Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/7c9bb7-268a-4362-bd08-901a373df080/1/q2EHI1QqAri510M2ZcKkjLI2cEU.roa
File:                     q2EHI1QqAri510M2ZcKkjLI2cEU.roa (raw, json)
Hash identifier:          404e8//wzDitUa6OCGaYRBgvvc05hb46lBTtLtVyVk8=
Subject key identifier:   AB:61:07:23:54:2A:02:B8:B9:D7:43:36:65:C2:A4:8C:B2:36:70:45
Certificate issuer:       /CN=e284e3d2f1a21c82bbb3d66f76f0bd9333513c9a
Certificate serial:       019422FBA1CA238249786D8F3DFD7EC73C80
Authority key identifier: E2:84:E3:D2:F1:A2:1C:82:BB:B3:D6:6F:76:F0:BD:93:33:51:3C:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4oTj0vGiHIK7s9ZvdvC9kzNRPJo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/7c9bb7-268a-4362-bd08-901a373df080/1/q2EHI1QqAri510M2ZcKkjLI2cEU.roa
Signing time:             Wed 01 Jan 2025 17:48:23 +0000
ROA not before:           Wed 01 Jan 2025 17:48:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212009
IP address blocks:        45.9.77.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/7c9bb7-268a-4362-bd08-901a373df080/1/4oTj0vGiHIK7s9ZvdvC9kzNRPJo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/7c9bb7-268a-4362-bd08-901a373df080/1/4oTj0vGiHIK7s9ZvdvC9kzNRPJo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4oTj0vGiHIK7s9ZvdvC9kzNRPJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:a1:ca:23:82:49:78:6d:8f:3d:fd:7e:c7:3c:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e284e3d2f1a21c82bbb3d66f76f0bd9333513c9a
        Validity
            Not Before: Jan  1 17:48:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ab610723542a02b8b9d7433665c2a48cb2367045
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:4b:7b:12:51:d7:cb:73:51:03:79:c4:d5:4c:
                    b3:df:36:9c:e6:67:49:1a:25:51:04:82:3f:c6:21:
                    83:ae:67:46:17:ec:74:96:04:62:c6:ee:41:ce:14:
                    27:4e:40:1d:cb:95:be:5b:69:6a:7d:03:d4:34:c4:
                    57:ae:47:63:41:9e:c5:03:88:f6:3b:5c:d2:01:94:
                    39:53:b0:7c:12:4d:d6:20:85:51:cb:5c:c6:fc:27:
                    95:0a:32:0f:37:38:bf:22:ec:fb:71:d2:82:58:28:
                    bd:18:b1:43:ef:93:90:6d:f8:2b:74:d2:4a:95:99:
                    0e:09:d4:78:4c:c6:5c:f1:64:00:00:60:f4:7d:ee:
                    8a:d5:00:3b:8d:f3:54:3c:8a:6a:f2:26:e9:7a:38:
                    d9:12:db:2c:18:76:73:22:11:c4:b6:83:5a:90:ef:
                    90:0f:f0:21:16:65:02:03:be:94:9d:51:8f:38:76:
                    80:0e:bc:23:68:a5:cb:b7:af:93:18:5d:ff:99:02:
                    58:be:c1:97:0d:d4:4d:61:f6:9b:00:b4:8a:b4:11:
                    41:54:1a:0c:0f:3f:a1:9b:aa:17:9c:da:3d:e0:26:
                    d7:38:93:1c:09:6a:c8:4a:21:58:bc:84:e9:08:ba:
                    dd:bc:22:93:cc:be:37:7b:70:db:7b:64:61:9a:d7:
                    15:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:61:07:23:54:2A:02:B8:B9:D7:43:36:65:C2:A4:8C:B2:36:70:45
            X509v3 Authority Key Identifier:
                keyid:E2:84:E3:D2:F1:A2:1C:82:BB:B3:D6:6F:76:F0:BD:93:33:51:3C:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4oTj0vGiHIK7s9ZvdvC9kzNRPJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/7c9bb7-268a-4362-bd08-901a373df080/1/q2EHI1QqAri510M2ZcKkjLI2cEU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/7c9bb7-268a-4362-bd08-901a373df080/1/4oTj0vGiHIK7s9ZvdvC9kzNRPJo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:ef:83:50:7f:20:11:e7:f3:d2:64:a1:45:3a:64:9e:e1:e4:
         3a:3b:9a:20:51:e3:6c:28:fc:47:f8:98:4e:62:8a:ef:f2:ee:
         f5:e8:d5:fe:ea:21:41:e7:71:aa:fa:83:f5:c1:9b:c5:a1:f6:
         78:9a:0f:0e:13:44:17:8e:2f:da:cb:fe:4b:9e:ca:fa:58:65:
         6d:3e:f1:fc:3b:f9:12:36:99:81:9d:cd:9d:2f:8a:5e:b4:b9:
         84:09:8d:8c:be:c9:35:bb:16:b9:46:d7:cd:14:cf:c3:2e:c8:
         f6:8c:fc:a5:0d:22:85:61:ab:d8:30:c8:bb:a2:3f:08:11:b7:
         de:51:9b:ae:ce:f6:2d:cd:ef:8a:ab:a1:cd:83:5b:b3:cb:88:
         5f:55:72:cb:59:a8:3f:d6:07:35:ca:29:72:f9:3c:c8:fa:ec:
         a3:7b:10:23:37:c6:52:0d:ee:94:a9:a9:64:81:c2:4d:44:c4:
         1e:ea:79:20:3d:89:37:80:a0:d3:23:3e:19:98:61:3d:6a:41:
         07:3b:06:2b:01:c5:59:72:09:83:da:8f:2f:79:08:62:c2:e7:
         c0:8e:b4:80:20:94:77:cd:97:60:cd:13:36:f9:66:a0:81:48:
         ca:8a:d6:82:1c:80:77:53:f8:86:74:3b:f3:cc:61:18:60:1a:
         f3:0a:b1:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+6HKI4JJeG2PPf1+xzyAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyODRlM2QyZjFhMjFjODJiYmIzZDY2Zjc2ZjBiZDkzMzM1
MTNjOWEwHhcNMjUwMTAxMTc0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjYxMDcyMzU0MmEwMmI4YjlkNzQzMzY2NWMyYTQ4Y2IyMzY3MDQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsUt7ElHXy3NRA3nE1Uyz3zac5mdJ
GiVRBII/xiGDrmdGF+x0lgRixu5BzhQnTkAdy5W+W2lqfQPUNMRXrkdjQZ7FA4j2
O1zSAZQ5U7B8Ek3WIIVRy1zG/CeVCjIPNzi/Iuz7cdKCWCi9GLFD75OQbfgrdNJK
lZkOCdR4TMZc8WQAAGD0fe6K1QA7jfNUPIpq8ibpejjZEtssGHZzIhHEtoNakO+Q
D/AhFmUCA76UnVGPOHaADrwjaKXLt6+TGF3/mQJYvsGXDdRNYfabALSKtBFBVBoM
Dz+hm6oXnNo94CbXOJMcCWrISiFYvITpCLrdvCKTzL43e3Dbe2RhmtcVjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKthByNUKgK4uddDNmXCpIyyNnBFMB8GA1UdIwQY
MBaAFOKE49LxohyCu7PWb3bwvZMzUTyaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNG9UajB2R2lISUs3czladmR2Qzlrek5SUEpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy83YzliYjctMjY4YS00MzYyLWJkMDgt
OTAxYTM3M2RmMDgwLzEvcTJFSEkxUXFBcmk1MTBNMlpjS2tqTEkyY0VVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy83YzliYjctMjY4YS00MzYyLWJkMDgtOTAxYTM3M2RmMDgw
LzEvNG9UajB2R2lISUs3czladmR2Qzlrek5SUEpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQlNMA0G
CSqGSIb3DQEBCwUAA4IBAQB374NQfyAR5/PSZKFFOmSe4eQ6O5ogUeNsKPxH+JhO
Yorv8u716NX+6iFB53Gq+oP1wZvFofZ4mg8OE0QXji/ay/5Lnsr6WGVtPvH8O/kS
NpmBnc2dL4petLmECY2Mvsk1uxa5RtfNFM/DLsj2jPylDSKFYavYMMi7oj8IEbfe
UZuuzvYtze+Kq6HNg1uzy4hfVXLLWag/1gc1yily+TzI+uyjexAjN8ZSDe6Uqalk
gcJNRMQe6nkgPYk3gKDTIz4ZmGE9akEHOwYrAcVZcgmD2o8veQhiwufAjrSAIJR3
zZdgzRM2+WaggUjKitaCHIB3U/iGdDvzzGEYYBrzCrEu
-----END CERTIFICATE-----