Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/791c33-a10e-43a9-ac29-e0d13230b9d5/1/qnyT4xJfydWnP5jn7MY2v2jL3y4.roa
File:                     qnyT4xJfydWnP5jn7MY2v2jL3y4.roa (raw, json)
Hash identifier:          OVzltJuTj7ZgLCXEnxygFrh+27k2M7PI7mlew2jPilY=
Subject key identifier:   AA:7C:93:E3:12:5F:C9:D5:A7:3F:98:E7:EC:C6:36:BF:68:CB:DF:2E
Certificate issuer:       /CN=59d0a3f9c34307b0a5b36d2e6d1899aefe7bbeb4
Certificate serial:       0194715029BFE153078D01101435E2E6EE28
Authority key identifier: 59:D0:A3:F9:C3:43:07:B0:A5:B3:6D:2E:6D:18:99:AE:FE:7B:BE:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WdCj-cNDB7Cls20ubRiZrv57vrQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/791c33-a10e-43a9-ac29-e0d13230b9d5/1/qnyT4xJfydWnP5jn7MY2v2jL3y4.roa
Signing time:             Thu 16 Jan 2025 22:51:06 +0000
ROA not before:           Thu 16 Jan 2025 22:51:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60369
IP address blocks:        195.155.152.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/791c33-a10e-43a9-ac29-e0d13230b9d5/1/WdCj-cNDB7Cls20ubRiZrv57vrQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/791c33-a10e-43a9-ac29-e0d13230b9d5/1/WdCj-cNDB7Cls20ubRiZrv57vrQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WdCj-cNDB7Cls20ubRiZrv57vrQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:71:50:29:bf:e1:53:07:8d:01:10:14:35:e2:e6:ee:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=59d0a3f9c34307b0a5b36d2e6d1899aefe7bbeb4
        Validity
            Not Before: Jan 16 22:51:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aa7c93e3125fc9d5a73f98e7ecc636bf68cbdf2e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:3f:c3:ee:fd:24:53:aa:52:6c:0e:69:dd:63:
                    ea:97:cc:cf:63:b2:b3:2b:6f:e4:46:8c:47:a6:05:
                    4c:84:e1:f5:d5:96:f4:b1:f2:b6:03:70:eb:de:4e:
                    20:c7:a8:ca:7c:43:4e:b6:56:8e:18:12:3c:28:b8:
                    cc:5d:70:39:2d:5a:d9:b2:e5:95:86:a2:1c:97:f4:
                    65:f5:69:52:96:c1:d3:34:dd:e5:e6:cd:dd:99:f3:
                    42:25:aa:d8:85:19:88:20:98:b0:af:49:37:27:05:
                    bc:be:91:40:ba:1c:02:e6:44:0d:15:72:93:b5:f2:
                    5d:46:e2:b9:a4:0a:9c:66:7e:f3:a6:85:14:97:ab:
                    18:5a:b0:b2:24:88:31:56:5c:e0:82:ff:3d:c8:3f:
                    09:dc:07:85:55:89:09:9a:dd:54:2f:0b:ca:3d:c3:
                    97:d3:e6:17:03:84:5b:a0:97:e5:c7:de:64:98:19:
                    9e:f4:0b:cf:67:6a:44:86:75:93:db:1d:32:dd:13:
                    51:da:a0:f7:cf:49:24:8b:52:ef:0d:86:6c:fb:22:
                    af:6d:07:51:58:6a:4b:30:61:d3:39:7f:88:c8:ad:
                    b4:26:04:75:e5:ce:9d:e8:83:c6:57:2e:b3:f4:6f:
                    62:da:76:d1:ee:35:0c:96:58:af:22:82:95:b5:b9:
                    9a:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:7C:93:E3:12:5F:C9:D5:A7:3F:98:E7:EC:C6:36:BF:68:CB:DF:2E
            X509v3 Authority Key Identifier:
                keyid:59:D0:A3:F9:C3:43:07:B0:A5:B3:6D:2E:6D:18:99:AE:FE:7B:BE:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WdCj-cNDB7Cls20ubRiZrv57vrQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/791c33-a10e-43a9-ac29-e0d13230b9d5/1/qnyT4xJfydWnP5jn7MY2v2jL3y4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/791c33-a10e-43a9-ac29-e0d13230b9d5/1/WdCj-cNDB7Cls20ubRiZrv57vrQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.155.152.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2e:3c:70:32:be:08:6c:2a:7e:58:bf:81:4b:b3:4e:07:7c:7f:
         8e:54:86:35:7f:8e:8b:4a:c7:7d:e4:e5:78:34:a2:33:29:96:
         0c:d1:f8:56:5d:54:7f:0d:bf:69:91:ef:b4:20:ce:c2:7e:f9:
         4b:38:26:3b:27:04:ff:ce:23:ad:a6:ef:8c:73:4d:72:41:91:
         1b:f5:03:2e:16:03:1d:9e:13:04:11:ee:06:d4:83:da:66:2f:
         e9:16:21:95:15:03:84:ab:4a:9e:22:51:2d:ae:41:68:dc:51:
         2d:e5:39:6a:cc:63:07:ca:01:9e:7a:c9:80:a6:61:9b:81:bc:
         18:5f:a3:19:72:74:a5:22:04:50:de:a9:ac:5d:6c:d9:ab:ac:
         ff:96:53:36:9d:0c:b8:25:78:2e:9a:54:c9:d1:67:a9:ac:8e:
         3b:40:0c:c8:1e:eb:4f:ef:6f:e2:14:5d:4b:35:c3:86:50:65:
         5c:66:05:61:6c:f2:82:75:ec:65:25:43:05:58:75:cd:4c:62:
         6c:18:03:b2:3e:93:29:27:b3:dd:87:60:e6:9a:c7:e2:58:77:
         28:68:c0:b9:f5:fc:79:b5:ad:f2:9e:80:8d:0d:b2:f3:7b:4c:
         80:fc:88:db:0d:05:a1:54:d3:b2:3d:ba:36:3b:5b:5e:20:1d:
         55:40:a4:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRxUCm/4VMHjQEQFDXi5u4oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5ZDBhM2Y5YzM0MzA3YjBhNWIzNmQyZTZkMTg5OWFlZmU3
YmJlYjQwHhcNMjUwMTE2MjI1MTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTdjOTNlMzEyNWZjOWQ1YTczZjk4ZTdlY2M2MzZiZjY4Y2JkZjJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4D/D7v0kU6pSbA5p3WPql8zPY7Kz
K2/kRoxHpgVMhOH11Zb0sfK2A3Dr3k4gx6jKfENOtlaOGBI8KLjMXXA5LVrZsuWV
hqIcl/Rl9WlSlsHTNN3l5s3dmfNCJarYhRmIIJiwr0k3JwW8vpFAuhwC5kQNFXKT
tfJdRuK5pAqcZn7zpoUUl6sYWrCyJIgxVlzggv89yD8J3AeFVYkJmt1ULwvKPcOX
0+YXA4RboJflx95kmBme9AvPZ2pEhnWT2x0y3RNR2qD3z0kki1LvDYZs+yKvbQdR
WGpLMGHTOX+IyK20JgR15c6d6IPGVy6z9G9i2nbR7jUMllivIoKVtbmarwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKp8k+MSX8nVpz+Y5+zGNr9oy98uMB8GA1UdIwQY
MBaAFFnQo/nDQwewpbNtLm0Yma7+e760MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2RDai1jTkRCN0NsczIwdWJSaVpydjU3dnJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC83OTFjMzMtYTEwZS00M2E5LWFjMjkt
ZTBkMTMyMzBiOWQ1LzEvcW55VDR4SmZ5ZFduUDVqbjdNWTJ2MmpMM3k0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC83OTFjMzMtYTEwZS00M2E5LWFjMjktZTBkMTMyMzBiOWQ1
LzEvV2RDai1jTkRCN0NsczIwdWJSaVpydjU3dnJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw5uYMA0G
CSqGSIb3DQEBCwUAA4IBAQAuPHAyvghsKn5Yv4FLs04HfH+OVIY1f46LSsd95OV4
NKIzKZYM0fhWXVR/Db9pke+0IM7CfvlLOCY7JwT/ziOtpu+Mc01yQZEb9QMuFgMd
nhMEEe4G1IPaZi/pFiGVFQOEq0qeIlEtrkFo3FEt5TlqzGMHygGeesmApmGbgbwY
X6MZcnSlIgRQ3qmsXWzZq6z/llM2nQy4JXgumlTJ0WeprI47QAzIHutP72/iFF1L
NcOGUGVcZgVhbPKCdexlJUMFWHXNTGJsGAOyPpMpJ7Pdh2DmmsfiWHcoaMC59fx5
ta3ynoCNDbLze0yA/IjbDQWhVNOyPbo2O1teIB1VQKR8
-----END CERTIFICATE-----