Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/4dc625-7c1c-4dac-899e-a9a779026f0a/1/qQnpsIyhfC_30_02N13kTh1MqLQ.roa
File:                     qQnpsIyhfC_30_02N13kTh1MqLQ.roa (raw, json)
Hash identifier:          MbMug/0ttDrSz8GeinJuhxQXXHeOISrtY8I3Yes9Trc=
Subject key identifier:   A9:09:E9:B0:8C:A1:7C:2F:F7:D3:FD:36:37:5D:E4:4E:1D:4C:A8:B4
Certificate issuer:       /CN=c3fb403a241883e58fced52d39d80eabd52bb36f
Certificate serial:       019425FDE299B6662721A54FDC8C9D8B12E9
Authority key identifier: C3:FB:40:3A:24:18:83:E5:8F:CE:D5:2D:39:D8:0E:AB:D5:2B:B3:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w_tAOiQYg-WPztUtOdgOq9Urs28.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/4dc625-7c1c-4dac-899e-a9a779026f0a/1/qQnpsIyhfC_30_02N13kTh1MqLQ.roa
Signing time:             Thu 02 Jan 2025 07:49:43 +0000
ROA not before:           Thu 02 Jan 2025 07:49:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50487
IP address blocks:        194.44.222.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/4dc625-7c1c-4dac-899e-a9a779026f0a/1/w_tAOiQYg-WPztUtOdgOq9Urs28.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/4dc625-7c1c-4dac-899e-a9a779026f0a/1/w_tAOiQYg-WPztUtOdgOq9Urs28.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w_tAOiQYg-WPztUtOdgOq9Urs28.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 04:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:e2:99:b6:66:27:21:a5:4f:dc:8c:9d:8b:12:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3fb403a241883e58fced52d39d80eabd52bb36f
        Validity
            Not Before: Jan  2 07:49:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a909e9b08ca17c2ff7d3fd36375de44e1d4ca8b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:45:33:20:9a:33:04:2f:b7:21:bb:a7:99:7d:
                    f5:5e:80:a5:ed:7b:76:8c:c3:bc:60:02:66:17:50:
                    d9:0e:1d:1d:35:7a:27:60:51:b2:b2:3c:c1:b6:f0:
                    ac:e9:00:64:f8:0a:7c:78:d9:fb:d4:a5:af:ae:84:
                    6d:2a:cf:b8:71:19:1d:8a:4f:a1:d6:92:08:90:a0:
                    ac:35:ab:cd:d2:68:0b:79:64:fc:f6:81:9d:27:8f:
                    36:87:da:52:f0:eb:1b:f4:d0:11:27:83:e3:14:e7:
                    4f:23:2c:13:67:0b:dd:e7:8c:58:8f:ed:00:8c:19:
                    25:8f:77:8e:dc:c5:c9:cd:0a:6a:96:cf:55:51:95:
                    bc:1b:87:60:65:64:99:12:0a:57:d1:3d:11:4b:e7:
                    f0:2f:23:fa:56:1e:3f:0e:ef:1f:a0:b1:5f:2a:a1:
                    5b:95:a0:50:eb:6e:85:b4:cb:66:63:da:a7:94:6d:
                    45:82:99:84:a5:94:53:0b:30:5d:b4:a9:ec:73:a2:
                    7a:93:90:0c:47:86:44:6c:ab:96:ec:b7:b0:44:a1:
                    78:ca:3d:54:fe:37:2b:3c:3d:3b:b7:cc:0c:0d:23:
                    ae:2e:f6:51:37:7b:8d:bb:ef:f0:e1:9d:1f:5e:f3:
                    47:16:57:8b:6e:95:31:4d:5a:34:7c:65:54:82:9a:
                    2c:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:09:E9:B0:8C:A1:7C:2F:F7:D3:FD:36:37:5D:E4:4E:1D:4C:A8:B4
            X509v3 Authority Key Identifier:
                keyid:C3:FB:40:3A:24:18:83:E5:8F:CE:D5:2D:39:D8:0E:AB:D5:2B:B3:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w_tAOiQYg-WPztUtOdgOq9Urs28.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/4dc625-7c1c-4dac-899e-a9a779026f0a/1/qQnpsIyhfC_30_02N13kTh1MqLQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/4dc625-7c1c-4dac-899e-a9a779026f0a/1/w_tAOiQYg-WPztUtOdgOq9Urs28.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.44.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:f0:05:94:34:01:1e:ca:87:bf:7a:17:3c:f1:a7:0d:e5:68:
         a4:18:e3:f4:6b:dd:69:da:ea:32:b7:2e:17:5d:90:b4:89:86:
         a2:ca:bc:38:a1:8e:41:b3:e2:b3:29:41:6f:49:41:43:1f:4d:
         2e:02:e0:55:25:6e:ab:9f:a3:9f:43:de:2a:85:21:6c:bf:b8:
         23:bb:95:4b:05:6f:02:71:f4:df:0f:53:b0:58:a8:74:e5:d2:
         a0:4a:01:c4:88:3a:f5:e6:b9:1b:4a:a4:32:29:7f:17:da:e5:
         3a:62:9d:95:a4:20:bd:cd:20:c2:10:82:4e:64:16:aa:d5:1e:
         7f:5a:bb:12:5e:29:4e:e6:f9:3e:f5:5c:15:3a:e0:33:bd:96:
         d6:a2:ad:38:b1:fb:c5:07:78:9c:7a:7e:48:3f:33:d0:fa:88:
         2e:04:5e:ed:40:7a:3d:9d:39:ca:47:c9:0c:e1:23:4a:d2:4f:
         3e:82:6e:95:8b:c9:06:4d:d7:68:33:fe:13:0d:d6:c6:09:33:
         09:93:b0:ab:2e:33:d6:b9:6b:08:15:69:e3:5c:e7:89:c7:72:
         af:96:44:96:07:79:a7:6b:c2:7c:4f:d5:60:52:53:d9:7e:5e:
         83:96:70:a0:2e:80:26:fa:0e:56:68:65:90:7a:38:f8:86:82:
         1c:74:e8:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/eKZtmYnIaVP3IydixLpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzZmI0MDNhMjQxODgzZTU4ZmNlZDUyZDM5ZDgwZWFiZDUy
YmIzNmYwHhcNMjUwMTAyMDc0OTQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTA5ZTliMDhjYTE3YzJmZjdkM2ZkMzYzNzVkZTQ0ZTFkNGNhOGI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtUUzIJozBC+3IbunmX31XoCl7Xt2
jMO8YAJmF1DZDh0dNXonYFGysjzBtvCs6QBk+Ap8eNn71KWvroRtKs+4cRkdik+h
1pIIkKCsNavN0mgLeWT89oGdJ482h9pS8Osb9NARJ4PjFOdPIywTZwvd54xYj+0A
jBklj3eO3MXJzQpqls9VUZW8G4dgZWSZEgpX0T0RS+fwLyP6Vh4/Du8foLFfKqFb
laBQ626FtMtmY9qnlG1FgpmEpZRTCzBdtKnsc6J6k5AMR4ZEbKuW7LewRKF4yj1U
/jcrPD07t8wMDSOuLvZRN3uNu+/w4Z0fXvNHFleLbpUxTVo0fGVUgposkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKkJ6bCMoXwv99P9Njdd5E4dTKi0MB8GA1UdIwQY
MBaAFMP7QDokGIPlj87VLTnYDqvVK7NvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd190QU9pUVlnLVdQenRVdE9kZ09xOVVyczI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC80ZGM2MjUtN2MxYy00ZGFjLTg5OWUt
YTlhNzc5MDI2ZjBhLzEvcVFucHNJeWhmQ18zMF8wMk4xM2tUaDFNcUxRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC80ZGM2MjUtN2MxYy00ZGFjLTg5OWUtYTlhNzc5MDI2ZjBh
LzEvd190QU9pUVlnLVdQenRVdE9kZ09xOVVyczI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwizeMA0G
CSqGSIb3DQEBCwUAA4IBAQCZ8AWUNAEeyoe/ehc88acN5WikGOP0a91p2uoyty4X
XZC0iYaiyrw4oY5Bs+KzKUFvSUFDH00uAuBVJW6rn6OfQ94qhSFsv7gju5VLBW8C
cfTfD1OwWKh05dKgSgHEiDr15rkbSqQyKX8X2uU6Yp2VpCC9zSDCEIJOZBaq1R5/
WrsSXilO5vk+9VwVOuAzvZbWoq04sfvFB3icen5IPzPQ+oguBF7tQHo9nTnKR8kM
4SNK0k8+gm6Vi8kGTddoM/4TDdbGCTMJk7CrLjPWuWsIFWnjXOeJx3KvlkSWB3mn
a8J8T9VgUlPZfl6DlnCgLoAm+g5WaGWQejj4hoIcdOib
-----END CERTIFICATE-----