Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/0afac0-27b9-4637-9cde-b4e79f781e4d/1/JQUZ8AmIUaKrA3xLbBffsdyduoM.roa
File:                     JQUZ8AmIUaKrA3xLbBffsdyduoM.roa (raw, json)
Hash identifier:          JNfVnNEK9ITAEhIOPMGzXPcwJP4nPhm5O7ysI5end8I=
Subject key identifier:   25:05:19:F0:09:88:51:A2:AB:03:7C:4B:6C:17:DF:B1:DC:9D:BA:83
Certificate issuer:       /CN=e91f9dbbe68b84027ced4d31e8803f13e9d65d13
Certificate serial:       0194266BBF4789B250308EDD18AED1C866A8
Authority key identifier: E9:1F:9D:BB:E6:8B:84:02:7C:ED:4D:31:E8:80:3F:13:E9:D6:5D:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6R-du-aLhAJ87U0x6IA_E-nWXRM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/0afac0-27b9-4637-9cde-b4e79f781e4d/1/JQUZ8AmIUaKrA3xLbBffsdyduoM.roa
Signing time:             Thu 02 Jan 2025 09:49:43 +0000
ROA not before:           Thu 02 Jan 2025 09:49:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42905
IP address blocks:        91.199.245.0/24 maxlen: 24
                          193.39.118.0/24 maxlen: 24
                          193.200.151.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/0afac0-27b9-4637-9cde-b4e79f781e4d/1/6R-du-aLhAJ87U0x6IA_E-nWXRM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/0afac0-27b9-4637-9cde-b4e79f781e4d/1/6R-du-aLhAJ87U0x6IA_E-nWXRM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6R-du-aLhAJ87U0x6IA_E-nWXRM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:bf:47:89:b2:50:30:8e:dd:18:ae:d1:c8:66:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e91f9dbbe68b84027ced4d31e8803f13e9d65d13
        Validity
            Not Before: Jan  2 09:49:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=250519f0098851a2ab037c4b6c17dfb1dc9dba83
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:e0:88:5e:12:a1:b4:da:bc:c3:ab:86:6a:76:
                    05:eb:da:3a:46:79:57:77:3e:4a:4b:94:68:b3:3d:
                    cc:b2:36:75:a0:99:27:43:e9:ac:60:c7:ab:16:0b:
                    f4:c4:6e:c4:92:95:dd:b7:fb:70:21:04:32:5e:93:
                    64:20:72:68:7d:7f:fe:6a:c4:7e:e9:9c:8f:aa:b7:
                    00:ea:93:97:65:b5:2a:29:0e:77:84:c2:ca:e3:63:
                    b0:a9:b5:5b:e4:f3:a2:2a:6d:e6:b3:ec:89:15:6b:
                    a6:6b:2d:29:e0:81:bd:9b:49:cf:e1:c3:10:57:a1:
                    bc:4c:1e:64:4e:26:ec:22:34:2b:6d:57:95:60:7f:
                    5b:fc:6b:b0:da:a1:72:c2:ab:03:a2:15:58:5a:cf:
                    0d:e4:c5:1b:06:bc:1c:c8:db:ff:8c:aa:13:4a:47:
                    bf:3d:ca:25:22:47:20:45:b4:5f:00:10:04:92:96:
                    99:e4:34:33:cd:4a:37:9a:ad:25:5f:7f:87:c3:d4:
                    64:db:ee:07:f9:07:cc:b2:f4:d5:d6:09:67:0e:d1:
                    a1:e4:82:99:44:df:19:78:68:77:a0:98:19:64:c3:
                    01:86:51:ff:f7:36:0e:53:4e:84:2f:c7:3f:d0:98:
                    7c:64:bf:5b:12:47:bb:58:e9:b6:8d:9a:1b:df:24:
                    62:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:05:19:F0:09:88:51:A2:AB:03:7C:4B:6C:17:DF:B1:DC:9D:BA:83
            X509v3 Authority Key Identifier:
                keyid:E9:1F:9D:BB:E6:8B:84:02:7C:ED:4D:31:E8:80:3F:13:E9:D6:5D:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6R-du-aLhAJ87U0x6IA_E-nWXRM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/0afac0-27b9-4637-9cde-b4e79f781e4d/1/JQUZ8AmIUaKrA3xLbBffsdyduoM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/0afac0-27b9-4637-9cde-b4e79f781e4d/1/6R-du-aLhAJ87U0x6IA_E-nWXRM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.245.0/24
                  193.39.118.0/24
                  193.200.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:b6:cc:2c:57:cf:a6:be:93:48:18:a5:1f:10:1a:d9:21:fc:
         26:86:35:f4:73:32:61:df:23:af:b0:26:7c:5a:f8:50:09:a1:
         5c:cb:b2:a9:8d:5b:13:f8:77:f3:b2:a9:45:ef:ab:d9:6f:6a:
         d2:64:1d:42:c1:70:06:b4:e7:f6:21:d0:79:24:ec:89:4e:6c:
         4a:f9:61:d8:e4:42:c9:28:e0:4f:26:04:07:7c:92:1d:f3:f3:
         47:98:3c:b2:81:77:b7:9c:c0:18:d4:7d:b8:39:5e:2c:4f:4a:
         38:3e:5c:06:90:fc:cf:41:1f:8d:e0:33:4e:f0:81:a2:e5:3f:
         37:5f:b5:80:d2:d4:4e:73:48:2d:68:89:2a:b9:4f:66:65:b3:
         48:99:70:a1:e0:26:17:3f:17:20:65:d8:59:60:22:bb:e1:ee:
         9d:77:3e:34:fb:c0:b3:d1:8a:5a:d1:cf:f5:e4:d2:73:e1:28:
         10:18:0d:4b:24:29:7a:5d:38:21:c4:cf:7c:a3:3e:23:83:70:
         85:a9:bd:bc:b7:46:70:f3:92:ea:be:72:36:99:bf:05:cd:36:
         91:2f:8b:f7:ab:a4:07:e6:1f:58:2c:53:3b:3d:f0:18:b3:7e:
         58:9c:1e:b8:93:5d:7d:ad:48:7d:b0:8e:d4:a0:f4:6e:87:d8:
         60:3e:e9:0a
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQma79HibJQMI7dGK7RyGaoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5MWY5ZGJiZTY4Yjg0MDI3Y2VkNGQzMWU4ODAzZjEzZTlk
NjVkMTMwHhcNMjUwMTAyMDk0OTQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTA1MTlmMDA5ODg1MWEyYWIwMzdjNGI2YzE3ZGZiMWRjOWRiYTgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAleCIXhKhtNq8w6uGanYF69o6RnlX
dz5KS5Rosz3MsjZ1oJknQ+msYMerFgv0xG7EkpXdt/twIQQyXpNkIHJofX/+asR+
6ZyPqrcA6pOXZbUqKQ53hMLK42OwqbVb5POiKm3ms+yJFWumay0p4IG9m0nP4cMQ
V6G8TB5kTibsIjQrbVeVYH9b/Guw2qFywqsDohVYWs8N5MUbBrwcyNv/jKoTSke/
PcolIkcgRbRfABAEkpaZ5DQzzUo3mq0lX3+Hw9Rk2+4H+QfMsvTV1glnDtGh5IKZ
RN8ZeGh3oJgZZMMBhlH/9zYOU06EL8c/0Jh8ZL9bEke7WOm2jZob3yRiEwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCUFGfAJiFGiqwN8S2wX37HcnbqDMB8GA1UdIwQY
MBaAFOkfnbvmi4QCfO1NMeiAPxPp1l0TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlItZHUtYUxoQUo4N1UweDZJQV9FLW5XWFJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC8wYWZhYzAtMjdiOS00NjM3LTljZGUt
YjRlNzlmNzgxZTRkLzEvSlFVWjhBbUlVYUtyQTN4TGJCZmZzZHlkdW9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC8wYWZhYzAtMjdiOS00NjM3LTljZGUtYjRlNzlmNzgxZTRk
LzEvNlItZHUtYUxoQUo4N1UweDZJQV9FLW5XWFJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAW8f1AwQA
wSd2AwQAwciXMA0GCSqGSIb3DQEBCwUAA4IBAQCntswsV8+mvpNIGKUfEBrZIfwm
hjX0czJh3yOvsCZ8WvhQCaFcy7KpjVsT+HfzsqlF76vZb2rSZB1CwXAGtOf2IdB5
JOyJTmxK+WHY5ELJKOBPJgQHfJId8/NHmDyygXe3nMAY1H24OV4sT0o4PlwGkPzP
QR+N4DNO8IGi5T83X7WA0tROc0gtaIkquU9mZbNImXCh4CYXPxcgZdhZYCK74e6d
dz40+8Cz0Ypa0c/15NJz4SgQGA1LJCl6XTghxM98oz4jg3CFqb28t0Zw85LqvnI2
mb8FzTaRL4v3q6QH5h9YLFM7PfAYs35YnB64k119rUh9sI7UoPRuh9hgPukK
-----END CERTIFICATE-----