Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/a1f212-ba35-466b-b52e-3853d340c9a6/1/q_qPSgEpylFC-voOECXeWUWdHJM.roa
File:                     q_qPSgEpylFC-voOECXeWUWdHJM.roa (raw, json)
Hash identifier:          jFOGBq/GXOLKGj5Jj8L6FPHFg+Kwe4gyyf67qENLLPY=
Subject key identifier:   AB:FA:8F:4A:01:29:CA:51:42:FA:FA:0E:10:25:DE:59:45:9D:1C:93
Certificate issuer:       /CN=ab4f00f5c3ab3df4c674a410d8a0f0182fb5e918
Certificate serial:       019420D59E1A3723A382D3746EBDF26EE9E4
Authority key identifier: AB:4F:00:F5:C3:AB:3D:F4:C6:74:A4:10:D8:A0:F0:18:2F:B5:E9:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q08A9cOrPfTGdKQQ2KDwGC-16Rg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/a1f212-ba35-466b-b52e-3853d340c9a6/1/q_qPSgEpylFC-voOECXeWUWdHJM.roa
Signing time:             Wed 01 Jan 2025 07:47:38 +0000
ROA not before:           Wed 01 Jan 2025 07:47:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     10753
IP address blocks:        178.209.64.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/a1f212-ba35-466b-b52e-3853d340c9a6/1/q08A9cOrPfTGdKQQ2KDwGC-16Rg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/a1f212-ba35-466b-b52e-3853d340c9a6/1/q08A9cOrPfTGdKQQ2KDwGC-16Rg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q08A9cOrPfTGdKQQ2KDwGC-16Rg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:9e:1a:37:23:a3:82:d3:74:6e:bd:f2:6e:e9:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab4f00f5c3ab3df4c674a410d8a0f0182fb5e918
        Validity
            Not Before: Jan  1 07:47:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=abfa8f4a0129ca5142fafa0e1025de59459d1c93
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:35:f8:2d:7a:af:6d:92:d6:3e:b3:22:7b:85:
                    66:a3:72:b4:91:31:86:64:f7:99:a2:8b:f6:05:7a:
                    e3:c8:c3:4c:79:5b:52:a0:96:28:95:52:bb:68:83:
                    9e:fb:16:8b:08:d6:5d:8b:30:27:5c:6f:b9:42:26:
                    09:88:a2:83:f8:17:d4:96:83:82:01:d5:09:31:a7:
                    29:98:3f:57:07:1d:94:83:47:62:d9:c5:30:75:c2:
                    cc:92:1b:8b:5c:88:e9:36:a5:0b:96:7e:90:ae:6a:
                    f1:90:51:dc:58:b0:13:87:37:09:a7:4f:e7:8d:2d:
                    e6:13:b2:92:4f:fc:63:94:83:4f:b7:e1:f4:11:10:
                    78:de:88:28:89:42:e8:dd:95:68:80:1e:d1:20:01:
                    eb:3f:68:58:5c:b3:ee:d9:6b:f8:a6:4c:2e:28:44:
                    a4:3a:ad:89:98:52:aa:58:a1:e1:21:96:3f:f3:ff:
                    24:7c:af:6a:95:21:0f:7e:67:37:2a:cc:a1:48:d9:
                    1e:20:54:ef:d0:56:08:30:42:b5:94:3f:cb:56:2c:
                    d4:c4:93:19:d6:3c:00:94:c6:82:2d:0e:e7:00:45:
                    c6:44:c4:2f:57:a7:a4:54:ef:1b:f0:c1:4f:6a:ad:
                    ed:23:66:8c:be:a0:6a:80:bc:97:e7:de:0e:05:fd:
                    a6:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:FA:8F:4A:01:29:CA:51:42:FA:FA:0E:10:25:DE:59:45:9D:1C:93
            X509v3 Authority Key Identifier:
                keyid:AB:4F:00:F5:C3:AB:3D:F4:C6:74:A4:10:D8:A0:F0:18:2F:B5:E9:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q08A9cOrPfTGdKQQ2KDwGC-16Rg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/a1f212-ba35-466b-b52e-3853d340c9a6/1/q_qPSgEpylFC-voOECXeWUWdHJM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/a1f212-ba35-466b-b52e-3853d340c9a6/1/q08A9cOrPfTGdKQQ2KDwGC-16Rg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.209.64.0/20

    Signature Algorithm: sha256WithRSAEncryption
         9e:86:7a:50:32:d9:26:a4:ba:d6:6f:c2:6a:77:7a:03:7d:d5:
         1d:0b:15:2b:c7:9e:2f:44:b9:08:33:0b:6c:4d:c7:b2:5e:23:
         b8:9e:bd:60:b8:b5:e9:43:86:25:53:f6:16:16:c5:89:f1:64:
         42:0a:b9:fb:5a:b4:2e:74:da:d7:40:1b:5f:0a:40:83:57:d0:
         76:56:26:af:35:5e:51:3e:fa:a9:37:4b:4d:c9:8f:21:94:0d:
         24:9b:7d:12:b0:cb:9a:dd:9f:4e:27:20:e9:88:45:1e:72:1d:
         56:38:32:25:15:57:7c:1f:c5:41:8c:ed:30:7c:41:8d:0d:b4:
         a3:b4:08:ea:1b:4d:67:5f:d6:d9:8a:0a:f9:20:b3:d4:0e:70:
         cd:b0:0d:b7:b7:87:bd:d8:87:2d:3c:86:6b:7e:11:6d:ed:d2:
         5b:6b:33:a7:f3:e0:a1:a6:f9:81:ba:c8:6c:6b:12:b5:03:99:
         f4:6a:f1:72:66:2a:6c:38:b9:0a:b4:6a:18:73:5a:c0:7e:7b:
         c8:5e:f3:cb:1f:10:72:ba:0c:1f:e4:a3:65:a5:05:4a:a0:a9:
         2a:34:dc:9d:21:02:37:9a:0d:58:3e:ac:1e:24:96:94:3b:92:
         51:ef:fd:ee:8a:ad:2f:5f:6b:96:98:26:5a:eb:17:9f:80:e0:
         ec:37:70:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1Z4aNyOjgtN0br3ybunkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiNGYwMGY1YzNhYjNkZjRjNjc0YTQxMGQ4YTBmMDE4MmZi
NWU5MTgwHhcNMjUwMTAxMDc0NzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmZhOGY0YTAxMjljYTUxNDJmYWZhMGUxMDI1ZGU1OTQ1OWQxYzkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxjX4LXqvbZLWPrMie4Vmo3K0kTGG
ZPeZoov2BXrjyMNMeVtSoJYolVK7aIOe+xaLCNZdizAnXG+5QiYJiKKD+BfUloOC
AdUJMacpmD9XBx2Ug0di2cUwdcLMkhuLXIjpNqULln6QrmrxkFHcWLAThzcJp0/n
jS3mE7KST/xjlINPt+H0ERB43ogoiULo3ZVogB7RIAHrP2hYXLPu2Wv4pkwuKESk
Oq2JmFKqWKHhIZY/8/8kfK9qlSEPfmc3KsyhSNkeIFTv0FYIMEK1lD/LVizUxJMZ
1jwAlMaCLQ7nAEXGRMQvV6ekVO8b8MFPaq3tI2aMvqBqgLyX594OBf2mgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKv6j0oBKcpRQvr6DhAl3llFnRyTMB8GA1UdIwQY
MBaAFKtPAPXDqz30xnSkENig8BgvtekYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTA4QTljT3JQZlRHZEtRUTJLRHdHQy0xNlJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS9hMWYyMTItYmEzNS00NjZiLWI1MmUt
Mzg1M2QzNDBjOWE2LzEvcV9xUFNnRXB5bEZDLXZvT0VDWGVXVVdkSEpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS9hMWYyMTItYmEzNS00NjZiLWI1MmUtMzg1M2QzNDBjOWE2
LzEvcTA4QTljT3JQZlRHZEtRUTJLRHdHQy0xNlJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEstFAMA0G
CSqGSIb3DQEBCwUAA4IBAQCehnpQMtkmpLrWb8Jqd3oDfdUdCxUrx54vRLkIMwts
TceyXiO4nr1guLXpQ4YlU/YWFsWJ8WRCCrn7WrQudNrXQBtfCkCDV9B2ViavNV5R
PvqpN0tNyY8hlA0km30SsMua3Z9OJyDpiEUech1WODIlFVd8H8VBjO0wfEGNDbSj
tAjqG01nX9bZigr5ILPUDnDNsA23t4e92IctPIZrfhFt7dJbazOn8+ChpvmBushs
axK1A5n0avFyZipsOLkKtGoYc1rAfnvIXvPLHxByugwf5KNlpQVKoKkqNNydIQI3
mg1YPqweJJaUO5JR7/3uiq0vX2uWmCZa6xefgODsN3Ad
-----END CERTIFICATE-----