Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/QKPU8lHD1Ls8ijbvjjabsAgLzUg.roa
File:                     QKPU8lHD1Ls8ijbvjjabsAgLzUg.roa (raw, json)
Hash identifier:          /fSYXi8WIkq4YrB09WT2QnZLo4NqtBeyd9xE217JYvw=
Subject key identifier:   40:A3:D4:F2:51:C3:D4:BB:3C:8A:36:EF:8E:36:9B:B0:08:0B:CD:48
Certificate issuer:       /CN=ba9d30e6035be8b8386061f271481c707e04ce2b
Certificate serial:       0194228E0BD66581DFF327D726A853F25656
Authority key identifier: BA:9D:30:E6:03:5B:E8:B8:38:60:61:F2:71:48:1C:70:7E:04:CE:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/QKPU8lHD1Ls8ijbvjjabsAgLzUg.roa
Signing time:             Wed 01 Jan 2025 15:48:42 +0000
ROA not before:           Wed 01 Jan 2025 15:48:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51703
IP address blocks:        213.153.172.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 03:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:0b:d6:65:81:df:f3:27:d7:26:a8:53:f2:56:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba9d30e6035be8b8386061f271481c707e04ce2b
        Validity
            Not Before: Jan  1 15:48:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=40a3d4f251c3d4bb3c8a36ef8e369bb0080bcd48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:2f:b4:38:63:e9:dd:86:bf:aa:40:39:33:83:
                    ec:63:1d:26:ad:46:3a:4a:cc:31:1b:89:09:47:dd:
                    ae:5f:3e:c0:2b:8e:b3:cf:ab:2e:42:a1:08:28:55:
                    5e:63:7a:33:1f:ea:8f:0f:ff:40:2a:80:8a:a9:0a:
                    55:3a:8a:3d:da:49:cc:2d:25:e5:0b:27:61:6e:4f:
                    d8:d0:6f:2b:03:47:0c:bd:da:ae:54:a9:b2:43:f0:
                    ec:42:a9:31:c1:1a:38:30:90:b7:bb:1b:d2:0c:00:
                    54:a9:20:97:e9:4a:9f:e3:1a:3d:f2:e3:3f:88:ee:
                    8d:a3:4e:d3:49:94:e1:81:ab:b7:4b:e6:d2:2b:32:
                    94:02:68:63:e7:d4:53:07:2a:81:7c:ac:82:24:73:
                    63:b6:cd:29:49:0c:0d:db:17:6e:01:2c:bd:a9:22:
                    fc:5f:e7:41:00:42:ce:2f:c2:f3:8f:ad:3b:b4:e2:
                    fb:27:20:a4:87:85:3f:40:2a:ad:7e:11:72:48:26:
                    5b:52:a5:7a:82:e3:5d:9e:11:7b:de:6e:7c:05:3b:
                    1f:31:7a:d0:c2:61:10:de:53:6d:f4:1f:3c:b2:a8:
                    c4:97:2d:ac:ce:85:52:26:e9:c8:6d:2b:98:8b:28:
                    64:e3:1f:a0:47:e1:32:58:a2:bf:b9:18:96:b5:8b:
                    fb:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:A3:D4:F2:51:C3:D4:BB:3C:8A:36:EF:8E:36:9B:B0:08:0B:CD:48
            X509v3 Authority Key Identifier:
                keyid:BA:9D:30:E6:03:5B:E8:B8:38:60:61:F2:71:48:1C:70:7E:04:CE:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/QKPU8lHD1Ls8ijbvjjabsAgLzUg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.153.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:97:16:2d:e0:e5:53:9b:63:e3:f1:b1:a9:43:6e:e9:4f:36:
         c5:ff:8c:95:ff:8e:9a:19:5d:4b:a7:42:13:20:63:0d:6d:e0:
         48:7b:95:3c:a8:f5:52:04:e7:12:8e:d1:dd:7a:d5:bf:04:b2:
         81:7e:0e:8c:b5:12:3e:e2:94:fa:73:70:3a:23:15:94:8c:9f:
         b0:22:13:94:b1:35:1c:d6:f2:a3:5e:5a:f7:95:c5:cf:5f:51:
         39:44:e1:91:00:6f:32:a3:4d:5f:19:af:50:ef:b2:44:90:bc:
         d1:d2:c3:51:d3:c8:fa:07:a9:35:58:34:55:d3:b4:99:e2:34:
         46:66:c5:13:3c:ef:9b:88:ba:05:ff:5c:d4:e2:ff:87:86:ff:
         5e:29:6f:57:dd:b7:6a:77:7b:2c:55:e8:29:8d:f7:cb:b4:41:
         eb:5d:6d:30:cd:b8:90:06:3c:59:f7:32:d6:0d:ef:12:1f:b8:
         59:53:e9:b2:96:e2:9a:bf:df:aa:6f:d8:6c:26:55:53:60:b2:
         a9:e4:2d:fe:55:2c:35:a5:f6:e9:0d:6a:ce:4b:f7:7f:1e:3e:
         27:3c:c1:d4:ba:7b:bf:36:13:36:bf:56:fa:e4:1c:26:12:89:
         c7:c4:ad:5b:61:cd:6e:19:32:53:00:31:91:f3:78:9a:26:c6:
         7a:17:51:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijgvWZYHf8yfXJqhT8lZWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhOWQzMGU2MDM1YmU4YjgzODYwNjFmMjcxNDgxYzcwN2Uw
NGNlMmIwHhcNMjUwMTAxMTU0ODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGEzZDRmMjUxYzNkNGJiM2M4YTM2ZWY4ZTM2OWJiMDA4MGJjZDQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAri+0OGPp3Ya/qkA5M4PsYx0mrUY6
SswxG4kJR92uXz7AK46zz6suQqEIKFVeY3ozH+qPD/9AKoCKqQpVOoo92knMLSXl
Cydhbk/Y0G8rA0cMvdquVKmyQ/DsQqkxwRo4MJC3uxvSDABUqSCX6Uqf4xo98uM/
iO6No07TSZThgau3S+bSKzKUAmhj59RTByqBfKyCJHNjts0pSQwN2xduASy9qSL8
X+dBAELOL8Lzj607tOL7JyCkh4U/QCqtfhFySCZbUqV6guNdnhF73m58BTsfMXrQ
wmEQ3lNt9B88sqjEly2szoVSJunIbSuYiyhk4x+gR+EyWKK/uRiWtYv7WQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFECj1PJRw9S7PIo27442m7AIC81IMB8GA1UdIwQY
MBaAFLqdMOYDW+i4OGBh8nFIHHB+BM4rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXAwdzVnTmI2TGc0WUdIeWNVZ2NjSDRFemlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hYzljMzItN2RiYy00ZDZjLWJjMDgt
NWQ1ODRmYmM1ZDI3LzEvUUtQVThsSEQxTHM4aWpidmpqYWJzQWdMelVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hYzljMzItN2RiYy00ZDZjLWJjMDgtNWQ1ODRmYmM1ZDI3
LzEvdXAwdzVnTmI2TGc0WUdIeWNVZ2NjSDRFemlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1ZmsMA0G
CSqGSIb3DQEBCwUAA4IBAQCYlxYt4OVTm2Pj8bGpQ27pTzbF/4yV/46aGV1Lp0IT
IGMNbeBIe5U8qPVSBOcSjtHdetW/BLKBfg6MtRI+4pT6c3A6IxWUjJ+wIhOUsTUc
1vKjXlr3lcXPX1E5ROGRAG8yo01fGa9Q77JEkLzR0sNR08j6B6k1WDRV07SZ4jRG
ZsUTPO+biLoF/1zU4v+Hhv9eKW9X3bdqd3ssVegpjffLtEHrXW0wzbiQBjxZ9zLW
De8SH7hZU+myluKav9+qb9hsJlVTYLKp5C3+VSw1pfbpDWrOS/d/Hj4nPMHUunu/
NhM2v1b65BwmEonHxK1bYc1uGTJTADGR83iaJsZ6F1GH
-----END CERTIFICATE-----