Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/42a166-8a86-48da-bb96-79fd5023de36/1/qARNDLbWZGpXclqzpXtzfvYP72c.roa
File:                     qARNDLbWZGpXclqzpXtzfvYP72c.roa (raw, json)
Hash identifier:          yeRNjTwXDaIWE/tdw8m2d67pmit4bLUSMZLje7zj8IA=
Subject key identifier:   A8:04:4D:0C:B6:D6:64:6A:57:72:5A:B3:A5:7B:73:7E:F6:0F:EF:67
Certificate issuer:       /CN=da1b9fe8f1a33917fee7e4dbe9fab925eb8625a9
Certificate serial:       0194228D6D01E42DDE22CBF4143DABAE95C8
Authority key identifier: DA:1B:9F:E8:F1:A3:39:17:FE:E7:E4:DB:E9:FA:B9:25:EB:86:25:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2huf6PGjORf-5-Tb6fq5JeuGJak.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/42a166-8a86-48da-bb96-79fd5023de36/1/qARNDLbWZGpXclqzpXtzfvYP72c.roa
Signing time:             Wed 01 Jan 2025 15:48:01 +0000
ROA not before:           Wed 01 Jan 2025 15:48:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60392
IP address blocks:        91.211.86.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/42a166-8a86-48da-bb96-79fd5023de36/1/2huf6PGjORf-5-Tb6fq5JeuGJak.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/42a166-8a86-48da-bb96-79fd5023de36/1/2huf6PGjORf-5-Tb6fq5JeuGJak.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2huf6PGjORf-5-Tb6fq5JeuGJak.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 03:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:6d:01:e4:2d:de:22:cb:f4:14:3d:ab:ae:95:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da1b9fe8f1a33917fee7e4dbe9fab925eb8625a9
        Validity
            Not Before: Jan  1 15:48:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a8044d0cb6d6646a57725ab3a57b737ef60fef67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:46:8a:92:da:4a:ed:86:f7:e4:11:18:4e:1e:
                    85:8b:f9:ef:db:38:7c:e4:b0:38:5c:3c:b4:91:db:
                    ab:94:6a:da:10:bc:5a:c2:b7:21:70:7b:47:d6:2d:
                    78:49:55:3e:67:85:1a:dc:8c:ec:7c:32:c6:86:56:
                    02:ff:6a:ce:9f:c4:a5:ca:85:ed:68:57:63:e8:6b:
                    30:97:b2:ba:f2:36:c4:f2:cb:84:94:db:2a:fa:64:
                    98:5c:e8:d7:f1:bd:dd:4e:03:4d:f9:0a:d2:b4:f2:
                    f1:35:4c:01:6d:11:53:e1:df:e0:be:4f:90:2a:33:
                    f4:aa:af:fc:0b:8a:89:92:43:4e:59:f6:e3:c8:25:
                    04:54:7b:24:6d:3c:a2:0e:0a:c1:b0:c8:4e:12:61:
                    6b:e1:7b:66:ac:8f:dc:32:a5:a1:fa:86:e0:f5:7c:
                    b6:47:29:25:8e:0f:c8:10:45:21:9a:ff:d4:83:45:
                    a3:5c:ee:91:8a:0e:d9:67:a5:95:40:f4:e6:be:87:
                    a1:3f:ec:15:c0:ff:70:ba:d7:7b:69:9d:8b:ea:74:
                    a4:cd:a3:b0:66:af:20:ee:81:8d:9e:21:b1:e8:7f:
                    5f:3e:7b:08:bb:e0:2d:29:f7:9a:be:ce:4e:10:db:
                    b6:c7:69:2b:01:e1:38:2f:45:c3:aa:23:2c:c5:07:
                    42:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:04:4D:0C:B6:D6:64:6A:57:72:5A:B3:A5:7B:73:7E:F6:0F:EF:67
            X509v3 Authority Key Identifier:
                keyid:DA:1B:9F:E8:F1:A3:39:17:FE:E7:E4:DB:E9:FA:B9:25:EB:86:25:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2huf6PGjORf-5-Tb6fq5JeuGJak.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/42a166-8a86-48da-bb96-79fd5023de36/1/qARNDLbWZGpXclqzpXtzfvYP72c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/42a166-8a86-48da-bb96-79fd5023de36/1/2huf6PGjORf-5-Tb6fq5JeuGJak.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.211.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:54:fa:77:41:6b:50:2e:6a:6f:94:11:1e:85:38:f4:b0:72:
         c4:26:69:07:74:ad:83:1c:3d:b4:a3:63:57:9b:f0:6c:06:52:
         30:c6:eb:a8:30:b0:60:7b:76:30:78:8d:e0:5e:0f:36:50:fb:
         c8:c7:90:8b:d9:f2:9b:31:f8:07:c5:37:e3:c5:7d:85:47:bd:
         d1:59:ef:de:b0:24:b4:3b:79:77:f1:a5:d8:69:37:b7:3a:79:
         78:bd:e4:32:02:86:a1:59:d8:a4:75:6a:d6:99:f9:35:bf:d7:
         6d:8c:67:5f:ab:a3:01:28:c0:2f:15:6d:2e:e8:d1:49:f1:31:
         fc:ef:49:84:50:f3:98:8b:75:74:0c:cb:92:e7:eb:0c:97:a1:
         fe:5a:c9:13:46:67:0b:c4:c0:b7:b8:81:41:38:45:d5:5e:79:
         29:13:24:d9:61:51:c1:4a:95:40:0b:13:20:d3:b4:ba:2d:85:
         63:b8:5a:7d:ac:32:7f:91:71:ce:bf:01:80:36:34:16:58:64:
         3e:52:b8:28:a3:7f:e2:df:12:9f:6b:49:41:03:2e:45:0d:e9:
         94:f7:e6:15:0f:dd:e1:d6:ac:d2:40:9d:f8:38:fc:56:9c:6e:
         89:7f:c1:86:33:23:2f:5f:05:d5:d2:c6:62:81:27:6b:b3:81:
         29:78:51:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijW0B5C3eIsv0FD2rrpXIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMWI5ZmU4ZjFhMzM5MTdmZWU3ZTRkYmU5ZmFiOTI1ZWI4
NjI1YTkwHhcNMjUwMTAxMTU0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODA0NGQwY2I2ZDY2NDZhNTc3MjVhYjNhNTdiNzM3ZWY2MGZlZjY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoEaKktpK7Yb35BEYTh6Fi/nv2zh8
5LA4XDy0kdurlGraELxawrchcHtH1i14SVU+Z4Ua3IzsfDLGhlYC/2rOn8SlyoXt
aFdj6Gswl7K68jbE8suElNsq+mSYXOjX8b3dTgNN+QrStPLxNUwBbRFT4d/gvk+Q
KjP0qq/8C4qJkkNOWfbjyCUEVHskbTyiDgrBsMhOEmFr4XtmrI/cMqWh+obg9Xy2
Rykljg/IEEUhmv/Ug0WjXO6Rig7ZZ6WVQPTmvoehP+wVwP9wutd7aZ2L6nSkzaOw
Zq8g7oGNniGx6H9fPnsIu+AtKfeavs5OENu2x2krAeE4L0XDqiMsxQdCuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKgETQy21mRqV3Jas6V7c372D+9nMB8GA1UdIwQY
MBaAFNobn+jxozkX/ufk2+n6uSXrhiWpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmh1ZjZQR2pPUmYtNS1UYjZmcTVKZXVHSmFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy80MmExNjYtOGE4Ni00OGRhLWJiOTYt
NzlmZDUwMjNkZTM2LzEvcUFSTkRMYldaR3BYY2xxenBYdHpmdllQNzJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy80MmExNjYtOGE4Ni00OGRhLWJiOTYtNzlmZDUwMjNkZTM2
LzEvMmh1ZjZQR2pPUmYtNS1UYjZmcTVKZXVHSmFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9NWMA0G
CSqGSIb3DQEBCwUAA4IBAQB8VPp3QWtQLmpvlBEehTj0sHLEJmkHdK2DHD20o2NX
m/BsBlIwxuuoMLBge3YweI3gXg82UPvIx5CL2fKbMfgHxTfjxX2FR73RWe/esCS0
O3l38aXYaTe3Onl4veQyAoahWdikdWrWmfk1v9dtjGdfq6MBKMAvFW0u6NFJ8TH8
70mEUPOYi3V0DMuS5+sMl6H+WskTRmcLxMC3uIFBOEXVXnkpEyTZYVHBSpVACxMg
07S6LYVjuFp9rDJ/kXHOvwGANjQWWGQ+Urgoo3/i3xKfa0lBAy5FDemU9+YVD93h
1qzSQJ34OPxWnG6Jf8GGMyMvXwXV0sZigSdrs4EpeFEy
-----END CERTIFICATE-----