Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/f14721-2910-42de-b71e-46ce5c8241db/1/DPq81yxdoD2U1ZNGuCuMUOScd8s.roa
File:                     DPq81yxdoD2U1ZNGuCuMUOScd8s.roa (raw, json)
Hash identifier:          gHFyGp/GTt9qIfJMs4LIdJd6bOpZsDzt48MpjJHU1l4=
Subject key identifier:   0C:FA:BC:D7:2C:5D:A0:3D:94:D5:93:46:B8:2B:8C:50:E4:9C:77:CB
Certificate issuer:       /CN=7eac66fc2231cb2656e75335a1fd66771f57a9cc
Certificate serial:       019422FB9AEF1B0A035B5E0DC1BBFF781337
Authority key identifier: 7E:AC:66:FC:22:31:CB:26:56:E7:53:35:A1:FD:66:77:1F:57:A9:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fqxm_CIxyyZW51M1of1mdx9Xqcw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/f14721-2910-42de-b71e-46ce5c8241db/1/DPq81yxdoD2U1ZNGuCuMUOScd8s.roa
Signing time:             Wed 01 Jan 2025 17:48:22 +0000
ROA not before:           Wed 01 Jan 2025 17:48:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203937
IP address blocks:        185.119.120.0/22 maxlen: 22
                          185.131.240.0/23 maxlen: 23
                          185.131.242.0/24 maxlen: 24
                          185.131.243.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/f14721-2910-42de-b71e-46ce5c8241db/1/fqxm_CIxyyZW51M1of1mdx9Xqcw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/f14721-2910-42de-b71e-46ce5c8241db/1/fqxm_CIxyyZW51M1of1mdx9Xqcw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fqxm_CIxyyZW51M1of1mdx9Xqcw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 20:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:9a:ef:1b:0a:03:5b:5e:0d:c1:bb:ff:78:13:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7eac66fc2231cb2656e75335a1fd66771f57a9cc
        Validity
            Not Before: Jan  1 17:48:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0cfabcd72c5da03d94d59346b82b8c50e49c77cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:76:2b:58:03:90:72:b0:25:f1:49:2b:e4:5f:
                    15:64:5a:e0:7c:4b:3e:5b:ea:ed:73:72:8f:a6:40:
                    73:a0:9b:9a:a9:b3:96:ec:4c:bf:f5:6e:f8:25:fc:
                    e0:a6:c4:e2:95:6d:d6:6b:5f:66:bd:04:d1:1f:b5:
                    a3:61:ec:f8:0e:d3:58:bf:69:f3:f2:6e:45:01:07:
                    87:37:f1:03:d8:a8:f8:60:b6:4f:f0:b1:c8:18:c4:
                    f2:07:7f:8f:96:fc:6a:78:3d:81:33:da:60:6f:2a:
                    19:ce:dc:84:b2:fb:b9:b2:9b:a4:8d:96:ae:4e:67:
                    e0:36:88:27:55:57:63:46:69:96:a1:d7:0b:01:d1:
                    f8:63:6c:f5:cd:ec:f6:41:d3:4f:45:fb:55:08:b8:
                    ed:a7:ab:bc:d1:0d:88:b5:3a:46:ee:09:17:7e:41:
                    71:37:1d:be:10:b2:e5:fe:00:03:94:54:33:b3:23:
                    fc:07:40:5c:b2:4a:b7:95:27:e9:1c:22:13:ad:0e:
                    64:38:d9:a1:47:9b:57:dd:59:89:b3:9d:be:ff:a4:
                    72:c1:74:9e:d3:61:8f:ab:99:1a:c2:93:5c:b9:cf:
                    57:1a:c9:48:ad:07:92:4c:74:0c:64:f2:32:b1:47:
                    af:5d:c7:1f:3f:72:59:9a:4f:37:a4:03:4e:3c:f5:
                    29:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:FA:BC:D7:2C:5D:A0:3D:94:D5:93:46:B8:2B:8C:50:E4:9C:77:CB
            X509v3 Authority Key Identifier:
                keyid:7E:AC:66:FC:22:31:CB:26:56:E7:53:35:A1:FD:66:77:1F:57:A9:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fqxm_CIxyyZW51M1of1mdx9Xqcw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/f14721-2910-42de-b71e-46ce5c8241db/1/DPq81yxdoD2U1ZNGuCuMUOScd8s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/f14721-2910-42de-b71e-46ce5c8241db/1/fqxm_CIxyyZW51M1of1mdx9Xqcw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.119.120.0/22
                  185.131.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         cd:ae:55:0e:ac:b2:68:e2:f7:2f:2d:ae:9f:05:4f:93:92:90:
         b9:c8:c3:88:c6:c6:1b:d3:be:cf:4b:44:0e:6c:d3:a1:86:8f:
         5b:f7:80:a2:4c:f4:7f:25:04:35:eb:4c:ba:3b:1e:6d:2f:e8:
         a1:41:0f:cb:0d:b5:ef:fa:8d:fa:a2:ba:cf:26:d7:42:e5:3b:
         a7:69:b4:b0:ba:9c:9a:7e:a1:c3:1f:10:5c:17:49:5c:7b:36:
         b0:9e:27:69:12:cb:6c:17:a2:56:94:70:ce:5e:fe:8b:89:13:
         65:a4:19:46:45:34:1c:43:79:fd:06:8a:f3:58:b8:99:97:52:
         1b:62:6a:18:88:4a:9a:6e:7b:35:82:9c:f3:22:24:4f:44:77:
         01:65:c7:1e:be:fc:18:49:d4:cc:23:d4:b9:28:c1:d3:c2:d2:
         d4:8c:6e:93:c8:4d:95:54:8d:8b:9a:e1:7e:e0:65:08:9b:de:
         0f:fb:ee:13:03:64:4b:d4:52:72:12:59:45:78:8f:30:5c:9a:
         38:4f:f3:59:c0:31:1f:9a:02:4f:83:ab:e9:39:73:dc:72:79:
         bf:cf:a8:39:b6:1e:c1:08:bd:7c:de:20:91:0d:a0:6d:fe:84:
         69:f0:8a:c0:9f:43:9d:fe:23:cd:2f:1e:3b:5c:1b:ce:a1:0c:
         f6:55:94:e8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQi+5rvGwoDW14Nwbv/eBM3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlYWM2NmZjMjIzMWNiMjY1NmU3NTMzNWExZmQ2Njc3MWY1
N2E5Y2MwHhcNMjUwMTAxMTc0ODIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2ZhYmNkNzJjNWRhMDNkOTRkNTkzNDZiODJiOGM1MGU0OWM3N2NiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtHYrWAOQcrAl8Ukr5F8VZFrgfEs+
W+rtc3KPpkBzoJuaqbOW7Ey/9W74JfzgpsTilW3Wa19mvQTRH7WjYez4DtNYv2nz
8m5FAQeHN/ED2Kj4YLZP8LHIGMTyB3+PlvxqeD2BM9pgbyoZztyEsvu5spukjZau
TmfgNognVVdjRmmWodcLAdH4Y2z1zez2QdNPRftVCLjtp6u80Q2ItTpG7gkXfkFx
Nx2+ELLl/gADlFQzsyP8B0Bcskq3lSfpHCITrQ5kONmhR5tX3VmJs52+/6RywXSe
02GPq5kawpNcuc9XGslIrQeSTHQMZPIysUevXccfP3JZmk83pANOPPUp3wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAz6vNcsXaA9lNWTRrgrjFDknHfLMB8GA1UdIwQY
MBaAFH6sZvwiMcsmVudTNaH9ZncfV6nMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZnF4bV9DSXh5eVpXNTFNMW9mMW1keDlYcWN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9mMTQ3MjEtMjkxMC00MmRlLWI3MWUt
NDZjZTVjODI0MWRiLzEvRFBxODF5eGRvRDJVMVpOR3VDdU1VT1NjZDhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9mMTQ3MjEtMjkxMC00MmRlLWI3MWUtNDZjZTVjODI0MWRi
LzEvZnF4bV9DSXh5eVpXNTFNMW9mMW1keDlYcWN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuXd4AwQC
uYPwMA0GCSqGSIb3DQEBCwUAA4IBAQDNrlUOrLJo4vcvLa6fBU+TkpC5yMOIxsYb
077PS0QObNOhho9b94CiTPR/JQQ160y6Ox5tL+ihQQ/LDbXv+o36orrPJtdC5Tun
abSwupyafqHDHxBcF0lcezawnidpEstsF6JWlHDOXv6LiRNlpBlGRTQcQ3n9Borz
WLiZl1IbYmoYiEqabns1gpzzIiRPRHcBZccevvwYSdTMI9S5KMHTwtLUjG6TyE2V
VI2LmuF+4GUIm94P++4TA2RL1FJyEllFeI8wXJo4T/NZwDEfmgJPg6vpOXPccnm/
z6g5th7BCL183iCRDaBt/oRp8IrAn0Od/iPNLx47XBvOoQz2VZTo
-----END CERTIFICATE-----