Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/qmB76vyZqCg7p7QAzyJ2yMLxMCo.roa
File:                     qmB76vyZqCg7p7QAzyJ2yMLxMCo.roa (raw, json)
Hash identifier:          SUyqBROF7gyZH9RGeUTqKMx2Kc5Io2yfZMqSxecVy4c=
Subject key identifier:   AA:60:7B:EA:FC:99:A8:28:3B:A7:B4:00:CF:22:76:C8:C2:F1:30:2A
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       01954CB62379A02B05361684B5E0C6019CEE
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/qmB76vyZqCg7p7QAzyJ2yMLxMCo.roa
Signing time:             Fri 28 Feb 2025 13:19:19 +0000
ROA not before:           Fri 28 Feb 2025 13:19:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13213
IP address blocks:        155.2.190.0/24 maxlen: 24
                          213.254.162.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:4c:b6:23:79:a0:2b:05:36:16:84:b5:e0:c6:01:9c:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Feb 28 13:19:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aa607beafc99a8283ba7b400cf2276c8c2f1302a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:fe:5b:cf:7b:b0:b9:ba:3e:e2:7a:35:92:53:
                    d7:d7:6e:4f:49:71:05:d6:18:24:75:25:39:fd:e5:
                    c5:5a:b7:c1:80:ee:e8:71:1d:0c:d4:b1:f6:47:02:
                    24:d4:1e:41:dd:8a:8f:8b:b1:bd:ed:aa:34:2a:76:
                    01:e6:91:b4:4e:77:b2:cd:0c:73:7a:e6:2c:c9:3d:
                    70:c6:09:36:fd:0a:0e:bc:a4:3d:1e:c5:a7:ed:ca:
                    cc:8f:f4:49:5a:83:a0:b4:1c:be:1c:79:0f:d2:5e:
                    da:20:1e:2d:23:cf:ec:ea:02:d8:6c:0e:34:1c:0a:
                    c0:f0:e1:23:a2:6c:f1:7b:42:99:af:2f:65:0c:5c:
                    9b:06:0b:49:c6:16:0c:bb:5b:17:c1:bd:e0:3d:f6:
                    80:5e:92:f0:ea:1e:d7:fc:1c:1f:0a:d8:2f:d0:cb:
                    40:9c:82:a2:24:ce:8e:23:2f:db:de:f1:9b:d0:c8:
                    7e:d8:4d:da:c0:f4:9d:23:39:7b:3a:fe:bd:8c:27:
                    3b:60:dd:71:6a:7e:72:d7:fb:8f:a1:bb:68:c3:37:
                    07:53:0d:73:ad:3a:bf:a3:2b:10:8f:3c:c6:f1:ee:
                    a4:57:32:8f:eb:20:02:04:62:bf:a8:9b:5c:22:e1:
                    5a:c0:6e:4d:ac:00:89:e8:e6:f5:6c:82:38:09:e6:
                    ff:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:60:7B:EA:FC:99:A8:28:3B:A7:B4:00:CF:22:76:C8:C2:F1:30:2A
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/qmB76vyZqCg7p7QAzyJ2yMLxMCo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.2.190.0/24
                  213.254.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:c0:d0:f8:08:9f:3e:d6:38:5a:66:09:9e:68:e0:e5:87:26:
         f4:c2:8d:d7:56:4a:08:1b:1e:06:5a:6b:cd:da:fc:23:13:51:
         7b:ef:32:64:ca:b3:74:10:fe:5c:8e:47:49:11:2e:30:6c:04:
         d5:cf:1a:69:af:36:7e:8e:81:e9:a2:be:6c:9d:7a:ae:3b:6c:
         a3:56:f6:a6:9e:d1:ae:0d:e1:c7:8c:73:65:ae:88:24:5e:2d:
         30:8d:a9:ad:a5:0e:c2:d4:ba:f9:48:b8:f7:3d:6e:09:de:4e:
         d3:28:a3:6b:da:67:d4:88:f6:f4:97:1e:62:90:d1:09:76:0d:
         45:86:5a:6c:23:63:5c:e2:0a:8a:96:d2:32:2d:d9:f3:e5:60:
         73:fc:19:d6:45:b9:d1:b7:1c:43:b0:ad:cb:e9:f8:0b:99:a1:
         10:dd:65:2a:4c:0a:09:02:81:fc:47:36:0d:b0:03:2e:91:17:
         e7:89:f7:85:f2:dd:ea:d9:09:b9:98:dd:4e:06:9d:a3:97:59:
         01:55:cd:40:4c:2b:c3:8a:7d:fa:7f:ff:03:da:61:58:fc:8b:
         9f:0a:59:a1:b1:0f:05:28:2d:2e:a0:a4:a1:66:f9:5c:e9:8a:
         f1:ff:31:26:ec:32:ba:90:ff:cb:6b:58:a0:ce:a1:4d:76:8d:
         4f:b7:91:e1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZVMtiN5oCsFNhaEteDGAZzuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjUwMjI4MTMxOTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTYwN2JlYWZjOTlhODI4M2JhN2I0MDBjZjIyNzZjOGMyZjEzMDJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7f5bz3uwubo+4no1klPX125PSXEF
1hgkdSU5/eXFWrfBgO7ocR0M1LH2RwIk1B5B3YqPi7G97ao0KnYB5pG0TneyzQxz
euYsyT1wxgk2/QoOvKQ9HsWn7crMj/RJWoOgtBy+HHkP0l7aIB4tI8/s6gLYbA40
HArA8OEjomzxe0KZry9lDFybBgtJxhYMu1sXwb3gPfaAXpLw6h7X/BwfCtgv0MtA
nIKiJM6OIy/b3vGb0Mh+2E3awPSdIzl7Ov69jCc7YN1xan5y1/uPobtowzcHUw1z
rTq/oysQjzzG8e6kVzKP6yACBGK/qJtcIuFawG5NrACJ6Ob1bII4Ceb/QQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKpge+r8magoO6e0AM8idsjC8TAqMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvcW1CNzZ2eVpxQ2c3cDdRQXp5SjJ5TUx4TUNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAmwK+AwQA
1f6iMA0GCSqGSIb3DQEBCwUAA4IBAQA1wND4CJ8+1jhaZgmeaODlhyb0wo3XVkoI
Gx4GWmvN2vwjE1F77zJkyrN0EP5cjkdJES4wbATVzxpprzZ+joHpor5snXquO2yj
VvamntGuDeHHjHNlrogkXi0wjamtpQ7C1Lr5SLj3PW4J3k7TKKNr2mfUiPb0lx5i
kNEJdg1FhlpsI2Nc4gqKltIyLdnz5WBz/BnWRbnRtxxDsK3L6fgLmaEQ3WUqTAoJ
AoH8RzYNsAMukRfnifeF8t3q2Qm5mN1OBp2jl1kBVc1ATCvDin36f/8D2mFY/Iuf
ClmhsQ8FKC0uoKShZvlc6Yrx/zEm7DK6kP/La1igzqFNdo1Pt5Hh
-----END CERTIFICATE-----