Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/MQH0AmMD3xvSvWeX1W0gh18D2JY.roa
File:                     MQH0AmMD3xvSvWeX1W0gh18D2JY.roa (raw, json)
Hash identifier:          vx+SbYxjf+I3c1Bjmd925Pqw2MC5Y4NF/9Wu3lfkOaQ=
Subject key identifier:   31:01:F4:02:63:03:DF:1B:D2:BD:67:97:D5:6D:20:87:5F:03:D8:96
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       019428250907E42F6A31995B637B0A3ECD2F
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/MQH0AmMD3xvSvWeX1W0gh18D2JY.roa
Signing time:             Thu 02 Jan 2025 17:51:43 +0000
ROA not before:           Thu 02 Jan 2025 17:51:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211415
IP address blocks:        192.124.173.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 08:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:25:09:07:e4:2f:6a:31:99:5b:63:7b:0a:3e:cd:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan  2 17:51:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3101f4026303df1bd2bd6797d56d20875f03d896
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:63:3f:f8:8b:fb:a8:70:be:72:6f:ae:9a:2e:
                    be:84:51:50:89:0c:db:a5:25:4d:6a:72:06:7b:13:
                    5a:e7:f3:3d:53:1b:b1:7f:06:cc:ca:b9:7f:07:71:
                    60:5e:56:54:75:2c:98:cb:a1:f0:bb:18:dc:85:6c:
                    0d:d4:18:0a:8b:7c:97:8c:44:70:ad:2e:a5:86:94:
                    a2:1e:07:69:8f:37:7b:81:db:90:c5:44:ff:5a:e6:
                    46:b8:a4:ee:29:98:cd:21:b6:f4:ce:04:11:c9:b0:
                    9e:2a:0d:24:a0:d1:f4:4e:00:9a:d3:dd:d9:f9:9f:
                    a2:ad:1e:ea:06:8b:23:6a:52:dc:ba:b8:7c:49:f0:
                    80:b2:b6:d1:c8:dc:10:4e:ef:55:a4:5e:49:2b:94:
                    a2:09:74:4c:fd:aa:7f:58:d7:84:79:1c:71:f4:6d:
                    dc:27:3b:55:5e:4c:ab:d5:fa:d5:10:51:b9:f7:e5:
                    6f:5b:71:5b:7d:86:da:ed:79:d0:aa:7b:fe:c4:b0:
                    fa:a3:56:f4:45:c3:b0:d6:44:7f:9b:62:f1:a7:35:
                    fe:52:b0:17:30:d3:bc:f7:db:d7:80:8c:9f:3e:e7:
                    ca:60:5b:5d:76:67:0f:b7:ae:15:93:1b:55:02:f7:
                    18:a1:36:b6:e7:bd:3c:90:88:c8:51:a4:8d:9a:b6:
                    ea:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:01:F4:02:63:03:DF:1B:D2:BD:67:97:D5:6D:20:87:5F:03:D8:96
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/MQH0AmMD3xvSvWeX1W0gh18D2JY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.124.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:51:ae:14:02:48:cc:ea:01:4f:68:11:83:30:94:bd:4a:22:
         77:07:8f:c4:f1:bf:e3:f9:9e:6e:e6:04:05:2e:db:8f:58:41:
         e7:06:08:92:0b:63:cb:7d:8e:c5:bc:26:2b:b9:3f:53:0b:3c:
         48:b7:ef:04:18:b7:f9:89:b0:11:6f:e0:2b:84:7d:26:c1:c8:
         80:bf:cb:96:ed:27:1d:df:16:62:72:1c:ab:84:2a:5c:a2:1a:
         00:be:1c:89:be:e5:71:60:1e:20:d9:cd:9a:46:6f:6a:1a:a1:
         54:52:29:82:65:ab:74:91:c1:26:85:a7:86:1c:a4:9f:6e:c0:
         56:b4:3d:75:eb:ca:5b:95:c0:e9:5c:40:fa:dd:fd:a4:18:da:
         a1:cc:ca:4c:21:f3:82:56:5c:ce:87:dc:b0:f9:f4:5a:18:83:
         ee:f2:e3:9f:00:38:e2:af:68:39:60:d2:8d:48:ff:8b:9c:88:
         f8:1b:3e:86:9e:d5:3a:f6:57:cd:04:c2:2e:9a:9f:1c:96:7f:
         fb:95:7e:ab:67:f2:20:98:20:87:cb:c0:bb:85:da:b9:c6:da:
         90:bb:f7:93:2f:10:e1:d6:ee:76:58:50:8c:ec:ca:e1:e7:77:
         66:0b:02:77:8f:c4:66:e6:2a:0d:08:b7:7a:66:43:bf:d2:e5:
         45:ab:fe:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJQkH5C9qMZlbY3sKPs0vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwMTAyMTc1MTQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTAxZjQwMjYzMDNkZjFiZDJiZDY3OTdkNTZkMjA4NzVmMDNkODk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxmM/+Iv7qHC+cm+umi6+hFFQiQzb
pSVNanIGexNa5/M9UxuxfwbMyrl/B3FgXlZUdSyYy6HwuxjchWwN1BgKi3yXjERw
rS6lhpSiHgdpjzd7gduQxUT/WuZGuKTuKZjNIbb0zgQRybCeKg0koNH0TgCa093Z
+Z+irR7qBosjalLcurh8SfCAsrbRyNwQTu9VpF5JK5SiCXRM/ap/WNeEeRxx9G3c
JztVXkyr1frVEFG59+VvW3FbfYba7XnQqnv+xLD6o1b0RcOw1kR/m2LxpzX+UrAX
MNO899vXgIyfPufKYFtddmcPt64VkxtVAvcYoTa25708kIjIUaSNmrbqzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDEB9AJjA98b0r1nl9VtIIdfA9iWMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvTVFIMEFtTUQzeHZTdldlWDFXMGdoMThEMkpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwHytMA0G
CSqGSIb3DQEBCwUAA4IBAQBXUa4UAkjM6gFPaBGDMJS9SiJ3B4/E8b/j+Z5u5gQF
LtuPWEHnBgiSC2PLfY7FvCYruT9TCzxIt+8EGLf5ibARb+ArhH0mwciAv8uW7Scd
3xZichyrhCpcohoAvhyJvuVxYB4g2c2aRm9qGqFUUimCZat0kcEmhaeGHKSfbsBW
tD1168pblcDpXED63f2kGNqhzMpMIfOCVlzOh9yw+fRaGIPu8uOfADjir2g5YNKN
SP+LnIj4Gz6GntU69lfNBMIump8cln/7lX6rZ/IgmCCHy8C7hdq5xtqQu/eTLxDh
1u52WFCM7Mrh53dmCwJ3j8Rm5ioNCLd6ZkO/0uVFq/6G
-----END CERTIFICATE-----