Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/Qv9DYYAsUMGLm7fIDpszv_2x6ew.roa
File:                     Qv9DYYAsUMGLm7fIDpszv_2x6ew.roa (raw, json)
Hash identifier:          TAxxPHHz2z94bD6nydgQ67LIaPjhCUb/iq4m0QrU5vg=
Subject key identifier:   42:FF:43:61:80:2C:50:C1:8B:9B:B7:C8:0E:9B:33:BF:FD:B1:E9:EC
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       01942827530D2AC83AC084099F67D0C21E07
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/Qv9DYYAsUMGLm7fIDpszv_2x6ew.roa
Signing time:             Thu 02 Jan 2025 17:54:13 +0000
ROA not before:           Thu 02 Jan 2025 17:54:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        85.204.22.0/24 maxlen: 24
                          92.114.32.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:27:53:0d:2a:c8:3a:c0:84:09:9f:67:d0:c2:1e:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Jan  2 17:54:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=42ff4361802c50c18b9bb7c80e9b33bffdb1e9ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:f6:18:26:ac:63:cd:eb:90:33:ee:03:2f:3a:
                    ea:83:6b:66:15:2a:ba:ed:d9:67:74:c0:0d:32:cc:
                    35:45:47:ea:ed:04:6f:0f:20:42:db:18:a1:ac:0e:
                    c3:51:0b:98:f0:2e:b4:43:c8:4d:b2:93:a0:69:2e:
                    5b:27:d2:1b:8c:85:4d:b2:64:48:3b:08:75:37:48:
                    66:d9:c9:00:62:72:9a:db:e5:f6:df:f9:e1:33:70:
                    19:5c:7e:2c:a5:93:b7:66:5e:de:a7:f9:c4:47:b7:
                    cf:e1:39:fb:18:28:25:3b:61:85:fb:53:e5:be:c9:
                    20:bb:48:2c:3b:48:0e:61:98:80:46:3f:0a:11:98:
                    16:f4:1b:8a:aa:45:16:96:9e:ac:76:c4:ff:f5:01:
                    02:d8:17:f4:63:2c:d8:ba:2e:32:46:0b:e6:a9:ba:
                    07:99:fa:0e:1a:18:c4:77:15:f9:c5:3e:a6:60:c4:
                    ed:65:e9:a8:14:80:9d:54:cb:db:4c:ff:1a:7c:3c:
                    86:74:f0:9f:3d:c2:b1:c7:3d:fb:a6:1b:52:b2:23:
                    3b:72:95:c2:90:d4:75:b5:d7:7b:b8:ef:86:09:7b:
                    0c:ce:72:11:01:9f:af:40:5e:fb:1b:ee:d6:a7:99:
                    f4:17:78:58:3c:5e:26:f3:45:ce:22:d0:a2:c3:b3:
                    fb:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:FF:43:61:80:2C:50:C1:8B:9B:B7:C8:0E:9B:33:BF:FD:B1:E9:EC
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/Qv9DYYAsUMGLm7fIDpszv_2x6ew.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.204.22.0/24
                  92.114.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:4d:fb:15:32:4d:6d:1c:c2:89:77:3a:46:7d:d1:b7:d0:76:
         3a:ae:e6:da:1e:f6:d1:8a:7d:85:a4:5b:ca:38:5a:9d:2d:31:
         45:22:4d:e3:5e:85:8b:f6:2b:16:16:f5:51:9b:c4:2c:fe:c5:
         88:e9:c6:5d:3d:08:e9:0a:1c:d8:df:19:79:a9:2b:c3:70:fa:
         29:1e:cb:4b:a5:d3:cd:0d:c1:25:29:a3:a8:3b:32:ce:41:9c:
         91:9f:eb:af:25:0c:85:c9:0f:32:d2:c9:ef:ce:30:74:4a:70:
         aa:c0:cd:d6:f8:31:36:1c:57:10:ba:a6:d1:43:10:a4:e1:c2:
         82:50:5f:99:11:44:4d:0f:fd:54:2d:8e:f7:33:6d:e2:1c:20:
         a5:37:ef:4d:61:cd:5b:6a:6d:e4:2c:18:b1:56:d8:b5:f5:25:
         82:d3:72:20:62:71:90:dd:26:b4:e6:f2:e6:b2:d7:58:0c:86:
         3f:be:3f:61:1e:5e:c8:2e:f6:7c:6d:fc:eb:15:5d:09:72:12:
         ae:d0:fa:c8:aa:3d:f3:00:57:b5:3d:12:e6:4f:5f:e3:b5:cb:
         e3:47:c1:ca:9f:51:c9:28:25:af:c9:70:7c:bb:81:29:6d:98:
         1e:0a:cb:2c:41:2b:ad:85:43:ca:f4:2f:4e:ae:76:cb:98:b0:
         35:64:62:db
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQoJ1MNKsg6wIQJn2fQwh4HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjUwMTAyMTc1NDEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MmZmNDM2MTgwMmM1MGMxOGI5YmI3YzgwZTliMzNiZmZkYjFlOWVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArvYYJqxjzeuQM+4DLzrqg2tmFSq6
7dlndMANMsw1RUfq7QRvDyBC2xihrA7DUQuY8C60Q8hNspOgaS5bJ9IbjIVNsmRI
Owh1N0hm2ckAYnKa2+X23/nhM3AZXH4spZO3Zl7ep/nER7fP4Tn7GCglO2GF+1Pl
vskgu0gsO0gOYZiARj8KEZgW9BuKqkUWlp6sdsT/9QEC2Bf0YyzYui4yRgvmqboH
mfoOGhjEdxX5xT6mYMTtZemoFICdVMvbTP8afDyGdPCfPcKxxz37phtSsiM7cpXC
kNR1tdd7uO+GCXsMznIRAZ+vQF77G+7Wp5n0F3hYPF4m80XOItCiw7P7HQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEL/Q2GALFDBi5u3yA6bM7/9sensMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvUXY5RFlZQXNVTUdMbTdmSURwc3p2XzJ4NmV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVcwWAwQA
XHIgMA0GCSqGSIb3DQEBCwUAA4IBAQBqTfsVMk1tHMKJdzpGfdG30HY6rubaHvbR
in2FpFvKOFqdLTFFIk3jXoWL9isWFvVRm8Qs/sWI6cZdPQjpChzY3xl5qSvDcPop
HstLpdPNDcElKaOoOzLOQZyRn+uvJQyFyQ8y0snvzjB0SnCqwM3W+DE2HFcQuqbR
QxCk4cKCUF+ZEURND/1ULY73M23iHCClN+9NYc1bam3kLBixVti19SWC03IgYnGQ
3Sa05vLmstdYDIY/vj9hHl7ILvZ8bfzrFV0JchKu0PrIqj3zAFe1PRLmT1/jtcvj
R8HKn1HJKCWvyXB8u4EpbZgeCsssQSuthUPK9C9OrnbLmLA1ZGLb
-----END CERTIFICATE-----