Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/0QE_gVu6ZEY3rwuLn_EGAs7Nqrc.roa
File:                     0QE_gVu6ZEY3rwuLn_EGAs7Nqrc.roa (raw, json)
Hash identifier:          QTlUsCMwaZ/8z5fVsihE8ADKQRuQ6pp5KObVJgj87NI=
Subject key identifier:   D1:01:3F:81:5B:BA:64:46:37:AF:0B:8B:9F:F1:06:02:CE:CD:AA:B7
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0197D489B0FDA22985663AAA1C98A12159D1
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/0QE_gVu6ZEY3rwuLn_EGAs7Nqrc.roa
Signing time:             Fri 04 Jul 2025 08:24:42 +0000
ROA not before:           Fri 04 Jul 2025 08:24:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     135391
IP address blocks:        109.176.248.0/24 maxlen: 24
                          109.176.252.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Jul 2025 20:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:d4:89:b0:fd:a2:29:85:66:3a:aa:1c:98:a1:21:59:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jul  4 08:24:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d1013f815bba644637af0b8b9ff10602cecdaab7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:2a:49:1d:25:c5:21:a8:98:c9:53:0d:3f:fe:
                    8a:30:93:f5:9f:6e:d9:38:05:78:67:21:19:47:67:
                    65:bb:4a:48:48:ac:bf:3f:72:0e:b9:90:f6:f2:31:
                    6d:0f:d6:b6:53:a9:c2:4c:ec:6c:e6:86:a5:a1:55:
                    03:1f:6f:d0:ad:a1:0f:5f:3d:40:39:64:51:ef:60:
                    b5:8d:06:ad:f6:f3:79:37:57:ce:a1:af:24:e9:31:
                    18:bb:2e:26:f8:75:ae:3d:67:bb:58:49:f3:e3:29:
                    42:03:b9:11:c3:1f:1c:29:20:ed:57:44:36:3f:a9:
                    0f:d2:7a:65:a0:6f:97:1d:79:10:3c:93:31:5c:b5:
                    68:f1:0c:b2:45:d9:36:60:52:07:a9:99:1d:2b:ff:
                    c8:e8:c2:9d:2d:dc:ab:5d:02:cf:b8:d2:8f:2d:0d:
                    39:1f:35:54:ae:09:a6:c2:00:d4:cb:28:ae:49:71:
                    19:7a:ee:90:76:0e:28:18:b7:08:ba:cf:06:9d:99:
                    a7:68:5a:9a:9c:02:c1:0d:7e:2e:fc:0e:6c:f1:a2:
                    04:00:59:39:64:f2:7f:cd:4f:e5:43:ea:92:8a:e5:
                    99:97:de:d9:0c:66:a8:29:02:06:45:2b:ac:ee:cf:
                    e2:ea:6d:e7:6d:5e:c1:fd:57:bb:9d:87:dc:b0:d5:
                    97:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:01:3F:81:5B:BA:64:46:37:AF:0B:8B:9F:F1:06:02:CE:CD:AA:B7
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/0QE_gVu6ZEY3rwuLn_EGAs7Nqrc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.176.248.0/24
                  109.176.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:52:2c:b0:b4:7c:3e:e5:76:e8:8a:e0:a8:a1:ac:e6:d5:8b:
         26:66:a9:8f:4d:04:05:22:f7:d0:07:1c:58:4b:33:59:81:9f:
         71:d9:e3:12:26:34:6d:fe:06:df:4e:ec:a9:87:ca:41:8b:fe:
         00:60:af:e8:14:96:9a:e4:f8:53:f3:94:ba:ad:92:75:49:43:
         ee:ef:f1:fb:1a:b1:58:f8:de:7c:7e:ae:c1:d8:3d:c7:bb:1b:
         81:73:ab:d9:ff:5a:23:66:31:0a:db:63:6c:1a:1d:05:80:48:
         ec:ec:1a:9f:7b:d7:fa:d4:bf:41:c2:4b:ce:63:bb:f9:01:6a:
         e8:bd:ec:93:7c:38:aa:71:1b:48:97:17:43:a1:fc:8b:43:a9:
         9b:24:48:9b:93:6d:93:a1:0a:30:bc:47:ea:35:5d:09:4a:b3:
         13:dc:6a:de:15:63:7d:b5:4f:b0:e5:20:01:a9:96:09:c8:8b:
         03:21:67:5c:af:bd:e4:3a:50:b5:f5:be:38:08:3a:e3:11:62:
         2e:04:b4:8f:d8:c6:1a:09:b7:70:78:49:9a:1b:ec:0e:85:89:
         db:ac:cd:f8:3b:65:d8:84:af:66:81:8c:5a:87:4d:b1:c3:fb:
         b3:cf:71:dc:25:f8:a6:9a:6b:5d:f0:c1:66:55:fd:eb:75:ee:
         8f:61:8b:e0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZfUibD9oimFZjqqHJihIVnRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwNzA0MDgyNDQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTAxM2Y4MTViYmE2NDQ2MzdhZjBiOGI5ZmYxMDYwMmNlY2RhYWI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlSpJHSXFIaiYyVMNP/6KMJP1n27Z
OAV4ZyEZR2dlu0pISKy/P3IOuZD28jFtD9a2U6nCTOxs5oaloVUDH2/QraEPXz1A
OWRR72C1jQat9vN5N1fOoa8k6TEYuy4m+HWuPWe7WEnz4ylCA7kRwx8cKSDtV0Q2
P6kP0nploG+XHXkQPJMxXLVo8QyyRdk2YFIHqZkdK//I6MKdLdyrXQLPuNKPLQ05
HzVUrgmmwgDUyyiuSXEZeu6Qdg4oGLcIus8GnZmnaFqanALBDX4u/A5s8aIEAFk5
ZPJ/zU/lQ+qSiuWZl97ZDGaoKQIGRSus7s/i6m3nbV7B/Ve7nYfcsNWXoQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNEBP4FbumRGN68Li5/xBgLOzaq3MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvMFFFX2dWdTZaRVkzcnd1TG5fRUdBczdOcXJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbbD4AwQA
bbD8MA0GCSqGSIb3DQEBCwUAA4IBAQCoUiywtHw+5XboiuCooazm1YsmZqmPTQQF
IvfQBxxYSzNZgZ9x2eMSJjRt/gbfTuyph8pBi/4AYK/oFJaa5PhT85S6rZJ1SUPu
7/H7GrFY+N58fq7B2D3HuxuBc6vZ/1ojZjEK22NsGh0FgEjs7Bqfe9f61L9BwkvO
Y7v5AWroveyTfDiqcRtIlxdDofyLQ6mbJEibk22ToQowvEfqNV0JSrMT3GreFWN9
tU+w5SABqZYJyIsDIWdcr73kOlC19b44CDrjEWIuBLSP2MYaCbdweEmaG+wOhYnb
rM34O2XYhK9mgYxah02xw/uzz3HcJfimmmtd8MFmVf3rde6PYYvg
-----END CERTIFICATE-----