Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/fc5af5-0b50-4531-9374-ebeb9a991488/1/NqaLmcA0hS3kbvvGXTMO3PSyQ-c.roa
File:                     NqaLmcA0hS3kbvvGXTMO3PSyQ-c.roa (raw, json)
Hash identifier:          /fpzuan/b2/lZgMGOV41W9znkrskBH2VUdOsvVz//ik=
Subject key identifier:   36:A6:8B:99:C0:34:85:2D:E4:6E:FB:C6:5D:33:0E:DC:F4:B2:43:E7
Certificate issuer:       /CN=06b8ed985ef2034e8e307c447f3496c32adad2c8
Certificate serial:       019426D91D8E3180F8A6713BA6F6493FC4B2
Authority key identifier: 06:B8:ED:98:5E:F2:03:4E:8E:30:7C:44:7F:34:96:C3:2A:DA:D2:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BrjtmF7yA06OMHxEfzSWwyra0sg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/fc5af5-0b50-4531-9374-ebeb9a991488/1/NqaLmcA0hS3kbvvGXTMO3PSyQ-c.roa
Signing time:             Thu 02 Jan 2025 11:49:10 +0000
ROA not before:           Thu 02 Jan 2025 11:49:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39605
IP address blocks:        185.99.148.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/fc5af5-0b50-4531-9374-ebeb9a991488/1/BrjtmF7yA06OMHxEfzSWwyra0sg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/fc5af5-0b50-4531-9374-ebeb9a991488/1/BrjtmF7yA06OMHxEfzSWwyra0sg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BrjtmF7yA06OMHxEfzSWwyra0sg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 20:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:1d:8e:31:80:f8:a6:71:3b:a6:f6:49:3f:c4:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=06b8ed985ef2034e8e307c447f3496c32adad2c8
        Validity
            Not Before: Jan  2 11:49:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=36a68b99c034852de46efbc65d330edcf4b243e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:f0:8e:9d:8e:f8:a2:67:29:d1:1c:ee:36:80:
                    46:09:b8:ee:ec:64:6f:d7:01:b2:44:b1:92:7b:1e:
                    8a:b0:67:fd:0b:1b:4a:d4:b2:88:1d:2d:89:11:65:
                    1e:fe:6f:77:c9:bd:b3:5b:38:33:ac:95:65:1d:ce:
                    9c:7c:80:81:ff:b2:58:67:7e:96:07:f7:23:52:e4:
                    d1:c3:26:9a:c1:1e:be:c6:aa:de:7a:53:a7:82:c8:
                    75:c6:39:d1:a2:20:4d:10:9d:ab:8a:67:a0:ba:2d:
                    41:14:b1:a6:e2:e7:0d:cd:50:dc:2f:d7:2d:4e:d7:
                    b8:f3:a0:c5:41:e1:92:b9:a0:4e:be:97:4d:19:1c:
                    04:72:b3:0d:30:77:88:b3:49:6c:31:21:ad:c1:22:
                    f4:dc:fb:a3:7e:e8:49:8f:0c:7a:83:e2:3e:37:6a:
                    f0:18:aa:2b:31:e3:e2:c5:fe:e3:c0:63:fc:1e:c3:
                    82:da:20:6b:af:c0:07:ab:07:11:d0:ff:7d:e1:f5:
                    a8:fd:88:a9:dc:1e:0a:78:13:5a:51:73:f0:50:ef:
                    53:af:97:fe:79:07:3a:88:5a:46:46:ee:66:4f:1a:
                    2f:5c:e6:91:97:db:91:06:a6:87:53:bc:12:58:a4:
                    a2:36:0c:ee:95:b3:32:6a:31:c8:ba:5d:e5:47:e8:
                    97:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:A6:8B:99:C0:34:85:2D:E4:6E:FB:C6:5D:33:0E:DC:F4:B2:43:E7
            X509v3 Authority Key Identifier:
                keyid:06:B8:ED:98:5E:F2:03:4E:8E:30:7C:44:7F:34:96:C3:2A:DA:D2:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BrjtmF7yA06OMHxEfzSWwyra0sg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/fc5af5-0b50-4531-9374-ebeb9a991488/1/NqaLmcA0hS3kbvvGXTMO3PSyQ-c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/fc5af5-0b50-4531-9374-ebeb9a991488/1/BrjtmF7yA06OMHxEfzSWwyra0sg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.99.148.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8f:eb:7b:0b:c2:5c:e2:e7:7d:be:d8:8b:7f:8f:5a:30:9f:dc:
         93:ca:ac:ed:7f:4b:23:8a:f2:b5:df:82:0b:c8:21:14:8e:fa:
         93:f8:c6:80:e1:1f:74:e9:6b:1f:cc:0e:5c:9b:90:46:10:b0:
         0f:e1:54:48:e1:17:49:af:52:8c:97:5a:00:f2:65:1b:38:bd:
         4f:e9:72:3c:f4:38:0f:b6:eb:c0:dc:5d:0f:82:6d:ad:1e:55:
         30:95:6f:0c:55:28:f6:4f:f5:f3:0f:4c:8a:74:49:0e:2b:ce:
         02:9a:2e:10:bf:9d:eb:bf:2f:01:7d:e9:9b:61:cb:a2:b8:33:
         4a:df:b8:27:76:cb:84:75:9e:77:60:0b:67:3c:7a:e0:9f:8f:
         8d:8d:c8:78:70:38:a7:7c:59:6f:90:45:42:83:00:09:f5:29:
         f8:9b:1b:e1:58:b4:11:d1:b0:df:5d:5c:ea:0f:2f:5f:d2:25:
         c4:ab:f4:ba:e4:86:c0:56:32:26:88:9e:be:84:ea:71:7f:2b:
         34:97:9f:7c:fe:e8:ed:db:e6:0c:15:bd:44:13:48:da:00:0d:
         33:04:1f:fe:43:19:af:7d:16:ad:8a:2d:06:93:21:28:74:74:
         7e:70:38:91:a8:38:ad:fd:f3:6f:7e:73:e2:3c:e0:30:5d:20:
         d7:8b:2f:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2R2OMYD4pnE7pvZJP8SyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2YjhlZDk4NWVmMjAzNGU4ZTMwN2M0NDdmMzQ5NmMzMmFk
YWQyYzgwHhcNMjUwMTAyMTE0OTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmE2OGI5OWMwMzQ4NTJkZTQ2ZWZiYzY1ZDMzMGVkY2Y0YjI0M2U3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsvCOnY74omcp0RzuNoBGCbju7GRv
1wGyRLGSex6KsGf9CxtK1LKIHS2JEWUe/m93yb2zWzgzrJVlHc6cfICB/7JYZ36W
B/cjUuTRwyaawR6+xqreelOngsh1xjnRoiBNEJ2rimegui1BFLGm4ucNzVDcL9ct
Tte486DFQeGSuaBOvpdNGRwEcrMNMHeIs0lsMSGtwSL03PujfuhJjwx6g+I+N2rw
GKorMePixf7jwGP8HsOC2iBrr8AHqwcR0P994fWo/Yip3B4KeBNaUXPwUO9Tr5f+
eQc6iFpGRu5mTxovXOaRl9uRBqaHU7wSWKSiNgzulbMyajHIul3lR+iXawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDami5nANIUt5G77xl0zDtz0skPnMB8GA1UdIwQY
MBaAFAa47Zhe8gNOjjB8RH80lsMq2tLIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnJqdG1GN3lBMDZPTUh4RWZ6U1d3eXJhMHNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9mYzVhZjUtMGI1MC00NTMxLTkzNzQt
ZWJlYjlhOTkxNDg4LzEvTnFhTG1jQTBoUzNrYnZ2R1hUTU8zUFN5US1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9mYzVhZjUtMGI1MC00NTMxLTkzNzQtZWJlYjlhOTkxNDg4
LzEvQnJqdG1GN3lBMDZPTUh4RWZ6U1d3eXJhMHNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuWOUMA0G
CSqGSIb3DQEBCwUAA4IBAQCP63sLwlzi532+2It/j1own9yTyqztf0sjivK134IL
yCEUjvqT+MaA4R906WsfzA5cm5BGELAP4VRI4RdJr1KMl1oA8mUbOL1P6XI89DgP
tuvA3F0Pgm2tHlUwlW8MVSj2T/XzD0yKdEkOK84Cmi4Qv53rvy8BfembYcuiuDNK
37gndsuEdZ53YAtnPHrgn4+Njch4cDinfFlvkEVCgwAJ9Sn4mxvhWLQR0bDfXVzq
Dy9f0iXEq/S65IbAVjImiJ6+hOpxfys0l598/ujt2+YMFb1EE0jaAA0zBB/+Qxmv
fRatii0GkyEodHR+cDiRqDit/fNvfnPiPOAwXSDXiy99
-----END CERTIFICATE-----