Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/6bf528-bd34-40ee-b0dc-45f60f414ff7/1/qcTIDW8AZfh3-cQdQPG8w7eSM0Y.roa
File:                     qcTIDW8AZfh3-cQdQPG8w7eSM0Y.roa (raw, json)
Hash identifier:          FUjxFOLjgIxBhxWdIxI3k5m+8tslRzLv+iYHIjN7/bM=
Subject key identifier:   A9:C4:C8:0D:6F:00:65:F8:77:F9:C4:1D:40:F1:BC:C3:B7:92:33:46
Certificate issuer:       /CN=f69f07210b2884b4fea507bde227795b264062ed
Certificate serial:       01926C83389867187D9A80886653573E96F2
Authority key identifier: F6:9F:07:21:0B:28:84:B4:FE:A5:07:BD:E2:27:79:5B:26:40:62:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9p8HIQsohLT-pQe94id5WyZAYu0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/6bf528-bd34-40ee-b0dc-45f60f414ff7/1/qcTIDW8AZfh3-cQdQPG8w7eSM0Y.roa
Signing time:             Tue 08 Oct 2024 14:23:11 +0000
ROA not before:           Tue 08 Oct 2024 14:23:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214700
IP address blocks:        185.255.31.0/24 maxlen: 24
                          2a11:e0c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/6bf528-bd34-40ee-b0dc-45f60f414ff7/1/9p8HIQsohLT-pQe94id5WyZAYu0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/6bf528-bd34-40ee-b0dc-45f60f414ff7/1/9p8HIQsohLT-pQe94id5WyZAYu0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9p8HIQsohLT-pQe94id5WyZAYu0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 18:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:6c:83:38:98:67:18:7d:9a:80:88:66:53:57:3e:96:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f69f07210b2884b4fea507bde227795b264062ed
        Validity
            Not Before: Oct  8 14:23:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a9c4c80d6f0065f877f9c41d40f1bcc3b7923346
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:11:f2:cb:ba:ed:d2:dc:b7:f5:81:5d:44:12:
                    41:5b:ff:93:a7:36:1f:f3:ec:ce:6a:49:4a:7c:90:
                    c4:30:85:45:60:4a:7b:08:bb:a2:e6:03:df:b6:32:
                    06:ea:7c:4a:de:d9:9b:f1:da:b9:2b:0f:43:96:af:
                    7a:69:11:c8:cf:e2:98:45:29:09:f2:e4:e7:f3:83:
                    a8:49:c4:d5:57:9b:1c:46:99:fa:02:90:ff:87:9a:
                    4b:09:cd:05:c2:9a:c5:25:4b:53:3b:24:b6:b0:f3:
                    32:f3:0c:8e:72:e5:ef:db:45:a5:7c:95:10:13:66:
                    ec:58:e7:48:73:f6:f3:0d:21:4a:0e:b6:87:42:b1:
                    d6:71:3d:c4:7e:82:d0:3e:45:89:7a:4a:5e:26:f5:
                    50:5f:b8:a4:7b:1c:9e:0b:7f:63:8a:29:c6:bd:8d:
                    5f:28:35:94:b1:f8:ac:76:f8:17:27:2c:77:3c:c2:
                    41:83:78:d1:10:10:a8:09:c9:e6:39:9a:8c:43:aa:
                    11:60:fb:19:36:d3:56:fa:bb:0d:b3:30:e7:e0:8c:
                    63:2a:b3:3e:2f:51:eb:3c:de:df:f5:0f:98:69:1b:
                    77:f6:0d:4b:9f:2f:60:c8:bd:cf:c7:49:8a:ed:58:
                    0e:6e:84:1f:94:5c:b1:ba:f5:1d:17:34:66:4c:27:
                    39:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:C4:C8:0D:6F:00:65:F8:77:F9:C4:1D:40:F1:BC:C3:B7:92:33:46
            X509v3 Authority Key Identifier:
                keyid:F6:9F:07:21:0B:28:84:B4:FE:A5:07:BD:E2:27:79:5B:26:40:62:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9p8HIQsohLT-pQe94id5WyZAYu0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/6bf528-bd34-40ee-b0dc-45f60f414ff7/1/qcTIDW8AZfh3-cQdQPG8w7eSM0Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/6bf528-bd34-40ee-b0dc-45f60f414ff7/1/9p8HIQsohLT-pQe94id5WyZAYu0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.255.31.0/24
                IPv6:
                  2a11:e0c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         7c:60:85:8f:d3:9a:37:39:29:49:87:6d:c8:ec:18:22:35:3f:
         0d:3c:8c:e9:83:3c:3f:d0:88:a8:e3:85:a1:62:52:c2:2d:87:
         7d:b2:7f:8b:c2:ee:2e:bd:9c:13:80:01:84:c5:7c:3e:01:36:
         7c:ea:23:21:b3:aa:d5:29:ff:ac:53:63:32:b8:e7:65:2a:98:
         0f:40:94:d2:5e:94:e5:65:ff:7a:e7:19:b3:1e:ec:5e:02:a6:
         3c:31:a1:4c:7f:e2:b6:f0:dd:3f:b9:fc:5b:85:0d:93:52:79:
         b4:43:2c:c4:86:f3:0c:62:e2:6f:49:1d:65:a4:24:b2:15:b9:
         91:4e:69:c1:72:5b:3b:78:4f:08:f3:d3:33:c6:98:70:a0:5e:
         e9:f1:c1:8c:28:7a:dc:27:80:cb:1c:18:9f:f0:34:89:3b:96:
         0c:5c:cc:92:78:f1:e0:df:12:b7:98:54:5e:6e:d0:34:05:3f:
         52:22:3a:05:da:db:cc:66:e4:71:5b:5b:d9:c2:ab:93:78:9f:
         9c:ac:aa:5c:4a:ec:6b:07:b9:79:54:7b:c1:a8:ea:61:2a:23:
         30:6f:54:35:bc:82:61:68:0a:91:3f:c2:18:34:3e:b7:74:cd:
         75:2a:c6:76:ac:ee:ef:05:a9:e8:21:04:8a:37:8b:ad:07:b4:
         d7:ad:c9:3e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZJsgziYZxh9moCIZlNXPpbyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2OWYwNzIxMGIyODg0YjRmZWE1MDdiZGUyMjc3OTViMjY0
MDYyZWQwHhcNMjQxMDA4MTQyMzExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWM0YzgwZDZmMDA2NWY4NzdmOWM0MWQ0MGYxYmNjM2I3OTIzMzQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkxHyy7rt0ty39YFdRBJBW/+TpzYf
8+zOaklKfJDEMIVFYEp7CLui5gPftjIG6nxK3tmb8dq5Kw9Dlq96aRHIz+KYRSkJ
8uTn84OoScTVV5scRpn6ApD/h5pLCc0FwprFJUtTOyS2sPMy8wyOcuXv20WlfJUQ
E2bsWOdIc/bzDSFKDraHQrHWcT3EfoLQPkWJekpeJvVQX7ikexyeC39jiinGvY1f
KDWUsfisdvgXJyx3PMJBg3jREBCoCcnmOZqMQ6oRYPsZNtNW+rsNszDn4IxjKrM+
L1HrPN7f9Q+YaRt39g1Lny9gyL3Px0mK7VgOboQflFyxuvUdFzRmTCc5xwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKnEyA1vAGX4d/nEHUDxvMO3kjNGMB8GA1UdIwQY
MBaAFPafByELKIS0/qUHveIneVsmQGLtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXA4SElRc29oTFQtcFFlOTRpZDVXeVpBWXUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS82YmY1MjgtYmQzNC00MGVlLWIwZGMt
NDVmNjBmNDE0ZmY3LzEvcWNUSURXOEFaZmgzLWNRZFFQRzh3N2VTTTBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS82YmY1MjgtYmQzNC00MGVlLWIwZGMtNDVmNjBmNDE0ZmY3
LzEvOXA4SElRc29oTFQtcFFlOTRpZDVXeVpBWXUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuf8fMA0E
AgACMAcDBQMqEeDAMA0GCSqGSIb3DQEBCwUAA4IBAQB8YIWP05o3OSlJh23I7Bgi
NT8NPIzpgzw/0Iio44WhYlLCLYd9sn+Lwu4uvZwTgAGExXw+ATZ86iMhs6rVKf+s
U2MyuOdlKpgPQJTSXpTlZf965xmzHuxeAqY8MaFMf+K28N0/ufxbhQ2TUnm0QyzE
hvMMYuJvSR1lpCSyFbmRTmnBcls7eE8I89MzxphwoF7p8cGMKHrcJ4DLHBif8DSJ
O5YMXMySePHg3xK3mFRebtA0BT9SIjoF2tvMZuRxW1vZwquTeJ+crKpcSuxrB7l5
VHvBqOphKiMwb1Q1vIJhaAqRP8IYND63dM11KsZ2rO7vBanoIQSKN4utB7TXrck+
-----END CERTIFICATE-----