Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/b67eb7-e496-4c31-9f67-97902d8a7fa6/1/qeftSyRSXmAOVqQRtKtHutbh0zk.roa
File:                     qeftSyRSXmAOVqQRtKtHutbh0zk.roa (raw, json)
Hash identifier:          VtULu7reN7PL4/u/6gxMFu7joJNl642+iClkA1K3FD4=
Subject key identifier:   A9:E7:ED:4B:24:52:5E:60:0E:56:A4:11:B4:AB:47:BA:D6:E1:D3:39
Certificate issuer:       /CN=84bbaeb70b3f1d06716358ad9a2ecfef7d2126fb
Certificate serial:       0196C4720B8A0F75213B73B0CA2A9EBE9739
Authority key identifier: 84:BB:AE:B7:0B:3F:1D:06:71:63:58:AD:9A:2E:CF:EF:7D:21:26:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLuutws_HQZxY1itmi7P730hJvs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/b67eb7-e496-4c31-9f67-97902d8a7fa6/1/qeftSyRSXmAOVqQRtKtHutbh0zk.roa
Signing time:             Mon 12 May 2025 12:22:10 +0000
ROA not before:           Mon 12 May 2025 12:22:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203248
IP address blocks:        146.19.208.0/24 maxlen: 24
                          185.165.46.0/24 maxlen: 24
                          2a0a:7580::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/b67eb7-e496-4c31-9f67-97902d8a7fa6/1/hLuutws_HQZxY1itmi7P730hJvs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/b67eb7-e496-4c31-9f67-97902d8a7fa6/1/hLuutws_HQZxY1itmi7P730hJvs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hLuutws_HQZxY1itmi7P730hJvs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 17 Jun 2025 14:25:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:c4:72:0b:8a:0f:75:21:3b:73:b0:ca:2a:9e:be:97:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84bbaeb70b3f1d06716358ad9a2ecfef7d2126fb
        Validity
            Not Before: May 12 12:22:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a9e7ed4b24525e600e56a411b4ab47bad6e1d339
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:07:7a:5b:b6:96:5c:00:50:3c:c4:c4:30:f9:
                    6f:d2:20:4c:97:a5:a9:79:d0:08:2d:18:5b:75:fb:
                    36:92:76:50:1b:21:f8:89:08:df:de:11:42:88:ff:
                    bd:1f:b9:c2:95:5c:7e:c8:24:ec:7c:e7:fe:26:d6:
                    2f:fe:b6:f8:96:7d:f6:86:6e:b7:e0:04:cb:a8:13:
                    3a:86:94:f8:10:9e:7a:a5:a2:bd:5c:15:7d:34:13:
                    ff:96:80:5c:35:51:2f:eb:4f:85:b4:15:37:ef:6e:
                    16:19:d0:d4:98:29:ae:96:6a:83:39:a5:ee:8d:c4:
                    86:6f:fb:47:5d:9c:80:f7:00:27:69:fc:17:1f:e0:
                    c1:58:b6:0f:46:ed:c8:d9:d4:94:a3:ce:1d:c8:89:
                    1e:c8:0b:16:5b:b0:9d:94:8b:d7:2a:c1:21:6c:b8:
                    8e:e6:30:9f:4f:43:a9:47:cb:4c:b1:cd:00:13:1a:
                    fd:b5:9b:3b:17:63:29:49:e6:5c:d3:db:85:9f:df:
                    3c:f6:e9:6e:b2:ae:6d:f5:ea:96:4d:2f:7e:32:1e:
                    8a:d4:28:36:a5:a1:a6:fb:20:32:d3:c0:e7:47:51:
                    06:2a:ca:e4:f5:48:37:bf:07:05:7d:c6:30:33:9d:
                    d2:12:77:61:48:d7:67:e6:3c:06:12:22:16:c0:a8:
                    96:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:E7:ED:4B:24:52:5E:60:0E:56:A4:11:B4:AB:47:BA:D6:E1:D3:39
            X509v3 Authority Key Identifier:
                keyid:84:BB:AE:B7:0B:3F:1D:06:71:63:58:AD:9A:2E:CF:EF:7D:21:26:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLuutws_HQZxY1itmi7P730hJvs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/b67eb7-e496-4c31-9f67-97902d8a7fa6/1/qeftSyRSXmAOVqQRtKtHutbh0zk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/b67eb7-e496-4c31-9f67-97902d8a7fa6/1/hLuutws_HQZxY1itmi7P730hJvs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.208.0/24
                  185.165.46.0/24
                IPv6:
                  2a0a:7580::/40

    Signature Algorithm: sha256WithRSAEncryption
         3e:4f:f9:5d:3f:8d:b7:b4:da:14:33:82:97:11:74:11:6f:b7:
         6e:74:c5:4d:02:29:c0:fd:cf:10:ab:86:92:35:55:99:df:e2:
         17:42:d3:ca:71:0e:09:bb:f2:78:85:c3:65:c4:3f:d6:61:45:
         53:c6:82:04:a9:41:31:a2:d9:7e:06:cd:4c:14:10:86:69:78:
         66:22:7f:f6:6f:21:29:f9:45:92:1b:5d:a0:a2:b6:16:df:a8:
         dd:4a:ab:dd:1d:2e:eb:52:69:ab:33:ee:b3:16:de:19:f8:1f:
         ab:4e:d9:cf:57:17:7d:9a:15:76:27:9b:a9:7d:f2:ca:84:64:
         63:83:47:dc:59:b0:1a:93:a9:db:cb:63:96:4e:83:02:f9:14:
         50:6e:8f:60:b1:4e:94:9e:f1:35:35:3e:40:b8:36:8a:87:82:
         bc:db:02:26:80:80:59:b8:4e:7a:47:6b:c8:9e:52:33:a5:1f:
         8b:37:07:5f:50:04:a3:c9:54:22:ef:63:f1:ea:ff:6e:69:35:
         fa:06:ec:0a:ae:47:88:45:86:12:a7:27:0b:0a:04:25:97:50:
         61:f5:fa:94:8f:d1:4f:8b:b2:ff:3e:a6:0d:2a:7b:9f:59:1f:
         1c:6d:39:e0:ee:76:31:c3:fe:56:08:37:87:14:82:c1:db:8b:
         7d:e7:8e:57
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAZbEcguKD3UhO3Owyiqevpc5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YmJhZWI3MGIzZjFkMDY3MTYzNThhZDlhMmVjZmVmN2Qy
MTI2ZmIwHhcNMjUwNTEyMTIyMjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWU3ZWQ0YjI0NTI1ZTYwMGU1NmE0MTFiNGFiNDdiYWQ2ZTFkMzM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtwd6W7aWXABQPMTEMPlv0iBMl6Wp
edAILRhbdfs2knZQGyH4iQjf3hFCiP+9H7nClVx+yCTsfOf+JtYv/rb4ln32hm63
4ATLqBM6hpT4EJ56paK9XBV9NBP/loBcNVEv60+FtBU3724WGdDUmCmulmqDOaXu
jcSGb/tHXZyA9wAnafwXH+DBWLYPRu3I2dSUo84dyIkeyAsWW7CdlIvXKsEhbLiO
5jCfT0OpR8tMsc0AExr9tZs7F2MpSeZc09uFn9889ulusq5t9eqWTS9+Mh6K1Cg2
paGm+yAy08DnR1EGKsrk9Ug3vwcFfcYwM53SEndhSNdn5jwGEiIWwKiW2QIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFKnn7UskUl5gDlakEbSrR7rW4dM5MB8GA1UdIwQY
MBaAFIS7rrcLPx0GcWNYrZouz+99ISb7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEx1dXR3c19IUVp4WTFpdG1pN1A3MzBoSnZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni9iNjdlYjctZTQ5Ni00YzMxLTlmNjct
OTc5MDJkOGE3ZmE2LzEvcWVmdFN5UlNYbUFPVnFRUnRLdEh1dGJoMHprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni9iNjdlYjctZTQ5Ni00YzMxLTlmNjctOTc5MDJkOGE3ZmE2
LzEvaEx1dXR3c19IUVp4WTFpdG1pN1A3MzBoSnZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDASBAIAATAMAwQAkhPQAwQA
uaUuMA4EAgACMAgDBgAqCnWAADANBgkqhkiG9w0BAQsFAAOCAQEAPk/5XT+Nt7Ta
FDOClxF0EW+3bnTFTQIpwP3PEKuGkjVVmd/iF0LTynEOCbvyeIXDZcQ/1mFFU8aC
BKlBMaLZfgbNTBQQhml4ZiJ/9m8hKflFkhtdoKK2Ft+o3Uqr3R0u61JpqzPusxbe
Gfgfq07Zz1cXfZoVdiebqX3yyoRkY4NH3FmwGpOp28tjlk6DAvkUUG6PYLFOlJ7x
NTU+QLg2ioeCvNsCJoCAWbhOekdryJ5SM6UfizcHX1AEo8lUIu9j8er/bmk1+gbs
Cq5HiEWGEqcnCwoEJZdQYfX6lI/RT4uy/z6mDSp7n1kfHG054O52McP+Vgg3hxSC
wduLfeeOVw==
-----END CERTIFICATE-----