Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/b27d45-08cc-47a1-ac5a-5f4836083a30/1/Q6c7o6uPHQhvoxwmQLzyhtDVMdE.roa
File:                     Q6c7o6uPHQhvoxwmQLzyhtDVMdE.roa (raw, json)
Hash identifier:          zg0a7LCWPIx/36rTK801mypOCjtsncvR5b3j9h5SrdE=
Subject key identifier:   43:A7:3B:A3:AB:8F:1D:08:6F:A3:1C:26:40:BC:F2:86:D0:D5:31:D1
Certificate issuer:       /CN=52056867e4d2885e99b549ed6fb786330adf8f44
Certificate serial:       0194258F72B5A50B937CA6879C9E5C860AEF
Authority key identifier: 52:05:68:67:E4:D2:88:5E:99:B5:49:ED:6F:B7:86:33:0A:DF:8F:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UgVoZ-TSiF6ZtUntb7eGMwrfj0Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/b27d45-08cc-47a1-ac5a-5f4836083a30/1/Q6c7o6uPHQhvoxwmQLzyhtDVMdE.roa
Signing time:             Thu 02 Jan 2025 05:49:05 +0000
ROA not before:           Thu 02 Jan 2025 05:49:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49143
IP address blocks:        195.88.186.0/24 maxlen: 24
                          195.88.187.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/23/b27d45-08cc-47a1-ac5a-5f4836083a30/1/UgVoZ-TSiF6ZtUntb7eGMwrfj0Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/23/b27d45-08cc-47a1-ac5a-5f4836083a30/1/UgVoZ-TSiF6ZtUntb7eGMwrfj0Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UgVoZ-TSiF6ZtUntb7eGMwrfj0Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:72:b5:a5:0b:93:7c:a6:87:9c:9e:5c:86:0a:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52056867e4d2885e99b549ed6fb786330adf8f44
        Validity
            Not Before: Jan  2 05:49:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=43a73ba3ab8f1d086fa31c2640bcf286d0d531d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:58:34:69:e5:7a:f5:1b:db:60:1d:e8:d1:97:
                    36:77:c1:06:45:7f:c8:3e:d6:eb:cd:64:b3:6d:86:
                    69:3c:94:53:a1:5e:0c:c5:af:22:bd:9b:34:b3:8a:
                    88:2c:e8:76:87:7d:7c:bd:f0:47:b7:9d:43:df:9e:
                    62:e6:89:25:84:b5:9f:34:bf:a1:ef:02:8f:b8:6d:
                    22:45:6b:6f:96:a5:de:7f:e8:f9:27:7c:e2:eb:e1:
                    73:02:d3:d7:3f:10:9c:6f:16:22:ed:4e:9f:01:41:
                    8f:f0:ad:e2:c2:b5:10:3b:e1:f1:50:8c:9f:30:ac:
                    3a:e5:47:20:f6:b9:23:31:b0:fc:8a:e3:8c:fe:ee:
                    9a:6f:cb:22:70:fb:7a:5f:b3:29:34:34:fc:2b:c5:
                    1f:b1:a7:ea:0f:98:27:42:95:d6:6b:29:cb:c2:08:
                    5f:71:18:f4:40:da:c0:6a:f9:a8:2f:28:f9:08:f9:
                    e9:e1:a9:c6:6c:18:ce:cc:19:73:2b:6c:ab:77:e7:
                    fe:82:88:d3:b2:bc:d9:70:f8:5b:27:87:af:1e:16:
                    d7:de:b7:39:76:df:c3:c7:b2:5d:07:a9:7e:2e:21:
                    7c:ec:62:e2:ee:4b:a8:19:e3:7c:00:8b:c1:ca:9c:
                    71:fd:68:29:73:ee:4e:3b:36:52:c1:7b:c6:26:52:
                    36:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:A7:3B:A3:AB:8F:1D:08:6F:A3:1C:26:40:BC:F2:86:D0:D5:31:D1
            X509v3 Authority Key Identifier:
                keyid:52:05:68:67:E4:D2:88:5E:99:B5:49:ED:6F:B7:86:33:0A:DF:8F:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UgVoZ-TSiF6ZtUntb7eGMwrfj0Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/b27d45-08cc-47a1-ac5a-5f4836083a30/1/Q6c7o6uPHQhvoxwmQLzyhtDVMdE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/b27d45-08cc-47a1-ac5a-5f4836083a30/1/UgVoZ-TSiF6ZtUntb7eGMwrfj0Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.88.186.0/23

    Signature Algorithm: sha256WithRSAEncryption
         64:ae:6b:e6:63:f6:18:48:40:58:2c:8e:c5:49:a5:88:66:bb:
         6d:a0:ba:88:04:2f:31:b5:49:44:65:c4:d8:a0:2c:78:9d:d6:
         6b:56:2b:f3:0b:a7:07:1b:f6:2c:8d:25:0c:87:ad:17:0c:d9:
         9a:41:7d:a8:61:47:ea:c7:55:97:a1:1c:5d:63:06:38:2a:dc:
         2d:fc:65:cd:95:6a:6d:e2:79:c5:70:56:c4:3f:23:fd:f0:eb:
         33:15:10:76:85:1f:41:f6:e7:3f:85:b8:d1:12:b6:d5:27:46:
         21:7e:e1:dc:2b:19:8f:39:ce:7e:fa:0c:06:a9:64:02:f3:21:
         01:d5:65:de:08:f2:ea:23:01:db:c1:b4:f8:8b:a1:f3:6b:3c:
         f2:76:57:d0:a9:21:6f:aa:d9:84:ec:68:67:6b:33:39:3d:bd:
         c8:52:78:77:ef:64:9e:51:d1:00:11:1f:87:1a:ac:06:52:a0:
         03:dc:72:7e:0d:5a:40:91:2e:94:eb:28:ed:af:5a:31:ee:47:
         92:12:d0:ff:a5:9b:62:40:6b:30:cd:75:b6:f0:db:3d:5e:cc:
         ef:e4:6c:61:b8:e8:1a:dd:ab:4a:36:04:d2:bf:53:c8:b3:88:
         64:c4:27:be:c8:07:fa:70:dc:d7:91:aa:f4:2f:91:93:25:4e:
         aa:39:86:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj3K1pQuTfKaHnJ5chgrvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyMDU2ODY3ZTRkMjg4NWU5OWI1NDllZDZmYjc4NjMzMGFk
ZjhmNDQwHhcNMjUwMTAyMDU0OTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2E3M2JhM2FiOGYxZDA4NmZhMzFjMjY0MGJjZjI4NmQwZDUzMWQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuVg0aeV69RvbYB3o0Zc2d8EGRX/I
PtbrzWSzbYZpPJRToV4Mxa8ivZs0s4qILOh2h318vfBHt51D355i5oklhLWfNL+h
7wKPuG0iRWtvlqXef+j5J3zi6+FzAtPXPxCcbxYi7U6fAUGP8K3iwrUQO+HxUIyf
MKw65Ucg9rkjMbD8iuOM/u6ab8sicPt6X7MpNDT8K8UfsafqD5gnQpXWaynLwghf
cRj0QNrAavmoLyj5CPnp4anGbBjOzBlzK2yrd+f+gojTsrzZcPhbJ4evHhbX3rc5
dt/Dx7JdB6l+LiF87GLi7kuoGeN8AIvBypxx/Wgpc+5OOzZSwXvGJlI2LQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEOnO6Orjx0Ib6McJkC88obQ1THRMB8GA1UdIwQY
MBaAFFIFaGfk0ohembVJ7W+3hjMK349EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWdWb1otVFNpRjZadFVudGI3ZUdNd3JmajBRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy9iMjdkNDUtMDhjYy00N2ExLWFjNWEt
NWY0ODM2MDgzYTMwLzEvUTZjN282dVBIUWh2b3h3bVFMenlodERWTWRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy9iMjdkNDUtMDhjYy00N2ExLWFjNWEtNWY0ODM2MDgzYTMw
LzEvVWdWb1otVFNpRjZadFVudGI3ZUdNd3JmajBRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw1i6MA0G
CSqGSIb3DQEBCwUAA4IBAQBkrmvmY/YYSEBYLI7FSaWIZrttoLqIBC8xtUlEZcTY
oCx4ndZrVivzC6cHG/YsjSUMh60XDNmaQX2oYUfqx1WXoRxdYwY4Ktwt/GXNlWpt
4nnFcFbEPyP98OszFRB2hR9B9uc/hbjRErbVJ0YhfuHcKxmPOc5++gwGqWQC8yEB
1WXeCPLqIwHbwbT4i6HzazzydlfQqSFvqtmE7GhnazM5Pb3IUnh372SeUdEAER+H
GqwGUqAD3HJ+DVpAkS6U6yjtr1ox7keSEtD/pZtiQGswzXW28Ns9Xszv5GxhuOga
3atKNgTSv1PIs4hkxCe+yAf6cNzXkar0L5GTJU6qOYYd
-----END CERTIFICATE-----