Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/75ba72-d7b2-4283-9f0b-e3e5fa36bb2f/1/QT_SK_iR1CMR9onvZvmcZNC40rI.roa
File:                     QT_SK_iR1CMR9onvZvmcZNC40rI.roa (raw, json)
Hash identifier:          wS3+u+XyjIXltWoW0+plapBWAgUiuQD0ohiZyl3pRxo=
Subject key identifier:   41:3F:D2:2B:F8:91:D4:23:11:F6:89:EF:66:F9:9C:64:D0:B8:D2:B2
Certificate issuer:       /CN=52302a45d0568486051a7ec466f03108c320b4c4
Certificate serial:       019424B3AFB4B777BB6A925A82B2DBB9CFB7
Authority key identifier: 52:30:2A:45:D0:56:84:86:05:1A:7E:C4:66:F0:31:08:C3:20:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UjAqRdBWhIYFGn7EZvAxCMMgtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c9/75ba72-d7b2-4283-9f0b-e3e5fa36bb2f/1/QT_SK_iR1CMR9onvZvmcZNC40rI.roa
Signing time:             Thu 02 Jan 2025 01:49:03 +0000
ROA not before:           Thu 02 Jan 2025 01:49:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        94.124.112.0/24 maxlen: 24
                          2a0c:b280::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c9/75ba72-d7b2-4283-9f0b-e3e5fa36bb2f/1/UjAqRdBWhIYFGn7EZvAxCMMgtMQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c9/75ba72-d7b2-4283-9f0b-e3e5fa36bb2f/1/UjAqRdBWhIYFGn7EZvAxCMMgtMQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UjAqRdBWhIYFGn7EZvAxCMMgtMQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:af:b4:b7:77:bb:6a:92:5a:82:b2:db:b9:cf:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52302a45d0568486051a7ec466f03108c320b4c4
        Validity
            Not Before: Jan  2 01:49:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=413fd22bf891d42311f689ef66f99c64d0b8d2b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:60:5d:5e:45:8d:44:8d:9b:4f:33:4c:ad:fd:
                    68:e8:9d:ad:c5:ef:9c:d6:8e:b1:48:10:45:eb:71:
                    64:db:89:8c:d4:31:7c:05:99:de:63:66:b8:01:52:
                    be:65:5d:1a:6d:c8:3a:04:94:d5:50:99:dc:b7:29:
                    38:df:1c:bc:f6:81:d4:1e:cd:93:73:ce:a2:c8:d3:
                    57:08:68:55:91:25:5a:8f:c8:3a:03:f0:89:1e:e0:
                    f7:f7:29:9b:40:a6:eb:ec:11:46:e6:16:fd:43:4b:
                    68:f1:63:12:6a:1c:b3:a3:7b:fb:4d:d5:ed:bb:33:
                    74:73:6b:ca:24:f2:a5:02:9c:13:f5:e6:21:12:66:
                    6c:8a:af:49:bd:69:73:31:1d:b4:ff:92:a0:0f:59:
                    5b:e1:67:0c:ed:e7:90:af:e9:b1:04:f3:13:e5:81:
                    34:c5:7c:91:4c:a5:28:02:14:0c:3f:79:1e:70:e2:
                    b1:e7:3e:0f:79:7d:b6:05:b3:21:79:ed:3d:d3:69:
                    06:04:70:6e:59:bc:39:00:5f:2a:c1:5f:8e:4f:0d:
                    48:c3:73:91:ef:f6:a9:0d:69:2d:e6:03:2f:42:8e:
                    c3:fe:fd:3b:67:f5:ae:86:5d:53:79:73:8c:ea:88:
                    19:96:24:ef:68:ce:a9:bc:8a:4f:d1:36:81:46:96:
                    af:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:3F:D2:2B:F8:91:D4:23:11:F6:89:EF:66:F9:9C:64:D0:B8:D2:B2
            X509v3 Authority Key Identifier:
                keyid:52:30:2A:45:D0:56:84:86:05:1A:7E:C4:66:F0:31:08:C3:20:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UjAqRdBWhIYFGn7EZvAxCMMgtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/75ba72-d7b2-4283-9f0b-e3e5fa36bb2f/1/QT_SK_iR1CMR9onvZvmcZNC40rI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/75ba72-d7b2-4283-9f0b-e3e5fa36bb2f/1/UjAqRdBWhIYFGn7EZvAxCMMgtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.124.112.0/24
                IPv6:
                  2a0c:b280::/48

    Signature Algorithm: sha256WithRSAEncryption
         80:e3:5e:c1:5c:22:9f:05:7a:38:f5:55:7d:17:a6:6c:32:6c:
         6b:bf:05:1c:d5:8a:c3:52:75:fd:1d:51:6f:ab:e2:dd:a0:9c:
         e7:6c:de:5a:16:73:00:7a:fa:f7:47:5f:b6:ab:43:9f:78:f2:
         97:b6:5e:13:fa:75:75:d1:46:76:30:41:96:d9:cf:61:3a:9a:
         b7:25:98:cb:c9:e6:9b:f7:f8:6a:84:92:4b:5e:8d:1c:e6:c8:
         1e:5c:6f:c7:cb:75:bf:fa:04:1e:c7:fb:5a:ed:a7:02:75:4e:
         bc:4d:ed:4d:a8:b2:44:7c:ce:7c:91:9a:37:44:1a:fc:82:4b:
         b6:1e:b5:02:9b:24:48:bc:96:fa:3c:80:64:f5:d3:87:d6:95:
         86:9a:f4:85:eb:34:93:7a:37:38:3b:20:d1:d4:8b:63:70:0d:
         12:b0:0e:db:37:cd:6e:12:ba:ab:16:a8:f8:4d:fb:21:cf:80:
         cd:2b:b8:6b:43:cb:56:1d:db:b1:99:cf:d2:96:a2:a8:80:01:
         26:d7:64:19:56:9e:df:11:aa:5e:a9:1d:a2:35:6d:17:d1:16:
         e9:e9:5d:dd:ec:b6:69:0b:7f:aa:e4:49:4b:95:08:67:cb:39:
         52:52:15:a6:13:09:26:10:fc:2d:7b:9f:07:29:1a:e8:74:73:
         3c:71:53:54
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQks6+0t3e7apJagrLbuc+3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyMzAyYTQ1ZDA1Njg0ODYwNTFhN2VjNDY2ZjAzMTA4YzMy
MGI0YzQwHhcNMjUwMTAyMDE0OTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTNmZDIyYmY4OTFkNDIzMTFmNjg5ZWY2NmY5OWM2NGQwYjhkMmIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArWBdXkWNRI2bTzNMrf1o6J2txe+c
1o6xSBBF63Fk24mM1DF8BZneY2a4AVK+ZV0abcg6BJTVUJnctyk43xy89oHUHs2T
c86iyNNXCGhVkSVaj8g6A/CJHuD39ymbQKbr7BFG5hb9Q0to8WMSahyzo3v7TdXt
uzN0c2vKJPKlApwT9eYhEmZsiq9JvWlzMR20/5KgD1lb4WcM7eeQr+mxBPMT5YE0
xXyRTKUoAhQMP3kecOKx5z4PeX22BbMhee0902kGBHBuWbw5AF8qwV+OTw1Iw3OR
7/apDWkt5gMvQo7D/v07Z/Wuhl1TeXOM6ogZliTvaM6pvIpP0TaBRpavCwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEE/0iv4kdQjEfaJ72b5nGTQuNKyMB8GA1UdIwQY
MBaAFFIwKkXQVoSGBRp+xGbwMQjDILTEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWpBcVJkQldoSVlGR243RVp2QXhDTU1ndE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS83NWJhNzItZDdiMi00MjgzLTlmMGIt
ZTNlNWZhMzZiYjJmLzEvUVRfU0tfaVIxQ01SOW9udlp2bWNaTkM0MHJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS83NWJhNzItZDdiMi00MjgzLTlmMGItZTNlNWZhMzZiYjJm
LzEvVWpBcVJkQldoSVlGR243RVp2QXhDTU1ndE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAXnxwMA8E
AgACMAkDBwAqDLKAAAAwDQYJKoZIhvcNAQELBQADggEBAIDjXsFcIp8Fejj1VX0X
pmwybGu/BRzVisNSdf0dUW+r4t2gnOds3loWcwB6+vdHX7arQ5948pe2XhP6dXXR
RnYwQZbZz2E6mrclmMvJ5pv3+GqEkktejRzmyB5cb8fLdb/6BB7H+1rtpwJ1TrxN
7U2oskR8znyRmjdEGvyCS7YetQKbJEi8lvo8gGT104fWlYaa9IXrNJN6Nzg7INHU
i2NwDRKwDts3zW4SuqsWqPhN+yHPgM0ruGtDy1Yd27GZz9KWoqiAASbXZBlWnt8R
ql6pHaI1bRfRFunpXd3stmkLf6rkSUuVCGfLOVJSFaYTCSYQ/C17nwcpGuh0czxx
U1Q=
-----END CERTIFICATE-----