Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/1cd134-4d03-4fcd-b229-7bf0356a6bab/1/xqQfiVZ1kttrOCR7xRSiCiiX2fY.roa
File:                     xqQfiVZ1kttrOCR7xRSiCiiX2fY.roa (raw, json)
Hash identifier:          9+bsofjuuct5WmR8AYlK+fsU9sOrJTXhdDVACpV84ik=
Subject key identifier:   C6:A4:1F:89:56:75:92:DB:6B:38:24:7B:C5:14:A2:0A:28:97:D9:F6
Certificate issuer:       /CN=111b09710acdb72086d658e90d8f025fa6a111b1
Certificate serial:       0194266AFA5FFDF4CEB20AFE0CF82B7C76A4
Authority key identifier: 11:1B:09:71:0A:CD:B7:20:86:D6:58:E9:0D:8F:02:5F:A6:A1:11:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ERsJcQrNtyCG1ljpDY8CX6ahEbE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/1cd134-4d03-4fcd-b229-7bf0356a6bab/1/xqQfiVZ1kttrOCR7xRSiCiiX2fY.roa
Signing time:             Thu 02 Jan 2025 09:48:52 +0000
ROA not before:           Thu 02 Jan 2025 09:48:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31050
IP address blocks:        185.101.12.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/1cd134-4d03-4fcd-b229-7bf0356a6bab/1/ERsJcQrNtyCG1ljpDY8CX6ahEbE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/1cd134-4d03-4fcd-b229-7bf0356a6bab/1/ERsJcQrNtyCG1ljpDY8CX6ahEbE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ERsJcQrNtyCG1ljpDY8CX6ahEbE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 18:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6a:fa:5f:fd:f4:ce:b2:0a:fe:0c:f8:2b:7c:76:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=111b09710acdb72086d658e90d8f025fa6a111b1
        Validity
            Not Before: Jan  2 09:48:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c6a41f89567592db6b38247bc514a20a2897d9f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:cc:9f:e3:9c:73:b6:61:57:5e:b7:26:d1:c9:
                    74:15:48:d4:b0:21:88:bf:ae:8c:9e:b7:bb:4c:af:
                    3a:ac:39:fa:ae:4a:b1:3c:1f:d8:4d:5f:34:bb:40:
                    b7:08:17:00:42:96:f5:04:f7:b0:b3:65:26:f2:a3:
                    21:57:22:07:8f:3e:a5:ad:76:52:51:ef:d6:1a:22:
                    df:08:f5:15:44:c7:9b:05:8d:06:d1:6c:f5:e5:14:
                    1a:5e:37:58:1f:4f:fc:e3:96:80:dc:45:5b:d8:cc:
                    a7:80:7e:7f:77:72:98:53:8f:e1:be:86:4a:0a:56:
                    6d:4d:28:0f:13:b2:4c:63:52:a5:6f:39:ab:c8:0b:
                    a0:e4:18:20:f9:9a:87:a5:7c:7b:3a:01:71:b0:0a:
                    4b:0e:17:aa:c0:05:8e:52:18:92:07:f6:97:18:d0:
                    41:a2:e4:9c:8a:60:a9:94:b8:0e:74:c2:e5:b0:cb:
                    10:22:ea:b1:83:94:98:f1:01:9f:39:e5:a7:10:b6:
                    a0:04:5c:dc:db:3d:86:c9:74:84:c7:c2:a7:00:ba:
                    f5:cd:ce:97:69:8d:f5:03:de:1e:3f:76:29:0e:e7:
                    2e:a3:89:d8:d5:86:a7:76:ae:87:a6:3e:bf:07:4d:
                    5e:05:48:a8:e6:79:07:e5:5f:50:fb:5c:f5:bb:d2:
                    a6:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:A4:1F:89:56:75:92:DB:6B:38:24:7B:C5:14:A2:0A:28:97:D9:F6
            X509v3 Authority Key Identifier:
                keyid:11:1B:09:71:0A:CD:B7:20:86:D6:58:E9:0D:8F:02:5F:A6:A1:11:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ERsJcQrNtyCG1ljpDY8CX6ahEbE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/1cd134-4d03-4fcd-b229-7bf0356a6bab/1/xqQfiVZ1kttrOCR7xRSiCiiX2fY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/1cd134-4d03-4fcd-b229-7bf0356a6bab/1/ERsJcQrNtyCG1ljpDY8CX6ahEbE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.101.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         46:3a:34:6e:79:15:f0:2e:4a:af:08:b2:b8:2d:f2:5e:84:53:
         c7:23:37:a4:00:ad:5c:30:55:4b:07:3b:a7:3d:94:e0:1f:71:
         f3:10:2c:8d:a0:49:f1:cd:74:5e:9a:34:6f:03:48:53:9d:e1:
         c9:18:a0:73:2e:68:a8:2f:7e:c8:e8:30:e0:b6:4f:15:ca:e4:
         86:0a:35:69:de:cf:ba:11:f0:0d:f1:63:3d:53:2b:04:2f:aa:
         99:07:33:21:dd:f5:16:0f:f1:4c:7b:b7:fb:6f:a0:f3:dc:ab:
         90:c1:c2:e7:21:cf:ee:79:e4:bb:83:97:05:7e:83:7d:d4:68:
         2d:e0:87:95:48:f5:2e:17:0a:65:f3:29:ce:7c:55:67:eb:c6:
         90:32:a4:87:89:22:11:20:b2:be:05:de:1b:88:64:9a:25:df:
         4f:de:27:00:9c:8e:fa:86:2b:c8:21:36:0a:72:0a:b2:05:17:
         2f:59:39:cb:2d:3e:e8:bf:28:3e:c1:7d:f7:01:9f:b6:39:bf:
         86:82:17:a7:94:38:d3:15:3a:1e:f0:f3:c8:01:70:cf:29:6e:
         7b:b5:93:ad:eb:f1:4b:e4:73:6f:83:16:80:9a:72:42:8b:02:
         f9:fd:0d:f9:c9:38:29:2e:cf:dc:e5:82:9e:31:68:0c:41:65:
         5c:f2:e6:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmavpf/fTOsgr+DPgrfHakMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExMWIwOTcxMGFjZGI3MjA4NmQ2NThlOTBkOGYwMjVmYTZh
MTExYjEwHhcNMjUwMTAyMDk0ODUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNmE0MWY4OTU2NzU5MmRiNmIzODI0N2JjNTE0YTIwYTI4OTdkOWY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5Myf45xztmFXXrcm0cl0FUjUsCGI
v66Mnre7TK86rDn6rkqxPB/YTV80u0C3CBcAQpb1BPews2Um8qMhVyIHjz6lrXZS
Ue/WGiLfCPUVRMebBY0G0Wz15RQaXjdYH0/845aA3EVb2MyngH5/d3KYU4/hvoZK
ClZtTSgPE7JMY1KlbzmryAug5Bgg+ZqHpXx7OgFxsApLDheqwAWOUhiSB/aXGNBB
ouScimCplLgOdMLlsMsQIuqxg5SY8QGfOeWnELagBFzc2z2GyXSEx8KnALr1zc6X
aY31A94eP3YpDucuo4nY1Yandq6Hpj6/B01eBUio5nkH5V9Q+1z1u9KmZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMakH4lWdZLbazgke8UUogool9n2MB8GA1UdIwQY
MBaAFBEbCXEKzbcghtZY6Q2PAl+moRGxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVJzSmNRck50eUNHMWxqcERZOENYNmFoRWJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi8xY2QxMzQtNGQwMy00ZmNkLWIyMjkt
N2JmMDM1NmE2YmFiLzEveHFRZmlWWjFrdHRyT0NSN3hSU2lDaWlYMmZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi8xY2QxMzQtNGQwMy00ZmNkLWIyMjktN2JmMDM1NmE2YmFi
LzEvRVJzSmNRck50eUNHMWxqcERZOENYNmFoRWJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuWUMMA0G
CSqGSIb3DQEBCwUAA4IBAQBGOjRueRXwLkqvCLK4LfJehFPHIzekAK1cMFVLBzun
PZTgH3HzECyNoEnxzXRemjRvA0hTneHJGKBzLmioL37I6DDgtk8VyuSGCjVp3s+6
EfAN8WM9UysEL6qZBzMh3fUWD/FMe7f7b6Dz3KuQwcLnIc/ueeS7g5cFfoN91Ggt
4IeVSPUuFwpl8ynOfFVn68aQMqSHiSIRILK+Bd4biGSaJd9P3icAnI76hivIITYK
cgqyBRcvWTnLLT7ovyg+wX33AZ+2Ob+GghenlDjTFToe8PPIAXDPKW57tZOt6/FL
5HNvgxaAmnJCiwL5/Q35yTgpLs/c5YKeMWgMQWVc8uYD
-----END CERTIFICATE-----