Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/85a208-1ab6-46f7-b1a5-a26d25bc7654/1/bQWTWaPJMURhOwMcF82QvoPW9eA.roa
File:                     bQWTWaPJMURhOwMcF82QvoPW9eA.roa (raw, json)
Hash identifier:          ZBXbwgCoJr1O/tkU4TQtGdf606M6fVdS5KYW5/tfGVU=
Subject key identifier:   6D:05:93:59:A3:C9:31:44:61:3B:03:1C:17:CD:90:BE:83:D6:F5:E0
Certificate issuer:       /CN=09c50efe13aadf5423b04f0ddca8b3288395823e
Certificate serial:       0194221F2CA957717FF0DA3F7639C050D456
Authority key identifier: 09:C5:0E:FE:13:AA:DF:54:23:B0:4F:0D:DC:A8:B3:28:83:95:82:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CcUO_hOq31QjsE8N3KizKIOVgj4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/85a208-1ab6-46f7-b1a5-a26d25bc7654/1/bQWTWaPJMURhOwMcF82QvoPW9eA.roa
Signing time:             Wed 01 Jan 2025 13:47:35 +0000
ROA not before:           Wed 01 Jan 2025 13:47:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2854
IP address blocks:        194.24.9.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/85a208-1ab6-46f7-b1a5-a26d25bc7654/1/CcUO_hOq31QjsE8N3KizKIOVgj4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/85a208-1ab6-46f7-b1a5-a26d25bc7654/1/CcUO_hOq31QjsE8N3KizKIOVgj4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CcUO_hOq31QjsE8N3KizKIOVgj4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:2c:a9:57:71:7f:f0:da:3f:76:39:c0:50:d4:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=09c50efe13aadf5423b04f0ddca8b3288395823e
        Validity
            Not Before: Jan  1 13:47:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6d059359a3c93144613b031c17cd90be83d6f5e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:36:fc:2e:b2:b4:21:08:0f:5d:15:18:33:d0:
                    95:86:4c:f6:f5:af:d8:fe:07:23:95:c6:40:f9:f1:
                    a0:6e:1e:71:ff:19:90:48:f5:dd:44:b2:37:eb:ce:
                    8c:4d:b9:45:50:f8:1c:ce:14:6c:4a:86:ff:64:1c:
                    9b:6c:b4:37:25:fc:37:47:41:bb:4a:9d:b2:b5:84:
                    61:51:44:25:b1:73:ea:e0:9f:3b:11:f2:d7:59:4f:
                    16:14:a8:37:c4:19:3a:fb:ff:f2:00:49:c9:85:89:
                    82:b5:c1:e2:2a:61:51:8d:62:dd:f3:8f:06:0a:d5:
                    81:16:6a:b0:8d:1f:56:0b:0c:a9:4a:f2:da:8d:2d:
                    93:d6:05:a2:63:c9:97:34:69:83:21:a4:7e:c0:6a:
                    9e:4d:98:d4:3d:c7:b7:cf:d0:7c:34:3a:74:5a:47:
                    d5:8d:51:62:f0:95:ba:2e:a1:c1:e6:30:38:10:32:
                    2f:97:2d:38:f1:31:f8:41:09:e8:cc:b2:ce:15:93:
                    f1:0f:04:4f:74:43:af:d1:33:2b:a9:36:92:38:d8:
                    38:f6:8b:60:eb:ba:d2:80:89:a4:c8:5e:66:83:68:
                    c7:71:57:8a:67:13:8d:cf:8e:1a:01:0e:e3:4d:fd:
                    9c:2a:9d:a8:54:af:05:7f:0b:b2:f0:67:a0:83:78:
                    c0:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:05:93:59:A3:C9:31:44:61:3B:03:1C:17:CD:90:BE:83:D6:F5:E0
            X509v3 Authority Key Identifier:
                keyid:09:C5:0E:FE:13:AA:DF:54:23:B0:4F:0D:DC:A8:B3:28:83:95:82:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CcUO_hOq31QjsE8N3KizKIOVgj4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/85a208-1ab6-46f7-b1a5-a26d25bc7654/1/bQWTWaPJMURhOwMcF82QvoPW9eA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/85a208-1ab6-46f7-b1a5-a26d25bc7654/1/CcUO_hOq31QjsE8N3KizKIOVgj4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.24.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:37:8f:0c:e7:c0:d4:0e:7c:b4:d4:06:0b:7b:09:9d:70:c6:
         7e:af:ea:d2:ac:fb:57:1b:3b:e6:ae:0e:3f:bb:dd:3e:6c:b8:
         de:e8:ed:d4:96:55:56:89:06:79:83:92:ae:9f:3a:91:86:24:
         13:ea:98:3b:84:7e:d4:47:85:a7:33:9c:4a:38:86:e8:7e:fb:
         cb:c8:d5:1b:64:db:0f:ee:6e:cf:2f:cc:bb:2e:39:a3:f5:7b:
         3f:9b:23:75:2c:57:c8:ab:78:cd:2f:14:87:73:e2:bd:cc:a3:
         9e:f3:03:1f:0e:04:77:36:86:bd:c1:ab:9f:42:2a:3c:7a:93:
         ea:75:f5:22:cc:14:80:ad:71:ee:02:79:d9:84:7e:65:e3:5a:
         4f:10:73:86:77:26:c6:87:f8:09:f4:af:8b:4f:ad:b6:ee:56:
         a3:db:56:44:dd:63:f1:fa:a5:d7:37:f8:0f:36:cf:90:1f:46:
         a7:e2:18:9f:16:b0:02:db:69:29:68:c9:88:ff:94:46:bd:fe:
         86:47:34:94:be:c4:f5:61:75:bc:46:36:8d:53:eb:4d:f6:91:
         1f:5b:1f:d3:23:90:7e:e6:31:1c:a3:86:c9:75:53:ac:61:73:
         29:b7:79:76:2c:67:c1:92:04:08:43:9c:db:b1:29:9f:36:b0:
         3a:bd:c5:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiHyypV3F/8No/djnAUNRWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5YzUwZWZlMTNhYWRmNTQyM2IwNGYwZGRjYThiMzI4ODM5
NTgyM2UwHhcNMjUwMTAxMTM0NzM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDA1OTM1OWEzYzkzMTQ0NjEzYjAzMWMxN2NkOTBiZTgzZDZmNWUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1zb8LrK0IQgPXRUYM9CVhkz29a/Y
/gcjlcZA+fGgbh5x/xmQSPXdRLI3686MTblFUPgczhRsSob/ZBybbLQ3Jfw3R0G7
Sp2ytYRhUUQlsXPq4J87EfLXWU8WFKg3xBk6+//yAEnJhYmCtcHiKmFRjWLd848G
CtWBFmqwjR9WCwypSvLajS2T1gWiY8mXNGmDIaR+wGqeTZjUPce3z9B8NDp0WkfV
jVFi8JW6LqHB5jA4EDIvly048TH4QQnozLLOFZPxDwRPdEOv0TMrqTaSONg49otg
67rSgImkyF5mg2jHcVeKZxONz44aAQ7jTf2cKp2oVK8Ffwuy8Gegg3jAwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG0Fk1mjyTFEYTsDHBfNkL6D1vXgMB8GA1UdIwQY
MBaAFAnFDv4Tqt9UI7BPDdyosyiDlYI+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2NVT19oT3EzMVFqc0U4TjNLaXpLSU9WZ2o0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS84NWEyMDgtMWFiNi00NmY3LWIxYTUt
YTI2ZDI1YmM3NjU0LzEvYlFXVFdhUEpNVVJoT3dNY0Y4MlF2b1BXOWVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS84NWEyMDgtMWFiNi00NmY3LWIxYTUtYTI2ZDI1YmM3NjU0
LzEvQ2NVT19oT3EzMVFqc0U4TjNLaXpLSU9WZ2o0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwhgJMA0G
CSqGSIb3DQEBCwUAA4IBAQAuN48M58DUDny01AYLewmdcMZ+r+rSrPtXGzvmrg4/
u90+bLje6O3UllVWiQZ5g5KunzqRhiQT6pg7hH7UR4WnM5xKOIbofvvLyNUbZNsP
7m7PL8y7Ljmj9Xs/myN1LFfIq3jNLxSHc+K9zKOe8wMfDgR3Noa9waufQio8epPq
dfUizBSArXHuAnnZhH5l41pPEHOGdybGh/gJ9K+LT6227laj21ZE3WPx+qXXN/gP
Ns+QH0an4hifFrAC22kpaMmI/5RGvf6GRzSUvsT1YXW8RjaNU+tN9pEfWx/TI5B+
5jEco4bJdVOsYXMpt3l2LGfBkgQIQ5zbsSmfNrA6vcUg
-----END CERTIFICATE-----