Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/a5c069-8061-4dee-9568-880b2df57f25/1/qztp8oOkrsOnZQZ-AVesJkd8gBA.roa
File:                     qztp8oOkrsOnZQZ-AVesJkd8gBA.roa (raw, json)
Hash identifier:          w8j5kLnBBDJA6YAxwk7yr2iHlxdseJ2t5FGwhKWuj0I=
Subject key identifier:   AB:3B:69:F2:83:A4:AE:C3:A7:65:06:7E:01:57:AC:26:47:7C:80:10
Certificate issuer:       /CN=9d202808d1f914555e1bd59c1677287ff9b3b590
Certificate serial:       019421B209D6062F298B1926180F45FD1CDA
Authority key identifier: 9D:20:28:08:D1:F9:14:55:5E:1B:D5:9C:16:77:28:7F:F9:B3:B5:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSAoCNH5FFVeG9WcFncof_mztZA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/a5c069-8061-4dee-9568-880b2df57f25/1/qztp8oOkrsOnZQZ-AVesJkd8gBA.roa
Signing time:             Wed 01 Jan 2025 11:48:23 +0000
ROA not before:           Wed 01 Jan 2025 11:48:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     46071
IP address blocks:        94.231.200.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/a5c069-8061-4dee-9568-880b2df57f25/1/nSAoCNH5FFVeG9WcFncof_mztZA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/a5c069-8061-4dee-9568-880b2df57f25/1/nSAoCNH5FFVeG9WcFncof_mztZA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSAoCNH5FFVeG9WcFncof_mztZA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:09:d6:06:2f:29:8b:19:26:18:0f:45:fd:1c:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d202808d1f914555e1bd59c1677287ff9b3b590
        Validity
            Not Before: Jan  1 11:48:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ab3b69f283a4aec3a765067e0157ac26477c8010
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:e7:6a:8a:48:51:ec:80:7f:8a:f0:95:ba:f2:
                    5a:a8:45:3c:77:b3:d9:1e:2b:77:36:fa:68:69:1d:
                    b3:02:7c:db:ef:b0:5a:91:55:e2:63:71:36:89:51:
                    8c:9c:a8:9a:62:ac:36:7c:1e:cc:dc:2c:7f:a9:f3:
                    7c:db:f9:51:51:75:f4:c7:8c:3b:60:f1:94:c7:68:
                    7b:1d:cf:4a:4e:d4:22:8e:36:ae:b6:6b:5c:22:80:
                    4a:74:67:5b:ba:df:1f:4a:d4:df:89:6f:84:83:94:
                    e8:55:a1:b8:dc:f4:4a:f4:fd:a5:2c:3c:a0:d2:19:
                    b1:8b:9a:0c:cb:58:c6:c2:7e:87:62:2f:ad:ab:04:
                    d2:42:3e:7e:1a:98:2e:c5:11:a9:13:32:07:04:13:
                    4d:ae:57:89:03:9b:05:f7:ea:03:ab:4a:7f:a1:72:
                    65:e8:a4:5a:39:0b:05:e7:c0:31:3b:d3:05:95:c9:
                    d9:72:38:ca:dd:45:c3:67:4d:80:c2:68:46:cf:d6:
                    c4:e4:25:0c:b1:3c:28:21:15:b4:84:62:fc:64:35:
                    e2:e3:8f:36:8b:94:47:ef:19:87:e3:a2:0c:fb:df:
                    c1:ef:96:4a:8a:e0:d6:51:44:56:90:ba:80:54:18:
                    0a:ad:14:8d:6f:18:20:93:d3:18:b5:46:fe:db:87:
                    b4:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:3B:69:F2:83:A4:AE:C3:A7:65:06:7E:01:57:AC:26:47:7C:80:10
            X509v3 Authority Key Identifier:
                keyid:9D:20:28:08:D1:F9:14:55:5E:1B:D5:9C:16:77:28:7F:F9:B3:B5:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSAoCNH5FFVeG9WcFncof_mztZA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/a5c069-8061-4dee-9568-880b2df57f25/1/qztp8oOkrsOnZQZ-AVesJkd8gBA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/a5c069-8061-4dee-9568-880b2df57f25/1/nSAoCNH5FFVeG9WcFncof_mztZA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.231.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ce:f6:6c:9f:2b:51:68:90:09:a2:d2:bf:4b:fb:67:20:64:dd:
         89:4a:75:8d:39:91:33:ad:9a:3a:74:23:09:49:c2:b4:2d:c4:
         0d:b9:e3:72:4a:b1:72:c1:9d:f9:9d:ae:29:03:1a:22:9f:ee:
         55:73:a4:61:c9:17:e6:63:77:60:19:83:75:bb:39:96:98:27:
         86:74:d2:49:8e:ce:a5:a4:a9:94:d8:20:47:c9:41:eb:0a:80:
         44:f8:77:ca:f7:bd:f2:f0:60:00:5f:63:7d:31:38:39:c5:0e:
         f2:78:68:8d:1f:58:cb:7b:38:64:5a:cf:19:59:94:8d:60:f4:
         b5:e4:8b:45:d1:3e:6a:b4:b0:c0:ef:ee:41:c7:9b:87:89:e5:
         39:14:aa:2d:72:b0:86:0a:3f:a3:da:33:cd:53:48:8b:0c:22:
         76:7b:ac:f6:63:15:7f:a8:1e:e9:d7:a6:1c:5d:ab:a9:f1:f5:
         c3:b2:fb:21:5e:13:f3:80:51:6a:f7:f4:dc:18:6d:5c:26:17:
         6e:62:15:2f:4d:77:89:b3:b3:52:b1:b7:ad:d3:39:93:2a:80:
         b9:b1:30:84:98:9a:2e:fe:e3:97:7c:26:62:6b:0a:dc:ef:89:
         c4:9d:96:09:83:66:95:20:6a:46:55:9d:16:ce:2c:2f:fc:32:
         de:b7:91:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsgnWBi8pixkmGA9F/RzaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMjAyODA4ZDFmOTE0NTU1ZTFiZDU5YzE2NzcyODdmZjli
M2I1OTAwHhcNMjUwMTAxMTE0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjNiNjlmMjgzYTRhZWMzYTc2NTA2N2UwMTU3YWMyNjQ3N2M4MDEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAredqikhR7IB/ivCVuvJaqEU8d7PZ
Hit3NvpoaR2zAnzb77BakVXiY3E2iVGMnKiaYqw2fB7M3Cx/qfN82/lRUXX0x4w7
YPGUx2h7Hc9KTtQijjautmtcIoBKdGdbut8fStTfiW+Eg5ToVaG43PRK9P2lLDyg
0hmxi5oMy1jGwn6HYi+tqwTSQj5+GpguxRGpEzIHBBNNrleJA5sF9+oDq0p/oXJl
6KRaOQsF58AxO9MFlcnZcjjK3UXDZ02AwmhGz9bE5CUMsTwoIRW0hGL8ZDXi4482
i5RH7xmH46IM+9/B75ZKiuDWUURWkLqAVBgKrRSNbxggk9MYtUb+24e0cwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKs7afKDpK7Dp2UGfgFXrCZHfIAQMB8GA1UdIwQY
MBaAFJ0gKAjR+RRVXhvVnBZ3KH/5s7WQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNBb0NOSDVGRlZlRzlXY0ZuY29mX216dFpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9hNWMwNjktODA2MS00ZGVlLTk1Njgt
ODgwYjJkZjU3ZjI1LzEvcXp0cDhvT2tyc09uWlFaLUFWZXNKa2Q4Z0JBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9hNWMwNjktODA2MS00ZGVlLTk1NjgtODgwYjJkZjU3ZjI1
LzEvblNBb0NOSDVGRlZlRzlXY0ZuY29mX216dFpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXufIMA0G
CSqGSIb3DQEBCwUAA4IBAQDO9myfK1FokAmi0r9L+2cgZN2JSnWNOZEzrZo6dCMJ
ScK0LcQNueNySrFywZ35na4pAxoin+5Vc6RhyRfmY3dgGYN1uzmWmCeGdNJJjs6l
pKmU2CBHyUHrCoBE+HfK973y8GAAX2N9MTg5xQ7yeGiNH1jLezhkWs8ZWZSNYPS1
5ItF0T5qtLDA7+5Bx5uHieU5FKotcrCGCj+j2jPNU0iLDCJ2e6z2YxV/qB7p16Yc
Xaup8fXDsvshXhPzgFFq9/TcGG1cJhduYhUvTXeJs7NSsbet0zmTKoC5sTCEmJou
/uOXfCZiawrc74nEnZYJg2aVIGpGVZ0Wziwv/DLet5FU
-----END CERTIFICATE-----