Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/0219c1-a551-4b91-9ca3-032b3b614dd8/1/8SQTxy_p8cY9en9UR93vjFnnH74.roa
File:                     8SQTxy_p8cY9en9UR93vjFnnH74.roa (raw, json)
Hash identifier:          LPCNfHY24fbVR2x4GxfhYD0c8Fxi97g9FBcWFfU2h/o=
Subject key identifier:   F1:24:13:C7:2F:E9:F1:C6:3D:7A:7F:54:47:DD:EF:8C:59:E7:1F:BE
Certificate issuer:       /CN=0f78ea46cc21d45ed61268d4a9f56732c85e2150
Certificate serial:       0194258F6C07F88BE40466FE08C0DF64E510
Authority key identifier: 0F:78:EA:46:CC:21:D4:5E:D6:12:68:D4:A9:F5:67:32:C8:5E:21:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D3jqRswh1F7WEmjUqfVnMsheIVA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/0219c1-a551-4b91-9ca3-032b3b614dd8/1/8SQTxy_p8cY9en9UR93vjFnnH74.roa
Signing time:             Thu 02 Jan 2025 05:49:03 +0000
ROA not before:           Thu 02 Jan 2025 05:49:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201278
IP address blocks:        188.66.28.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/0219c1-a551-4b91-9ca3-032b3b614dd8/1/D3jqRswh1F7WEmjUqfVnMsheIVA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/0219c1-a551-4b91-9ca3-032b3b614dd8/1/D3jqRswh1F7WEmjUqfVnMsheIVA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D3jqRswh1F7WEmjUqfVnMsheIVA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:6c:07:f8:8b:e4:04:66:fe:08:c0:df:64:e5:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0f78ea46cc21d45ed61268d4a9f56732c85e2150
        Validity
            Not Before: Jan  2 05:49:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f12413c72fe9f1c63d7a7f5447ddef8c59e71fbe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:f1:e0:06:b1:4e:6e:d0:a9:76:c5:f4:55:59:
                    0a:55:18:03:7c:93:27:5c:8a:46:88:20:e4:cf:9c:
                    cb:74:02:c4:21:14:44:d7:30:d2:ba:4a:dc:aa:da:
                    15:ce:4a:44:a4:39:f6:8c:c1:03:8e:c7:b2:98:3e:
                    e8:e8:4e:b4:47:fd:fd:50:ed:06:6a:ea:8e:a4:97:
                    08:a4:b5:3f:fd:37:05:f1:e7:65:26:fb:55:cc:b8:
                    7e:7a:f7:47:da:84:e3:77:76:0d:a7:23:5b:a0:14:
                    6d:9f:21:7a:50:53:f0:40:88:30:d3:6c:08:d9:cd:
                    ff:af:ea:35:9d:34:51:49:05:d6:2e:52:06:c1:24:
                    16:e8:58:64:2e:af:1b:24:b2:61:5d:55:56:3a:cc:
                    a6:37:fb:90:0a:24:fd:0a:d0:71:67:1f:85:c3:27:
                    63:ed:91:62:4a:49:73:72:5e:b1:9c:ce:58:3a:8d:
                    98:b1:22:94:73:72:44:4e:bb:db:c7:fd:86:33:9e:
                    61:dd:31:9e:af:e9:e0:d4:9d:42:07:79:59:c3:2e:
                    f3:d0:53:62:2e:8d:21:13:6e:b4:94:84:37:e5:da:
                    4d:a5:b3:fb:8f:dd:12:c5:80:44:0c:61:c7:05:5d:
                    52:bc:01:16:70:52:3b:e7:5d:5b:79:0a:82:73:4b:
                    6e:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:24:13:C7:2F:E9:F1:C6:3D:7A:7F:54:47:DD:EF:8C:59:E7:1F:BE
            X509v3 Authority Key Identifier:
                keyid:0F:78:EA:46:CC:21:D4:5E:D6:12:68:D4:A9:F5:67:32:C8:5E:21:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D3jqRswh1F7WEmjUqfVnMsheIVA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/0219c1-a551-4b91-9ca3-032b3b614dd8/1/8SQTxy_p8cY9en9UR93vjFnnH74.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/0219c1-a551-4b91-9ca3-032b3b614dd8/1/D3jqRswh1F7WEmjUqfVnMsheIVA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.66.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9c:2d:c7:e2:1b:b3:48:dd:83:68:da:a6:07:7c:82:c2:5f:af:
         a7:38:36:9f:9d:f8:8e:1b:d1:6c:e4:ca:a9:53:86:33:04:51:
         19:26:11:8d:50:f4:65:ac:21:29:bc:16:3d:47:ab:13:86:d7:
         11:a1:2f:c3:91:02:3e:73:e6:8d:81:0c:18:f3:27:f5:82:b1:
         c0:45:ee:5d:86:86:6e:c6:54:db:7e:a0:1b:84:7e:b2:66:7d:
         91:3b:29:27:02:8c:fa:18:b0:d6:1a:9a:61:4b:3f:80:aa:84:
         85:04:18:b5:cc:2e:81:6e:9c:f2:e3:0b:5a:3f:12:ef:22:32:
         fa:b5:d1:bb:70:7b:5c:5a:04:f6:13:2e:85:3b:1d:c4:56:78:
         5b:bb:f8:e6:c7:9e:4d:b8:c9:71:fb:bb:4a:37:d8:1b:66:d8:
         7e:57:2d:8c:ca:ed:cb:ba:9f:0b:59:23:10:3d:a5:d6:b4:2c:
         1a:21:0d:91:56:62:7d:fe:a1:cc:93:4d:7a:20:3d:1a:5b:50:
         08:93:dd:d2:df:e2:f5:6e:f5:c0:fc:87:55:50:f6:ae:1d:82:
         7e:cd:3d:6e:b5:9e:0f:47:5c:54:ff:fa:4a:d8:89:8b:9a:b6:
         56:31:d7:2f:97:d1:e6:f4:ad:0d:6c:52:ab:c2:71:91:3c:e2:
         cf:67:7a:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj2wH+IvkBGb+CMDfZOUQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmNzhlYTQ2Y2MyMWQ0NWVkNjEyNjhkNGE5ZjU2NzMyYzg1
ZTIxNTAwHhcNMjUwMTAyMDU0OTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTI0MTNjNzJmZTlmMWM2M2Q3YTdmNTQ0N2RkZWY4YzU5ZTcxZmJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu/HgBrFObtCpdsX0VVkKVRgDfJMn
XIpGiCDkz5zLdALEIRRE1zDSukrcqtoVzkpEpDn2jMEDjseymD7o6E60R/39UO0G
auqOpJcIpLU//TcF8edlJvtVzLh+evdH2oTjd3YNpyNboBRtnyF6UFPwQIgw02wI
2c3/r+o1nTRRSQXWLlIGwSQW6FhkLq8bJLJhXVVWOsymN/uQCiT9CtBxZx+Fwydj
7ZFiSklzcl6xnM5YOo2YsSKUc3JETrvbx/2GM55h3TGer+ng1J1CB3lZwy7z0FNi
Lo0hE260lIQ35dpNpbP7j90SxYBEDGHHBV1SvAEWcFI7511beQqCc0tucQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPEkE8cv6fHGPXp/VEfd74xZ5x++MB8GA1UdIwQY
MBaAFA946kbMIdRe1hJo1Kn1ZzLIXiFQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRDNqcVJzd2gxRjdXRW1qVXFmVm5Nc2hlSVZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi8wMjE5YzEtYTU1MS00YjkxLTljYTMt
MDMyYjNiNjE0ZGQ4LzEvOFNRVHh5X3A4Y1k5ZW45VVI5M3ZqRm5uSDc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi8wMjE5YzEtYTU1MS00YjkxLTljYTMtMDMyYjNiNjE0ZGQ4
LzEvRDNqcVJzd2gxRjdXRW1qVXFmVm5Nc2hlSVZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCvEIcMA0G
CSqGSIb3DQEBCwUAA4IBAQCcLcfiG7NI3YNo2qYHfILCX6+nODafnfiOG9Fs5Mqp
U4YzBFEZJhGNUPRlrCEpvBY9R6sThtcRoS/DkQI+c+aNgQwY8yf1grHARe5dhoZu
xlTbfqAbhH6yZn2ROyknAoz6GLDWGpphSz+AqoSFBBi1zC6Bbpzy4wtaPxLvIjL6
tdG7cHtcWgT2Ey6FOx3EVnhbu/jmx55NuMlx+7tKN9gbZth+Vy2Myu3Lup8LWSMQ
PaXWtCwaIQ2RVmJ9/qHMk016ID0aW1AIk93S3+L1bvXA/IdVUPauHYJ+zT1utZ4P
R1xU//pK2ImLmrZWMdcvl9Hm9K0NbFKrwnGRPOLPZ3pL
-----END CERTIFICATE-----