Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/0e2744-f646-4429-a25a-ff68517770e4/1/QZFqMpUTlcgeboKANl58QufnsKQ.roa
File:                     QZFqMpUTlcgeboKANl58QufnsKQ.roa (raw, json)
Hash identifier:          NRvFYfoNhNqi7BWM2zeDShfUo2m9RhNxfQeL6DGdAxA=
Subject key identifier:   41:91:6A:32:95:13:95:C8:1E:6E:82:80:36:5E:7C:42:E7:E7:B0:A4
Certificate issuer:       /CN=07afdcd5e97ac1c102479c954d5f922b126cbc14
Certificate serial:       019440AB5C37A023A6F291378B136770B674
Authority key identifier: 07:AF:DC:D5:E9:7A:C1:C1:02:47:9C:95:4D:5F:92:2B:12:6C:BC:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B6_c1el6wcECR5yVTV-SKxJsvBQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/0e2744-f646-4429-a25a-ff68517770e4/1/QZFqMpUTlcgeboKANl58QufnsKQ.roa
Signing time:             Tue 07 Jan 2025 12:09:19 +0000
ROA not before:           Tue 07 Jan 2025 12:09:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216125
IP address blocks:        77.237.64.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/0e2744-f646-4429-a25a-ff68517770e4/1/B6_c1el6wcECR5yVTV-SKxJsvBQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/0e2744-f646-4429-a25a-ff68517770e4/1/B6_c1el6wcECR5yVTV-SKxJsvBQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B6_c1el6wcECR5yVTV-SKxJsvBQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 10 Mar 2025 14:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:40:ab:5c:37:a0:23:a6:f2:91:37:8b:13:67:70:b6:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07afdcd5e97ac1c102479c954d5f922b126cbc14
        Validity
            Not Before: Jan  7 12:09:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=41916a32951395c81e6e8280365e7c42e7e7b0a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:9d:7c:fb:60:97:37:f8:c5:e8:c7:f2:7d:66:
                    0b:79:80:44:a6:50:3c:d1:10:ea:1b:6b:a2:2c:fc:
                    5f:ed:f4:66:e7:57:c6:12:5f:ec:57:fd:bd:3e:e3:
                    28:9e:08:4f:95:12:df:13:93:17:25:ee:ad:fb:55:
                    16:90:cc:77:04:6a:72:f9:f6:5c:26:da:b4:e9:0b:
                    fa:23:98:58:ea:3d:7d:66:ee:8d:ee:25:73:1a:93:
                    2e:2f:9b:76:9a:56:90:f4:75:f1:7e:84:14:b3:f2:
                    eb:01:77:b8:10:35:36:38:a6:88:f1:c8:2b:a8:4e:
                    09:1d:27:66:63:7e:d2:fc:c2:ba:cd:a1:73:5c:78:
                    2d:30:54:b7:9a:ca:3d:c9:2f:59:76:19:3d:cd:e3:
                    17:bf:a0:4e:7e:4f:63:f0:be:63:84:59:0f:90:f1:
                    6a:af:77:8a:9a:1b:1c:1a:7d:29:3f:1c:32:d3:fd:
                    cd:56:ee:5b:11:7c:8f:ea:f8:73:6e:c4:e0:ee:db:
                    27:29:24:32:e3:5a:61:99:0c:03:a0:74:9a:4c:9c:
                    9c:f2:ce:e7:48:50:5a:1f:e1:d8:0d:10:70:82:7b:
                    48:94:f0:52:bc:d3:32:d1:db:08:a4:78:85:ae:91:
                    a1:6e:3c:eb:46:76:76:d3:3c:74:08:ab:5d:1a:c9:
                    62:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:91:6A:32:95:13:95:C8:1E:6E:82:80:36:5E:7C:42:E7:E7:B0:A4
            X509v3 Authority Key Identifier:
                keyid:07:AF:DC:D5:E9:7A:C1:C1:02:47:9C:95:4D:5F:92:2B:12:6C:BC:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B6_c1el6wcECR5yVTV-SKxJsvBQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/0e2744-f646-4429-a25a-ff68517770e4/1/QZFqMpUTlcgeboKANl58QufnsKQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/0e2744-f646-4429-a25a-ff68517770e4/1/B6_c1el6wcECR5yVTV-SKxJsvBQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.237.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:3b:60:6c:02:6e:a2:82:ad:30:0c:10:b5:ca:b7:d1:5e:7c:
         7c:d7:ef:ab:55:2b:c5:80:1f:df:be:9a:17:ae:6d:ab:d9:e6:
         bf:f5:00:74:54:24:30:2e:78:bd:be:d8:b2:02:08:bf:21:31:
         f1:5f:7f:70:1f:f2:b2:1d:7f:67:ce:26:c1:47:9d:72:d0:30:
         de:ed:12:67:3b:44:8f:e1:8b:4f:6f:5c:cb:04:54:16:a7:55:
         55:3c:98:7e:09:ca:1f:0e:d8:7c:b6:bc:e6:d8:b8:55:f6:8b:
         0d:4a:c2:55:5b:a7:45:64:d7:af:74:57:51:7c:b9:d4:a0:9e:
         1e:15:cb:c7:26:3f:df:35:5e:aa:bd:77:a9:11:e1:c2:ad:17:
         6e:3e:b4:9f:5d:cb:00:66:3a:3d:22:e0:48:f0:d7:58:c0:e7:
         dc:18:1a:0d:e1:70:44:73:05:70:f9:d8:af:89:d2:70:02:c2:
         bd:71:17:4f:5d:81:af:d3:37:7f:79:9e:27:99:69:82:04:03:
         4f:89:fa:79:6e:e5:70:d5:8b:ba:ca:88:88:e0:e2:c8:be:7d:
         1a:a8:eb:63:01:43:f3:09:d6:e1:b8:d0:13:7e:1a:ca:7e:22:
         68:40:80:ec:93:42:11:06:08:ad:0a:b6:07:26:12:62:f0:5a:
         ea:e2:ac:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRAq1w3oCOm8pE3ixNncLZ0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3YWZkY2Q1ZTk3YWMxYzEwMjQ3OWM5NTRkNWY5MjJiMTI2
Y2JjMTQwHhcNMjUwMTA3MTIwOTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTkxNmEzMjk1MTM5NWM4MWU2ZTgyODAzNjVlN2M0MmU3ZTdiMGE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp518+2CXN/jF6MfyfWYLeYBEplA8
0RDqG2uiLPxf7fRm51fGEl/sV/29PuMonghPlRLfE5MXJe6t+1UWkMx3BGpy+fZc
Jtq06Qv6I5hY6j19Zu6N7iVzGpMuL5t2mlaQ9HXxfoQUs/LrAXe4EDU2OKaI8cgr
qE4JHSdmY37S/MK6zaFzXHgtMFS3mso9yS9Zdhk9zeMXv6BOfk9j8L5jhFkPkPFq
r3eKmhscGn0pPxwy0/3NVu5bEXyP6vhzbsTg7tsnKSQy41phmQwDoHSaTJyc8s7n
SFBaH+HYDRBwgntIlPBSvNMy0dsIpHiFrpGhbjzrRnZ20zx0CKtdGslibQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEGRajKVE5XIHm6CgDZefELn57CkMB8GA1UdIwQY
MBaAFAev3NXpesHBAkeclU1fkisSbLwUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQjZfYzFlbDZ3Y0VDUjV5VlRWLVNLeEpzdkJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy8wZTI3NDQtZjY0Ni00NDI5LWEyNWEt
ZmY2ODUxNzc3MGU0LzEvUVpGcU1wVVRsY2dlYm9LQU5sNThRdWZuc0tRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy8wZTI3NDQtZjY0Ni00NDI5LWEyNWEtZmY2ODUxNzc3MGU0
LzEvQjZfYzFlbDZ3Y0VDUjV5VlRWLVNLeEpzdkJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATe1AMA0G
CSqGSIb3DQEBCwUAA4IBAQB4O2BsAm6igq0wDBC1yrfRXnx81++rVSvFgB/fvpoX
rm2r2ea/9QB0VCQwLni9vtiyAgi/ITHxX39wH/KyHX9nzibBR51y0DDe7RJnO0SP
4YtPb1zLBFQWp1VVPJh+CcofDth8trzm2LhV9osNSsJVW6dFZNevdFdRfLnUoJ4e
FcvHJj/fNV6qvXepEeHCrRduPrSfXcsAZjo9IuBI8NdYwOfcGBoN4XBEcwVw+div
idJwAsK9cRdPXYGv0zd/eZ4nmWmCBANPifp5buVw1Yu6yoiI4OLIvn0aqOtjAUPz
CdbhuNATfhrKfiJoQIDsk0IRBgitCrYHJhJi8Frq4qwm
-----END CERTIFICATE-----