Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/kQ3h94wXe1V5CUmGxBRPEohbppE.roa
File:                     kQ3h94wXe1V5CUmGxBRPEohbppE.roa (raw, json)
Hash identifier:          bUQrUT1I4PpFUWgqSkqWtOSJyeF9eAiCpx1z5c7OS80=
Subject key identifier:   91:0D:E1:F7:8C:17:7B:55:79:09:49:86:C4:14:4F:12:88:5B:A6:91
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       0194282761592E1C3C5EBC4D6244CFC83791
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/kQ3h94wXe1V5CUmGxBRPEohbppE.roa
Signing time:             Thu 02 Jan 2025 17:54:16 +0000
ROA not before:           Thu 02 Jan 2025 17:54:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61424
IP address blocks:        89.46.42.0/24 maxlen: 24
                          185.112.249.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:27:61:59:2e:1c:3c:5e:bc:4d:62:44:cf:c8:37:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Jan  2 17:54:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=910de1f78c177b5579094986c4144f12885ba691
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:af:d5:61:f1:86:0d:3c:ac:f4:61:ea:3e:90:
                    bc:9a:7b:4f:28:cc:80:e5:ec:76:09:55:27:38:ee:
                    4e:ed:61:c8:ec:cf:f2:4e:ee:31:4f:44:dc:1c:3a:
                    9a:b1:dd:8e:09:8b:97:b6:64:f7:6c:1d:80:1f:21:
                    84:1d:f0:a5:c5:32:52:39:44:93:eb:99:48:5a:f0:
                    18:72:d6:08:b2:0f:1b:e1:9f:c9:55:44:82:48:2f:
                    e9:68:a0:1b:45:d8:13:7b:84:86:b9:c8:a8:5f:55:
                    e9:e0:81:e5:ec:e1:e6:17:da:39:46:b6:2d:0d:87:
                    05:72:7a:6e:e9:c8:6e:95:e5:fd:fb:79:4d:75:ed:
                    71:0d:e8:76:bd:a4:b1:8e:07:88:f1:cf:f1:d6:94:
                    23:ae:6d:45:0e:dc:e3:19:20:98:2f:3a:9c:71:9a:
                    6e:a6:d3:6c:fb:0e:10:75:eb:84:fb:23:e3:df:90:
                    93:c0:23:6c:55:46:5b:c7:e4:73:25:07:66:02:d6:
                    dc:05:3f:ef:00:65:40:c1:66:43:44:c4:21:df:ea:
                    3d:70:f7:2e:54:5d:cc:f9:e1:64:46:85:0b:e4:a6:
                    e4:e9:a2:11:39:d6:32:4d:d5:bf:4c:45:62:f1:34:
                    6c:db:75:e3:d7:40:81:af:7e:83:22:87:61:1b:8b:
                    47:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:0D:E1:F7:8C:17:7B:55:79:09:49:86:C4:14:4F:12:88:5B:A6:91
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/kQ3h94wXe1V5CUmGxBRPEohbppE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.46.42.0/24
                  185.112.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:41:c8:db:05:0d:de:aa:bf:92:74:94:5b:57:bd:fb:0d:0e:
         de:a8:f2:c9:89:4d:6c:0f:1f:09:d1:65:ee:bd:d8:ce:dd:66:
         c9:d7:17:3c:29:4c:df:4b:3b:63:7a:b3:12:6e:53:3f:23:a3:
         28:6f:57:a2:1d:72:fe:f6:29:76:c3:a7:22:78:af:eb:78:a6:
         4a:92:4f:87:50:69:40:7e:87:56:46:ea:99:ed:da:e7:4b:9c:
         82:02:4c:26:f0:62:d8:2a:77:0e:0e:26:60:d2:9d:39:3d:33:
         02:86:33:30:d3:f6:85:e2:92:2b:05:17:06:31:d9:55:98:4c:
         15:40:f5:4e:75:ec:26:d5:88:99:04:51:e1:e5:76:12:f0:58:
         5e:e2:0e:ea:f7:24:09:2d:f8:58:f3:ad:41:41:7b:ac:0e:cf:
         4c:9f:43:47:2d:a6:20:b8:96:a4:2d:1f:3d:32:da:90:c8:18:
         43:92:6e:6b:b7:32:d7:74:00:3e:09:c1:0e:94:0d:7c:b7:df:
         7c:ff:e2:d4:dd:d2:7f:e5:21:26:c5:1c:b6:89:c7:e1:41:d6:
         6c:33:3b:f6:e1:4e:96:63:4c:b7:1f:b6:67:e9:83:de:74:5e:
         b5:7c:5b:75:1c:2f:d3:af:0e:22:24:2d:63:3b:bb:ef:c9:5a:
         78:09:e0:5e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQoJ2FZLhw8XrxNYkTPyDeRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjUwMTAyMTc1NDE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTBkZTFmNzhjMTc3YjU1NzkwOTQ5ODZjNDE0NGYxMjg4NWJhNjkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArK/VYfGGDTys9GHqPpC8mntPKMyA
5ex2CVUnOO5O7WHI7M/yTu4xT0TcHDqasd2OCYuXtmT3bB2AHyGEHfClxTJSOUST
65lIWvAYctYIsg8b4Z/JVUSCSC/paKAbRdgTe4SGucioX1Xp4IHl7OHmF9o5RrYt
DYcFcnpu6chuleX9+3lNde1xDeh2vaSxjgeI8c/x1pQjrm1FDtzjGSCYLzqccZpu
ptNs+w4QdeuE+yPj35CTwCNsVUZbx+RzJQdmAtbcBT/vAGVAwWZDRMQh3+o9cPcu
VF3M+eFkRoUL5Kbk6aIROdYyTdW/TEVi8TRs23Xj10CBr36DIodhG4tHFwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJEN4feMF3tVeQlJhsQUTxKIW6aRMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEva1EzaDk0d1hlMVY1Q1VtR3hCUlBFb2hicHBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWS4qAwQA
uXD5MA0GCSqGSIb3DQEBCwUAA4IBAQA+QcjbBQ3eqr+SdJRbV737DQ7eqPLJiU1s
Dx8J0WXuvdjO3WbJ1xc8KUzfSztjerMSblM/I6Mob1eiHXL+9il2w6cieK/reKZK
kk+HUGlAfodWRuqZ7drnS5yCAkwm8GLYKncODiZg0p05PTMChjMw0/aF4pIrBRcG
MdlVmEwVQPVOdewm1YiZBFHh5XYS8Fhe4g7q9yQJLfhY861BQXusDs9Mn0NHLaYg
uJakLR89MtqQyBhDkm5rtzLXdAA+CcEOlA18t998/+LU3dJ/5SEmxRy2icfhQdZs
Mzv24U6WY0y3H7Zn6YPedF61fFt1HC/Trw4iJC1jO7vvyVp4CeBe
-----END CERTIFICATE-----