Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/82491b-8caf-481b-b146-601a58f63393/1/Q9vdhvNHwOEEPnjfpoIoeq4pq_E.roa
File:                     Q9vdhvNHwOEEPnjfpoIoeq4pq_E.roa (raw, json)
Hash identifier:          AjW64DrutKx53AvwTAQKpO/FJMGHUcE1ZDsQqqfuNRE=
Subject key identifier:   43:DB:DD:86:F3:47:C0:E1:04:3E:78:DF:A6:82:28:7A:AE:29:AB:F1
Certificate issuer:       /CN=60c64b04fa8f5fee6866f5c79f8f7dcea5012515
Certificate serial:       01942067C5BBA73DD9A0258260FAF564E697
Authority key identifier: 60:C6:4B:04:FA:8F:5F:EE:68:66:F5:C7:9F:8F:7D:CE:A5:01:25:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YMZLBPqPX-5oZvXHn499zqUBJRU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/82491b-8caf-481b-b146-601a58f63393/1/Q9vdhvNHwOEEPnjfpoIoeq4pq_E.roa
Signing time:             Wed 01 Jan 2025 05:47:39 +0000
ROA not before:           Wed 01 Jan 2025 05:47:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60118
IP address blocks:        185.230.18.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/82491b-8caf-481b-b146-601a58f63393/1/YMZLBPqPX-5oZvXHn499zqUBJRU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/82491b-8caf-481b-b146-601a58f63393/1/YMZLBPqPX-5oZvXHn499zqUBJRU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YMZLBPqPX-5oZvXHn499zqUBJRU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:c5:bb:a7:3d:d9:a0:25:82:60:fa:f5:64:e6:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60c64b04fa8f5fee6866f5c79f8f7dcea5012515
        Validity
            Not Before: Jan  1 05:47:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=43dbdd86f347c0e1043e78dfa682287aae29abf1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:ce:de:a5:91:ef:17:c4:8d:5a:68:f5:3c:f6:
                    28:a5:a5:41:ac:c3:f3:bf:89:98:23:68:df:f1:dc:
                    5c:38:ef:c6:cb:c8:1d:e9:86:bc:36:d1:a8:c7:04:
                    d4:2f:9e:70:e2:b5:9d:92:86:c4:cc:10:0e:83:fe:
                    c5:ad:46:03:91:24:26:2a:ba:8a:fc:df:91:1c:25:
                    6e:84:16:1f:75:32:07:49:30:5b:d7:88:4d:a6:a1:
                    41:b7:e9:96:f5:26:b4:04:66:29:e7:fc:25:40:18:
                    b0:98:ce:81:45:fc:95:82:e5:2c:a4:78:2c:b3:6e:
                    5e:6f:5e:8d:33:c1:9e:cd:e7:81:45:70:d3:c8:73:
                    fe:0b:de:99:d4:58:60:9c:03:e9:ed:83:f7:ec:05:
                    21:1b:ac:44:1b:80:e9:4d:02:a9:d2:ac:0b:49:f5:
                    c7:52:92:96:e0:ff:e9:72:dc:e4:2b:59:70:ae:87:
                    19:b9:dc:14:c7:32:ec:74:db:76:2d:bf:84:0b:2c:
                    ba:13:03:a5:9a:3b:9c:d1:c7:ec:ff:87:0d:4c:1b:
                    e1:1e:59:a1:bd:fc:f7:30:bb:14:ac:37:82:35:26:
                    79:9b:23:da:f5:14:eb:af:b5:d7:b5:52:fd:a7:9a:
                    ee:30:42:cb:78:bb:6c:77:32:8a:13:74:fa:58:c1:
                    9a:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:DB:DD:86:F3:47:C0:E1:04:3E:78:DF:A6:82:28:7A:AE:29:AB:F1
            X509v3 Authority Key Identifier:
                keyid:60:C6:4B:04:FA:8F:5F:EE:68:66:F5:C7:9F:8F:7D:CE:A5:01:25:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YMZLBPqPX-5oZvXHn499zqUBJRU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/82491b-8caf-481b-b146-601a58f63393/1/Q9vdhvNHwOEEPnjfpoIoeq4pq_E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/82491b-8caf-481b-b146-601a58f63393/1/YMZLBPqPX-5oZvXHn499zqUBJRU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.230.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:e2:3d:32:fb:7b:48:08:28:cb:32:24:a6:35:33:7a:a6:d3:
         66:4b:b2:94:5a:14:7f:10:1f:60:47:74:e8:0c:05:c8:21:5e:
         ea:56:b9:6a:a8:e6:bb:a7:51:b0:90:3b:9f:f1:2f:79:d6:08:
         70:13:11:1a:35:f8:59:19:e9:88:e9:c5:ee:6b:ac:47:35:6d:
         73:b4:90:e2:45:17:ea:9f:83:f9:be:b0:ad:85:da:96:30:14:
         c0:ba:78:08:fb:ee:af:4f:77:d7:7e:ca:ec:cc:60:3b:14:d6:
         52:8a:e3:96:5c:ee:77:49:37:ba:62:2c:06:3d:f7:e0:db:71:
         6e:3e:b7:2e:6c:19:49:0c:56:b9:72:f2:ab:6c:ce:58:b2:f0:
         9f:a7:a4:67:fe:53:ed:63:6c:49:fc:28:f0:2d:52:f4:b1:29:
         8b:14:e2:b5:b3:39:70:fa:8c:e2:ff:e0:fb:47:0b:cd:93:a2:
         ce:44:ab:d1:97:fb:fa:ad:bd:5a:b2:d1:83:3e:f1:a1:78:99:
         40:cc:9d:b8:4f:c1:a1:91:de:60:61:ee:43:b3:eb:83:a3:49:
         26:04:1a:5f:8d:1f:7d:7c:30:de:a1:44:c1:5d:76:1d:40:bf:
         25:9a:5f:4a:a3:9f:b9:f0:5e:60:5c:1c:3d:c5:ab:a1:38:29:
         50:1f:47:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgZ8W7pz3ZoCWCYPr1ZOaXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwYzY0YjA0ZmE4ZjVmZWU2ODY2ZjVjNzlmOGY3ZGNlYTUw
MTI1MTUwHhcNMjUwMTAxMDU0NzM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2RiZGQ4NmYzNDdjMGUxMDQzZTc4ZGZhNjgyMjg3YWFlMjlhYmYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAts7epZHvF8SNWmj1PPYopaVBrMPz
v4mYI2jf8dxcOO/Gy8gd6Ya8NtGoxwTUL55w4rWdkobEzBAOg/7FrUYDkSQmKrqK
/N+RHCVuhBYfdTIHSTBb14hNpqFBt+mW9Sa0BGYp5/wlQBiwmM6BRfyVguUspHgs
s25eb16NM8GezeeBRXDTyHP+C96Z1FhgnAPp7YP37AUhG6xEG4DpTQKp0qwLSfXH
UpKW4P/pctzkK1lwrocZudwUxzLsdNt2Lb+ECyy6EwOlmjuc0cfs/4cNTBvhHlmh
vfz3MLsUrDeCNSZ5myPa9RTrr7XXtVL9p5ruMELLeLtsdzKKE3T6WMGaEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEPb3YbzR8DhBD5436aCKHquKavxMB8GA1UdIwQY
MBaAFGDGSwT6j1/uaGb1x5+Pfc6lASUVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWU1aTEJQcVBYLTVvWnZYSG40OTl6cVVCSlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi84MjQ5MWItOGNhZi00ODFiLWIxNDYt
NjAxYTU4ZjYzMzkzLzEvUTl2ZGh2Tkh3T0VFUG5qZnBvSW9lcTRwcV9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi84MjQ5MWItOGNhZi00ODFiLWIxNDYtNjAxYTU4ZjYzMzkz
LzEvWU1aTEJQcVBYLTVvWnZYSG40OTl6cVVCSlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueYSMA0G
CSqGSIb3DQEBCwUAA4IBAQCQ4j0y+3tICCjLMiSmNTN6ptNmS7KUWhR/EB9gR3To
DAXIIV7qVrlqqOa7p1GwkDuf8S951ghwExEaNfhZGemI6cXua6xHNW1ztJDiRRfq
n4P5vrCthdqWMBTAungI++6vT3fXfsrszGA7FNZSiuOWXO53STe6YiwGPffg23Fu
PrcubBlJDFa5cvKrbM5YsvCfp6Rn/lPtY2xJ/CjwLVL0sSmLFOK1szlw+ozi/+D7
RwvNk6LORKvRl/v6rb1astGDPvGheJlAzJ24T8Ghkd5gYe5Ds+uDo0kmBBpfjR99
fDDeoUTBXXYdQL8lml9Ko5+58F5gXBw9xauhOClQH0cR
-----END CERTIFICATE-----