Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a9f93b-be31-45cf-aa7e-aaa4553d2abd/1/QE1wNjReZLHRZoqYKvUle-6e4Dk.roa
File:                     QE1wNjReZLHRZoqYKvUle-6e4Dk.roa (raw, json)
Hash identifier:          ukToAurzb9W43fVHpwe3mg9WsScCO5NT6kui9MqbkFw=
Subject key identifier:   40:4D:70:36:34:5E:64:B1:D1:66:8A:98:2A:F5:25:7B:EE:9E:E0:39
Certificate issuer:       /CN=5a6f9295521df30a158f506ba7cb873ab9529dc3
Certificate serial:       019421B2276D35BC3E2E6650DB70EE716E3B
Authority key identifier: 5A:6F:92:95:52:1D:F3:0A:15:8F:50:6B:A7:CB:87:3A:B9:52:9D:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Wm-SlVId8woVj1Brp8uHOrlSncM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a9f93b-be31-45cf-aa7e-aaa4553d2abd/1/QE1wNjReZLHRZoqYKvUle-6e4Dk.roa
Signing time:             Wed 01 Jan 2025 11:48:31 +0000
ROA not before:           Wed 01 Jan 2025 11:48:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8700
IP address blocks:        195.251.124.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a9f93b-be31-45cf-aa7e-aaa4553d2abd/1/Wm-SlVId8woVj1Brp8uHOrlSncM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a9f93b-be31-45cf-aa7e-aaa4553d2abd/1/Wm-SlVId8woVj1Brp8uHOrlSncM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Wm-SlVId8woVj1Brp8uHOrlSncM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 14:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:27:6d:35:bc:3e:2e:66:50:db:70:ee:71:6e:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5a6f9295521df30a158f506ba7cb873ab9529dc3
        Validity
            Not Before: Jan  1 11:48:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=404d7036345e64b1d1668a982af5257bee9ee039
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:68:61:ca:c6:23:32:55:45:47:e7:db:c1:f9:
                    4b:cf:9b:e0:50:d8:af:9d:d5:81:7d:fe:96:7f:b6:
                    38:6d:28:04:b7:d2:03:59:23:3c:b8:37:27:c7:06:
                    82:72:63:59:23:11:a7:69:33:8a:cc:f6:78:69:5e:
                    95:35:e9:ea:00:6c:76:e1:68:03:de:f5:49:cf:7d:
                    0d:0b:3f:a5:98:23:11:14:6d:bd:05:ee:b5:17:a9:
                    0a:2b:6e:a7:d0:6f:56:fb:ab:9b:7d:e0:39:86:ec:
                    9c:ae:d7:0a:de:40:2b:cd:57:cd:4f:a2:f5:4d:0d:
                    46:c7:6b:e3:15:19:23:f9:06:b9:3b:9e:8b:2f:9b:
                    1a:10:b0:c5:11:24:7e:c8:76:7a:4a:b7:eb:81:46:
                    e4:f7:62:6a:70:d0:41:6e:5a:26:b0:e2:ad:ad:a4:
                    66:6c:f1:45:7f:80:5c:6f:1c:90:13:c8:2e:70:e3:
                    97:d6:69:60:f0:f6:98:df:01:3d:1e:59:a9:23:d3:
                    48:56:05:4f:3b:96:86:a2:27:75:bf:11:72:ce:5d:
                    b6:0b:f7:8e:b5:4a:f5:ed:8c:01:c6:71:aa:ae:a9:
                    bd:f6:c1:4d:73:d5:f2:0b:ab:52:cf:c6:5a:7d:d1:
                    f1:77:8c:14:bf:d7:b3:b6:21:3c:ef:4e:62:2f:c3:
                    19:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:4D:70:36:34:5E:64:B1:D1:66:8A:98:2A:F5:25:7B:EE:9E:E0:39
            X509v3 Authority Key Identifier:
                keyid:5A:6F:92:95:52:1D:F3:0A:15:8F:50:6B:A7:CB:87:3A:B9:52:9D:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Wm-SlVId8woVj1Brp8uHOrlSncM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9f93b-be31-45cf-aa7e-aaa4553d2abd/1/QE1wNjReZLHRZoqYKvUle-6e4Dk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9f93b-be31-45cf-aa7e-aaa4553d2abd/1/Wm-SlVId8woVj1Brp8uHOrlSncM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.251.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         59:3e:23:e6:11:fc:2c:ec:74:9d:4e:2b:d3:17:04:0f:14:65:
         39:10:eb:a1:0c:9e:30:76:12:b5:90:a7:f4:64:44:4d:eb:67:
         3d:ee:81:5f:f4:7d:89:88:2e:28:04:94:d4:12:9b:1b:c5:69:
         80:63:d2:8d:ca:93:66:c7:fc:e1:f3:39:12:43:d9:9f:b7:85:
         eb:b2:ee:30:53:f5:70:9e:e6:58:c4:fa:3c:f0:7d:b4:50:a4:
         f0:25:87:7e:d5:71:ea:c2:31:df:68:8f:1a:7c:c5:4f:63:74:
         f5:25:43:71:f3:15:a4:e5:94:37:7f:ac:bc:b0:4f:15:c0:da:
         71:6b:5d:bd:dd:e6:f1:69:8b:35:3b:3e:d3:7a:17:31:50:5c:
         a0:5e:fe:ff:49:6a:72:9f:a7:64:83:16:83:58:3e:62:75:0b:
         47:33:f9:5e:4c:e1:0b:0b:86:1b:58:18:b8:2f:16:4e:36:5e:
         ee:5c:82:8a:35:14:f8:0e:99:7e:07:fe:4f:24:52:eb:e0:e3:
         48:73:37:18:9b:b9:c5:40:9a:ab:d5:bd:1b:b1:29:96:be:2e:
         2a:63:83:e9:3b:02:b6:87:93:b8:8f:8b:d0:27:a6:42:5a:10:
         7f:68:e1:35:b7:11:4e:5a:2d:dd:9c:e0:a9:66:7c:f8:6a:7c:
         99:d8:72:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsidtNbw+LmZQ23DucW47MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhNmY5Mjk1NTIxZGYzMGExNThmNTA2YmE3Y2I4NzNhYjk1
MjlkYzMwHhcNMjUwMTAxMTE0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDRkNzAzNjM0NWU2NGIxZDE2NjhhOTgyYWY1MjU3YmVlOWVlMDM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9mhhysYjMlVFR+fbwflLz5vgUNiv
ndWBff6Wf7Y4bSgEt9IDWSM8uDcnxwaCcmNZIxGnaTOKzPZ4aV6VNenqAGx24WgD
3vVJz30NCz+lmCMRFG29Be61F6kKK26n0G9W+6ubfeA5huycrtcK3kArzVfNT6L1
TQ1Gx2vjFRkj+Qa5O56LL5saELDFESR+yHZ6SrfrgUbk92JqcNBBblomsOKtraRm
bPFFf4BcbxyQE8gucOOX1mlg8PaY3wE9HlmpI9NIVgVPO5aGoid1vxFyzl22C/eO
tUr17YwBxnGqrqm99sFNc9XyC6tSz8ZafdHxd4wUv9eztiE8705iL8MZzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEBNcDY0XmSx0WaKmCr1JXvunuA5MB8GA1UdIwQY
MBaAFFpvkpVSHfMKFY9Qa6fLhzq5Up3DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV20tU2xWSWQ4d29WajFCcnA4dUhPcmxTbmNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOWY5M2ItYmUzMS00NWNmLWFhN2Ut
YWFhNDU1M2QyYWJkLzEvUUUxd05qUmVaTEhSWm9xWUt2VWxlLTZlNERrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOWY5M2ItYmUzMS00NWNmLWFhN2UtYWFhNDU1M2QyYWJk
LzEvV20tU2xWSWQ4d29WajFCcnA4dUhPcmxTbmNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCw/t8MA0G
CSqGSIb3DQEBCwUAA4IBAQBZPiPmEfws7HSdTivTFwQPFGU5EOuhDJ4wdhK1kKf0
ZERN62c97oFf9H2JiC4oBJTUEpsbxWmAY9KNypNmx/zh8zkSQ9mft4Xrsu4wU/Vw
nuZYxPo88H20UKTwJYd+1XHqwjHfaI8afMVPY3T1JUNx8xWk5ZQ3f6y8sE8VwNpx
a1293ebxaYs1Oz7TehcxUFygXv7/SWpyn6dkgxaDWD5idQtHM/leTOELC4YbWBi4
LxZONl7uXIKKNRT4Dpl+B/5PJFLr4ONIczcYm7nFQJqr1b0bsSmWvi4qY4PpOwK2
h5O4j4vQJ6ZCWhB/aOE1txFOWi3dnOCpZnz4anyZ2HL2
-----END CERTIFICATE-----