Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/qcEG_FCNVRYz8PCZN0muoopYL2A.roa
File:                     qcEG_FCNVRYz8PCZN0muoopYL2A.roa (raw, json)
Hash identifier:          NaDwp3PfG423/klCaud5IdcuiRlirFjWcBvoR9XTy6k=
Subject key identifier:   A9:C1:06:FC:50:8D:55:16:33:F0:F0:99:37:49:AE:A2:8A:58:2F:60
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019130B0E3C755DF74E670CF9CB6AE07183E
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/qcEG_FCNVRYz8PCZN0muoopYL2A.roa
Signing time:             Thu 08 Aug 2024 06:33:04 +0000
ROA not before:           Thu 08 Aug 2024 06:33:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62240
IP address blocks:        107.150.166.0/24 maxlen: 24
                          185.161.111.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 21:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:30:b0:e3:c7:55:df:74:e6:70:cf:9c:b6:ae:07:18:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Aug  8 06:33:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a9c106fc508d551633f0f0993749aea28a582f60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:a8:b5:93:41:39:7e:da:73:c1:3d:fe:a3:49:
                    05:7f:0c:82:37:40:51:11:f1:c4:4c:43:f9:e5:7b:
                    96:2c:a8:82:d9:1b:8d:cd:3f:8d:cf:13:84:bf:be:
                    8d:a6:1e:2d:50:43:03:a5:5b:05:25:35:02:5b:af:
                    d4:04:2b:f0:44:34:97:ba:d0:33:36:4f:d2:00:c4:
                    24:d1:de:79:4c:fc:81:37:cc:e4:d2:fa:18:ec:47:
                    06:d4:ec:11:e5:3a:13:7d:e2:49:36:e6:68:a3:cf:
                    d3:70:5a:94:cf:08:c2:77:41:5f:a3:ec:19:08:3f:
                    94:78:2d:34:dc:53:04:82:fa:b9:d8:2c:a3:e4:f8:
                    48:a6:80:b1:8e:2a:21:41:f2:9b:1a:4e:88:aa:90:
                    c3:51:c4:5f:13:fe:e1:21:33:9a:ec:ac:e4:0f:1d:
                    ba:25:c8:29:0b:69:06:2b:56:c7:29:e5:a9:90:dc:
                    ad:0d:25:3d:11:09:ad:12:fd:37:ae:6f:a6:a4:58:
                    6d:48:07:20:9f:2b:47:3d:b6:eb:80:fc:af:e3:b1:
                    a1:6f:e6:4d:28:07:74:9d:64:58:34:44:a0:8b:b9:
                    30:cc:e9:40:a3:35:1d:73:b2:7d:81:49:75:4c:46:
                    e5:21:da:0b:8f:f8:ce:d1:15:e9:ae:6d:f5:6b:a9:
                    6a:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:C1:06:FC:50:8D:55:16:33:F0:F0:99:37:49:AE:A2:8A:58:2F:60
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/qcEG_FCNVRYz8PCZN0muoopYL2A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  107.150.166.0/24
                  185.161.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c3:94:51:68:37:f0:c6:fb:30:ab:f4:55:48:2e:6a:26:4f:b6:
         e2:06:39:83:a4:74:64:94:78:16:b9:7a:9c:98:21:6c:40:f8:
         dc:28:c2:5f:84:67:28:de:c8:3d:e9:da:00:eb:ab:71:76:b4:
         f2:38:8f:ed:d0:50:c4:00:43:8d:86:b1:9c:4a:20:90:b9:a4:
         14:6b:23:75:63:00:2a:4a:d8:26:c7:44:46:78:48:70:6a:a3:
         13:d8:d8:35:b1:84:03:9d:e2:7e:28:6a:ed:18:19:30:47:e2:
         64:7c:3f:da:b6:0f:db:57:e6:f2:89:49:f3:f1:b3:eb:cc:d6:
         cc:07:40:93:c0:b8:32:4b:df:9d:f6:73:b9:51:ac:e9:a1:65:
         80:cc:40:c3:e0:fc:ed:a4:d5:72:cd:72:8c:ff:30:ab:2c:4d:
         0b:48:35:00:bc:b6:05:21:48:98:8c:59:d3:71:47:a8:6a:66:
         c9:19:97:e5:6c:99:53:18:6d:80:ad:76:46:f0:00:2d:27:53:
         68:95:4b:f5:d5:67:cc:80:46:c9:a6:57:cc:03:55:2d:a5:e9:
         97:1b:91:4f:a4:26:6b:1c:24:bf:05:12:b2:a5:0d:10:e9:b8:
         23:7e:3c:71:3c:dc:72:19:db:d2:28:f5:e2:be:8c:5b:51:50:
         50:ad:59:cd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZEwsOPHVd905nDPnLauBxg+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjQwODA4MDYzMzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWMxMDZmYzUwOGQ1NTE2MzNmMGYwOTkzNzQ5YWVhMjhhNTgyZjYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2ai1k0E5ftpzwT3+o0kFfwyCN0BR
EfHETEP55XuWLKiC2RuNzT+NzxOEv76Nph4tUEMDpVsFJTUCW6/UBCvwRDSXutAz
Nk/SAMQk0d55TPyBN8zk0voY7EcG1OwR5ToTfeJJNuZoo8/TcFqUzwjCd0Ffo+wZ
CD+UeC003FMEgvq52Cyj5PhIpoCxjiohQfKbGk6IqpDDUcRfE/7hITOa7KzkDx26
JcgpC2kGK1bHKeWpkNytDSU9EQmtEv03rm+mpFhtSAcgnytHPbbrgPyv47Ghb+ZN
KAd0nWRYNESgi7kwzOlAozUdc7J9gUl1TEblIdoLj/jO0RXprm31a6lqtwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKnBBvxQjVUWM/DwmTdJrqKKWC9gMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvcWNFR19GQ05WUll6OFBDWk4wbXVvb3BZTDJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAa5amAwQA
uaFvMA0GCSqGSIb3DQEBCwUAA4IBAQDDlFFoN/DG+zCr9FVILmomT7biBjmDpHRk
lHgWuXqcmCFsQPjcKMJfhGco3sg96doA66txdrTyOI/t0FDEAEONhrGcSiCQuaQU
ayN1YwAqStgmx0RGeEhwaqMT2Ng1sYQDneJ+KGrtGBkwR+JkfD/atg/bV+byiUnz
8bPrzNbMB0CTwLgyS9+d9nO5UazpoWWAzEDD4PztpNVyzXKM/zCrLE0LSDUAvLYF
IUiYjFnTcUeoambJGZflbJlTGG2ArXZG8AAtJ1NolUv11WfMgEbJplfMA1UtpemX
G5FPpCZrHCS/BRKypQ0Q6bgjfjxxPNxyGdvSKPXivoxbUVBQrVnN
-----END CERTIFICATE-----