Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/9qUksCC19xFM4cqA4SS6OuUeBXc.roa
File:                     9qUksCC19xFM4cqA4SS6OuUeBXc.roa (raw, json)
Hash identifier:          9ly3m47RoKGGUEzIEJnvCrU2ZhNpsi1iX/hROadWTIE=
Subject key identifier:   F6:A5:24:B0:20:B5:F7:11:4C:E1:CA:80:E1:24:BA:3A:E5:1E:05:77
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       0192A0571E3736AF870835AB8DD0DFDEBC8F
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/9qUksCC19xFM4cqA4SS6OuUeBXc.roa
Signing time:             Fri 18 Oct 2024 15:55:16 +0000
ROA not before:           Fri 18 Oct 2024 15:55:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214134
IP address blocks:        77.111.111.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:a0:57:1e:37:36:af:87:08:35:ab:8d:d0:df:de:bc:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: Oct 18 15:55:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f6a524b020b5f7114ce1ca80e124ba3ae51e0577
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:bc:5d:76:22:fc:6f:f4:98:7b:d7:c2:b4:f1:
                    e7:05:01:20:24:ad:2c:2c:43:5f:10:99:03:4c:56:
                    c8:79:8e:d2:a7:86:78:a7:04:1f:55:71:6e:57:a4:
                    10:b5:81:ce:0f:6d:4e:92:a1:8b:06:d2:cd:d3:f8:
                    7c:14:94:81:4b:66:23:9f:0e:2f:4a:74:3b:d9:96:
                    1d:1f:77:73:ff:5b:2c:ef:70:a0:cf:b0:3b:8a:e3:
                    e7:32:b4:60:13:96:87:2c:56:53:49:d7:d5:62:5b:
                    67:f9:6b:18:e5:cf:79:b7:51:26:09:19:22:f6:d0:
                    74:a5:01:db:df:a0:76:6f:3b:d4:68:f3:d2:b1:ed:
                    73:96:4e:62:6b:69:a2:bb:69:85:4e:bd:e7:6b:c7:
                    3b:e8:40:ee:37:e7:c1:1b:fa:a1:9b:36:40:3a:71:
                    03:ff:ff:d9:a7:6a:2c:a3:6d:6a:3d:1b:45:00:ab:
                    94:07:af:08:c7:d0:9f:3a:6a:5b:f3:35:7b:b7:4f:
                    46:01:c0:e6:b1:c8:d4:b4:30:c6:0b:96:a7:59:db:
                    3a:97:ac:02:ab:bf:bb:f5:fc:97:b6:b1:a3:a7:88:
                    33:3f:68:06:74:5b:29:bd:35:9d:23:a1:d5:7d:f4:
                    a2:b1:42:62:56:6e:06:27:bc:e7:87:00:09:ea:8f:
                    09:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:A5:24:B0:20:B5:F7:11:4C:E1:CA:80:E1:24:BA:3A:E5:1E:05:77
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/9qUksCC19xFM4cqA4SS6OuUeBXc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.111.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:b0:19:ef:47:c2:33:a4:41:7e:36:a7:39:5c:8f:3b:14:86:
         77:29:d3:76:da:bd:f6:9a:54:bb:ad:fa:48:37:75:8f:95:57:
         86:89:50:c5:e3:c3:4d:af:00:2f:a8:81:21:a6:9c:ad:29:ed:
         8c:55:9b:09:2a:31:ea:3e:98:00:d2:6e:ff:56:21:77:1c:c8:
         79:95:3f:c1:7d:e3:88:cb:82:43:85:1b:95:37:e9:41:7c:48:
         7f:89:61:61:2d:56:db:37:c0:7a:06:46:dd:96:45:14:71:76:
         f3:83:8d:a4:0f:6a:fb:ef:2c:71:c7:38:8e:e1:08:4f:93:77:
         fe:24:d0:07:f0:29:7b:c1:21:5a:74:f5:52:19:c4:73:c3:51:
         63:bf:fe:5c:3a:0e:0a:76:24:b8:a3:b3:40:ab:c1:0e:9c:31:
         a1:73:94:96:28:bc:7b:80:d7:90:f1:50:99:4f:66:ec:ce:c6:
         bf:cb:2d:32:c7:92:b9:c5:c4:eb:ba:1a:ca:b0:67:e6:ac:5f:
         d4:70:1d:f0:04:a3:88:f3:ae:f7:78:73:c4:2e:8c:78:1f:da:
         69:15:f2:66:87:a9:2f:bd:b9:d7:47:3c:3d:e9:af:3b:82:de:
         ff:20:93:40:2c:57:bc:e9:ef:f8:95:cf:91:03:cc:91:51:70:
         17:0b:65:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKgVx43Nq+HCDWrjdDf3ryPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjQxMDE4MTU1NTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNmE1MjRiMDIwYjVmNzExNGNlMWNhODBlMTI0YmEzYWU1MWUwNTc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg7xddiL8b/SYe9fCtPHnBQEgJK0s
LENfEJkDTFbIeY7Sp4Z4pwQfVXFuV6QQtYHOD21OkqGLBtLN0/h8FJSBS2Yjnw4v
SnQ72ZYdH3dz/1ss73Cgz7A7iuPnMrRgE5aHLFZTSdfVYltn+WsY5c95t1EmCRki
9tB0pQHb36B2bzvUaPPSse1zlk5ia2miu2mFTr3na8c76EDuN+fBG/qhmzZAOnED
///Zp2oso21qPRtFAKuUB68Ix9CfOmpb8zV7t09GAcDmscjUtDDGC5anWds6l6wC
q7+79fyXtrGjp4gzP2gGdFspvTWdI6HVffSisUJiVm4GJ7znhwAJ6o8JwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPalJLAgtfcRTOHKgOEkujrlHgV3MB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvOXFVa3NDQzE5eEZNNGNxQTRTUzZPdVVlQlhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATW9vMA0G
CSqGSIb3DQEBCwUAA4IBAQCusBnvR8IzpEF+Nqc5XI87FIZ3KdN22r32mlS7rfpI
N3WPlVeGiVDF48NNrwAvqIEhppytKe2MVZsJKjHqPpgA0m7/ViF3HMh5lT/BfeOI
y4JDhRuVN+lBfEh/iWFhLVbbN8B6BkbdlkUUcXbzg42kD2r77yxxxziO4QhPk3f+
JNAH8Cl7wSFadPVSGcRzw1Fjv/5cOg4KdiS4o7NAq8EOnDGhc5SWKLx7gNeQ8VCZ
T2bszsa/yy0yx5K5xcTruhrKsGfmrF/UcB3wBKOI8673eHPELox4H9ppFfJmh6kv
vbnXRzw96a87gt7/IJNALFe86e/4lc+RA8yRUXAXC2XE
-----END CERTIFICATE-----