Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/fbffbc-ab82-4058-b8b7-d0c82a3cf4b6/1/QecKb_80mIAAxxtjr9nCEvB6HF0.roa
File:                     QecKb_80mIAAxxtjr9nCEvB6HF0.roa (raw, json)
Hash identifier:          jhMDZBJq90fFjxjE7Y5j5TgVPh9pkkoV7GaQo4Rk7a8=
Subject key identifier:   41:E7:0A:6F:FF:34:98:80:00:C7:1B:63:AF:D9:C2:12:F0:7A:1C:5D
Certificate issuer:       /CN=d7219ec7383fa0610480ddfa62c3f82c400cd56f
Certificate serial:       0194228E31D4529ECB5B9EEA588EC577DA83
Authority key identifier: D7:21:9E:C7:38:3F:A0:61:04:80:DD:FA:62:C3:F8:2C:40:0C:D5:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1yGexzg_oGEEgN36YsP4LEAM1W8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/fbffbc-ab82-4058-b8b7-d0c82a3cf4b6/1/QecKb_80mIAAxxtjr9nCEvB6HF0.roa
Signing time:             Wed 01 Jan 2025 15:48:51 +0000
ROA not before:           Wed 01 Jan 2025 15:48:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41000
IP address blocks:        37.61.237.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/fbffbc-ab82-4058-b8b7-d0c82a3cf4b6/1/1yGexzg_oGEEgN36YsP4LEAM1W8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/fbffbc-ab82-4058-b8b7-d0c82a3cf4b6/1/1yGexzg_oGEEgN36YsP4LEAM1W8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1yGexzg_oGEEgN36YsP4LEAM1W8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 13:43:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:31:d4:52:9e:cb:5b:9e:ea:58:8e:c5:77:da:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d7219ec7383fa0610480ddfa62c3f82c400cd56f
        Validity
            Not Before: Jan  1 15:48:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=41e70a6fff34988000c71b63afd9c212f07a1c5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:0a:13:8c:bf:b7:88:41:0e:9a:d3:3b:9e:48:
                    b5:11:5d:86:16:33:72:df:dc:06:84:8c:24:3b:ec:
                    96:43:e0:1b:cf:ed:c7:82:4c:6a:85:e1:52:54:56:
                    5f:b7:48:80:1d:76:51:3b:48:b0:09:e2:1d:b5:a7:
                    a7:42:07:99:e1:64:24:83:a2:3b:20:dd:de:11:46:
                    5f:ef:d4:ae:5c:f2:00:28:80:98:f8:f3:d7:7e:6e:
                    33:c2:14:97:c0:42:ee:b9:35:a0:20:44:96:74:f5:
                    f7:5a:c3:52:39:80:a0:a4:51:c9:c7:8d:22:da:c0:
                    9d:f2:72:c3:a1:73:73:b8:8c:97:90:b6:99:ab:dd:
                    06:0f:7a:8d:9b:2e:52:e2:9d:68:fc:33:3f:33:c8:
                    6e:25:f4:36:4d:86:9c:bb:38:96:e6:ac:ba:35:59:
                    60:8e:19:ce:00:bf:d6:d8:cf:a9:41:bf:45:4b:8a:
                    93:e5:76:57:85:22:16:75:10:41:3d:76:5c:11:d1:
                    43:4a:d7:e3:25:67:6e:4d:b2:b6:0b:9f:57:b8:c6:
                    70:84:b7:12:5b:db:09:5f:10:08:85:96:2c:7a:a6:
                    71:22:6e:59:d1:ce:45:93:cc:cc:96:c9:b1:1d:55:
                    e4:92:14:cc:ad:d6:f0:c7:ce:c2:d7:d0:6d:14:51:
                    0f:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:E7:0A:6F:FF:34:98:80:00:C7:1B:63:AF:D9:C2:12:F0:7A:1C:5D
            X509v3 Authority Key Identifier:
                keyid:D7:21:9E:C7:38:3F:A0:61:04:80:DD:FA:62:C3:F8:2C:40:0C:D5:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1yGexzg_oGEEgN36YsP4LEAM1W8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/fbffbc-ab82-4058-b8b7-d0c82a3cf4b6/1/QecKb_80mIAAxxtjr9nCEvB6HF0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/fbffbc-ab82-4058-b8b7-d0c82a3cf4b6/1/1yGexzg_oGEEgN36YsP4LEAM1W8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.61.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:87:d6:c7:79:9e:f2:f5:90:6c:ea:3d:d1:86:f6:c4:01:df:
         3c:6e:fb:68:1b:7e:2a:56:2a:24:45:20:ee:82:15:04:b5:5f:
         66:65:35:cf:93:ad:56:e1:c8:22:8e:31:51:c5:61:84:d3:d0:
         d4:1f:12:37:fe:4e:84:c9:ea:10:ce:bb:31:32:5d:a7:e2:39:
         99:85:5e:54:22:d2:7a:25:a1:d3:a7:47:c0:2e:b7:f9:ea:62:
         b1:fa:20:aa:c4:1e:59:15:76:44:d2:ee:b1:9d:91:a7:60:2e:
         2a:a1:72:5b:5b:81:20:b6:b7:78:b4:32:e3:d7:b5:32:6d:cc:
         2a:dc:f3:f7:46:f9:59:03:48:61:9b:53:32:03:25:5b:2f:99:
         52:93:50:8f:30:b7:24:2b:59:e7:c3:fc:45:ef:e2:e1:b9:ff:
         43:40:88:2f:35:1a:08:28:21:62:7f:0f:2b:31:82:6c:5a:83:
         e3:5e:1a:3e:df:cf:18:76:83:5a:91:eb:3a:1b:a8:1c:52:c3:
         2d:14:fc:63:11:4a:c8:c0:f9:ee:07:ba:44:a8:9e:8a:6e:7a:
         08:c1:64:af:7f:ad:68:e7:18:b1:99:0b:50:99:3e:33:e9:5f:
         db:e6:4b:cf:2e:2d:44:62:8f:27:87:2d:a3:ef:64:4f:fd:04:
         61:86:e0:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijjHUUp7LW57qWI7Fd9qDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3MjE5ZWM3MzgzZmEwNjEwNDgwZGRmYTYyYzNmODJjNDAw
Y2Q1NmYwHhcNMjUwMTAxMTU0ODUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWU3MGE2ZmZmMzQ5ODgwMDBjNzFiNjNhZmQ5YzIxMmYwN2ExYzVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqgoTjL+3iEEOmtM7nki1EV2GFjNy
39wGhIwkO+yWQ+Abz+3HgkxqheFSVFZft0iAHXZRO0iwCeIdtaenQgeZ4WQkg6I7
IN3eEUZf79SuXPIAKICY+PPXfm4zwhSXwELuuTWgIESWdPX3WsNSOYCgpFHJx40i
2sCd8nLDoXNzuIyXkLaZq90GD3qNmy5S4p1o/DM/M8huJfQ2TYacuziW5qy6NVlg
jhnOAL/W2M+pQb9FS4qT5XZXhSIWdRBBPXZcEdFDStfjJWduTbK2C59XuMZwhLcS
W9sJXxAIhZYseqZxIm5Z0c5Fk8zMlsmxHVXkkhTMrdbwx87C19BtFFEP9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEHnCm//NJiAAMcbY6/ZwhLwehxdMB8GA1UdIwQY
MBaAFNchnsc4P6BhBIDd+mLD+CxADNVvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXlHZXh6Z19vR0VFZ04zNllzUDRMRUFNMVc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9mYmZmYmMtYWI4Mi00MDU4LWI4Yjct
ZDBjODJhM2NmNGI2LzEvUWVjS2JfODBtSUFBeHh0anI5bkNFdkI2SEYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9mYmZmYmMtYWI4Mi00MDU4LWI4YjctZDBjODJhM2NmNGI2
LzEvMXlHZXh6Z19vR0VFZ04zNllzUDRMRUFNMVc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJT3tMA0G
CSqGSIb3DQEBCwUAA4IBAQAih9bHeZ7y9ZBs6j3RhvbEAd88bvtoG34qViokRSDu
ghUEtV9mZTXPk61W4cgijjFRxWGE09DUHxI3/k6EyeoQzrsxMl2n4jmZhV5UItJ6
JaHTp0fALrf56mKx+iCqxB5ZFXZE0u6xnZGnYC4qoXJbW4Egtrd4tDLj17Uybcwq
3PP3RvlZA0hhm1MyAyVbL5lSk1CPMLckK1nnw/xF7+Lhuf9DQIgvNRoIKCFifw8r
MYJsWoPjXho+388YdoNakes6G6gcUsMtFPxjEUrIwPnuB7pEqJ6KbnoIwWSvf61o
5xixmQtQmT4z6V/b5kvPLi1EYo8nhy2j72RP/QRhhuDs
-----END CERTIFICATE-----