Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/414d9d-b303-4058-993b-9002fad9ea1e/1/tQhQQED_2rbtgmsDxQqfycOcoj4.roa
File:                     tQhQQED_2rbtgmsDxQqfycOcoj4.roa (raw, json)
Hash identifier:          7QkytynjV9fTl5bHPu2TPRokrjL3zXWtRN7glg7QEBg=
Subject key identifier:   B5:08:50:40:40:FF:DA:B6:ED:82:6B:03:C5:0A:9F:C9:C3:9C:A2:3E
Certificate issuer:       /CN=178d8121ef704d7a9770c3ece1e205614790ac39
Certificate serial:       0194221F9B881C9EE0B9672BB920116E631A
Authority key identifier: 17:8D:81:21:EF:70:4D:7A:97:70:C3:EC:E1:E2:05:61:47:90:AC:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F42BIe9wTXqXcMPs4eIFYUeQrDk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/414d9d-b303-4058-993b-9002fad9ea1e/1/tQhQQED_2rbtgmsDxQqfycOcoj4.roa
Signing time:             Wed 01 Jan 2025 13:48:04 +0000
ROA not before:           Wed 01 Jan 2025 13:48:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51362
IP address blocks:        185.19.212.0/22 maxlen: 24
                          2a06:37c0::/29 maxlen: 64
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/414d9d-b303-4058-993b-9002fad9ea1e/1/F42BIe9wTXqXcMPs4eIFYUeQrDk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/414d9d-b303-4058-993b-9002fad9ea1e/1/F42BIe9wTXqXcMPs4eIFYUeQrDk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F42BIe9wTXqXcMPs4eIFYUeQrDk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 03:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:9b:88:1c:9e:e0:b9:67:2b:b9:20:11:6e:63:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=178d8121ef704d7a9770c3ece1e205614790ac39
        Validity
            Not Before: Jan  1 13:48:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b508504040ffdab6ed826b03c50a9fc9c39ca23e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:e1:43:26:e4:60:66:07:e7:c7:a2:ac:79:db:
                    85:ef:e2:81:f4:f1:ac:f5:c1:a6:0b:75:96:88:47:
                    70:cc:d0:9b:a5:fc:ea:79:6e:bb:94:fe:71:60:de:
                    de:8c:ff:16:4b:75:48:7f:d3:81:23:47:14:90:fd:
                    8e:cb:f6:4a:44:c1:f0:11:6d:2b:4c:41:7a:35:c3:
                    51:f6:a6:78:f3:e2:de:a7:2a:a0:5e:e6:a4:41:85:
                    51:c0:64:f0:e0:8c:5a:7e:9e:fa:e1:3a:54:6a:2a:
                    41:2b:6d:7d:43:29:9e:44:12:9f:fd:d9:32:94:63:
                    62:ae:b5:24:22:64:09:d1:fe:54:52:f3:d6:6e:90:
                    4e:53:e2:48:ae:77:3a:ad:92:df:9b:41:79:4e:7f:
                    2b:15:6a:ad:f2:c9:8f:6e:95:91:e5:8d:bc:05:48:
                    2e:5d:64:5d:4b:ed:f5:6d:06:a7:1f:c8:ab:8e:2a:
                    8b:3b:9a:35:75:d3:43:8f:9d:ef:a8:23:7a:c5:a3:
                    6b:e1:36:8e:97:56:09:40:9f:e0:63:f3:9e:b2:3f:
                    8a:00:ff:d6:a8:50:d0:58:20:d3:11:ba:8a:f3:71:
                    eb:8e:ec:5c:f0:44:f2:23:1b:9a:75:9a:2e:34:6f:
                    56:1e:49:d4:61:cd:06:0f:3b:40:dc:90:e8:4e:49:
                    a9:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:08:50:40:40:FF:DA:B6:ED:82:6B:03:C5:0A:9F:C9:C3:9C:A2:3E
            X509v3 Authority Key Identifier:
                keyid:17:8D:81:21:EF:70:4D:7A:97:70:C3:EC:E1:E2:05:61:47:90:AC:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F42BIe9wTXqXcMPs4eIFYUeQrDk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/414d9d-b303-4058-993b-9002fad9ea1e/1/tQhQQED_2rbtgmsDxQqfycOcoj4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/414d9d-b303-4058-993b-9002fad9ea1e/1/F42BIe9wTXqXcMPs4eIFYUeQrDk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.19.212.0/22
                IPv6:
                  2a06:37c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         87:34:f3:b9:65:79:f3:30:db:40:52:a3:eb:6f:95:12:2b:11:
         9f:11:ab:b3:e2:fc:b4:39:fa:2e:10:5d:a9:8b:52:13:5a:86:
         f9:2e:11:26:6d:5a:6b:c1:63:e4:53:51:ae:74:c5:39:b0:f9:
         bb:7d:56:30:e1:ea:3c:0f:6c:f2:9c:bf:49:b0:94:a9:62:7d:
         50:e9:fe:27:ce:a7:eb:df:20:10:8b:f8:44:7f:8b:90:52:fe:
         98:a5:bf:47:90:c6:f3:ed:c7:1e:68:6c:9b:c8:a9:c2:ec:10:
         0e:7b:0b:66:45:63:87:77:78:70:19:db:63:e4:41:9a:ef:48:
         b2:91:d3:b3:60:68:b9:d3:f3:19:15:42:ba:2b:3d:93:d4:76:
         93:c4:4b:80:fa:70:bf:2c:06:cf:5b:93:fa:05:cf:e7:fe:b0:
         7e:a8:60:84:01:13:96:13:9f:d9:87:ef:54:ef:19:46:06:31:
         c3:9e:a5:49:88:b1:89:02:11:3c:62:72:aa:8a:83:27:5b:df:
         c8:5c:97:c2:92:e9:3a:a8:c3:f9:41:a4:70:5c:d9:f2:91:ef:
         b3:6a:e8:c1:c8:65:cf:af:6d:20:da:2a:89:02:7e:13:73:4b:
         c6:e2:28:79:25:49:2e:12:10:ae:72:24:c4:85:f1:42:6a:74:
         e0:c7:02:82
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQiH5uIHJ7guWcruSARbmMaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3OGQ4MTIxZWY3MDRkN2E5NzcwYzNlY2UxZTIwNTYxNDc5
MGFjMzkwHhcNMjUwMTAxMTM0ODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTA4NTA0MDQwZmZkYWI2ZWQ4MjZiMDNjNTBhOWZjOWMzOWNhMjNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkeFDJuRgZgfnx6KseduF7+KB9PGs
9cGmC3WWiEdwzNCbpfzqeW67lP5xYN7ejP8WS3VIf9OBI0cUkP2Oy/ZKRMHwEW0r
TEF6NcNR9qZ48+LepyqgXuakQYVRwGTw4Ixafp764TpUaipBK219QymeRBKf/dky
lGNirrUkImQJ0f5UUvPWbpBOU+JIrnc6rZLfm0F5Tn8rFWqt8smPbpWR5Y28BUgu
XWRdS+31bQanH8irjiqLO5o1ddNDj53vqCN6xaNr4TaOl1YJQJ/gY/Oesj+KAP/W
qFDQWCDTEbqK83Hrjuxc8ETyIxuadZouNG9WHknUYc0GDztA3JDoTkmpDwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLUIUEBA/9q27YJrA8UKn8nDnKI+MB8GA1UdIwQY
MBaAFBeNgSHvcE16l3DD7OHiBWFHkKw5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjQyQkllOXdUWHFYY01QczRlSUZZVWVRckRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi80MTRkOWQtYjMwMy00MDU4LTk5M2It
OTAwMmZhZDllYTFlLzEvdFFoUVFFRF8ycmJ0Z21zRHhRcWZ5Y09jb2o0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi80MTRkOWQtYjMwMy00MDU4LTk5M2ItOTAwMmZhZDllYTFl
LzEvRjQyQkllOXdUWHFYY01QczRlSUZZVWVRckRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuRPUMA0E
AgACMAcDBQMqBjfAMA0GCSqGSIb3DQEBCwUAA4IBAQCHNPO5ZXnzMNtAUqPrb5US
KxGfEauz4vy0OfouEF2pi1ITWob5LhEmbVprwWPkU1GudMU5sPm7fVYw4eo8D2zy
nL9JsJSpYn1Q6f4nzqfr3yAQi/hEf4uQUv6Ypb9HkMbz7cceaGybyKnC7BAOewtm
RWOHd3hwGdtj5EGa70iykdOzYGi50/MZFUK6Kz2T1HaTxEuA+nC/LAbPW5P6Bc/n
/rB+qGCEAROWE5/Zh+9U7xlGBjHDnqVJiLGJAhE8YnKqioMnW9/IXJfCkuk6qMP5
QaRwXNnyke+zaujByGXPr20g2iqJAn4Tc0vG4ih5JUkuEhCuciTEhfFCanTgxwKC
-----END CERTIFICATE-----