Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/b862d3-6844-46f7-bd98-83bc797278e2/1/Lq77aAwST8RILyM-oL6rNeFnjCE.roa
File:                     Lq77aAwST8RILyM-oL6rNeFnjCE.roa (raw, json)
Hash identifier:          Loe+ahaVydEMf0Ago+iaNs6AzxcPRts/E2zKD5WoQYs=
Subject key identifier:   2E:AE:FB:68:0C:12:4F:C4:48:2F:23:3E:A0:BE:AB:35:E1:67:8C:21
Certificate issuer:       /CN=f3b2805d8776eedeb7aa4cbe5af568cdb2629fc2
Certificate serial:       01970B2FDAC0DE9DC42C5B2A0506ADE8F0A0
Authority key identifier: F3:B2:80:5D:87:76:EE:DE:B7:AA:4C:BE:5A:F5:68:CD:B2:62:9F:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/87KAXYd27t63qky-WvVozbJin8I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/b862d3-6844-46f7-bd98-83bc797278e2/1/Lq77aAwST8RILyM-oL6rNeFnjCE.roa
Signing time:             Mon 26 May 2025 06:02:54 +0000
ROA not before:           Mon 26 May 2025 06:02:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212669
IP address blocks:        45.9.124.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/b862d3-6844-46f7-bd98-83bc797278e2/1/87KAXYd27t63qky-WvVozbJin8I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/b862d3-6844-46f7-bd98-83bc797278e2/1/87KAXYd27t63qky-WvVozbJin8I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/87KAXYd27t63qky-WvVozbJin8I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 12:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:0b:2f:da:c0:de:9d:c4:2c:5b:2a:05:06:ad:e8:f0:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f3b2805d8776eedeb7aa4cbe5af568cdb2629fc2
        Validity
            Not Before: May 26 06:02:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2eaefb680c124fc4482f233ea0beab35e1678c21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:91:88:a2:a8:2e:3e:4b:fb:10:a0:0d:03:65:
                    33:6c:1f:d8:08:7e:a4:f1:ab:19:2d:75:4c:54:1b:
                    11:78:b4:d7:0a:95:d7:cd:43:fe:0f:07:cc:6e:20:
                    4f:60:b8:f3:cc:3e:87:a1:76:95:13:6b:8d:73:f4:
                    2c:eb:98:0b:0a:4a:0b:86:70:2d:14:d5:71:02:dc:
                    7a:36:64:bc:36:fa:9d:eb:de:d0:55:65:b2:58:4d:
                    1e:fa:93:35:24:7b:c4:13:d4:28:67:4e:91:04:fa:
                    db:c6:44:97:7c:45:ee:ea:d1:cd:a1:94:49:ef:0b:
                    f1:52:94:96:bb:83:3a:aa:85:14:d7:a1:da:41:f7:
                    d9:4b:3f:fc:62:ac:30:6c:d7:a8:06:e2:c9:bf:1e:
                    70:fa:6d:20:0d:1a:5f:9b:b9:d0:5d:74:0d:cd:45:
                    c4:1c:e6:3f:df:c6:c6:07:c9:a5:8c:2a:61:bb:39:
                    44:ec:be:be:af:0c:7b:f5:57:e2:e3:e7:cc:f9:b8:
                    9d:62:8b:33:52:3c:6d:8a:48:73:34:7f:c3:d9:dd:
                    a2:3f:7c:29:ec:47:47:8c:31:df:60:5f:b5:b7:22:
                    d9:2e:6b:fd:98:d2:a2:c5:c2:3c:3c:36:0a:de:8c:
                    6a:41:82:43:67:ef:c1:78:bd:16:58:13:84:4d:e4:
                    5a:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:AE:FB:68:0C:12:4F:C4:48:2F:23:3E:A0:BE:AB:35:E1:67:8C:21
            X509v3 Authority Key Identifier:
                keyid:F3:B2:80:5D:87:76:EE:DE:B7:AA:4C:BE:5A:F5:68:CD:B2:62:9F:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/87KAXYd27t63qky-WvVozbJin8I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/b862d3-6844-46f7-bd98-83bc797278e2/1/Lq77aAwST8RILyM-oL6rNeFnjCE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/b862d3-6844-46f7-bd98-83bc797278e2/1/87KAXYd27t63qky-WvVozbJin8I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:7b:a5:ba:a2:ad:ed:7e:c8:ae:94:22:15:8f:f8:79:a8:50:
         2e:f9:4c:e7:16:6e:97:20:c7:31:fd:3d:c7:46:7e:95:42:30:
         07:05:ff:07:66:60:1a:47:ee:8a:1e:9b:36:98:4d:09:c2:39:
         74:36:6c:13:8c:35:72:33:82:c9:71:43:9f:79:bb:b5:ac:47:
         88:5a:45:9b:00:2f:15:68:5a:67:f8:f6:70:81:0f:d6:67:ea:
         b2:f9:80:c4:6c:41:b4:66:84:2a:04:2a:96:94:ee:e7:df:19:
         2a:e5:96:0c:b9:a2:52:18:4b:a8:74:22:97:f2:4d:65:77:8e:
         8d:7b:b3:a8:04:37:b9:45:d9:c9:37:6c:b9:ef:11:47:b5:48:
         e9:e6:9f:33:3d:06:a4:ec:b5:55:c5:39:31:78:c8:fb:15:eb:
         6d:34:f3:39:c1:8c:e2:3c:5f:0f:b4:aa:2a:2d:3b:30:ce:f2:
         eb:d8:aa:4b:04:dd:78:76:7e:a2:17:90:3d:55:ab:45:d3:ad:
         ef:3a:ea:34:e4:21:2d:08:27:23:14:19:41:b1:f0:38:9b:ff:
         3c:2a:d7:c3:2b:9b:f1:04:0b:ae:91:0c:f5:29:bb:49:4f:24:
         de:15:e0:7e:c1:45:3f:9c:b0:62:86:da:0c:31:f9:57:fd:03:
         20:99:fa:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcLL9rA3p3ELFsqBQat6PCgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzYjI4MDVkODc3NmVlZGViN2FhNGNiZTVhZjU2OGNkYjI2
MjlmYzIwHhcNMjUwNTI2MDYwMjU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWFlZmI2ODBjMTI0ZmM0NDgyZjIzM2VhMGJlYWIzNWUxNjc4YzIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA25GIoqguPkv7EKANA2UzbB/YCH6k
8asZLXVMVBsReLTXCpXXzUP+DwfMbiBPYLjzzD6HoXaVE2uNc/Qs65gLCkoLhnAt
FNVxAtx6NmS8Nvqd697QVWWyWE0e+pM1JHvEE9QoZ06RBPrbxkSXfEXu6tHNoZRJ
7wvxUpSWu4M6qoUU16HaQffZSz/8YqwwbNeoBuLJvx5w+m0gDRpfm7nQXXQNzUXE
HOY/38bGB8mljCphuzlE7L6+rwx79Vfi4+fM+bidYoszUjxtikhzNH/D2d2iP3wp
7EdHjDHfYF+1tyLZLmv9mNKixcI8PDYK3oxqQYJDZ+/BeL0WWBOETeRaGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC6u+2gMEk/ESC8jPqC+qzXhZ4whMB8GA1UdIwQY
MBaAFPOygF2Hdu7et6pMvlr1aM2yYp/CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvODdLQVhZZDI3dDYzcWt5LVd2Vm96YkppbjhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC9iODYyZDMtNjg0NC00NmY3LWJkOTgt
ODNiYzc5NzI3OGUyLzEvTHE3N2FBd1NUOFJJTHlNLW9MNnJOZUZuakNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC9iODYyZDMtNjg0NC00NmY3LWJkOTgtODNiYzc5NzI3OGUy
LzEvODdLQVhZZDI3dDYzcWt5LVd2Vm96YkppbjhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQl8MA0G
CSqGSIb3DQEBCwUAA4IBAQBJe6W6oq3tfsiulCIVj/h5qFAu+UznFm6XIMcx/T3H
Rn6VQjAHBf8HZmAaR+6KHps2mE0Jwjl0NmwTjDVyM4LJcUOfebu1rEeIWkWbAC8V
aFpn+PZwgQ/WZ+qy+YDEbEG0ZoQqBCqWlO7n3xkq5ZYMuaJSGEuodCKX8k1ld46N
e7OoBDe5RdnJN2y57xFHtUjp5p8zPQak7LVVxTkxeMj7FettNPM5wYziPF8PtKoq
LTswzvLr2KpLBN14dn6iF5A9VatF063vOuo05CEtCCcjFBlBsfA4m/88KtfDK5vx
BAuukQz1KbtJTyTeFeB+wUU/nLBihtoMMflX/QMgmfqD
-----END CERTIFICATE-----