Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/a1cd9c-c31e-4abf-b089-9e792b6f235d/1/fqj1j_FDhTxK5wCrypWCi5_Wlwc.roa
File:                     fqj1j_FDhTxK5wCrypWCi5_Wlwc.roa (raw, json)
Hash identifier:          /ZrSpI+gwPBK/gmIVmYYxFTakYRnjJvL4Gztj8QVd0c=
Subject key identifier:   7E:A8:F5:8F:F1:43:85:3C:4A:E7:00:AB:CA:95:82:8B:9F:D6:97:07
Certificate issuer:       /CN=cf8975746cbf1ff75ddec6cdb80acc85218184ce
Certificate serial:       0194221F8C5B8099EA07793783DC6AF3D6A6
Authority key identifier: CF:89:75:74:6C:BF:1F:F7:5D:DE:C6:CD:B8:0A:CC:85:21:81:84:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z4l1dGy_H_dd3sbNuArMhSGBhM4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/a1cd9c-c31e-4abf-b089-9e792b6f235d/1/fqj1j_FDhTxK5wCrypWCi5_Wlwc.roa
Signing time:             Wed 01 Jan 2025 13:48:00 +0000
ROA not before:           Wed 01 Jan 2025 13:48:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15943
IP address blocks:        194.55.144.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/a1cd9c-c31e-4abf-b089-9e792b6f235d/1/z4l1dGy_H_dd3sbNuArMhSGBhM4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/a1cd9c-c31e-4abf-b089-9e792b6f235d/1/z4l1dGy_H_dd3sbNuArMhSGBhM4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z4l1dGy_H_dd3sbNuArMhSGBhM4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:8c:5b:80:99:ea:07:79:37:83:dc:6a:f3:d6:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf8975746cbf1ff75ddec6cdb80acc85218184ce
        Validity
            Not Before: Jan  1 13:48:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7ea8f58ff143853c4ae700abca95828b9fd69707
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:11:61:ea:1d:b5:76:08:4e:41:1f:ab:ea:9b:
                    22:50:88:eb:19:e0:50:87:16:75:a0:a4:74:59:09:
                    e2:78:78:41:c2:b1:37:ef:01:6d:9d:26:f3:de:5e:
                    6b:89:14:b2:2c:0c:96:c5:35:b7:d3:80:dd:24:7d:
                    ac:26:12:91:45:92:41:42:85:dd:0f:f2:b0:73:75:
                    7c:8d:49:ec:19:9b:ee:07:ee:25:30:82:0c:28:82:
                    bc:d3:a8:83:a5:33:23:c9:22:bd:31:c2:7a:51:5f:
                    98:c5:29:28:c1:34:99:2a:46:27:a3:02:34:1f:ed:
                    6f:ec:e1:3d:8a:75:a1:b4:55:80:51:5a:4c:a9:4a:
                    82:25:aa:90:b5:cf:05:02:d1:43:79:bc:5c:7c:86:
                    bf:bd:4f:eb:f5:43:7b:84:e3:ea:27:55:8f:d5:a8:
                    22:af:68:f1:72:bf:1c:05:a7:f1:82:bd:20:38:2e:
                    55:bb:4c:83:8e:21:0f:7e:3b:10:98:e6:35:58:5c:
                    2a:92:69:cf:04:86:b5:d2:34:16:16:03:4c:f1:13:
                    09:f2:7a:13:e4:83:8b:5a:8e:1e:fd:8d:ef:ed:86:
                    26:1e:73:d2:61:1e:39:cb:d5:bc:00:54:be:82:ab:
                    dc:2d:cb:b4:0d:84:fe:0f:e7:cd:94:0c:12:e8:1c:
                    fe:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:A8:F5:8F:F1:43:85:3C:4A:E7:00:AB:CA:95:82:8B:9F:D6:97:07
            X509v3 Authority Key Identifier:
                keyid:CF:89:75:74:6C:BF:1F:F7:5D:DE:C6:CD:B8:0A:CC:85:21:81:84:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z4l1dGy_H_dd3sbNuArMhSGBhM4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/a1cd9c-c31e-4abf-b089-9e792b6f235d/1/fqj1j_FDhTxK5wCrypWCi5_Wlwc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/a1cd9c-c31e-4abf-b089-9e792b6f235d/1/z4l1dGy_H_dd3sbNuArMhSGBhM4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.55.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8e:ea:8f:0a:a0:3b:50:08:5d:46:d0:38:7b:32:38:c1:22:44:
         44:5e:5d:c7:df:16:f3:da:72:f3:ec:35:58:d1:da:cd:1a:59:
         7c:a1:e9:9b:c3:5a:37:9e:e2:0f:4e:3f:3e:06:6d:92:4d:8a:
         99:b1:6d:ff:26:2e:5b:2e:02:2a:e3:78:14:99:8d:24:f6:cc:
         5e:a0:e5:e3:22:d1:95:6e:68:33:cd:cb:e7:a4:4a:a2:f4:8a:
         79:8b:55:5a:fa:67:a2:ee:7b:cb:ee:3f:88:a0:c9:2f:ac:0e:
         1c:8b:93:b0:6f:4f:7a:18:65:46:d9:81:49:91:d5:05:83:b0:
         b9:52:12:6f:e1:54:3c:18:37:ab:c7:60:30:5b:ae:e2:61:57:
         50:79:c0:d1:24:8b:da:94:f5:70:4f:b4:62:4a:36:c4:09:54:
         3b:12:ce:7c:e7:5a:a6:ea:96:08:4d:24:ec:bc:90:4e:fa:08:
         b0:ef:7b:f0:ef:14:e0:4a:5f:65:46:35:40:c0:d6:cf:b6:8d:
         e7:7a:f0:41:a5:c0:30:92:b2:e5:57:93:a1:f9:42:da:31:d5:
         a5:d8:32:6d:9e:8d:c0:b9:53:fb:00:d1:36:27:36:1f:3f:8a:
         71:e9:c7:d6:90:ff:db:5c:0c:5e:5e:0f:ee:87:39:9c:f2:c2:
         44:b7:62:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH4xbgJnqB3k3g9xq89amMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmODk3NTc0NmNiZjFmZjc1ZGRlYzZjZGI4MGFjYzg1MjE4
MTg0Y2UwHhcNMjUwMTAxMTM0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZWE4ZjU4ZmYxNDM4NTNjNGFlNzAwYWJjYTk1ODI4YjlmZDY5NzA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyBFh6h21dghOQR+r6psiUIjrGeBQ
hxZ1oKR0WQnieHhBwrE37wFtnSbz3l5riRSyLAyWxTW304DdJH2sJhKRRZJBQoXd
D/Kwc3V8jUnsGZvuB+4lMIIMKIK806iDpTMjySK9McJ6UV+YxSkowTSZKkYnowI0
H+1v7OE9inWhtFWAUVpMqUqCJaqQtc8FAtFDebxcfIa/vU/r9UN7hOPqJ1WP1agi
r2jxcr8cBafxgr0gOC5Vu0yDjiEPfjsQmOY1WFwqkmnPBIa10jQWFgNM8RMJ8noT
5IOLWo4e/Y3v7YYmHnPSYR45y9W8AFS+gqvcLcu0DYT+D+fNlAwS6Bz+CwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH6o9Y/xQ4U8SucAq8qVgouf1pcHMB8GA1UdIwQY
MBaAFM+JdXRsvx/3Xd7GzbgKzIUhgYTOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejRsMWRHeV9IX2RkM3NiTnVBck1oU0dCaE00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS9hMWNkOWMtYzMxZS00YWJmLWIwODkt
OWU3OTJiNmYyMzVkLzEvZnFqMWpfRkRoVHhLNXdDcnlwV0NpNV9XbHdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS9hMWNkOWMtYzMxZS00YWJmLWIwODktOWU3OTJiNmYyMzVk
LzEvejRsMWRHeV9IX2RkM3NiTnVBck1oU0dCaE00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwjeQMA0G
CSqGSIb3DQEBCwUAA4IBAQCO6o8KoDtQCF1G0Dh7MjjBIkREXl3H3xbz2nLz7DVY
0drNGll8oembw1o3nuIPTj8+Bm2STYqZsW3/Ji5bLgIq43gUmY0k9sxeoOXjItGV
bmgzzcvnpEqi9Ip5i1Va+mei7nvL7j+IoMkvrA4ci5Owb096GGVG2YFJkdUFg7C5
UhJv4VQ8GDerx2AwW67iYVdQecDRJIvalPVwT7RiSjbECVQ7Es5851qm6pYITSTs
vJBO+giw73vw7xTgSl9lRjVAwNbPto3nevBBpcAwkrLlV5Oh+ULaMdWl2DJtno3A
uVP7ANE2JzYfP4px6cfWkP/bXAxeXg/uhzmc8sJEt2Kb
-----END CERTIFICATE-----