Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/b96584-1f71-48bb-a021-a347b56f3b9a/1/cQbtoMzIsUrEiz2_R7FPTDe-83o.roa
File:                     cQbtoMzIsUrEiz2_R7FPTDe-83o.roa (raw, json)
Hash identifier:          uIgSp+mYNVkKY/oukv2IXYpbIzAsJVvw3J0CKtfAk+0=
Subject key identifier:   71:06:ED:A0:CC:C8:B1:4A:C4:8B:3D:BF:47:B1:4F:4C:37:BE:F3:7A
Certificate issuer:       /CN=c4eb34dda2f8094968494892063351ee0f10e91a
Certificate serial:       019736F1AE679E060A937604B775818656AC
Authority key identifier: C4:EB:34:DD:A2:F8:09:49:68:49:48:92:06:33:51:EE:0F:10:E9:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xOs03aL4CUloSUiSBjNR7g8Q6Ro.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/b96584-1f71-48bb-a021-a347b56f3b9a/1/cQbtoMzIsUrEiz2_R7FPTDe-83o.roa
Signing time:             Tue 03 Jun 2025 17:58:17 +0000
ROA not before:           Tue 03 Jun 2025 17:58:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9009
IP address blocks:        141.98.69.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/b96584-1f71-48bb-a021-a347b56f3b9a/1/xOs03aL4CUloSUiSBjNR7g8Q6Ro.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/b96584-1f71-48bb-a021-a347b56f3b9a/1/xOs03aL4CUloSUiSBjNR7g8Q6Ro.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xOs03aL4CUloSUiSBjNR7g8Q6Ro.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 03:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:36:f1:ae:67:9e:06:0a:93:76:04:b7:75:81:86:56:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4eb34dda2f8094968494892063351ee0f10e91a
        Validity
            Not Before: Jun  3 17:58:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7106eda0ccc8b14ac48b3dbf47b14f4c37bef37a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:a9:33:3d:24:7c:28:c3:e5:46:1b:cc:49:f3:
                    74:d5:2e:9f:d5:a0:ec:04:a1:f9:f0:ea:23:12:be:
                    d5:ec:9f:5d:08:85:d9:a0:e7:98:81:e7:2c:ae:1b:
                    04:01:25:5e:d1:a3:ea:45:1b:75:b7:bd:a0:42:1e:
                    53:ee:4b:d7:88:4e:60:a7:80:bc:17:41:50:80:a9:
                    34:c0:05:49:2c:40:4c:3e:45:26:8f:3e:e3:3e:dc:
                    89:4e:e3:7e:db:35:de:73:15:5b:61:7f:45:16:78:
                    e8:79:03:f7:68:a7:d0:78:27:3a:92:1f:93:69:b0:
                    c5:6d:16:d9:cb:7a:8d:20:8d:51:d6:dc:00:74:1d:
                    16:43:b3:bf:08:5f:3c:5f:e7:d0:1e:11:f1:2a:9b:
                    7a:06:86:af:3e:57:5e:7a:ed:e5:17:51:b6:26:8e:
                    01:78:cf:27:4d:5b:5a:38:2d:53:2a:f9:cb:27:ba:
                    98:06:c4:62:31:81:0e:3b:7a:5c:03:2b:f5:b8:ed:
                    bd:5c:ff:c2:16:41:68:60:ce:88:91:13:89:c7:81:
                    6f:9e:ce:01:bf:0c:68:4e:50:20:88:ce:22:67:aa:
                    4b:6c:33:e8:76:80:8d:5a:67:94:3a:92:d9:a9:c8:
                    4d:4c:81:2f:b3:f4:7b:5e:79:6d:0d:6a:47:29:cc:
                    f7:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:06:ED:A0:CC:C8:B1:4A:C4:8B:3D:BF:47:B1:4F:4C:37:BE:F3:7A
            X509v3 Authority Key Identifier:
                keyid:C4:EB:34:DD:A2:F8:09:49:68:49:48:92:06:33:51:EE:0F:10:E9:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xOs03aL4CUloSUiSBjNR7g8Q6Ro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/b96584-1f71-48bb-a021-a347b56f3b9a/1/cQbtoMzIsUrEiz2_R7FPTDe-83o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/b96584-1f71-48bb-a021-a347b56f3b9a/1/xOs03aL4CUloSUiSBjNR7g8Q6Ro.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.98.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:17:be:71:40:be:3a:87:53:74:3a:67:12:72:9d:77:12:8a:
         33:67:ea:c9:89:18:7b:e3:66:3b:94:4d:ad:4d:b8:1d:b2:86:
         aa:7b:80:18:8b:08:e7:6d:80:66:b6:68:08:fd:35:f1:15:8b:
         5f:6e:ec:c6:b0:d7:d0:47:c5:22:59:1b:b7:4a:2b:29:de:8e:
         62:d3:37:74:7f:60:99:78:7f:ea:0e:11:ca:50:2a:dc:96:1a:
         76:75:f9:4a:d3:17:c4:92:7d:54:33:04:2b:f6:a2:66:1c:62:
         29:12:77:d9:97:fa:bf:3a:92:f6:b1:73:de:78:a8:67:40:58:
         7a:4e:cc:00:90:bd:cc:e3:f8:1b:f7:3f:3d:d2:6a:1a:48:1c:
         87:95:26:98:03:d2:1f:45:1c:cb:71:f5:cf:46:a0:29:bd:29:
         5e:41:f2:1a:e5:5f:85:9b:bf:02:8c:32:e3:53:b7:1b:cd:c9:
         12:41:1b:4e:fc:23:63:47:28:62:84:8e:10:15:9a:a7:89:98:
         f1:31:ea:83:af:dd:f6:46:0f:22:da:11:ae:0c:16:85:bf:3d:
         b3:08:c0:32:1b:34:4d:00:4e:28:89:47:9f:53:ed:a5:88:f3:
         f6:11:b9:f8:15:ba:d1:6d:9c:67:cb:24:bb:ba:c4:ee:4b:9a:
         00:33:2a:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZc28a5nngYKk3YEt3WBhlasMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0ZWIzNGRkYTJmODA5NDk2ODQ5NDg5MjA2MzM1MWVlMGYx
MGU5MWEwHhcNMjUwNjAzMTc1ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTA2ZWRhMGNjYzhiMTRhYzQ4YjNkYmY0N2IxNGY0YzM3YmVmMzdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA26kzPSR8KMPlRhvMSfN01S6f1aDs
BKH58OojEr7V7J9dCIXZoOeYgecsrhsEASVe0aPqRRt1t72gQh5T7kvXiE5gp4C8
F0FQgKk0wAVJLEBMPkUmjz7jPtyJTuN+2zXecxVbYX9FFnjoeQP3aKfQeCc6kh+T
abDFbRbZy3qNII1R1twAdB0WQ7O/CF88X+fQHhHxKpt6BoavPldeeu3lF1G2Jo4B
eM8nTVtaOC1TKvnLJ7qYBsRiMYEOO3pcAyv1uO29XP/CFkFoYM6IkROJx4Fvns4B
vwxoTlAgiM4iZ6pLbDPodoCNWmeUOpLZqchNTIEvs/R7XnltDWpHKcz3uQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHEG7aDMyLFKxIs9v0exT0w3vvN6MB8GA1UdIwQY
MBaAFMTrNN2i+AlJaElIkgYzUe4PEOkaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveE9zMDNhTDRDVWxvU1VpU0JqTlI3ZzhRNlJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9iOTY1ODQtMWY3MS00OGJiLWEwMjEt
YTM0N2I1NmYzYjlhLzEvY1FidG9NeklzVXJFaXoyX1I3RlBURGUtODNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9iOTY1ODQtMWY3MS00OGJiLWEwMjEtYTM0N2I1NmYzYjlh
LzEveE9zMDNhTDRDVWxvU1VpU0JqTlI3ZzhRNlJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjWJFMA0G
CSqGSIb3DQEBCwUAA4IBAQBRF75xQL46h1N0OmcScp13EoozZ+rJiRh742Y7lE2t
Tbgdsoaqe4AYiwjnbYBmtmgI/TXxFYtfbuzGsNfQR8UiWRu3Sisp3o5i0zd0f2CZ
eH/qDhHKUCrclhp2dflK0xfEkn1UMwQr9qJmHGIpEnfZl/q/OpL2sXPeeKhnQFh6
TswAkL3M4/gb9z890moaSByHlSaYA9IfRRzLcfXPRqApvSleQfIa5V+Fm78CjDLj
U7cbzckSQRtO/CNjRyhihI4QFZqniZjxMeqDr932Rg8i2hGuDBaFvz2zCMAyGzRN
AE4oiUefU+2liPP2Ebn4FbrRbZxnyyS7usTuS5oAMyp3
-----END CERTIFICATE-----