Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/qCiEr-4OsxOGeR7Gn9aGoJR9Hoo.roa
File:                     qCiEr-4OsxOGeR7Gn9aGoJR9Hoo.roa (raw, json)
Hash identifier:          LltVSaFwyI2PbfS+p/oZLfHhHfCxRFgZQ6khOOqvZXM=
Subject key identifier:   A8:28:84:AF:EE:0E:B3:13:86:79:1E:C6:9F:D6:86:A0:94:7D:1E:8A
Certificate issuer:       /CN=eea02b197dbaf7deb74e0a27d9d4ecd3fae1e8ed
Certificate serial:       01926C91DEE7A43FD0BAC36475BD120ACD43
Authority key identifier: EE:A0:2B:19:7D:BA:F7:DE:B7:4E:0A:27:D9:D4:EC:D3:FA:E1:E8:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7qArGX269963Tgon2dTs0_rh6O0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/qCiEr-4OsxOGeR7Gn9aGoJR9Hoo.roa
Signing time:             Tue 08 Oct 2024 14:39:11 +0000
ROA not before:           Tue 08 Oct 2024 14:39:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6205
IP address blocks:        104.247.191.0/24 maxlen: 24
                          185.73.128.0/24 maxlen: 24
                          185.73.131.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/7qArGX269963Tgon2dTs0_rh6O0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/7qArGX269963Tgon2dTs0_rh6O0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7qArGX269963Tgon2dTs0_rh6O0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:6c:91:de:e7:a4:3f:d0:ba:c3:64:75:bd:12:0a:cd:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eea02b197dbaf7deb74e0a27d9d4ecd3fae1e8ed
        Validity
            Not Before: Oct  8 14:39:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a82884afee0eb31386791ec69fd686a0947d1e8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:ef:af:1a:93:8b:4c:1c:3d:14:61:34:5b:02:
                    51:f7:c0:af:49:ea:13:79:3b:60:17:09:18:1a:a9:
                    de:81:f7:16:83:33:22:5b:7a:79:64:32:e7:06:8c:
                    9d:74:ce:20:f5:38:d1:2a:4a:ea:36:bb:37:fd:6a:
                    1f:c5:6a:a2:04:ad:5d:94:65:65:65:08:d1:55:eb:
                    77:22:cd:46:99:4c:cd:a5:9c:8c:2e:13:c6:48:6e:
                    17:95:58:ab:3a:8d:53:ed:78:82:d9:d8:6f:9f:80:
                    76:32:ca:8c:7e:55:03:d4:aa:9f:77:82:60:d2:04:
                    ab:a6:e2:47:65:dc:0a:7d:d3:95:94:3c:d4:a2:4e:
                    43:d2:bc:e1:7b:17:3d:32:fa:ce:a2:bc:d9:a5:aa:
                    09:d2:1c:42:64:99:c9:c6:f7:51:93:46:a7:36:a7:
                    3c:8f:15:6b:d9:1b:9f:5c:d7:ee:6c:03:97:30:c9:
                    c3:db:c1:33:24:83:76:c3:d0:b8:69:71:29:40:65:
                    c6:34:ce:55:4e:8e:34:1e:fc:9f:67:2c:d7:77:b0:
                    8e:51:f2:c5:61:8d:95:3d:50:31:02:e4:8b:7d:14:
                    d3:83:cd:f3:07:4c:ff:9a:05:ae:9c:f4:9d:d6:c5:
                    dc:5a:57:d3:30:57:f8:e7:d8:3d:e8:7b:45:06:0f:
                    02:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:28:84:AF:EE:0E:B3:13:86:79:1E:C6:9F:D6:86:A0:94:7D:1E:8A
            X509v3 Authority Key Identifier:
                keyid:EE:A0:2B:19:7D:BA:F7:DE:B7:4E:0A:27:D9:D4:EC:D3:FA:E1:E8:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7qArGX269963Tgon2dTs0_rh6O0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/qCiEr-4OsxOGeR7Gn9aGoJR9Hoo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/7qArGX269963Tgon2dTs0_rh6O0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.247.191.0/24
                  185.73.128.0/24
                  185.73.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:8c:45:1b:74:82:e5:2b:f9:cc:c3:2c:67:9d:98:72:9d:12:
         ae:3e:19:95:8e:f5:a1:db:5b:fb:bb:65:61:fe:3d:20:d7:fb:
         b8:ff:1c:65:11:cb:9c:05:1d:78:2e:fa:63:4e:3d:aa:c1:15:
         21:e1:7e:62:d6:fd:c6:bc:85:d3:22:2d:85:21:6e:9f:64:81:
         65:e6:54:32:b4:df:f2:c6:3c:53:69:48:ac:e4:c3:40:cd:3f:
         99:fd:cf:fb:79:8a:69:3e:f8:1d:1f:f1:35:2d:93:60:ed:f9:
         1e:f8:96:65:3b:5c:6e:12:e0:30:32:bf:7c:b4:34:4e:33:a4:
         a9:03:eb:45:88:94:af:74:95:23:73:dd:82:61:07:6b:d3:6a:
         85:8f:65:ce:b0:29:a3:d9:0a:e7:31:53:cf:64:52:9c:35:21:
         cd:7c:7f:96:f7:56:9e:7f:c6:01:9b:ee:09:21:c9:c4:4c:88:
         7e:15:fc:dc:68:12:33:96:f4:1c:0e:77:2e:f5:ca:94:ae:6f:
         3d:ab:c8:c5:34:d9:7f:19:e2:78:73:a7:b8:10:2e:7e:cd:c7:
         5d:cd:c0:fe:aa:07:23:a6:d8:e6:d0:bd:e4:fb:b0:72:ae:5b:
         1e:0c:08:6f:ae:22:7a:44:e5:44:37:2f:3f:09:e8:6f:18:23:
         0c:85:4d:4b
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZJskd7npD/QusNkdb0SCs1DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYTAyYjE5N2RiYWY3ZGViNzRlMGEyN2Q5ZDRlY2QzZmFl
MWU4ZWQwHhcNMjQxMDA4MTQzOTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODI4ODRhZmVlMGViMzEzODY3OTFlYzY5ZmQ2ODZhMDk0N2QxZThhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAke+vGpOLTBw9FGE0WwJR98CvSeoT
eTtgFwkYGqnegfcWgzMiW3p5ZDLnBoyddM4g9TjRKkrqNrs3/WofxWqiBK1dlGVl
ZQjRVet3Is1GmUzNpZyMLhPGSG4XlVirOo1T7XiC2dhvn4B2MsqMflUD1Kqfd4Jg
0gSrpuJHZdwKfdOVlDzUok5D0rzhexc9MvrOorzZpaoJ0hxCZJnJxvdRk0anNqc8
jxVr2RufXNfubAOXMMnD28EzJIN2w9C4aXEpQGXGNM5VTo40HvyfZyzXd7COUfLF
YY2VPVAxAuSLfRTTg83zB0z/mgWunPSd1sXcWlfTMFf459g96HtFBg8C4QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFKgohK/uDrMThnkexp/WhqCUfR6KMB8GA1UdIwQY
MBaAFO6gKxl9uvfet04KJ9nU7NP64ejtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3FBckdYMjY5OTYzVGdvbjJkVHMwX3JoNk8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS85NzFiMTEtMjgwZS00Y2VkLWI5OWMt
YmJjY2FiOTEzYjVkLzEvcUNpRXItNE9zeE9HZVI3R245YUdvSlI5SG9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS85NzFiMTEtMjgwZS00Y2VkLWI5OWMtYmJjY2FiOTEzYjVk
LzEvN3FBckdYMjY5OTYzVGdvbjJkVHMwX3JoNk8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAaPe/AwQA
uUmAAwQAuUmDMA0GCSqGSIb3DQEBCwUAA4IBAQCNjEUbdILlK/nMwyxnnZhynRKu
PhmVjvWh21v7u2Vh/j0g1/u4/xxlEcucBR14LvpjTj2qwRUh4X5i1v3GvIXTIi2F
IW6fZIFl5lQytN/yxjxTaUis5MNAzT+Z/c/7eYppPvgdH/E1LZNg7fke+JZlO1xu
EuAwMr98tDROM6SpA+tFiJSvdJUjc92CYQdr02qFj2XOsCmj2QrnMVPPZFKcNSHN
fH+W91aef8YBm+4JIcnETIh+FfzcaBIzlvQcDncu9cqUrm89q8jFNNl/GeJ4c6e4
EC5+zcddzcD+qgcjptjm0L3k+7ByrlseDAhvriJ6ROVENy8/CehvGCMMhU1L
-----END CERTIFICATE-----