Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/4485be-d779-41f5-a558-e6ac9b6a219e/1/QVia0R-C1R2OtBKefX55cNuuXdw.roa
File:                     QVia0R-C1R2OtBKefX55cNuuXdw.roa (raw, json)
Hash identifier:          5hYta4LOp/wluPpRpLQ0dqF8+c0Z+WJxjmlf/9qWqq0=
Subject key identifier:   41:58:9A:D1:1F:82:D5:1D:8E:B4:12:9E:7D:7E:79:70:DB:AE:5D:DC
Certificate issuer:       /CN=ae17b1bbe78ce40aa1ec6d2778bc1e4ea295167e
Certificate serial:       019420D60332CBECF25B1C7263E1C30B7F81
Authority key identifier: AE:17:B1:BB:E7:8C:E4:0A:A1:EC:6D:27:78:BC:1E:4E:A2:95:16:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rhexu-eM5Aqh7G0neLweTqKVFn4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/4485be-d779-41f5-a558-e6ac9b6a219e/1/QVia0R-C1R2OtBKefX55cNuuXdw.roa
Signing time:             Wed 01 Jan 2025 07:48:03 +0000
ROA not before:           Wed 01 Jan 2025 07:48:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44455
IP address blocks:        91.199.124.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/4485be-d779-41f5-a558-e6ac9b6a219e/1/rhexu-eM5Aqh7G0neLweTqKVFn4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/4485be-d779-41f5-a558-e6ac9b6a219e/1/rhexu-eM5Aqh7G0neLweTqKVFn4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rhexu-eM5Aqh7G0neLweTqKVFn4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:03:32:cb:ec:f2:5b:1c:72:63:e1:c3:0b:7f:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ae17b1bbe78ce40aa1ec6d2778bc1e4ea295167e
        Validity
            Not Before: Jan  1 07:48:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=41589ad11f82d51d8eb4129e7d7e7970dbae5ddc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:ff:f1:21:72:f9:65:4c:1c:b3:b8:3e:0f:73:
                    d3:f3:03:79:68:c9:b5:09:fc:85:73:f4:81:ea:63:
                    d6:6d:e4:ce:37:72:7a:86:61:a3:ee:07:5d:32:70:
                    41:fa:92:ab:53:aa:c7:fa:ab:ca:1a:32:df:39:e1:
                    f9:7b:49:fd:6a:b9:9d:88:04:be:67:3f:c2:22:eb:
                    8a:20:ac:2e:a7:fd:f7:14:c3:35:33:71:fa:3a:d6:
                    4d:12:ba:42:13:a9:52:df:d9:05:cf:6c:9a:3f:8d:
                    a6:43:a8:4a:be:6d:e8:47:39:66:54:8e:8e:7f:03:
                    3a:6f:c2:00:91:45:f7:4d:7b:65:7c:15:ab:e0:a9:
                    a9:c8:2f:b8:c6:42:af:2f:9c:73:d1:36:9c:7c:b5:
                    bd:c9:cd:3c:f8:f1:ca:8d:c9:59:00:a3:6d:3f:56:
                    e4:d4:1e:a6:f5:dc:00:86:5a:da:a2:a4:59:4c:c0:
                    ab:7e:7c:6a:ce:10:e3:e1:b7:99:72:ad:df:a2:dd:
                    53:31:5b:f2:26:8f:96:ea:b2:9f:19:ae:2e:7f:bd:
                    02:b6:d3:fd:aa:ba:ce:b5:fc:89:e4:d2:70:75:bd:
                    0f:7d:15:c6:c2:12:f4:64:f5:44:d0:be:56:76:dc:
                    f1:06:ef:4c:d1:a3:c9:97:e6:9d:d5:11:4e:9e:a5:
                    59:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:58:9A:D1:1F:82:D5:1D:8E:B4:12:9E:7D:7E:79:70:DB:AE:5D:DC
            X509v3 Authority Key Identifier:
                keyid:AE:17:B1:BB:E7:8C:E4:0A:A1:EC:6D:27:78:BC:1E:4E:A2:95:16:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rhexu-eM5Aqh7G0neLweTqKVFn4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/4485be-d779-41f5-a558-e6ac9b6a219e/1/QVia0R-C1R2OtBKefX55cNuuXdw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/4485be-d779-41f5-a558-e6ac9b6a219e/1/rhexu-eM5Aqh7G0neLweTqKVFn4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:d7:24:ea:c0:6c:05:88:49:cb:41:e8:c4:ec:51:f4:c9:68:
         4a:76:84:f5:7e:27:32:dd:f2:c9:e5:e5:6b:e6:81:99:f3:bb:
         ee:0c:0b:c2:ec:51:7d:4c:22:9e:82:9c:9a:cf:6b:49:3a:16:
         fc:8d:7f:89:77:f8:67:d6:fb:c7:bb:76:5d:0a:51:bf:f6:e5:
         fb:73:5c:ea:ed:5e:a8:f9:72:6a:76:85:4d:b8:36:67:80:4f:
         50:51:11:4d:e8:64:76:05:4b:49:50:5e:ce:8f:3b:98:31:d5:
         9b:e3:eb:d4:f2:8f:3f:dd:02:e6:34:8c:73:1c:02:24:34:89:
         a2:d6:fc:f9:a8:ab:5d:39:b1:00:7d:da:f3:09:bd:93:3d:08:
         aa:10:61:f2:6e:ab:d3:60:12:64:0c:55:22:33:fb:35:18:e3:
         ec:d7:d9:f9:9c:7a:4c:2b:48:33:86:83:33:cb:d1:9a:99:3a:
         bd:31:30:8a:87:f4:f0:d8:88:81:3b:7b:4d:94:41:2f:59:c2:
         77:a8:e9:92:32:db:78:d5:b6:67:6c:8c:97:f2:e5:d0:0d:0d:
         d3:82:89:72:f0:a5:d5:3c:45:a0:10:a5:2c:72:90:18:ae:ea:
         0b:87:b3:07:11:2b:d0:b7:d7:29:dd:ed:45:30:f0:77:42:37:
         2c:5d:9c:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1gMyy+zyWxxyY+HDC3+BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlMTdiMWJiZTc4Y2U0MGFhMWVjNmQyNzc4YmMxZTRlYTI5
NTE2N2UwHhcNMjUwMTAxMDc0ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTU4OWFkMTFmODJkNTFkOGViNDEyOWU3ZDdlNzk3MGRiYWU1ZGRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApv/xIXL5ZUwcs7g+D3PT8wN5aMm1
CfyFc/SB6mPWbeTON3J6hmGj7gddMnBB+pKrU6rH+qvKGjLfOeH5e0n9armdiAS+
Zz/CIuuKIKwup/33FMM1M3H6OtZNErpCE6lS39kFz2yaP42mQ6hKvm3oRzlmVI6O
fwM6b8IAkUX3TXtlfBWr4KmpyC+4xkKvL5xz0TacfLW9yc08+PHKjclZAKNtP1bk
1B6m9dwAhlraoqRZTMCrfnxqzhDj4beZcq3fot1TMVvyJo+W6rKfGa4uf70CttP9
qrrOtfyJ5NJwdb0PfRXGwhL0ZPVE0L5WdtzxBu9M0aPJl+ad1RFOnqVZSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEFYmtEfgtUdjrQSnn1+eXDbrl3cMB8GA1UdIwQY
MBaAFK4XsbvnjOQKoextJ3i8Hk6ilRZ+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmhleHUtZU01QXFoN0cwbmVMd2VUcUtWRm40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS80NDg1YmUtZDc3OS00MWY1LWE1NTgt
ZTZhYzliNmEyMTllLzEvUVZpYTBSLUMxUjJPdEJLZWZYNTVjTnV1WGR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS80NDg1YmUtZDc3OS00MWY1LWE1NTgtZTZhYzliNmEyMTll
LzEvcmhleHUtZU01QXFoN0cwbmVMd2VUcUtWRm40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8d8MA0G
CSqGSIb3DQEBCwUAA4IBAQCk1yTqwGwFiEnLQejE7FH0yWhKdoT1ficy3fLJ5eVr
5oGZ87vuDAvC7FF9TCKegpyaz2tJOhb8jX+Jd/hn1vvHu3ZdClG/9uX7c1zq7V6o
+XJqdoVNuDZngE9QURFN6GR2BUtJUF7OjzuYMdWb4+vU8o8/3QLmNIxzHAIkNImi
1vz5qKtdObEAfdrzCb2TPQiqEGHybqvTYBJkDFUiM/s1GOPs19n5nHpMK0gzhoMz
y9GamTq9MTCKh/Tw2IiBO3tNlEEvWcJ3qOmSMtt41bZnbIyX8uXQDQ3Tgoly8KXV
PEWgEKUscpAYruoLh7MHESvQt9cp3e1FMPB3QjcsXZwH
-----END CERTIFICATE-----