Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/010161-b840-4497-afbe-4bef43d3fb17/1/4QpvM3CE_nzBSqatuahpsYYH1qM.roa
File:                     4QpvM3CE_nzBSqatuahpsYYH1qM.roa (raw, json)
Hash identifier:          Qrg/EHEt9L0x/2vBVqdC/NUou31du+BoDTLXvsaFSGk=
Subject key identifier:   E1:0A:6F:33:70:84:FE:7C:C1:4A:A6:AD:B9:A8:69:B1:86:07:D6:A3
Certificate issuer:       /CN=0d9302d546e068c2fd7677d9d5200add36c8bcd5
Certificate serial:       019420D665ACF64D32C9B5350F596CE4B5EA
Authority key identifier: 0D:93:02:D5:46:E0:68:C2:FD:76:77:D9:D5:20:0A:DD:36:C8:BC:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DZMC1UbgaML9dnfZ1SAK3TbIvNU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/010161-b840-4497-afbe-4bef43d3fb17/1/4QpvM3CE_nzBSqatuahpsYYH1qM.roa
Signing time:             Wed 01 Jan 2025 07:48:29 +0000
ROA not before:           Wed 01 Jan 2025 07:48:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        185.97.224.0/24 maxlen: 24
                          185.97.225.0/24 maxlen: 24
                          185.97.226.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/010161-b840-4497-afbe-4bef43d3fb17/1/DZMC1UbgaML9dnfZ1SAK3TbIvNU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/010161-b840-4497-afbe-4bef43d3fb17/1/DZMC1UbgaML9dnfZ1SAK3TbIvNU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DZMC1UbgaML9dnfZ1SAK3TbIvNU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 01:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:65:ac:f6:4d:32:c9:b5:35:0f:59:6c:e4:b5:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d9302d546e068c2fd7677d9d5200add36c8bcd5
        Validity
            Not Before: Jan  1 07:48:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e10a6f337084fe7cc14aa6adb9a869b18607d6a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:a6:be:1a:c3:dd:53:75:4d:76:92:90:35:5e:
                    7c:07:62:bd:2e:69:69:a9:98:2a:1a:3a:4b:fb:29:
                    46:40:68:c8:96:d2:fd:84:c8:ac:d8:01:2f:29:e1:
                    0e:ac:f0:d9:57:c5:e3:6d:d7:4a:74:bd:0d:9f:07:
                    33:84:f6:c1:cc:f0:96:47:66:78:d8:9c:2b:7f:2b:
                    21:0b:51:75:49:9c:80:38:54:f4:e8:68:50:8e:7d:
                    bc:ff:71:53:3f:74:c8:98:22:fd:eb:0b:46:05:73:
                    86:f5:f3:e6:f3:a9:45:09:7d:09:fc:43:96:76:eb:
                    a5:db:bc:18:19:01:1d:01:59:4d:02:65:03:cd:56:
                    42:53:64:9a:69:ee:d3:96:8d:a4:2e:90:ad:30:6c:
                    29:0a:fe:a6:00:f4:45:b4:01:8b:9e:2b:dc:5f:f5:
                    2a:0f:b0:1e:ec:d8:93:c5:45:c2:42:d4:3b:1d:62:
                    99:e2:00:9b:e3:c6:a7:9d:54:43:ba:7c:94:7c:31:
                    eb:c4:7e:3b:4d:b4:47:d7:b6:4b:63:5f:30:b9:d7:
                    70:df:7d:52:ac:e2:8e:6e:39:05:b2:13:2e:03:a5:
                    79:a2:fe:c8:d2:b2:36:f8:12:72:d5:69:28:65:ae:
                    55:60:b0:48:e4:f7:8f:2c:58:ce:d4:8d:7d:a4:33:
                    82:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:0A:6F:33:70:84:FE:7C:C1:4A:A6:AD:B9:A8:69:B1:86:07:D6:A3
            X509v3 Authority Key Identifier:
                keyid:0D:93:02:D5:46:E0:68:C2:FD:76:77:D9:D5:20:0A:DD:36:C8:BC:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DZMC1UbgaML9dnfZ1SAK3TbIvNU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/010161-b840-4497-afbe-4bef43d3fb17/1/4QpvM3CE_nzBSqatuahpsYYH1qM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/010161-b840-4497-afbe-4bef43d3fb17/1/DZMC1UbgaML9dnfZ1SAK3TbIvNU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.97.224.0-185.97.226.255

    Signature Algorithm: sha256WithRSAEncryption
         28:c4:1c:61:7e:a7:60:4f:69:aa:5d:52:06:c9:bb:1c:ee:6d:
         57:c2:fd:1a:27:4b:99:e1:5e:30:dd:88:68:b1:56:7a:cc:88:
         19:ee:ff:c8:e9:c8:57:60:98:37:af:ae:5f:e7:6e:ca:5d:d7:
         8e:7a:6e:2e:3f:06:42:d8:26:93:53:39:21:80:35:c9:4b:c5:
         52:f0:83:80:72:57:19:54:8e:ba:48:60:2c:82:4f:c8:a1:45:
         7f:43:d1:06:08:d5:b5:cc:d8:f0:8e:ff:32:99:98:a2:5d:55:
         0f:27:8c:17:d8:c4:96:d2:81:e4:5f:f8:db:53:0b:43:f7:a8:
         da:8f:28:47:99:b5:69:51:e0:60:54:26:c4:65:96:0b:53:cc:
         0e:4d:20:1b:63:0f:df:10:f0:85:8c:c3:4d:21:ff:0b:53:26:
         4f:fd:dc:80:17:bb:13:64:9c:15:2f:d4:dd:f9:e4:5a:4f:ba:
         e0:33:2b:30:0e:1d:54:6e:29:6b:ff:38:4c:3c:6c:1c:1c:26:
         e4:b5:58:d6:5e:64:3a:cd:ae:1e:a3:0c:65:1a:3e:e5:72:ad:
         4a:9e:ec:00:5b:24:75:c9:9d:d8:9d:56:ba:9e:d3:ae:90:53:
         9a:4d:96:5c:a5:ec:24:ab:24:22:ff:30:1c:aa:21:85:0c:9b:
         44:c9:b2:f5
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQg1mWs9k0yybU1D1ls5LXqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkOTMwMmQ1NDZlMDY4YzJmZDc2NzdkOWQ1MjAwYWRkMzZj
OGJjZDUwHhcNMjUwMTAxMDc0ODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTBhNmYzMzcwODRmZTdjYzE0YWE2YWRiOWE4NjliMTg2MDdkNmEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxKa+GsPdU3VNdpKQNV58B2K9Lmlp
qZgqGjpL+ylGQGjIltL9hMis2AEvKeEOrPDZV8XjbddKdL0NnwczhPbBzPCWR2Z4
2JwrfyshC1F1SZyAOFT06GhQjn28/3FTP3TImCL96wtGBXOG9fPm86lFCX0J/EOW
duul27wYGQEdAVlNAmUDzVZCU2Saae7Tlo2kLpCtMGwpCv6mAPRFtAGLnivcX/Uq
D7Ae7NiTxUXCQtQ7HWKZ4gCb48annVRDunyUfDHrxH47TbRH17ZLY18wuddw331S
rOKObjkFshMuA6V5ov7I0rI2+BJy1WkoZa5VYLBI5PePLFjO1I19pDOCXQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFOEKbzNwhP58wUqmrbmoabGGB9ajMB8GA1UdIwQY
MBaAFA2TAtVG4GjC/XZ32dUgCt02yLzVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFpNQzFVYmdhTUw5ZG5mWjFTQUszVGJJdk5VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi8wMTAxNjEtYjg0MC00NDk3LWFmYmUt
NGJlZjQzZDNmYjE3LzEvNFFwdk0zQ0VfbnpCU3FhdHVhaHBzWVlIMXFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi8wMTAxNjEtYjg0MC00NDk3LWFmYmUtNGJlZjQzZDNmYjE3
LzEvRFpNQzFVYmdhTUw5ZG5mWjFTQUszVGJJdk5VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAW5YeAD
BAC5YeIwDQYJKoZIhvcNAQELBQADggEBACjEHGF+p2BPaapdUgbJuxzubVfC/Ron
S5nhXjDdiGixVnrMiBnu/8jpyFdgmDevrl/nbspd1456bi4/BkLYJpNTOSGANclL
xVLwg4ByVxlUjrpIYCyCT8ihRX9D0QYI1bXM2PCO/zKZmKJdVQ8njBfYxJbSgeRf
+NtTC0P3qNqPKEeZtWlR4GBUJsRllgtTzA5NIBtjD98Q8IWMw00h/wtTJk/93IAX
uxNknBUv1N355FpPuuAzKzAOHVRuKWv/OEw8bBwcJuS1WNZeZDrNrh6jDGUaPuVy
rUqe7ABbJHXJndidVrqe066QU5pNllyl7CSrJCL/MByqIYUMm0TJsvU=
-----END CERTIFICATE-----