Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/qGiSxIb91D6HacXOejJfVuTu8BU.roa
File:                     qGiSxIb91D6HacXOejJfVuTu8BU.roa (raw, json)
Hash identifier:          a9ViBz5rVL86CVEqk9mI835xbcTBQW1/bPrYqtylOcM=
Subject key identifier:   A8:68:92:C4:86:FD:D4:3E:87:69:C5:CE:7A:32:5F:56:E4:EE:F0:15
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       0194222041D9EDAC0771A84BAAC073CE9ACD
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/qGiSxIb91D6HacXOejJfVuTu8BU.roa
Signing time:             Wed 01 Jan 2025 13:48:46 +0000
ROA not before:           Wed 01 Jan 2025 13:48:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     268624
IP address blocks:        203.159.80.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:41:d9:ed:ac:07:71:a8:4b:aa:c0:73:ce:9a:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 13:48:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a86892c486fdd43e8769c5ce7a325f56e4eef015
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:4c:7b:f2:dc:d5:c0:ae:db:28:b8:ad:8d:05:
                    ca:7c:2f:64:9e:25:61:3e:5c:9d:ca:b1:dd:a9:ca:
                    74:aa:97:2d:0d:af:80:20:48:2a:f0:b1:77:1a:65:
                    3f:06:c6:86:89:34:f9:3b:f7:33:ec:5a:f0:6f:12:
                    4a:ab:57:90:fe:ca:13:8a:45:90:4b:7c:ea:9b:74:
                    65:00:c0:3f:44:46:d2:ab:8e:2a:f9:aa:ce:31:bf:
                    bf:9d:ed:09:74:17:01:dd:50:49:6b:f0:e5:dd:bb:
                    e0:6d:46:12:23:c0:47:c5:32:01:f6:f0:af:35:6a:
                    32:6d:6a:61:e7:e6:22:47:f1:07:2c:4a:db:3d:2c:
                    9e:e1:eb:b6:71:95:7a:36:1b:3f:8f:4d:f9:0f:f2:
                    8c:8b:02:27:bf:27:60:11:17:71:8f:ae:b4:8c:32:
                    68:4b:2b:67:e4:d9:6b:53:56:40:58:d8:3e:1e:50:
                    32:e7:90:c8:9a:ee:80:e8:1e:c8:a6:44:a4:35:68:
                    1b:ee:64:3d:9e:ad:db:70:8d:e9:b2:a6:2a:08:0e:
                    d4:e9:0c:db:27:26:03:64:6c:e9:98:57:20:83:3f:
                    8e:0a:a6:c5:eb:8c:4c:26:e7:f0:d7:5c:4b:b1:9c:
                    f4:3c:59:d9:49:01:ac:c6:26:8b:8f:66:f9:d5:44:
                    1a:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:68:92:C4:86:FD:D4:3E:87:69:C5:CE:7A:32:5F:56:E4:EE:F0:15
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/qGiSxIb91D6HacXOejJfVuTu8BU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.159.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:ff:76:f6:b7:48:18:d4:1d:55:1b:13:9e:e2:19:97:c8:8c:
         0f:4f:9f:f8:0c:32:a4:4c:6a:0f:15:c6:09:ca:a4:ab:e6:fc:
         6c:b8:75:41:ef:73:37:73:d1:18:f3:dc:22:b8:73:af:88:ff:
         14:15:b2:85:04:a8:75:4c:5f:cd:3a:e8:d1:7d:a0:a3:f4:cc:
         bf:bc:f0:6b:92:91:4c:f1:85:f0:ac:ad:37:cb:40:e0:49:20:
         99:ba:47:51:22:d4:45:b5:a7:50:6b:39:9b:70:e0:cd:7a:24:
         7e:3b:12:c4:59:30:2b:d7:f4:3d:49:f6:fe:5c:14:f6:fb:7b:
         fe:50:b0:c4:f8:2c:2d:16:0d:23:0b:57:1d:ee:02:06:96:7f:
         67:97:12:fb:67:2e:48:65:3e:8c:56:7e:d3:78:22:4d:ae:17:
         a1:2f:61:60:78:e2:25:5b:ca:70:cf:fe:a1:72:c1:64:f4:88:
         47:f5:ae:d3:03:2c:18:06:f4:5f:64:69:48:11:a9:b5:30:a4:
         4b:67:16:d0:44:87:8e:f3:8f:7f:ab:5b:73:87:79:84:31:28:
         3c:43:80:aa:76:17:25:1f:40:8a:45:77:87:4b:6f:79:12:77:
         b8:05:7e:57:db:a8:b4:89:ff:09:9a:78:5f:a7:0c:ae:26:05:
         c5:6e:8a:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiIEHZ7awHcahLqsBzzprNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjUwMTAxMTM0ODQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODY4OTJjNDg2ZmRkNDNlODc2OWM1Y2U3YTMyNWY1NmU0ZWVmMDE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Ux78tzVwK7bKLitjQXKfC9kniVh
PlydyrHdqcp0qpctDa+AIEgq8LF3GmU/BsaGiTT5O/cz7FrwbxJKq1eQ/soTikWQ
S3zqm3RlAMA/REbSq44q+arOMb+/ne0JdBcB3VBJa/Dl3bvgbUYSI8BHxTIB9vCv
NWoybWph5+YiR/EHLErbPSye4eu2cZV6Nhs/j035D/KMiwInvydgERdxj660jDJo
Sytn5NlrU1ZAWNg+HlAy55DImu6A6B7IpkSkNWgb7mQ9nq3bcI3psqYqCA7U6Qzb
JyYDZGzpmFcggz+OCqbF64xMJufw11xLsZz0PFnZSQGsxiaLj2b51UQarwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKhoksSG/dQ+h2nFznoyX1bk7vAVMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvcUdpU3hJYjkxRDZIYWNYT2VqSmZWdVR1OEJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAy59QMA0G
CSqGSIb3DQEBCwUAA4IBAQAQ/3b2t0gY1B1VGxOe4hmXyIwPT5/4DDKkTGoPFcYJ
yqSr5vxsuHVB73M3c9EY89wiuHOviP8UFbKFBKh1TF/NOujRfaCj9My/vPBrkpFM
8YXwrK03y0DgSSCZukdRItRFtadQazmbcODNeiR+OxLEWTAr1/Q9Sfb+XBT2+3v+
ULDE+CwtFg0jC1cd7gIGln9nlxL7Zy5IZT6MVn7TeCJNrhehL2FgeOIlW8pwz/6h
csFk9IhH9a7TAywYBvRfZGlIEam1MKRLZxbQRIeO849/q1tzh3mEMSg8Q4Cqdhcl
H0CKRXeHS295Ene4BX5X26i0if8JmnhfpwyuJgXFbopQ
-----END CERTIFICATE-----