Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/f037db-7592-4b62-bdaa-04e46ef0cd21/1/QruSm__TwUr_yHAYXjuNZoojNTM.roa
File:                     QruSm__TwUr_yHAYXjuNZoojNTM.roa (raw, json)
Hash identifier:          3QNaGA7ZG6uoQs8cjkKS1muqAr2cgCC2owbsQ1FitJQ=
Subject key identifier:   42:BB:92:9B:FF:D3:C1:4A:FF:C8:70:18:5E:3B:8D:66:8A:23:35:33
Certificate issuer:       /CN=7c673daad6d9317f0101d41a042a61e57689453a
Certificate serial:       019474189DE121AAF3442EA4444CA077D7A0
Authority key identifier: 7C:67:3D:AA:D6:D9:31:7F:01:01:D4:1A:04:2A:61:E5:76:89:45:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fGc9qtbZMX8BAdQaBCph5XaJRTo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/f037db-7592-4b62-bdaa-04e46ef0cd21/1/QruSm__TwUr_yHAYXjuNZoojNTM.roa
Signing time:             Fri 17 Jan 2025 11:49:17 +0000
ROA not before:           Fri 17 Jan 2025 11:49:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     396982
IP address blocks:        64.52.19.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/f037db-7592-4b62-bdaa-04e46ef0cd21/1/fGc9qtbZMX8BAdQaBCph5XaJRTo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/f037db-7592-4b62-bdaa-04e46ef0cd21/1/fGc9qtbZMX8BAdQaBCph5XaJRTo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fGc9qtbZMX8BAdQaBCph5XaJRTo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 16:04:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:74:18:9d:e1:21:aa:f3:44:2e:a4:44:4c:a0:77:d7:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c673daad6d9317f0101d41a042a61e57689453a
        Validity
            Not Before: Jan 17 11:49:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=42bb929bffd3c14affc870185e3b8d668a233533
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:6a:fc:f0:4a:20:55:8e:4e:fd:cc:f7:2b:f2:
                    92:cf:72:eb:d6:2d:00:f6:d2:dc:d3:93:eb:5a:e4:
                    a1:00:18:90:f1:2c:d3:ff:79:2c:2b:fc:80:d0:49:
                    a9:57:18:a1:df:00:da:2c:1d:89:10:15:14:81:2b:
                    6c:77:07:d5:a1:96:d5:52:4a:dd:ca:77:32:c9:b3:
                    67:d6:2b:f9:1b:8a:ce:0a:0a:9a:b7:ac:18:c0:18:
                    f9:8b:ad:1d:59:fb:a6:80:41:fc:50:4f:2a:e1:4c:
                    10:e9:08:40:31:19:d5:c9:91:d7:f6:21:5e:24:03:
                    d6:00:32:95:e9:ab:df:5b:49:f8:fa:b8:99:1b:91:
                    45:5b:c3:cf:61:bd:b9:fd:a7:01:f6:a9:da:9d:ff:
                    8b:bf:ba:45:f5:ce:4d:93:d4:f5:32:ea:e4:0f:58:
                    00:c0:45:7e:02:37:c7:d3:08:a5:2c:43:6d:81:22:
                    37:33:76:30:e2:12:67:98:91:a6:8b:c4:0c:25:ec:
                    da:19:fe:0c:6e:c4:58:53:62:48:3f:0d:fd:36:d6:
                    aa:0f:57:33:5e:12:9f:c1:0d:f1:55:f2:41:f7:3c:
                    95:63:eb:8b:f3:ac:65:4a:89:1a:ee:c8:b8:6d:14:
                    50:83:71:75:4e:3c:3d:80:1d:c5:f5:98:39:8a:25:
                    28:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:BB:92:9B:FF:D3:C1:4A:FF:C8:70:18:5E:3B:8D:66:8A:23:35:33
            X509v3 Authority Key Identifier:
                keyid:7C:67:3D:AA:D6:D9:31:7F:01:01:D4:1A:04:2A:61:E5:76:89:45:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fGc9qtbZMX8BAdQaBCph5XaJRTo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/f037db-7592-4b62-bdaa-04e46ef0cd21/1/QruSm__TwUr_yHAYXjuNZoojNTM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/f037db-7592-4b62-bdaa-04e46ef0cd21/1/fGc9qtbZMX8BAdQaBCph5XaJRTo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.52.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:68:48:88:52:bc:9d:f4:39:27:d5:a9:6a:b7:ee:0f:21:7c:
         57:28:bd:7e:5f:43:7a:5a:05:40:ea:4f:ae:1a:99:45:2f:b2:
         db:a5:38:bd:b0:0f:6e:de:33:51:01:1f:6b:f2:16:23:57:35:
         ea:e1:24:72:3c:6c:85:09:d0:55:e7:74:2c:19:7d:45:93:a3:
         53:00:55:1d:85:41:56:23:0c:fb:9d:3a:b7:a9:34:35:95:1a:
         de:4a:ed:b5:a9:ba:39:96:d2:ea:5b:41:58:42:ee:c4:cc:31:
         01:ad:ac:6e:3c:44:70:94:44:c8:13:36:09:c1:69:1b:2d:6a:
         02:e3:69:c0:b7:bb:c7:4e:8d:61:29:b1:f5:e9:99:48:ab:03:
         af:a6:0e:7a:d7:79:d9:cc:5b:56:ef:a6:7d:b8:0e:07:56:f9:
         1d:7b:f8:ee:89:87:43:97:5d:28:2e:a8:75:c3:ac:09:8f:b9:
         96:cd:1c:7b:b1:f5:a7:1e:7b:3f:4a:c6:0b:03:df:d1:e4:d7:
         28:8b:41:76:83:ee:fe:40:65:51:93:1e:eb:c2:3d:6c:e1:c6:
         4a:98:dc:b6:2f:dd:48:ac:97:9a:e3:15:50:59:b5:9e:41:fe:
         85:93:e2:c6:31:7d:89:79:37:8d:72:bb:9d:c8:40:85:0c:37:
         a5:64:9a:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZR0GJ3hIarzRC6kREygd9egMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjNjczZGFhZDZkOTMxN2YwMTAxZDQxYTA0MmE2MWU1NzY4
OTQ1M2EwHhcNMjUwMTE3MTE0OTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MmJiOTI5YmZmZDNjMTRhZmZjODcwMTg1ZTNiOGQ2NjhhMjMzNTMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0mr88EogVY5O/cz3K/KSz3Lr1i0A
9tLc05PrWuShABiQ8SzT/3ksK/yA0EmpVxih3wDaLB2JEBUUgStsdwfVoZbVUkrd
yncyybNn1iv5G4rOCgqat6wYwBj5i60dWfumgEH8UE8q4UwQ6QhAMRnVyZHX9iFe
JAPWADKV6avfW0n4+riZG5FFW8PPYb25/acB9qnanf+Lv7pF9c5Nk9T1MurkD1gA
wEV+AjfH0wilLENtgSI3M3Yw4hJnmJGmi8QMJezaGf4MbsRYU2JIPw39NtaqD1cz
XhKfwQ3xVfJB9zyVY+uL86xlSoka7si4bRRQg3F1Tjw9gB3F9Zg5iiUoIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEK7kpv/08FK/8hwGF47jWaKIzUzMB8GA1UdIwQY
MBaAFHxnParW2TF/AQHUGgQqYeV2iUU6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkdjOXF0YlpNWDhCQWRRYUJDcGg1WGFKUlRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9mMDM3ZGItNzU5Mi00YjYyLWJkYWEt
MDRlNDZlZjBjZDIxLzEvUXJ1U21fX1R3VXJfeUhBWVhqdU5ab29qTlRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9mMDM3ZGItNzU5Mi00YjYyLWJkYWEtMDRlNDZlZjBjZDIx
LzEvZkdjOXF0YlpNWDhCQWRRYUJDcGg1WGFKUlRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAQDQTMA0G
CSqGSIb3DQEBCwUAA4IBAQCvaEiIUryd9Dkn1alqt+4PIXxXKL1+X0N6WgVA6k+u
GplFL7LbpTi9sA9u3jNRAR9r8hYjVzXq4SRyPGyFCdBV53QsGX1Fk6NTAFUdhUFW
Iwz7nTq3qTQ1lRreSu21qbo5ltLqW0FYQu7EzDEBraxuPERwlETIEzYJwWkbLWoC
42nAt7vHTo1hKbH16ZlIqwOvpg5613nZzFtW76Z9uA4HVvkde/juiYdDl10oLqh1
w6wJj7mWzRx7sfWnHns/SsYLA9/R5Ncoi0F2g+7+QGVRkx7rwj1s4cZKmNy2L91I
rJea4xVQWbWeQf6Fk+LGMX2JeTeNcrudyECFDDelZJpf
-----END CERTIFICATE-----