Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3950d4-9d72-4ff0-81de-8b91bc61e7c3/1/qliDDfSLIfyZKuJ9vwyYrHItz_k.roa
File:                     qliDDfSLIfyZKuJ9vwyYrHItz_k.roa (raw, json)
Hash identifier:          D8mFTN20TsuGjGw8I0yHs9/gZXV7jBDiD7YQatfWrpY=
Subject key identifier:   AA:58:83:0D:F4:8B:21:FC:99:2A:E2:7D:BF:0C:98:AC:72:2D:CF:F9
Certificate issuer:       /CN=411952046770f54e8be1fd7d673132265ad70fa8
Certificate serial:       0196424EEC368FDCF4A5167868008C0E04A9
Authority key identifier: 41:19:52:04:67:70:F5:4E:8B:E1:FD:7D:67:31:32:26:5A:D7:0F:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QRlSBGdw9U6L4f19ZzEyJlrXD6g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/3950d4-9d72-4ff0-81de-8b91bc61e7c3/1/qliDDfSLIfyZKuJ9vwyYrHItz_k.roa
Signing time:             Thu 17 Apr 2025 05:53:10 +0000
ROA not before:           Thu 17 Apr 2025 05:53:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205520
IP address blocks:        194.88.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/3950d4-9d72-4ff0-81de-8b91bc61e7c3/1/QRlSBGdw9U6L4f19ZzEyJlrXD6g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/3950d4-9d72-4ff0-81de-8b91bc61e7c3/1/QRlSBGdw9U6L4f19ZzEyJlrXD6g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QRlSBGdw9U6L4f19ZzEyJlrXD6g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:42:4e:ec:36:8f:dc:f4:a5:16:78:68:00:8c:0e:04:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=411952046770f54e8be1fd7d673132265ad70fa8
        Validity
            Not Before: Apr 17 05:53:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aa58830df48b21fc992ae27dbf0c98ac722dcff9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:6d:a8:42:30:e4:35:80:e7:2c:e8:57:57:31:
                    c7:43:6d:93:90:fd:21:64:b0:a0:67:13:50:74:52:
                    24:63:88:d0:97:d7:46:f9:9d:76:50:a3:53:96:92:
                    a0:f2:55:24:37:c6:c6:ac:79:f4:96:d0:06:db:2e:
                    1c:67:7e:05:68:de:fb:55:a4:19:25:05:99:dc:b2:
                    0b:6b:56:14:be:da:67:61:7d:5f:60:5d:06:58:fc:
                    3e:f5:13:4c:9d:4b:5a:e6:46:4d:3b:99:d7:54:34:
                    d0:05:95:0c:4d:a2:06:a1:e3:c3:4b:9b:bc:7d:6c:
                    94:21:fd:9f:a7:79:43:f5:4e:68:eb:29:a3:26:ce:
                    f9:64:48:e3:86:cc:30:d6:fd:bf:88:a9:d2:be:e0:
                    a7:64:93:5b:01:9f:c1:03:be:b8:c9:c2:5a:24:55:
                    6b:0a:95:93:15:88:98:b1:82:d8:e9:5c:69:a1:6e:
                    66:e2:31:4c:ae:26:71:39:c4:7c:c6:24:bc:f7:39:
                    eb:8e:97:33:96:41:da:16:82:1a:8b:b2:a3:2e:1e:
                    d4:3f:08:20:27:a6:c9:03:1f:cb:4f:24:14:f0:3e:
                    18:7a:6a:6a:49:07:7a:c1:cc:a7:67:5f:72:96:b9:
                    fb:a6:aa:64:0e:9b:65:49:cc:87:cc:cf:5a:4c:27:
                    3b:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:58:83:0D:F4:8B:21:FC:99:2A:E2:7D:BF:0C:98:AC:72:2D:CF:F9
            X509v3 Authority Key Identifier:
                keyid:41:19:52:04:67:70:F5:4E:8B:E1:FD:7D:67:31:32:26:5A:D7:0F:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QRlSBGdw9U6L4f19ZzEyJlrXD6g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3950d4-9d72-4ff0-81de-8b91bc61e7c3/1/qliDDfSLIfyZKuJ9vwyYrHItz_k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3950d4-9d72-4ff0-81de-8b91bc61e7c3/1/QRlSBGdw9U6L4f19ZzEyJlrXD6g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.88.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:81:8d:37:3b:8a:13:a8:33:f7:68:58:c3:61:35:a5:5d:6e:
         4d:89:e2:db:de:94:61:fc:d8:40:65:a7:9f:65:42:03:ac:b6:
         46:85:0b:0c:a3:ba:61:31:a8:f1:97:41:1d:44:e4:9b:db:e8:
         66:ac:4f:39:bb:02:0f:65:b2:89:6c:8e:04:05:f4:db:40:87:
         f8:b1:d2:4b:76:eb:4e:9a:8f:71:55:00:c8:bc:10:34:03:b7:
         12:56:3a:f3:0c:27:06:7b:28:d0:fa:87:2b:06:93:32:05:6c:
         2d:ff:e5:10:89:a9:d1:5a:d0:bc:cc:d3:71:33:7f:7b:40:7c:
         26:da:ea:a9:26:7e:6a:0b:e6:94:63:af:84:14:13:27:48:58:
         ae:dd:47:7e:71:46:ef:b6:58:b3:55:03:5b:de:80:52:11:f7:
         cc:19:a6:86:8c:8d:73:04:f6:cd:94:20:94:a3:9e:15:fb:31:
         de:a3:1e:db:01:07:0b:5b:e1:56:d0:91:41:b4:7d:d8:ec:74:
         1a:d4:a1:f7:ff:a0:f7:83:a2:00:8e:77:a8:fc:46:c1:77:4b:
         cb:7e:b0:2a:94:8a:73:51:b0:06:1d:28:84:34:cf:86:5e:1a:
         63:c0:b7:67:99:59:e2:da:32:e6:b5:b3:35:5f:a5:31:6e:b4:
         df:9e:50:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZCTuw2j9z0pRZ4aACMDgSpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxMTk1MjA0Njc3MGY1NGU4YmUxZmQ3ZDY3MzEzMjI2NWFk
NzBmYTgwHhcNMjUwNDE3MDU1MzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTU4ODMwZGY0OGIyMWZjOTkyYWUyN2RiZjBjOThhYzcyMmRjZmY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvW2oQjDkNYDnLOhXVzHHQ22TkP0h
ZLCgZxNQdFIkY4jQl9dG+Z12UKNTlpKg8lUkN8bGrHn0ltAG2y4cZ34FaN77VaQZ
JQWZ3LILa1YUvtpnYX1fYF0GWPw+9RNMnUta5kZNO5nXVDTQBZUMTaIGoePDS5u8
fWyUIf2fp3lD9U5o6ymjJs75ZEjjhsww1v2/iKnSvuCnZJNbAZ/BA764ycJaJFVr
CpWTFYiYsYLY6VxpoW5m4jFMriZxOcR8xiS89znrjpczlkHaFoIai7KjLh7UPwgg
J6bJAx/LTyQU8D4YempqSQd6wcynZ19ylrn7pqpkDptlScyHzM9aTCc7HwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKpYgw30iyH8mSrifb8MmKxyLc/5MB8GA1UdIwQY
MBaAFEEZUgRncPVOi+H9fWcxMiZa1w+oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVJsU0JHZHc5VTZMNGYxOVp6RXlKbHJYRDZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zOTUwZDQtOWQ3Mi00ZmYwLTgxZGUt
OGI5MWJjNjFlN2MzLzEvcWxpRERmU0xJZnlaS3VKOXZ3eVlySEl0el9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zOTUwZDQtOWQ3Mi00ZmYwLTgxZGUtOGI5MWJjNjFlN2Mz
LzEvUVJsU0JHZHc5VTZMNGYxOVp6RXlKbHJYRDZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwljLMA0G
CSqGSIb3DQEBCwUAA4IBAQBzgY03O4oTqDP3aFjDYTWlXW5NieLb3pRh/NhAZaef
ZUIDrLZGhQsMo7phMajxl0EdROSb2+hmrE85uwIPZbKJbI4EBfTbQIf4sdJLdutO
mo9xVQDIvBA0A7cSVjrzDCcGeyjQ+ocrBpMyBWwt/+UQianRWtC8zNNxM397QHwm
2uqpJn5qC+aUY6+EFBMnSFiu3Ud+cUbvtlizVQNb3oBSEffMGaaGjI1zBPbNlCCU
o54V+zHeox7bAQcLW+FW0JFBtH3Y7HQa1KH3/6D3g6IAjneo/EbBd0vLfrAqlIpz
UbAGHSiENM+GXhpjwLdnmVni2jLmtbM1X6UxbrTfnlAC
-----END CERTIFICATE-----