Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/aQCNasnSAJKMhL5f421TmeYG4F8.roa
File:                     aQCNasnSAJKMhL5f421TmeYG4F8.roa (raw, json)
Hash identifier:          YC1x8EwWQY3WsMK/CyPjEP4Ru/XrHV9QemHz0RLn3fw=
Subject key identifier:   69:00:8D:6A:C9:D2:00:92:8C:84:BE:5F:E3:6D:53:99:E6:06:E0:5F
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       01944A6102D23E90DDDA341F3049CF528C95
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/aQCNasnSAJKMhL5f421TmeYG4F8.roa
Signing time:             Thu 09 Jan 2025 09:24:19 +0000
ROA not before:           Thu 09 Jan 2025 09:24:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209242
IP address blocks:        146.19.21.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:4a:61:02:d2:3e:90:dd:da:34:1f:30:49:cf:52:8c:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Jan  9 09:24:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=69008d6ac9d200928c84be5fe36d5399e606e05f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:40:f9:43:70:c7:73:bc:6a:70:57:4d:1f:cb:
                    54:33:88:ce:f0:37:b9:f5:a5:61:f1:b7:91:36:ef:
                    f4:2e:9d:56:33:fe:d7:61:56:d7:90:d2:70:a4:d2:
                    8f:1e:16:0b:f2:22:2e:ae:fb:6d:b6:8d:b4:ac:42:
                    11:d0:db:90:d4:33:74:57:57:c5:f8:8b:7b:8c:a7:
                    0f:ce:10:00:da:ee:05:5b:87:4b:f9:89:18:60:60:
                    c0:37:e1:d1:2c:2f:ef:4f:c7:7b:4c:4f:34:86:d1:
                    7e:ea:b0:a3:28:89:23:9f:61:18:3a:56:f0:f9:fb:
                    de:0f:e9:f3:bb:54:ee:7f:23:ad:15:51:9c:ff:ce:
                    61:84:77:b2:5c:b6:6a:63:ef:d2:98:4f:81:6c:ab:
                    a9:1f:02:e2:8b:48:a2:7e:aa:1b:7e:0e:15:b9:26:
                    29:61:91:e1:bf:c6:07:7d:ea:f9:3e:5f:22:b9:8e:
                    e4:38:db:36:9c:46:3a:b5:c8:ea:ea:df:15:58:8b:
                    e5:49:fe:71:4f:0f:d5:28:0d:26:0f:8d:b5:28:2f:
                    e0:db:1a:9e:64:8a:ec:5a:8a:41:fe:32:c8:13:96:
                    08:ff:bb:64:83:b4:1b:94:6b:9c:ba:e7:ae:3e:a5:
                    4a:1a:97:82:10:18:db:2f:97:6b:3d:aa:77:18:37:
                    14:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:00:8D:6A:C9:D2:00:92:8C:84:BE:5F:E3:6D:53:99:E6:06:E0:5F
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/aQCNasnSAJKMhL5f421TmeYG4F8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:07:f5:7c:c5:74:a7:49:b5:82:28:f9:fa:65:ef:40:c0:25:
         eb:0b:35:64:aa:d4:5a:9a:99:07:70:ac:a1:94:74:dd:b9:86:
         50:01:5f:82:be:d2:61:12:13:1c:ba:14:ac:84:14:1d:64:25:
         15:dd:96:aa:4a:b6:b8:e0:d3:9e:37:d5:78:aa:51:40:90:2b:
         95:21:d9:ef:ef:99:2c:0e:08:4d:76:8a:6f:56:94:7e:79:a1:
         7b:12:af:e5:6e:2a:67:83:28:3c:95:2c:15:c3:d7:3b:77:cb:
         9e:f3:59:57:00:7e:41:93:e7:39:b0:ca:cb:65:50:01:1d:66:
         89:c2:02:10:80:a6:68:60:42:26:7e:e5:28:b9:1b:f7:fb:3f:
         9f:f2:65:05:eb:b2:eb:48:70:e8:39:1d:1a:cc:8b:7e:c3:64:
         51:5f:ae:7f:7c:52:7a:f8:06:31:d5:5e:38:e7:e1:b3:3d:37:
         94:56:20:ab:53:0e:d0:74:1f:d0:e1:6b:6c:af:65:57:d3:9b:
         34:f0:e9:f9:e8:9b:ea:1a:ab:81:d8:d6:06:41:8e:9d:3f:71:
         fa:c3:95:ee:46:58:9f:e3:43:db:20:06:fd:9c:75:73:57:a9:
         d7:65:ae:2a:36:02:c4:11:c9:a2:1f:8a:fd:f3:89:24:aa:14:
         89:b7:80:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRKYQLSPpDd2jQfMEnPUoyVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwMTA5MDkyNDE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTAwOGQ2YWM5ZDIwMDkyOGM4NGJlNWZlMzZkNTM5OWU2MDZlMDVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoUD5Q3DHc7xqcFdNH8tUM4jO8De5
9aVh8beRNu/0Lp1WM/7XYVbXkNJwpNKPHhYL8iIurvttto20rEIR0NuQ1DN0V1fF
+It7jKcPzhAA2u4FW4dL+YkYYGDAN+HRLC/vT8d7TE80htF+6rCjKIkjn2EYOlbw
+fveD+nzu1TufyOtFVGc/85hhHeyXLZqY+/SmE+BbKupHwLii0iifqobfg4VuSYp
YZHhv8YHfer5Pl8iuY7kONs2nEY6tcjq6t8VWIvlSf5xTw/VKA0mD421KC/g2xqe
ZIrsWopB/jLIE5YI/7tkg7QblGucuueuPqVKGpeCEBjbL5drPap3GDcUjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGkAjWrJ0gCSjIS+X+NtU5nmBuBfMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvYVFDTmFzblNBSktNaEw1ZjQyMVRtZVlHNEY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkhMVMA0G
CSqGSIb3DQEBCwUAA4IBAQCXB/V8xXSnSbWCKPn6Ze9AwCXrCzVkqtRampkHcKyh
lHTduYZQAV+CvtJhEhMcuhSshBQdZCUV3ZaqSra44NOeN9V4qlFAkCuVIdnv75ks
DghNdopvVpR+eaF7Eq/lbipngyg8lSwVw9c7d8ue81lXAH5Bk+c5sMrLZVABHWaJ
wgIQgKZoYEImfuUouRv3+z+f8mUF67LrSHDoOR0azIt+w2RRX65/fFJ6+AYx1V44
5+GzPTeUViCrUw7QdB/Q4Wtsr2VX05s08On56JvqGquB2NYGQY6dP3H6w5XuRlif
40PbIAb9nHVzV6nXZa4qNgLEEcmiH4r984kkqhSJt4AW
-----END CERTIFICATE-----