Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/f5fdeb-3a14-4a9e-8815-e56b690fd30e/1/WQbKsA3j9plFxqexMQZCCTZtrbU.roa
File:                     WQbKsA3j9plFxqexMQZCCTZtrbU.roa (raw, json)
Hash identifier:          NWTJ5dr27/rFdV1pDzF/Ey/hAby6fAYx1MwHmB4Vn1s=
Subject key identifier:   59:06:CA:B0:0D:E3:F6:99:45:C6:A7:B1:31:06:42:09:36:6D:AD:B5
Certificate issuer:       /CN=b0bd281345af6cd54154d4cff74f195a388fffc1
Certificate serial:       019425FC48CC820B654B41035A562D5DC03A
Authority key identifier: B0:BD:28:13:45:AF:6C:D5:41:54:D4:CF:F7:4F:19:5A:38:8F:FF:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sL0oE0WvbNVBVNTP908ZWjiP_8E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/f5fdeb-3a14-4a9e-8815-e56b690fd30e/1/WQbKsA3j9plFxqexMQZCCTZtrbU.roa
Signing time:             Thu 02 Jan 2025 07:47:58 +0000
ROA not before:           Thu 02 Jan 2025 07:47:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44398
IP address blocks:        194.93.75.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/f5fdeb-3a14-4a9e-8815-e56b690fd30e/1/sL0oE0WvbNVBVNTP908ZWjiP_8E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/f5fdeb-3a14-4a9e-8815-e56b690fd30e/1/sL0oE0WvbNVBVNTP908ZWjiP_8E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sL0oE0WvbNVBVNTP908ZWjiP_8E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 20:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:48:cc:82:0b:65:4b:41:03:5a:56:2d:5d:c0:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0bd281345af6cd54154d4cff74f195a388fffc1
        Validity
            Not Before: Jan  2 07:47:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5906cab00de3f69945c6a7b131064209366dadb5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:5d:9a:b4:76:b5:cc:92:c3:c7:82:e5:f8:14:
                    ab:de:4e:ee:e6:a5:8a:8f:3c:8f:78:5e:16:71:9d:
                    5b:f4:2a:ee:f9:78:84:1c:63:99:a6:5e:5a:30:3f:
                    62:5f:7e:cf:06:27:f7:0d:03:27:68:2d:56:09:c2:
                    68:ab:20:29:45:9f:02:c1:1c:f1:fa:82:6b:92:56:
                    f7:d5:e1:e7:76:17:d6:dc:72:e6:d8:c1:95:a7:46:
                    37:b7:fb:5f:94:54:33:ea:cc:3c:8c:b2:f5:35:a2:
                    dc:b9:bb:2f:3f:45:03:3b:64:a2:5f:01:21:50:45:
                    88:5b:ad:d0:eb:aa:85:b8:af:6e:98:9a:0a:30:37:
                    91:af:97:c5:89:39:09:e2:38:5c:9c:30:ad:a7:74:
                    1e:43:30:d5:1e:7c:23:ea:46:08:85:e4:4e:01:eb:
                    63:96:09:00:ac:43:cb:be:fc:76:9e:1d:6a:54:63:
                    8e:7b:0a:81:1a:6f:07:6a:c3:61:77:50:3b:76:f4:
                    ab:0c:92:dc:2d:ca:2b:ab:f7:0d:8f:9f:4f:b5:ff:
                    e5:92:87:b6:41:ae:51:f1:94:ef:30:75:e4:31:b8:
                    d1:ce:68:36:e0:b3:47:74:84:b4:b1:6e:44:cd:63:
                    e3:29:c0:a8:b4:08:ab:47:87:e6:89:ca:1a:d6:1f:
                    ae:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:06:CA:B0:0D:E3:F6:99:45:C6:A7:B1:31:06:42:09:36:6D:AD:B5
            X509v3 Authority Key Identifier:
                keyid:B0:BD:28:13:45:AF:6C:D5:41:54:D4:CF:F7:4F:19:5A:38:8F:FF:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sL0oE0WvbNVBVNTP908ZWjiP_8E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/f5fdeb-3a14-4a9e-8815-e56b690fd30e/1/WQbKsA3j9plFxqexMQZCCTZtrbU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/f5fdeb-3a14-4a9e-8815-e56b690fd30e/1/sL0oE0WvbNVBVNTP908ZWjiP_8E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.93.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:fb:51:d2:70:ed:04:1c:61:8b:82:6c:d8:0e:96:48:cd:e3:
         a7:82:35:78:2f:50:0e:cf:44:3c:73:ae:ca:71:36:7e:71:fe:
         6b:62:56:f1:72:ae:bb:af:c7:7b:bc:86:40:8b:a2:7e:ec:24:
         1a:9e:e8:28:81:95:76:86:88:16:9e:e3:77:a9:79:c6:6f:76:
         9b:ca:23:44:13:cf:7f:fc:e9:03:2e:36:bb:37:92:62:db:ff:
         be:d9:61:7f:e2:0c:3f:1e:48:ea:74:14:6b:d5:86:dc:6a:55:
         b1:60:0b:b7:56:7c:19:18:4b:ef:06:1b:d3:04:56:57:87:89:
         3e:b4:8a:52:36:3d:98:5a:15:3c:b1:6f:b6:6d:b6:dd:5d:68:
         2e:08:0c:e5:11:7e:05:08:86:07:25:9e:ee:03:fa:d9:85:63:
         c8:5a:02:08:20:0c:65:88:86:05:13:0a:5e:50:70:e4:f5:19:
         a9:0a:f9:a4:b4:5b:6c:0a:c7:2c:2e:4f:d0:67:d7:61:61:d8:
         79:cc:42:17:f3:a1:8c:03:9c:fc:fa:d6:3f:56:3f:98:74:5a:
         18:f5:9c:4a:3b:ce:9e:3d:a4:99:be:10:4c:64:dd:b4:b3:8e:
         40:38:c0:f6:bf:b3:94:b0:df:d2:3c:6c:04:c0:5c:ee:f6:1d:
         7f:0f:18:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/EjMggtlS0EDWlYtXcA6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwYmQyODEzNDVhZjZjZDU0MTU0ZDRjZmY3NGYxOTVhMzg4
ZmZmYzEwHhcNMjUwMTAyMDc0NzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTA2Y2FiMDBkZTNmNjk5NDVjNmE3YjEzMTA2NDIwOTM2NmRhZGI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzV2atHa1zJLDx4Ll+BSr3k7u5qWK
jzyPeF4WcZ1b9Cru+XiEHGOZpl5aMD9iX37PBif3DQMnaC1WCcJoqyApRZ8CwRzx
+oJrklb31eHndhfW3HLm2MGVp0Y3t/tflFQz6sw8jLL1NaLcubsvP0UDO2SiXwEh
UEWIW63Q66qFuK9umJoKMDeRr5fFiTkJ4jhcnDCtp3QeQzDVHnwj6kYIheROAetj
lgkArEPLvvx2nh1qVGOOewqBGm8HasNhd1A7dvSrDJLcLcorq/cNj59Ptf/lkoe2
Qa5R8ZTvMHXkMbjRzmg24LNHdIS0sW5EzWPjKcCotAirR4fmicoa1h+u5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFkGyrAN4/aZRcansTEGQgk2ba21MB8GA1UdIwQY
MBaAFLC9KBNFr2zVQVTUz/dPGVo4j//BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0wwb0UwV3ZiTlZCVk5UUDkwOFpXamlQXzhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9mNWZkZWItM2ExNC00YTllLTg4MTUt
ZTU2YjY5MGZkMzBlLzEvV1FiS3NBM2o5cGxGeHFleE1RWkNDVFp0cmJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9mNWZkZWItM2ExNC00YTllLTg4MTUtZTU2YjY5MGZkMzBl
LzEvc0wwb0UwV3ZiTlZCVk5UUDkwOFpXamlQXzhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwl1LMA0G
CSqGSIb3DQEBCwUAA4IBAQBQ+1HScO0EHGGLgmzYDpZIzeOngjV4L1AOz0Q8c67K
cTZ+cf5rYlbxcq67r8d7vIZAi6J+7CQanugogZV2hogWnuN3qXnGb3abyiNEE89/
/OkDLja7N5Ji2/++2WF/4gw/HkjqdBRr1YbcalWxYAu3VnwZGEvvBhvTBFZXh4k+
tIpSNj2YWhU8sW+2bbbdXWguCAzlEX4FCIYHJZ7uA/rZhWPIWgIIIAxliIYFEwpe
UHDk9RmpCvmktFtsCscsLk/QZ9dhYdh5zEIX86GMA5z8+tY/Vj+YdFoY9ZxKO86e
PaSZvhBMZN20s45AOMD2v7OUsN/SPGwEwFzu9h1/Dxix
-----END CERTIFICATE-----