Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/QVnzj9IRjfLjxGkA3STdUzz4KTY.roa
File:                     QVnzj9IRjfLjxGkA3STdUzz4KTY.roa (raw, json)
Hash identifier:          TIoYSOhGxSQ+3rHwsn1odQEujNmJOk8kg4ZMzYG4DJ0=
Subject key identifier:   41:59:F3:8F:D2:11:8D:F2:E3:C4:69:00:DD:24:DD:53:3C:F8:29:36
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       019844EC7AEE5542DBB8FB0425EB3F0814A5
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/QVnzj9IRjfLjxGkA3STdUzz4KTY.roa
Signing time:             Sat 26 Jul 2025 04:10:05 +0000
ROA not before:           Sat 26 Jul 2025 04:10:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     36352
IP address blocks:        89.106.89.0/24 maxlen: 24
                          94.249.232.0/24 maxlen: 24
                          178.18.151.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 Aug 2025 07:37:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:44:ec:7a:ee:55:42:db:b8:fb:04:25:eb:3f:08:14:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Jul 26 04:10:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4159f38fd2118df2e3c46900dd24dd533cf82936
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:20:3d:ea:fe:1c:21:9b:02:0b:52:3f:fe:27:
                    f2:36:01:0a:96:2b:26:8d:1c:87:cb:20:12:7b:1b:
                    c2:a9:91:7e:a5:08:b8:20:4f:87:68:5e:c5:d6:c0:
                    63:f3:ea:7d:49:90:05:e7:e9:6c:7e:7b:bf:9a:f3:
                    06:7b:19:da:ba:d1:b2:8e:07:62:fd:dc:cc:4a:ad:
                    40:93:8d:59:47:04:e3:e3:27:04:ac:75:4c:30:4c:
                    24:a3:c1:e8:b9:eb:d0:50:29:65:d6:7f:35:46:4a:
                    68:03:dc:5b:2c:50:71:17:c3:15:2c:58:cd:32:82:
                    e3:f2:53:2e:de:ec:52:fd:47:0b:ee:43:01:83:35:
                    31:1b:38:1f:f5:78:b1:8a:cc:12:38:51:27:4a:e2:
                    33:34:8d:63:44:69:63:d0:e9:91:99:9d:7d:c7:3f:
                    d3:ed:17:22:60:e2:5b:11:c3:ef:2c:4f:6d:0b:30:
                    28:bf:b3:01:aa:23:87:d9:45:6e:be:b4:fc:b0:c5:
                    2f:2c:f7:6c:c5:84:09:c6:58:77:c1:48:58:c6:d7:
                    93:00:c4:ce:d9:6d:ff:74:10:47:f4:53:f3:25:33:
                    0b:5e:24:ae:6f:98:0c:22:3a:fc:3b:f5:8f:2f:0f:
                    06:61:e8:1e:ea:5d:27:61:ba:bb:4f:6a:39:3a:ce:
                    15:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:59:F3:8F:D2:11:8D:F2:E3:C4:69:00:DD:24:DD:53:3C:F8:29:36
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/QVnzj9IRjfLjxGkA3STdUzz4KTY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.106.89.0/24
                  94.249.232.0/24
                  178.18.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c5:9f:ba:c2:79:ef:98:08:ec:00:a6:60:1f:d1:b3:b3:3b:71:
         42:e3:4c:db:71:c7:fb:3e:7f:ce:b3:9e:9a:79:a2:92:4f:69:
         e7:a2:a2:f0:3c:64:03:64:e2:fd:73:04:b5:97:4f:44:35:e7:
         b0:0b:b9:b0:18:b4:80:70:1a:37:18:e5:0b:7e:e9:97:24:82:
         de:65:84:ab:94:f2:bc:e7:90:04:1f:cd:9b:88:10:8b:3e:05:
         f3:c0:74:dc:0b:f5:f6:d5:2e:81:fa:1d:2b:55:97:6f:a1:92:
         b6:e1:f2:b2:27:d0:1c:44:2c:42:b4:02:11:11:5c:f5:3e:a2:
         93:db:d6:54:33:cc:60:70:ad:0a:df:42:c9:d7:23:df:e1:02:
         e5:37:df:1a:0b:07:47:91:b8:bd:46:16:4d:de:a2:c5:3b:d6:
         ff:39:81:10:e3:86:bd:10:03:4c:68:84:30:94:8c:c3:00:94:
         83:fc:a8:20:1c:9e:f5:08:89:bf:6c:9a:e2:c5:8c:a3:f8:68:
         22:35:a8:4f:48:5e:30:f4:28:6e:46:f9:0f:a3:ad:76:ec:47:
         d7:a8:84:d4:31:7a:a7:2f:f9:9e:54:2f:98:38:66:0c:a6:62:
         ca:c2:64:a1:75:1a:8e:5e:1a:f8:4c:51:05:e0:ea:fd:3a:bc:
         35:a6:d4:56
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZhE7HruVULbuPsEJes/CBSlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUwNzI2MDQxMDA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTU5ZjM4ZmQyMTE4ZGYyZTNjNDY5MDBkZDI0ZGQ1MzNjZjgyOTM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoiA96v4cIZsCC1I//ifyNgEKlism
jRyHyyASexvCqZF+pQi4IE+HaF7F1sBj8+p9SZAF5+lsfnu/mvMGexnautGyjgdi
/dzMSq1Ak41ZRwTj4ycErHVMMEwko8HouevQUCll1n81RkpoA9xbLFBxF8MVLFjN
MoLj8lMu3uxS/UcL7kMBgzUxGzgf9XixiswSOFEnSuIzNI1jRGlj0OmRmZ19xz/T
7RciYOJbEcPvLE9tCzAov7MBqiOH2UVuvrT8sMUvLPdsxYQJxlh3wUhYxteTAMTO
2W3/dBBH9FPzJTMLXiSub5gMIjr8O/WPLw8GYege6l0nYbq7T2o5Os4VLwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEFZ84/SEY3y48RpAN0k3VM8+Ck2MB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvUVZuemo5SVJqZkxqeEdrQTNTVGRVeno0S1RZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAWWpZAwQA
XvnoAwQAshKXMA0GCSqGSIb3DQEBCwUAA4IBAQDFn7rCee+YCOwApmAf0bOzO3FC
40zbccf7Pn/Os56aeaKST2nnoqLwPGQDZOL9cwS1l09ENeewC7mwGLSAcBo3GOUL
fumXJILeZYSrlPK855AEH82biBCLPgXzwHTcC/X21S6B+h0rVZdvoZK24fKyJ9Ac
RCxCtAIREVz1PqKT29ZUM8xgcK0K30LJ1yPf4QLlN98aCwdHkbi9RhZN3qLFO9b/
OYEQ44a9EANMaIQwlIzDAJSD/KggHJ71CIm/bJrixYyj+GgiNahPSF4w9ChuRvkP
o6127EfXqITUMXqnL/meVC+YOGYMpmLKwmShdRqOXhr4TFEF4Or9Orw1ptRW
-----END CERTIFICATE-----