFsWv63EX5LzlpEXl1PFUMjMlU.roa
File:                     kXFsWv63EX5LzlpEXl1PFUMjMlU.roa (raw, json)
Hash identifier:          55+NcYoCAfsxn/1QTku+M6mFFv7l9njuKzUccasgI84=
Subject key identifier:   91:71:6C:5A:FE:B7:11:7E:4B:CE:5A:44:5E:5D:4F:15:43:23:32:55
Certificate issuer:       /CN=c441738baab988b1d68693bb05e29bfbb4f0f671
Certificate serial:       0194252136AE939CE2470189266F415CABAA
Authority key identifier: C4:41:73:8B:AA:B9:88:B1:D6:86:93:BB:05:E2:9B:FB:B4:F0:F6:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xEFzi6q5iLHWhpO7BeKb-7Tw9nE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/f8314e-a3bc-45e9-a9f5-4c98d9a51405/1/kXFsWv63EX5LzlpEXl1PFUMjMlU.roa
Signing time:             Thu 02 Jan 2025 03:48:41 +0000
ROA not before:           Thu 02 Jan 2025 03:48:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8540
IP address blocks:        77.220.109.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/f8314e-a3bc-45e9-a9f5-4c98d9a51405/1/xEFzi6q5iLHWhpO7BeKb-7Tw9nE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/f8314e-a3bc-45e9-a9f5-4c98d9a51405/1/xEFzi6q5iLHWhpO7BeKb-7Tw9nE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xEFzi6q5iLHWhpO7BeKb-7Tw9nE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 12:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:36:ae:93:9c:e2:47:01:89:26:6f:41:5c:ab:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c441738baab988b1d68693bb05e29bfbb4f0f671
        Validity
            Not Before: Jan  2 03:48:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=91716c5afeb7117e4bce5a445e5d4f1543233255
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:22:6d:65:18:6e:64:8b:c9:13:1a:3b:ad:da:
                    97:ee:9a:8e:4e:8d:9f:09:75:65:a1:2e:ca:f7:0c:
                    24:84:02:04:a3:dd:86:49:8f:e8:4b:c0:15:e6:46:
                    72:d0:3e:66:9d:37:48:3c:a5:e0:e6:e9:b1:1b:f9:
                    e4:af:c5:cc:b0:cc:75:99:85:aa:da:f6:b0:01:5c:
                    ae:55:94:58:18:b9:fc:7b:c7:4d:e7:6a:7b:36:2d:
                    4d:38:7b:72:b3:c7:a8:a4:3d:52:a5:7e:ec:f7:64:
                    3a:4a:13:43:bf:3c:fa:fe:cf:14:2c:c0:dc:02:6d:
                    a5:d3:72:cf:58:5e:80:0d:e1:41:4d:13:3d:c9:df:
                    c2:12:25:d0:5c:4a:13:de:39:1c:66:0b:b6:f6:b8:
                    7f:f8:05:de:ca:5f:13:0c:d6:bf:49:e3:d6:73:33:
                    28:78:3f:49:ca:85:48:ce:75:41:be:48:ee:06:14:
                    2e:14:2d:ba:36:47:dd:ea:36:ab:78:87:5c:5a:ad:
                    00:a5:8d:bd:c4:44:1b:0c:af:3a:4c:8b:63:2d:c2:
                    58:48:d7:e9:66:e5:97:9e:46:77:18:6a:05:7b:8b:
                    56:d2:4e:8e:b3:2a:9d:89:aa:be:f4:96:c1:cd:75:
                    db:de:fc:9b:f8:2c:6a:c4:d8:1b:6c:65:5b:65:93:
                    b9:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:71:6C:5A:FE:B7:11:7E:4B:CE:5A:44:5E:5D:4F:15:43:23:32:55
            X509v3 Authority Key Identifier:
                keyid:C4:41:73:8B:AA:B9:88:B1:D6:86:93:BB:05:E2:9B:FB:B4:F0:F6:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xEFzi6q5iLHWhpO7BeKb-7Tw9nE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/f8314e-a3bc-45e9-a9f5-4c98d9a51405/1/kXFsWv63EX5LzlpEXl1PFUMjMlU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/f8314e-a3bc-45e9-a9f5-4c98d9a51405/1/xEFzi6q5iLHWhpO7BeKb-7Tw9nE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.220.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:c5:1f:27:99:11:8f:a6:21:49:db:11:fe:26:a8:80:f1:fd:
         7f:29:df:5e:85:6f:dd:e8:61:5b:af:d4:91:c5:d3:47:68:19:
         a7:5e:df:d9:a6:ce:71:b9:13:f6:46:9e:f1:3e:84:ab:9d:9e:
         c5:01:1c:27:fa:93:8c:84:34:f6:b5:d9:a3:9f:47:91:ef:1e:
         bf:12:7b:7a:54:b7:27:4c:9a:60:9a:81:c4:21:a9:c0:e7:91:
         a2:2a:a9:eb:9c:89:d5:9f:03:a4:a4:af:86:58:9e:ad:58:0c:
         70:23:91:fc:7b:93:99:71:b7:19:eb:97:de:d8:aa:ee:9e:a3:
         4e:23:8a:a3:fe:e6:ee:0d:1b:1d:c9:db:71:53:46:77:38:ff:
         b6:aa:66:5d:2a:0d:f8:08:80:f2:8e:98:9a:af:e1:73:32:4c:
         f8:8d:50:f2:af:2f:f7:e3:00:6e:ea:f0:3b:6f:43:60:88:08:
         76:e6:f6:90:e7:64:76:d1:db:ba:97:03:0e:05:03:c7:e8:ea:
         94:b9:24:74:b1:36:06:5f:df:f3:63:b0:92:27:f0:df:f7:7a:
         d0:7e:4b:ac:d1:90:2b:85:58:f3:e4:9a:64:04:c5:e2:22:3c:
         9f:5f:98:2e:2b:3b:14:9a:02:c6:dd:e5:10:3e:e9:ca:0c:8c:
         a0:4b:5a:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlITauk5ziRwGJJm9BXKuqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0NDE3MzhiYWFiOTg4YjFkNjg2OTNiYjA1ZTI5YmZiYjRm
MGY2NzEwHhcNMjUwMTAyMDM0ODQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTcxNmM1YWZlYjcxMTdlNGJjZTVhNDQ1ZTVkNGYxNTQzMjMzMjU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8CJtZRhuZIvJExo7rdqX7pqOTo2f
CXVloS7K9wwkhAIEo92GSY/oS8AV5kZy0D5mnTdIPKXg5umxG/nkr8XMsMx1mYWq
2vawAVyuVZRYGLn8e8dN52p7Ni1NOHtys8eopD1SpX7s92Q6ShNDvzz6/s8ULMDc
Am2l03LPWF6ADeFBTRM9yd/CEiXQXEoT3jkcZgu29rh/+AXeyl8TDNa/SePWczMo
eD9JyoVIznVBvkjuBhQuFC26Nkfd6jareIdcWq0ApY29xEQbDK86TItjLcJYSNfp
ZuWXnkZ3GGoFe4tW0k6Osyqdiaq+9JbBzXXb3vyb+CxqxNgbbGVbZZO5ZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJFxbFr+txF+S85aRF5dTxVDIzJVMB8GA1UdIwQY
MBaAFMRBc4uquYix1oaTuwXim/u08PZxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveEVGemk2cTVpTEhXaHBPN0JlS2ItN1R3OW5FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My9mODMxNGUtYTNiYy00NWU5LWE5ZjUt
NGM5OGQ5YTUxNDA1LzEva1hGc1d2NjNFWDVMemxwRVhsMVBGVU1qTWxVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My9mODMxNGUtYTNiYy00NWU5LWE5ZjUtNGM5OGQ5YTUxNDA1
LzEveEVGemk2cTVpTEhXaHBPN0JlS2ItN1R3OW5FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATdxtMA0G
CSqGSIb3DQEBCwUAA4IBAQBYxR8nmRGPpiFJ2xH+JqiA8f1/Kd9ehW/d6GFbr9SR
xdNHaBmnXt/Zps5xuRP2Rp7xPoSrnZ7FARwn+pOMhDT2tdmjn0eR7x6/Ent6VLcn
TJpgmoHEIanA55GiKqnrnInVnwOkpK+GWJ6tWAxwI5H8e5OZcbcZ65fe2KrunqNO
I4qj/ubuDRsdydtxU0Z3OP+2qmZdKg34CIDyjpiar+FzMkz4jVDyry/34wBu6vA7
b0NgiAh25vaQ52R20du6lwMOBQPH6OqUuSR0sTYGX9/zY7CSJ/Df93rQfkus0ZAr
hVjz5JpkBMXiIjyfX5guKzsUmgLG3eUQPunKDIygS1qG
-----END CERTIFICATE-----