Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/fbffbc-ab82-4058-b8b7-d0c82a3cf4b6/1/PqhLYK9y6l-hcls-AteZg7ZowWc.roa
File:                     PqhLYK9y6l-hcls-AteZg7ZowWc.roa (raw, json)
Hash identifier:          5kkmCBC611tewDVZOjvNR50HAAbuHCz11F3GzXw+Bh4=
Subject key identifier:   3E:A8:4B:60:AF:72:EA:5F:A1:72:5B:3E:02:D7:99:83:B6:68:C1:67
Certificate issuer:       /CN=d7219ec7383fa0610480ddfa62c3f82c400cd56f
Certificate serial:       0194C8051FAC06D0A46D39FEED8A8A425629
Authority key identifier: D7:21:9E:C7:38:3F:A0:61:04:80:DD:FA:62:C3:F8:2C:40:0C:D5:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1yGexzg_oGEEgN36YsP4LEAM1W8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/fbffbc-ab82-4058-b8b7-d0c82a3cf4b6/1/PqhLYK9y6l-hcls-AteZg7ZowWc.roa
Signing time:             Sun 02 Feb 2025 18:56:06 +0000
ROA not before:           Sun 02 Feb 2025 18:56:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61317
IP address blocks:        185.103.4.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/fbffbc-ab82-4058-b8b7-d0c82a3cf4b6/1/1yGexzg_oGEEgN36YsP4LEAM1W8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/fbffbc-ab82-4058-b8b7-d0c82a3cf4b6/1/1yGexzg_oGEEgN36YsP4LEAM1W8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1yGexzg_oGEEgN36YsP4LEAM1W8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:c8:05:1f:ac:06:d0:a4:6d:39:fe:ed:8a:8a:42:56:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d7219ec7383fa0610480ddfa62c3f82c400cd56f
        Validity
            Not Before: Feb  2 18:56:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3ea84b60af72ea5fa1725b3e02d79983b668c167
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:b6:d2:64:88:66:0d:3a:a8:f4:f4:32:f7:47:
                    b7:9b:a1:40:95:28:ac:e0:2e:2f:8f:93:b9:34:e5:
                    ff:a7:5a:99:1b:24:1e:ad:c7:5e:86:a8:3d:ec:fb:
                    f9:85:46:06:46:49:2c:e3:ba:29:38:c7:a1:68:5d:
                    95:de:9c:59:ab:89:bb:dc:a7:e5:cb:96:ab:bd:52:
                    a2:5d:75:a9:e3:57:48:e8:02:a6:6e:b1:dc:d5:bd:
                    cc:3d:38:a9:a3:87:27:d3:cc:6b:fb:7f:24:3b:ed:
                    86:65:77:55:ea:95:8e:e5:1d:71:d1:e4:79:e9:5b:
                    d7:ad:86:14:84:ac:93:3a:b2:a4:15:30:6c:92:64:
                    a3:4b:00:ad:bb:10:ed:ec:0a:f7:9a:7f:90:ce:36:
                    c9:1e:d1:77:00:fc:60:30:a6:14:ea:5d:97:95:fa:
                    66:b5:6a:15:d0:5e:6d:1f:06:0e:5d:95:0e:28:5a:
                    d1:57:88:38:8a:aa:c8:16:fb:8a:ee:1e:97:8c:5d:
                    0b:59:9b:bb:3d:19:dd:6c:20:17:50:04:b7:7f:78:
                    26:98:4e:0a:14:e3:7b:d1:d9:bb:d6:ba:86:f5:cc:
                    9a:21:f8:7f:04:79:06:97:9d:58:96:95:b9:f6:26:
                    66:2e:66:49:00:cc:f4:6f:f4:eb:52:16:85:4b:5b:
                    d0:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:A8:4B:60:AF:72:EA:5F:A1:72:5B:3E:02:D7:99:83:B6:68:C1:67
            X509v3 Authority Key Identifier:
                keyid:D7:21:9E:C7:38:3F:A0:61:04:80:DD:FA:62:C3:F8:2C:40:0C:D5:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1yGexzg_oGEEgN36YsP4LEAM1W8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/fbffbc-ab82-4058-b8b7-d0c82a3cf4b6/1/PqhLYK9y6l-hcls-AteZg7ZowWc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/fbffbc-ab82-4058-b8b7-d0c82a3cf4b6/1/1yGexzg_oGEEgN36YsP4LEAM1W8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.103.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b7:32:f6:97:98:b6:45:ec:0c:be:33:46:af:03:26:bb:f2:4a:
         ba:bd:a7:52:7e:01:02:bd:23:09:fe:3e:83:09:35:dd:2d:99:
         62:60:43:05:0b:7d:46:8a:7c:f6:82:2f:b3:72:69:8b:b4:1d:
         33:f2:12:fc:2f:0b:bb:a8:63:69:2e:94:c2:68:57:01:a5:4a:
         5a:4f:f8:90:d2:4c:d8:65:c6:35:23:30:56:9b:dd:d3:a0:3d:
         44:6c:ea:44:7f:ad:2a:b5:33:c6:a5:26:17:74:2b:08:2b:77:
         60:2e:5b:6a:41:a4:29:1f:3b:b5:34:2b:d4:70:ab:91:74:56:
         8e:8f:74:30:c7:1a:b3:07:d3:2a:1e:ea:ba:65:62:a7:c0:f1:
         51:18:f5:c5:da:72:9f:9d:b6:1e:76:36:1a:55:5b:bf:11:c4:
         df:41:a1:69:cd:9d:14:f8:dd:7a:55:92:b2:83:2d:34:23:1c:
         a7:dc:61:0e:10:f5:74:05:2c:23:5a:b8:58:da:51:b4:13:ab:
         53:0e:6c:95:21:dd:7b:42:3b:44:ef:e0:79:8a:07:59:ee:67:
         fc:78:c7:fd:4f:2c:44:be:e0:85:cc:36:27:a1:f3:f4:a0:a0:
         cd:d7:be:c4:43:a5:42:2c:09:ba:63:21:18:a5:6b:99:7e:78:
         f7:a3:96:9f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZTIBR+sBtCkbTn+7YqKQlYpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3MjE5ZWM3MzgzZmEwNjEwNDgwZGRmYTYyYzNmODJjNDAw
Y2Q1NmYwHhcNMjUwMjAyMTg1NjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWE4NGI2MGFmNzJlYTVmYTE3MjViM2UwMmQ3OTk4M2I2NjhjMTY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwrbSZIhmDTqo9PQy90e3m6FAlSis
4C4vj5O5NOX/p1qZGyQercdehqg97Pv5hUYGRkks47opOMehaF2V3pxZq4m73Kfl
y5arvVKiXXWp41dI6AKmbrHc1b3MPTipo4cn08xr+38kO+2GZXdV6pWO5R1x0eR5
6VvXrYYUhKyTOrKkFTBskmSjSwCtuxDt7Ar3mn+QzjbJHtF3APxgMKYU6l2Xlfpm
tWoV0F5tHwYOXZUOKFrRV4g4iqrIFvuK7h6XjF0LWZu7PRndbCAXUAS3f3gmmE4K
FON70dm71rqG9cyaIfh/BHkGl51YlpW59iZmLmZJAMz0b/TrUhaFS1vQ6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD6oS2CvcupfoXJbPgLXmYO2aMFnMB8GA1UdIwQY
MBaAFNchnsc4P6BhBIDd+mLD+CxADNVvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXlHZXh6Z19vR0VFZ04zNllzUDRMRUFNMVc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9mYmZmYmMtYWI4Mi00MDU4LWI4Yjct
ZDBjODJhM2NmNGI2LzEvUHFoTFlLOXk2bC1oY2xzLUF0ZVpnN1pvd1djLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9mYmZmYmMtYWI4Mi00MDU4LWI4YjctZDBjODJhM2NmNGI2
LzEvMXlHZXh6Z19vR0VFZ04zNllzUDRMRUFNMVc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuWcEMA0G
CSqGSIb3DQEBCwUAA4IBAQC3MvaXmLZF7Ay+M0avAya78kq6vadSfgECvSMJ/j6D
CTXdLZliYEMFC31Ginz2gi+zcmmLtB0z8hL8Lwu7qGNpLpTCaFcBpUpaT/iQ0kzY
ZcY1IzBWm93ToD1EbOpEf60qtTPGpSYXdCsIK3dgLltqQaQpHzu1NCvUcKuRdFaO
j3QwxxqzB9MqHuq6ZWKnwPFRGPXF2nKfnbYedjYaVVu/EcTfQaFpzZ0U+N16VZKy
gy00Ixyn3GEOEPV0BSwjWrhY2lG0E6tTDmyVId17QjtE7+B5igdZ7mf8eMf9TyxE
vuCFzDYnofP0oKDN177EQ6VCLAm6YyEYpWuZfnj3o5af
-----END CERTIFICATE-----