Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/gq4-qZZLFBuurcOJ9Pxlu03_UHo.roa
File:                     gq4-qZZLFBuurcOJ9Pxlu03_UHo.roa (raw, json)
Hash identifier:          xfn9bc1Rb+filmBHMlKSU98Tci6TOw0mmXsz+N116Q0=
Subject key identifier:   82:AE:3E:A9:96:4B:14:1B:AE:AD:C3:89:F4:FC:65:BB:4D:FF:50:7A
Certificate issuer:       /CN=d5637692ff5c45486d1053b149dc1420026cd733
Certificate serial:       019427B5B78D0C82DF97AF88EE3AA7BE4EBB
Authority key identifier: D5:63:76:92:FF:5C:45:48:6D:10:53:B1:49:DC:14:20:02:6C:D7:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/gq4-qZZLFBuurcOJ9Pxlu03_UHo.roa
Signing time:             Thu 02 Jan 2025 15:50:07 +0000
ROA not before:           Thu 02 Jan 2025 15:50:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198510
IP address blocks:        80.246.224.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 08:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:b7:8d:0c:82:df:97:af:88:ee:3a:a7:be:4e:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5637692ff5c45486d1053b149dc1420026cd733
        Validity
            Not Before: Jan  2 15:50:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=82ae3ea9964b141baeadc389f4fc65bb4dff507a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:99:07:89:fe:32:78:1c:c4:f8:1e:d1:3e:a5:
                    34:9b:92:4e:0d:9e:5e:1a:21:e3:97:44:ba:5f:d0:
                    ec:50:50:b1:76:c5:74:66:69:91:a3:f3:f6:0c:23:
                    ac:41:f3:77:cd:f8:96:00:00:41:e5:d0:e0:04:0a:
                    03:6a:5e:94:26:ee:f5:bc:d3:2a:c3:c6:d5:90:36:
                    57:68:e9:63:be:b9:29:9f:66:1e:51:39:09:1c:6c:
                    5b:40:38:53:f1:73:3a:d0:da:9a:65:c4:13:8d:dc:
                    af:bb:e4:e7:fc:b2:83:d2:e5:6a:e9:70:89:7a:2c:
                    db:6f:82:79:6f:84:ed:c8:7a:42:30:80:f9:66:7e:
                    d2:c9:63:90:f4:69:a3:96:1b:56:bc:4d:f3:c2:1c:
                    d6:3c:ee:73:e5:1d:e8:18:dc:c7:57:0e:51:96:7d:
                    89:21:4e:58:66:cf:11:aa:ec:b6:d9:ab:66:97:23:
                    2a:93:1c:ae:31:48:96:9e:a7:8b:bd:df:ea:94:21:
                    22:f8:02:94:a3:21:59:3f:a9:72:83:e0:8f:18:3f:
                    ee:71:a7:db:4d:1d:26:0d:18:aa:9c:c9:e9:89:a0:
                    bc:c7:59:b6:b0:8b:67:1e:f5:0d:c6:ac:89:28:ec:
                    63:3b:93:42:7b:d6:17:d0:be:67:58:5b:8c:f8:ff:
                    56:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:AE:3E:A9:96:4B:14:1B:AE:AD:C3:89:F4:FC:65:BB:4D:FF:50:7A
            X509v3 Authority Key Identifier:
                keyid:D5:63:76:92:FF:5C:45:48:6D:10:53:B1:49:DC:14:20:02:6C:D7:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/gq4-qZZLFBuurcOJ9Pxlu03_UHo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.246.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:35:ba:a5:cd:74:8d:3b:02:fa:6e:ba:92:9d:b4:f7:19:f2:
         d6:71:90:d8:f1:ce:ee:39:76:18:ef:aa:29:77:26:6a:05:75:
         a6:cf:5b:1c:52:f0:08:14:0f:40:a2:c5:b7:57:b3:96:8a:1a:
         7e:f7:33:b0:b6:8b:80:f5:52:ba:ba:c9:3d:2e:86:45:bc:cc:
         9e:12:cc:b9:73:9b:b0:75:5c:fb:e1:ab:46:49:9f:fe:95:06:
         88:43:f7:72:6d:e6:ee:49:19:a5:32:4d:b0:1a:11:c1:82:a7:
         42:3c:3c:bc:05:1b:c0:61:7b:ea:b8:33:d2:87:fe:ab:d2:a9:
         60:2e:21:d3:73:a9:8a:36:32:ad:47:69:37:8c:37:a5:98:64:
         38:85:1c:a8:c8:be:d3:13:9b:7a:98:d3:05:86:91:49:10:ee:
         b7:ee:a3:0e:b7:a6:23:71:c8:5f:70:27:5c:f9:e7:a9:11:82:
         a1:58:c3:0f:19:92:e6:ab:8e:c6:12:2a:8d:37:c4:a2:4c:27:
         aa:3d:64:0e:5c:c2:fd:23:df:23:e6:67:b2:a4:dd:c7:c2:7e:
         1f:c4:32:18:1c:45:6e:3e:cf:07:b5:3c:78:41:09:eb:59:74:
         51:ae:ed:76:1f:98:99:c5:dd:7b:11:58:21:ad:40:25:8d:ae:
         ce:0b:ed:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntbeNDILfl6+I7jqnvk67MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NjM3NjkyZmY1YzQ1NDg2ZDEwNTNiMTQ5ZGMxNDIwMDI2
Y2Q3MzMwHhcNMjUwMTAyMTU1MDA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MmFlM2VhOTk2NGIxNDFiYWVhZGMzODlmNGZjNjViYjRkZmY1MDdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqZkHif4yeBzE+B7RPqU0m5JODZ5e
GiHjl0S6X9DsUFCxdsV0ZmmRo/P2DCOsQfN3zfiWAABB5dDgBAoDal6UJu71vNMq
w8bVkDZXaOljvrkpn2YeUTkJHGxbQDhT8XM60NqaZcQTjdyvu+Tn/LKD0uVq6XCJ
eizbb4J5b4TtyHpCMID5Zn7SyWOQ9GmjlhtWvE3zwhzWPO5z5R3oGNzHVw5Rln2J
IU5YZs8Rquy22atmlyMqkxyuMUiWnqeLvd/qlCEi+AKUoyFZP6lyg+CPGD/ucafb
TR0mDRiqnMnpiaC8x1m2sItnHvUNxqyJKOxjO5NCe9YX0L5nWFuM+P9W7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIKuPqmWSxQbrq3DifT8ZbtN/1B6MB8GA1UdIwQY
MBaAFNVjdpL/XEVIbRBTsUncFCACbNczMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVdOMmt2OWNSVWh0RUZPeFNkd1VJQUpzMXpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi85OGUxMTMtZTAwMi00ZDkzLTlhNDkt
YWRlYWRlMjg2NWMxLzEvZ3E0LXFaWkxGQnV1cmNPSjlQeGx1MDNfVUhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi85OGUxMTMtZTAwMi00ZDkzLTlhNDktYWRlYWRlMjg2NWMx
LzEvMVdOMmt2OWNSVWh0RUZPeFNkd1VJQUpzMXpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUPbgMA0G
CSqGSIb3DQEBCwUAA4IBAQBfNbqlzXSNOwL6brqSnbT3GfLWcZDY8c7uOXYY76op
dyZqBXWmz1scUvAIFA9AosW3V7OWihp+9zOwtouA9VK6usk9LoZFvMyeEsy5c5uw
dVz74atGSZ/+lQaIQ/dybebuSRmlMk2wGhHBgqdCPDy8BRvAYXvquDPSh/6r0qlg
LiHTc6mKNjKtR2k3jDelmGQ4hRyoyL7TE5t6mNMFhpFJEO637qMOt6YjcchfcCdc
+eepEYKhWMMPGZLmq47GEiqNN8SiTCeqPWQOXML9I98j5meypN3Hwn4fxDIYHEVu
Ps8HtTx4QQnrWXRRru12H5iZxd17EVghrUAlja7OC+0R
-----END CERTIFICATE-----