Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/4e3cc2-1a33-495a-999f-d7a684a57b19/1/QhPm8U1brOIqGs2lZ2LGdcxBiLA.roa
File:                     QhPm8U1brOIqGs2lZ2LGdcxBiLA.roa (raw, json)
Hash identifier:          b6IzZ0v53J6OJOZBPLixdFrIPoMrdc5UH4inFHWFRvM=
Subject key identifier:   42:13:E6:F1:4D:5B:AC:E2:2A:1A:CD:A5:67:62:C6:75:CC:41:88:B0
Certificate issuer:       /CN=c72a524f9b1b3801dbd7c89a160aec076b57e729
Certificate serial:       019422FC361799ECE10952D3432EE36C9C44
Authority key identifier: C7:2A:52:4F:9B:1B:38:01:DB:D7:C8:9A:16:0A:EC:07:6B:57:E7:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xypST5sbOAHb18iaFgrsB2tX5yk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/4e3cc2-1a33-495a-999f-d7a684a57b19/1/QhPm8U1brOIqGs2lZ2LGdcxBiLA.roa
Signing time:             Wed 01 Jan 2025 17:49:01 +0000
ROA not before:           Wed 01 Jan 2025 17:49:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57562
IP address blocks:        91.205.188.0/23 maxlen: 23
                          91.205.188.0/24 maxlen: 24
                          91.205.189.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/4e3cc2-1a33-495a-999f-d7a684a57b19/1/xypST5sbOAHb18iaFgrsB2tX5yk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/4e3cc2-1a33-495a-999f-d7a684a57b19/1/xypST5sbOAHb18iaFgrsB2tX5yk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xypST5sbOAHb18iaFgrsB2tX5yk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:36:17:99:ec:e1:09:52:d3:43:2e:e3:6c:9c:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c72a524f9b1b3801dbd7c89a160aec076b57e729
        Validity
            Not Before: Jan  1 17:49:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4213e6f14d5bace22a1acda56762c675cc4188b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:83:8e:5f:78:45:09:1a:85:81:d1:55:6b:e0:
                    6c:28:b1:24:96:7f:22:06:97:fb:83:88:44:22:0b:
                    64:f9:19:0e:0a:04:10:02:da:e9:9c:5a:0c:cd:42:
                    97:ae:c2:5b:7b:8b:23:e9:c8:f8:0e:d9:95:34:e8:
                    8d:a3:e4:bf:39:f2:b1:fb:d9:ee:4b:76:1a:41:37:
                    1c:b1:66:77:3a:29:8e:de:75:03:83:f0:ea:38:69:
                    2b:78:ba:21:40:d7:6f:b9:81:e3:0c:24:85:d1:d2:
                    1e:fd:93:81:26:5c:93:cc:59:dc:c4:e1:39:f4:18:
                    4e:6b:c2:ee:81:f3:88:71:dd:f1:eb:7c:1e:c3:76:
                    0d:5d:2a:8c:0f:2c:ab:60:b9:50:2b:b3:62:4c:57:
                    bb:a2:92:f4:0c:55:bd:53:27:e9:0a:6c:78:6e:88:
                    07:08:d2:cf:ce:47:45:03:70:93:a0:0b:4e:ca:58:
                    bf:b8:b3:20:31:55:c9:85:a1:26:68:92:8d:d0:3b:
                    bd:d9:d4:f2:99:21:22:0d:36:99:73:05:fb:0a:57:
                    c9:1e:f3:4e:8f:f1:90:fd:e6:22:05:60:e9:de:30:
                    b1:df:fb:ce:be:1d:79:43:89:e1:a0:35:db:28:76:
                    15:77:a7:67:2b:c6:aa:22:78:40:dd:41:8b:a7:77:
                    ef:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:13:E6:F1:4D:5B:AC:E2:2A:1A:CD:A5:67:62:C6:75:CC:41:88:B0
            X509v3 Authority Key Identifier:
                keyid:C7:2A:52:4F:9B:1B:38:01:DB:D7:C8:9A:16:0A:EC:07:6B:57:E7:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xypST5sbOAHb18iaFgrsB2tX5yk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/4e3cc2-1a33-495a-999f-d7a684a57b19/1/QhPm8U1brOIqGs2lZ2LGdcxBiLA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/4e3cc2-1a33-495a-999f-d7a684a57b19/1/xypST5sbOAHb18iaFgrsB2tX5yk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.205.188.0/23

    Signature Algorithm: sha256WithRSAEncryption
         92:c0:ad:86:5b:16:24:17:5c:fd:e6:0c:4b:b3:5e:cb:1b:ae:
         c9:35:74:1a:d7:0a:64:ab:b7:ee:87:2c:6e:5f:fb:b7:39:d7:
         55:2d:c7:1e:b0:85:b1:e1:21:4f:fe:40:8e:dc:f3:fd:e9:af:
         fb:cc:1c:c9:06:3c:f9:68:ca:f5:0a:2e:30:28:8f:b2:e8:36:
         67:12:88:c0:2b:8f:6d:d8:af:ab:2b:24:c5:da:b5:22:f4:9d:
         bd:0f:7a:62:e6:00:7f:94:bf:e3:48:49:e4:1b:96:ed:d1:99:
         40:c8:ce:97:e6:6c:22:50:b6:36:a9:89:be:c8:a1:31:65:f3:
         a4:c9:5a:18:b5:72:4f:85:42:3d:38:07:17:de:8e:a2:ca:a1:
         00:64:dc:f6:4c:93:15:53:c4:77:5b:d4:2c:3a:ca:9d:26:4c:
         2d:a7:7e:8b:3a:3c:b7:33:93:9a:12:b7:90:40:95:55:d3:a4:
         b1:89:9e:8b:06:bb:2d:ce:68:9f:77:a8:46:59:ab:43:0b:6a:
         99:52:d3:22:f2:93:78:ef:e2:57:60:97:62:5a:b4:55:1e:ba:
         d9:1f:6b:3c:7f:e3:64:49:dd:e9:73:fa:ad:3a:de:4a:3d:eb:
         6e:42:21:a8:fa:a4:0a:31:bd:45:3d:12:63:d7:98:63:32:58:
         6b:57:72:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi/DYXmezhCVLTQy7jbJxEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3MmE1MjRmOWIxYjM4MDFkYmQ3Yzg5YTE2MGFlYzA3NmI1
N2U3MjkwHhcNMjUwMTAxMTc0OTAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjEzZTZmMTRkNWJhY2UyMmExYWNkYTU2NzYyYzY3NWNjNDE4OGIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuYOOX3hFCRqFgdFVa+BsKLEkln8i
Bpf7g4hEIgtk+RkOCgQQAtrpnFoMzUKXrsJbe4sj6cj4DtmVNOiNo+S/OfKx+9nu
S3YaQTccsWZ3OimO3nUDg/DqOGkreLohQNdvuYHjDCSF0dIe/ZOBJlyTzFncxOE5
9BhOa8LugfOIcd3x63wew3YNXSqMDyyrYLlQK7NiTFe7opL0DFW9UyfpCmx4bogH
CNLPzkdFA3CToAtOyli/uLMgMVXJhaEmaJKN0Du92dTymSEiDTaZcwX7ClfJHvNO
j/GQ/eYiBWDp3jCx3/vOvh15Q4nhoDXbKHYVd6dnK8aqInhA3UGLp3fvsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEIT5vFNW6ziKhrNpWdixnXMQYiwMB8GA1UdIwQY
MBaAFMcqUk+bGzgB29fImhYK7AdrV+cpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveHlwU1Q1c2JPQUhiMThpYUZncnNCMnRYNXlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My80ZTNjYzItMWEzMy00OTVhLTk5OWYt
ZDdhNjg0YTU3YjE5LzEvUWhQbThVMWJyT0lxR3MybFoyTEdkY3hCaUxBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My80ZTNjYzItMWEzMy00OTVhLTk5OWYtZDdhNjg0YTU3YjE5
LzEveHlwU1Q1c2JPQUhiMThpYUZncnNCMnRYNXlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW828MA0G
CSqGSIb3DQEBCwUAA4IBAQCSwK2GWxYkF1z95gxLs17LG67JNXQa1wpkq7fuhyxu
X/u3OddVLccesIWx4SFP/kCO3PP96a/7zBzJBjz5aMr1Ci4wKI+y6DZnEojAK49t
2K+rKyTF2rUi9J29D3pi5gB/lL/jSEnkG5bt0ZlAyM6X5mwiULY2qYm+yKExZfOk
yVoYtXJPhUI9OAcX3o6iyqEAZNz2TJMVU8R3W9QsOsqdJkwtp36LOjy3M5OaEreQ
QJVV06SxiZ6LBrstzmifd6hGWatDC2qZUtMi8pN47+JXYJdiWrRVHrrZH2s8f+Nk
Sd3pc/qtOt5KPetuQiGo+qQKMb1FPRJj15hjMlhrV3IP
-----END CERTIFICATE-----