Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/39d734-6fb1-4dc0-a128-d75f595fa7c3/1/qx-NGj8MV_Cd9zpPet-1VEa08Ro.roa
File:                     qx-NGj8MV_Cd9zpPet-1VEa08Ro.roa (raw, json)
Hash identifier:          cxZbSa6oQLmYFFxeIAfjlhTWw1+qGjLvscb3SdGJg1o=
Subject key identifier:   AB:1F:8D:1A:3F:0C:57:F0:9D:F7:3A:4F:7A:DF:B5:54:46:B4:F1:1A
Certificate issuer:       /CN=60c8d57747f729700ef2f5614f6dfdec8d119f2d
Certificate serial:       0194252166CF3B61830319034F39BFEE9ADF
Authority key identifier: 60:C8:D5:77:47:F7:29:70:0E:F2:F5:61:4F:6D:FD:EC:8D:11:9F:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YMjVd0f3KXAO8vVhT2397I0Rny0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d6/39d734-6fb1-4dc0-a128-d75f595fa7c3/1/qx-NGj8MV_Cd9zpPet-1VEa08Ro.roa
Signing time:             Thu 02 Jan 2025 03:48:53 +0000
ROA not before:           Thu 02 Jan 2025 03:48:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57133
IP address blocks:        185.130.136.0/24 maxlen: 24
                          185.130.137.0/24 maxlen: 24
                          185.130.138.0/24 maxlen: 24
                          185.130.139.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d6/39d734-6fb1-4dc0-a128-d75f595fa7c3/1/YMjVd0f3KXAO8vVhT2397I0Rny0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d6/39d734-6fb1-4dc0-a128-d75f595fa7c3/1/YMjVd0f3KXAO8vVhT2397I0Rny0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YMjVd0f3KXAO8vVhT2397I0Rny0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:66:cf:3b:61:83:03:19:03:4f:39:bf:ee:9a:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60c8d57747f729700ef2f5614f6dfdec8d119f2d
        Validity
            Not Before: Jan  2 03:48:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ab1f8d1a3f0c57f09df73a4f7adfb55446b4f11a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:1d:98:f6:1e:08:c2:a7:3c:d4:37:fa:e6:dd:
                    a8:2d:9d:09:90:d6:d3:32:8e:78:6c:fa:d5:bb:f7:
                    08:8b:cd:f2:1e:82:a4:de:4c:a9:0b:8b:45:36:13:
                    2f:f5:6e:3d:3f:a7:9b:3c:86:ac:e6:eb:8d:ab:d7:
                    96:ac:c3:49:91:c5:af:c5:79:48:69:a1:6d:3b:c9:
                    ab:51:22:d3:1d:13:89:25:1c:69:63:75:b6:83:9b:
                    a5:f6:95:ef:a6:f7:a6:15:ee:b0:72:e4:40:2b:5f:
                    7d:11:1c:40:55:95:80:5d:20:93:0a:e7:48:4b:43:
                    d4:37:21:18:c0:55:c2:eb:c0:84:d2:7e:15:fd:59:
                    c3:14:1f:49:5b:d5:36:f7:92:cd:13:f9:07:43:e4:
                    68:fa:84:6d:be:67:6a:6c:8d:e0:fa:e1:66:6e:2d:
                    aa:d9:3f:2d:c6:b3:2b:5f:e9:4e:1c:ba:d9:7c:16:
                    35:b9:f0:22:7b:53:c7:aa:05:c0:73:cb:f1:41:0a:
                    1a:bd:58:07:6c:ea:4e:a1:4e:92:30:9f:57:a1:ab:
                    10:e2:86:b3:c4:79:bd:05:e2:bc:b8:37:02:96:d7:
                    c5:9c:30:86:50:9b:70:95:a2:49:75:25:9e:a8:69:
                    af:4f:48:44:fd:a3:20:32:d5:9b:81:c1:53:67:04:
                    c3:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:1F:8D:1A:3F:0C:57:F0:9D:F7:3A:4F:7A:DF:B5:54:46:B4:F1:1A
            X509v3 Authority Key Identifier:
                keyid:60:C8:D5:77:47:F7:29:70:0E:F2:F5:61:4F:6D:FD:EC:8D:11:9F:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YMjVd0f3KXAO8vVhT2397I0Rny0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/39d734-6fb1-4dc0-a128-d75f595fa7c3/1/qx-NGj8MV_Cd9zpPet-1VEa08Ro.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/39d734-6fb1-4dc0-a128-d75f595fa7c3/1/YMjVd0f3KXAO8vVhT2397I0Rny0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.130.136.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a9:64:4b:a7:7a:c7:12:4a:43:b3:58:77:13:76:0d:e0:ff:fa:
         8a:e5:1b:56:1a:59:2f:26:34:b5:8c:51:56:30:50:bb:46:af:
         0c:9d:ab:ab:99:be:a2:0b:df:ae:97:7f:53:a4:dd:c4:1f:45:
         33:fa:11:10:e1:68:06:df:97:9c:7a:26:8d:6b:65:f7:73:4a:
         cf:68:6c:91:e9:43:db:7f:34:5c:75:79:33:4e:c1:96:18:f1:
         e9:57:c4:ee:41:9a:59:10:34:83:ac:16:d9:32:da:53:d0:ad:
         27:7c:3e:89:78:98:34:ef:03:ec:a3:0a:e4:fe:74:56:75:10:
         93:6f:e0:23:ca:51:cd:c6:3f:a7:46:8e:10:e8:d2:32:0d:db:
         4e:11:ae:f5:a6:0a:94:c7:21:44:d6:de:7f:b6:62:34:25:21:
         37:40:c4:f4:52:3a:b2:c8:8d:24:46:c6:e5:62:92:65:53:7f:
         e9:76:c1:a1:35:9b:fd:2a:47:45:3d:33:ae:8b:49:1d:ce:49:
         35:c4:6c:90:87:63:3c:f5:5d:69:f0:4d:bb:92:96:d3:de:cf:
         2a:b9:44:32:01:e4:35:fd:65:cd:5a:3f:e9:06:8e:27:4d:39:
         1a:93:52:b3:5e:8c:cb:31:00:8f:94:86:83:9d:32:dc:1e:37:
         ff:dd:47:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIWbPO2GDAxkDTzm/7prfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwYzhkNTc3NDdmNzI5NzAwZWYyZjU2MTRmNmRmZGVjOGQx
MTlmMmQwHhcNMjUwMTAyMDM0ODUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjFmOGQxYTNmMGM1N2YwOWRmNzNhNGY3YWRmYjU1NDQ2YjRmMTFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzB2Y9h4Iwqc81Df65t2oLZ0JkNbT
Mo54bPrVu/cIi83yHoKk3kypC4tFNhMv9W49P6ebPIas5uuNq9eWrMNJkcWvxXlI
aaFtO8mrUSLTHROJJRxpY3W2g5ul9pXvpvemFe6wcuRAK199ERxAVZWAXSCTCudI
S0PUNyEYwFXC68CE0n4V/VnDFB9JW9U295LNE/kHQ+Ro+oRtvmdqbI3g+uFmbi2q
2T8txrMrX+lOHLrZfBY1ufAie1PHqgXAc8vxQQoavVgHbOpOoU6SMJ9XoasQ4oaz
xHm9BeK8uDcCltfFnDCGUJtwlaJJdSWeqGmvT0hE/aMgMtWbgcFTZwTDkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKsfjRo/DFfwnfc6T3rftVRGtPEaMB8GA1UdIwQY
MBaAFGDI1XdH9ylwDvL1YU9t/eyNEZ8tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWU1qVmQwZjNLWEFPOHZWaFQyMzk3STBSbnkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNi8zOWQ3MzQtNmZiMS00ZGMwLWExMjgt
ZDc1ZjU5NWZhN2MzLzEvcXgtTkdqOE1WX0NkOXpwUGV0LTFWRWEwOFJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNi8zOWQ3MzQtNmZiMS00ZGMwLWExMjgtZDc1ZjU5NWZhN2Mz
LzEvWU1qVmQwZjNLWEFPOHZWaFQyMzk3STBSbnkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYKIMA0G
CSqGSIb3DQEBCwUAA4IBAQCpZEunescSSkOzWHcTdg3g//qK5RtWGlkvJjS1jFFW
MFC7Rq8Mnaurmb6iC9+ul39TpN3EH0Uz+hEQ4WgG35eceiaNa2X3c0rPaGyR6UPb
fzRcdXkzTsGWGPHpV8TuQZpZEDSDrBbZMtpT0K0nfD6JeJg07wPsowrk/nRWdRCT
b+AjylHNxj+nRo4Q6NIyDdtOEa71pgqUxyFE1t5/tmI0JSE3QMT0UjqyyI0kRsbl
YpJlU3/pdsGhNZv9KkdFPTOui0kdzkk1xGyQh2M89V1p8E27kpbT3s8quUQyAeQ1
/WXNWj/pBo4nTTkak1KzXozLMQCPlIaDnTLcHjf/3Udj
-----END CERTIFICATE-----
Generated at Sun Feb 2 08:53:26 2025 by rpki-client