Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/QvyXhsLucL8TmYCoeuusNssLEcY.roa
File:                     QvyXhsLucL8TmYCoeuusNssLEcY.roa (raw, json)
Hash identifier:          EZ8tDYwrOLYThmYfnKtLHEvpJFZQ/n5RPXlE0Pp1aRU=
Subject key identifier:   42:FC:97:86:C2:EE:70:BF:13:99:80:A8:7A:EB:AC:36:CB:0B:11:C6
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       01942748534DCF899D216DD75A658FF59210
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/QvyXhsLucL8TmYCoeuusNssLEcY.roa
Signing time:             Thu 02 Jan 2025 13:50:38 +0000
ROA not before:           Thu 02 Jan 2025 13:50:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     272400
IP address blocks:        217.76.241.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:53:4d:cf:89:9d:21:6d:d7:5a:65:8f:f5:92:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jan  2 13:50:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=42fc9786c2ee70bf139980a87aebac36cb0b11c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:c2:90:b3:1b:4a:44:12:5e:55:6b:08:57:df:
                    a0:88:e6:7e:2b:98:fb:9c:e5:c7:ce:4e:4e:e5:96:
                    00:71:37:6c:81:7b:16:e9:d6:6e:c7:6d:af:9d:84:
                    b4:21:4b:95:41:32:b5:a5:9b:5d:a1:19:d2:cd:21:
                    2a:cf:8a:43:1b:28:e7:2d:a6:2f:ed:6e:71:37:bb:
                    aa:d7:ae:cf:4e:2c:bc:e5:36:3e:4f:e5:ff:8b:08:
                    9b:9e:95:8e:7b:77:84:0d:be:c8:0c:6a:ef:f2:62:
                    05:58:91:b4:b1:06:9b:77:4b:3f:0f:35:8a:77:9e:
                    fc:d7:ee:fd:86:1d:fa:a1:b3:84:b8:9b:3d:ff:6e:
                    10:13:e8:23:cd:2d:ff:52:97:32:41:14:3a:05:91:
                    16:a5:96:47:38:93:d6:15:9d:1c:4a:f0:65:76:6f:
                    3e:56:c2:61:e5:58:0a:a7:ae:29:94:5f:45:81:bd:
                    13:c3:aa:83:87:b0:c1:f5:b0:74:98:ca:7d:32:31:
                    3a:0d:a5:ff:0d:1e:d0:86:04:df:9d:c9:d4:bf:00:
                    5d:bf:d9:34:76:62:d0:77:a3:c4:5e:d2:bc:e3:54:
                    82:81:49:f6:c9:4e:f6:37:a4:bd:b5:e6:8e:86:fb:
                    09:ea:7e:34:7c:bf:95:6c:2b:ba:18:7f:5d:fd:9d:
                    7e:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:FC:97:86:C2:EE:70:BF:13:99:80:A8:7A:EB:AC:36:CB:0B:11:C6
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/QvyXhsLucL8TmYCoeuusNssLEcY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.76.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b9:30:02:34:87:3a:ee:79:c5:f2:c8:2b:1c:1e:5e:a3:a8:8e:
         51:71:db:e1:ea:86:11:70:a9:09:2a:cc:10:d7:c5:74:90:75:
         dd:3d:db:d3:83:a1:69:7d:26:ad:bb:dc:49:62:d8:82:6c:5c:
         aa:1a:32:aa:72:16:d7:6c:91:a2:a1:89:36:b3:44:16:dd:fa:
         28:12:a8:43:2d:3f:a8:09:a5:f6:47:14:18:6b:c4:06:ad:39:
         6e:01:bf:19:53:c1:73:35:8e:11:63:c2:16:6a:ea:64:e1:14:
         41:fa:7a:ef:a1:93:24:a2:d2:58:cf:c8:57:66:34:ed:87:f2:
         c5:cd:0c:f8:39:57:c0:af:7a:a9:9e:aa:c8:d2:01:ae:ed:b8:
         31:4d:62:9a:4d:b6:b3:d8:e8:96:ba:58:66:7d:63:96:87:c0:
         d5:de:5d:c4:1c:30:4e:16:68:2b:c4:90:2c:ce:97:96:d0:bf:
         a0:d3:e7:9f:be:8a:eb:04:33:52:48:6e:56:b5:22:a1:00:d2:
         88:eb:98:54:28:54:1d:05:63:5b:0d:d5:ad:6b:7a:43:a4:e7:
         2e:4a:c9:9f:77:11:47:52:05:f1:ec:67:65:ba:88:b9:7a:42:
         80:b8:d6:d0:d8:c9:05:bb:84:a9:d0:39:f6:13:f5:bd:fa:96:
         cc:f0:6d:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSFNNz4mdIW3XWmWP9ZIQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjUwMTAyMTM1MDM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MmZjOTc4NmMyZWU3MGJmMTM5OTgwYTg3YWViYWMzNmNiMGIxMWM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl8KQsxtKRBJeVWsIV9+giOZ+K5j7
nOXHzk5O5ZYAcTdsgXsW6dZux22vnYS0IUuVQTK1pZtdoRnSzSEqz4pDGyjnLaYv
7W5xN7uq167PTiy85TY+T+X/iwibnpWOe3eEDb7IDGrv8mIFWJG0sQabd0s/DzWK
d5781+79hh36obOEuJs9/24QE+gjzS3/UpcyQRQ6BZEWpZZHOJPWFZ0cSvBldm8+
VsJh5VgKp64plF9Fgb0Tw6qDh7DB9bB0mMp9MjE6DaX/DR7QhgTfncnUvwBdv9k0
dmLQd6PEXtK841SCgUn2yU72N6S9teaOhvsJ6n40fL+VbCu6GH9d/Z1+zQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEL8l4bC7nC/E5mAqHrrrDbLCxHGMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvUXZ5WGhzTHVjTDhUbVlDb2V1dXNOc3NMRWNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2UzxMA0G
CSqGSIb3DQEBCwUAA4IBAQC5MAI0hzruecXyyCscHl6jqI5Rcdvh6oYRcKkJKswQ
18V0kHXdPdvTg6FpfSatu9xJYtiCbFyqGjKqchbXbJGioYk2s0QW3fooEqhDLT+o
CaX2RxQYa8QGrTluAb8ZU8FzNY4RY8IWaupk4RRB+nrvoZMkotJYz8hXZjTth/LF
zQz4OVfAr3qpnqrI0gGu7bgxTWKaTbaz2OiWulhmfWOWh8DV3l3EHDBOFmgrxJAs
zpeW0L+g0+efvorrBDNSSG5WtSKhANKI65hUKFQdBWNbDdWta3pDpOcuSsmfdxFH
UgXx7Gdluoi5ekKAuNbQ2MkFu4Sp0Dn2E/W9+pbM8G1q
-----END CERTIFICATE-----