Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/qe432KZdOHWLTvEpPyEAbYlyCZg.roa
File:                     qe432KZdOHWLTvEpPyEAbYlyCZg.roa (raw, json)
Hash identifier:          qrpa2/+g76O23FogX8sCzm+j4EVnXw4A9vr711uw4tc=
Subject key identifier:   A9:EE:37:D8:A6:5D:38:75:8B:4E:F1:29:3F:21:00:6D:89:72:09:98
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       019421B23D40C3D4EE96EAD77D552BF08CD1
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/qe432KZdOHWLTvEpPyEAbYlyCZg.roa
Signing time:             Wed 01 Jan 2025 11:48:36 +0000
ROA not before:           Wed 01 Jan 2025 11:48:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61112
IP address blocks:        5.253.36.0/24 maxlen: 24
                          45.8.186.0/24 maxlen: 24
                          85.208.104.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:3d:40:c3:d4:ee:96:ea:d7:7d:55:2b:f0:8c:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Jan  1 11:48:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a9ee37d8a65d38758b4ef1293f21006d89720998
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:7a:ae:44:14:3b:08:6a:f4:7a:bc:4c:3d:7c:
                    f3:4d:3a:bc:5b:1a:c4:80:03:dc:57:da:dc:84:66:
                    b9:e2:63:4c:5b:b8:95:e7:5d:c8:de:59:7e:db:aa:
                    09:df:8c:de:cc:db:21:a7:da:b7:b3:d0:d2:63:96:
                    37:e8:5e:9e:03:3a:61:ed:77:12:90:14:d1:fd:fc:
                    8f:3b:2a:7c:d6:62:37:5f:c6:1f:bb:4e:23:a1:a5:
                    95:5f:83:b7:8b:1f:a9:f2:a8:fe:ac:f2:fc:a6:99:
                    01:bb:ac:0b:33:5d:86:bb:dd:93:9a:cf:12:4f:a4:
                    c0:9e:ad:22:ca:f6:f7:80:2e:70:10:8f:0b:6d:30:
                    f5:80:0e:44:a1:1d:44:06:1d:cb:e6:83:b1:bd:04:
                    71:2a:19:35:5f:ff:f7:f7:fa:7f:68:50:70:23:e7:
                    8b:f2:07:0c:83:a8:12:67:71:62:61:76:f6:d0:8f:
                    68:e6:27:31:90:e9:55:05:8c:ef:13:60:23:c0:3e:
                    7d:87:2e:ed:53:69:9f:78:be:f9:84:a6:42:14:0c:
                    28:77:f9:2e:5e:31:89:77:ec:a1:71:f5:f8:90:88:
                    02:2c:af:9a:88:54:06:61:5f:ba:5c:82:cb:94:b6:
                    b4:32:eb:ed:26:3e:c3:3d:1f:92:6b:f7:06:e7:62:
                    18:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:EE:37:D8:A6:5D:38:75:8B:4E:F1:29:3F:21:00:6D:89:72:09:98
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/qe432KZdOHWLTvEpPyEAbYlyCZg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.253.36.0/24
                  45.8.186.0/24
                  85.208.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:a4:52:66:2d:84:a2:d5:eb:e6:5d:f1:e9:c7:14:9f:98:99:
         37:2a:ff:58:18:11:94:3f:77:93:2d:20:d9:c0:cd:54:de:c5:
         25:e7:8a:b3:69:19:e9:e1:9a:50:68:57:94:d6:6e:26:b6:07:
         cf:31:35:3f:ef:c5:fe:33:8d:25:03:4a:83:3a:c8:ac:ec:6b:
         85:7b:a8:59:08:0e:65:b5:37:e4:a8:a6:a5:f6:e5:40:95:b8:
         60:b8:7e:54:ec:e3:d9:63:b7:13:dd:46:ff:92:78:6f:6f:3f:
         91:8e:0a:bc:43:74:11:ec:3d:34:de:ce:2d:60:3b:ed:00:ea:
         97:e5:69:da:48:53:e7:76:df:d1:23:45:a8:ab:64:63:b7:62:
         42:25:ce:8f:a6:b8:c1:0e:22:55:5c:17:02:cd:68:63:69:74:
         c9:7d:c9:07:3c:32:ea:b2:13:91:b0:bd:d7:fa:85:3d:99:aa:
         b0:76:a1:c5:a4:a2:64:b1:8d:e7:c7:fa:33:84:63:3d:d9:f1:
         11:bb:d9:50:8e:0c:95:3c:75:34:9d:58:ce:ff:b0:01:ca:7e:
         9a:24:c4:0a:bf:9d:12:d8:83:6e:8d:31:fa:d1:f3:e5:7c:b7:
         7f:fd:f3:11:2f:cd:e8:df:e7:a6:98:d6:cb:1a:3c:fa:64:ae:
         ed:58:4e:bd
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQhsj1Aw9TulurXfVUr8IzRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjUwMTAxMTE0ODM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWVlMzdkOGE2NWQzODc1OGI0ZWYxMjkzZjIxMDA2ZDg5NzIwOTk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk3quRBQ7CGr0erxMPXzzTTq8WxrE
gAPcV9rchGa54mNMW7iV513I3ll+26oJ34zezNshp9q3s9DSY5Y36F6eAzph7XcS
kBTR/fyPOyp81mI3X8Yfu04joaWVX4O3ix+p8qj+rPL8ppkBu6wLM12Gu92Tms8S
T6TAnq0iyvb3gC5wEI8LbTD1gA5EoR1EBh3L5oOxvQRxKhk1X//39/p/aFBwI+eL
8gcMg6gSZ3FiYXb20I9o5icxkOlVBYzvE2AjwD59hy7tU2mfeL75hKZCFAwod/ku
XjGJd+yhcfX4kIgCLK+aiFQGYV+6XILLlLa0MuvtJj7DPR+Sa/cG52IY8wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFKnuN9imXTh1i07xKT8hAG2JcgmYMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvcWU0MzJLWmRPSFdMVHZFcFB5RUFiWWx5Q1pnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQABf0kAwQA
LQi6AwQAVdBoMA0GCSqGSIb3DQEBCwUAA4IBAQCNpFJmLYSi1evmXfHpxxSfmJk3
Kv9YGBGUP3eTLSDZwM1U3sUl54qzaRnp4ZpQaFeU1m4mtgfPMTU/78X+M40lA0qD
Osis7GuFe6hZCA5ltTfkqKal9uVAlbhguH5U7OPZY7cT3Ub/knhvbz+Rjgq8Q3QR
7D003s4tYDvtAOqX5WnaSFPndt/RI0Woq2Rjt2JCJc6PprjBDiJVXBcCzWhjaXTJ
fckHPDLqshORsL3X+oU9maqwdqHFpKJksY3nx/ozhGM92fERu9lQjgyVPHU0nVjO
/7AByn6aJMQKv50S2INujTH60fPlfLd//fMRL83o3+emmNbLGjz6ZK7tWE69
-----END CERTIFICATE-----