Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/1caa79-b8c4-4d08-9bbe-386c1f8b0640/1/QEmXwsIj7ueEdKdwPu44tosMpfM.roa
File:                     QEmXwsIj7ueEdKdwPu44tosMpfM.roa (raw, json)
Hash identifier:          2lzHt7XOAfmu9gjrRW7d2O3LPWtVfpw+P41EhC9URe8=
Subject key identifier:   40:49:97:C2:C2:23:EE:E7:84:74:A7:70:3E:EE:38:B6:8B:0C:A5:F3
Certificate issuer:       /CN=8da824bc631ccee1ae99d7103afd2dc74f1e29c4
Certificate serial:       019421B2276D635610FA32B82EE567CC731A
Authority key identifier: 8D:A8:24:BC:63:1C:CE:E1:AE:99:D7:10:3A:FD:2D:C7:4F:1E:29:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jagkvGMczuGumdcQOv0tx08eKcQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/1caa79-b8c4-4d08-9bbe-386c1f8b0640/1/QEmXwsIj7ueEdKdwPu44tosMpfM.roa
Signing time:             Wed 01 Jan 2025 11:48:31 +0000
ROA not before:           Wed 01 Jan 2025 11:48:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204437
IP address blocks:        192.33.88.0/24 maxlen: 24
                          2001:67c:2e40::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/1caa79-b8c4-4d08-9bbe-386c1f8b0640/1/jagkvGMczuGumdcQOv0tx08eKcQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/1caa79-b8c4-4d08-9bbe-386c1f8b0640/1/jagkvGMczuGumdcQOv0tx08eKcQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jagkvGMczuGumdcQOv0tx08eKcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:27:6d:63:56:10:fa:32:b8:2e:e5:67:cc:73:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8da824bc631ccee1ae99d7103afd2dc74f1e29c4
        Validity
            Not Before: Jan  1 11:48:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=404997c2c223eee78474a7703eee38b68b0ca5f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:d8:f5:69:95:56:a7:a1:48:fc:8f:f2:6e:69:
                    16:5e:2b:32:60:1e:62:23:bd:99:ab:a1:b1:6d:56:
                    14:dd:5f:23:e1:cb:f0:8b:71:eb:cb:79:b4:2b:68:
                    e6:cc:5e:ff:12:84:f1:30:ea:68:0a:d6:78:f9:4b:
                    6c:44:b9:72:0f:26:1c:3b:a9:19:ac:94:0d:79:41:
                    08:7a:e6:f8:e0:2a:5c:20:2c:4a:d8:a1:0e:17:35:
                    d7:4e:03:be:94:98:2d:09:63:bd:f0:24:de:c7:05:
                    98:e3:89:36:05:dd:69:1d:61:54:0f:ed:37:97:ba:
                    5a:01:98:c5:23:ea:72:63:0e:02:53:8b:41:56:01:
                    98:8d:4f:b6:ce:3f:98:b4:a5:27:ab:18:e5:ac:85:
                    ef:b3:b6:29:67:8d:0e:5f:65:b3:87:0e:0a:fa:5a:
                    8d:85:1f:64:fc:75:af:2e:13:98:c3:f3:73:39:3d:
                    03:2f:72:89:23:66:19:a4:07:8c:96:75:c5:ab:4b:
                    28:ce:11:20:0d:af:83:65:04:64:04:2e:19:05:44:
                    67:96:70:cf:ec:c0:22:64:ed:5a:ef:8a:4d:7d:42:
                    8f:ed:59:b7:37:94:d5:e2:00:b9:02:8e:53:a7:e5:
                    ba:3b:8f:3d:5a:42:88:2a:d4:7a:ef:87:6b:da:6a:
                    e3:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:49:97:C2:C2:23:EE:E7:84:74:A7:70:3E:EE:38:B6:8B:0C:A5:F3
            X509v3 Authority Key Identifier:
                keyid:8D:A8:24:BC:63:1C:CE:E1:AE:99:D7:10:3A:FD:2D:C7:4F:1E:29:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jagkvGMczuGumdcQOv0tx08eKcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/1caa79-b8c4-4d08-9bbe-386c1f8b0640/1/QEmXwsIj7ueEdKdwPu44tosMpfM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/1caa79-b8c4-4d08-9bbe-386c1f8b0640/1/jagkvGMczuGumdcQOv0tx08eKcQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.33.88.0/24
                IPv6:
                  2001:67c:2e40::/48

    Signature Algorithm: sha256WithRSAEncryption
         52:b1:7c:7f:fc:b2:fa:ab:f4:62:14:79:65:26:ad:c9:8b:31:
         7f:82:64:fc:49:2f:af:3e:ea:25:bc:6f:15:25:dd:10:8e:c2:
         68:2c:a8:c9:85:32:ef:21:e8:1a:f0:6e:11:72:25:de:84:da:
         c6:31:75:2c:22:9d:be:09:c2:21:ca:6b:dd:50:02:61:5e:c2:
         0c:ce:d8:fd:3a:af:50:b0:fe:80:1d:56:bb:10:cc:1b:e6:d8:
         86:c8:af:40:61:b1:2c:ef:d1:c0:a5:86:6d:f4:d4:e1:2c:f1:
         72:e7:e3:b8:35:4a:05:4e:8f:6a:45:fb:84:34:52:74:5a:64:
         5e:02:b3:3f:b7:df:e8:82:ee:89:dd:14:ee:d8:86:a6:b1:de:
         db:a1:78:69:ee:4b:ac:63:52:14:bc:d6:b5:9d:dc:08:05:da:
         c6:87:9b:41:0e:56:63:50:4a:52:72:60:b1:9e:34:12:16:42:
         b5:e4:5c:04:22:7b:00:20:dd:5e:09:79:0d:2a:93:40:22:2f:
         04:25:fc:6d:7c:4b:7b:af:ba:93:9a:fd:db:58:0d:3c:55:5f:
         39:7e:cf:a8:6a:43:ba:98:96:ad:54:6b:a3:dd:bf:57:c9:5b:
         3d:f6:f3:0e:76:fd:4e:80:6e:96:c0:0c:b5:06:9c:be:01:6a:
         3f:51:a9:a7
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQhsidtY1YQ+jK4LuVnzHMaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkYTgyNGJjNjMxY2NlZTFhZTk5ZDcxMDNhZmQyZGM3NGYx
ZTI5YzQwHhcNMjUwMTAxMTE0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDQ5OTdjMmMyMjNlZWU3ODQ3NGE3NzAzZWVlMzhiNjhiMGNhNWYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArNj1aZVWp6FI/I/ybmkWXisyYB5i
I72Zq6GxbVYU3V8j4cvwi3Hry3m0K2jmzF7/EoTxMOpoCtZ4+UtsRLlyDyYcO6kZ
rJQNeUEIeub44CpcICxK2KEOFzXXTgO+lJgtCWO98CTexwWY44k2Bd1pHWFUD+03
l7paAZjFI+pyYw4CU4tBVgGYjU+2zj+YtKUnqxjlrIXvs7YpZ40OX2Wzhw4K+lqN
hR9k/HWvLhOYw/NzOT0DL3KJI2YZpAeMlnXFq0sozhEgDa+DZQRkBC4ZBURnlnDP
7MAiZO1a74pNfUKP7Vm3N5TV4gC5Ao5Tp+W6O489WkKIKtR674dr2mrjSwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEBJl8LCI+7nhHSncD7uOLaLDKXzMB8GA1UdIwQY
MBaAFI2oJLxjHM7hrpnXEDr9LcdPHinEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamFna3ZHTWN6dUd1bWRjUU92MHR4MDhlS2NRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy8xY2FhNzktYjhjNC00ZDA4LTliYmUt
Mzg2YzFmOGIwNjQwLzEvUUVtWHdzSWo3dWVFZEtkd1B1NDR0b3NNcGZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy8xY2FhNzktYjhjNC00ZDA4LTliYmUtMzg2YzFmOGIwNjQw
LzEvamFna3ZHTWN6dUd1bWRjUU92MHR4MDhlS2NRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwCFYMA8E
AgACMAkDBwAgAQZ8LkAwDQYJKoZIhvcNAQELBQADggEBAFKxfH/8svqr9GIUeWUm
rcmLMX+CZPxJL68+6iW8bxUl3RCOwmgsqMmFMu8h6BrwbhFyJd6E2sYxdSwinb4J
wiHKa91QAmFewgzO2P06r1Cw/oAdVrsQzBvm2IbIr0BhsSzv0cClhm301OEs8XLn
47g1SgVOj2pF+4Q0UnRaZF4Csz+33+iC7ondFO7Yhqax3tuheGnuS6xjUhS81rWd
3AgF2saHm0EOVmNQSlJyYLGeNBIWQrXkXAQiewAg3V4JeQ0qk0AiLwQl/G18S3uv
upOa/dtYDTxVXzl+z6hqQ7qYlq1Ua6Pdv1fJWz328w52/U6AbpbADLUGnL4Baj9R
qac=
-----END CERTIFICATE-----