Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/df2947-cd05-4405-949a-6a8033dcbe1c/1/QIZ7oB864tCgRt_o70Ipdd0FOK0.roa
File:                     QIZ7oB864tCgRt_o70Ipdd0FOK0.roa (raw, json)
Hash identifier:          m8Sbl87AQlvrLt/hOAausP00tdMD076gdUCeqvLuA8c=
Subject key identifier:   40:86:7B:A0:1F:3A:E2:D0:A0:46:DF:E8:EF:42:29:75:DD:05:38:AD
Certificate issuer:       /CN=3d9424b3c8e72f746a59eb199455aa3646a3a457
Certificate serial:       0194228E422748978C19B45654D8240091C3
Authority key identifier: 3D:94:24:B3:C8:E7:2F:74:6A:59:EB:19:94:55:AA:36:46:A3:A4:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PZQks8jnL3RqWesZlFWqNkajpFc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/df2947-cd05-4405-949a-6a8033dcbe1c/1/QIZ7oB864tCgRt_o70Ipdd0FOK0.roa
Signing time:             Wed 01 Jan 2025 15:48:55 +0000
ROA not before:           Wed 01 Jan 2025 15:48:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202283
IP address blocks:        185.232.220.0/22 maxlen: 22
                          193.109.238.0/24 maxlen: 24
                          2a0c:d100::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/df2947-cd05-4405-949a-6a8033dcbe1c/1/PZQks8jnL3RqWesZlFWqNkajpFc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/df2947-cd05-4405-949a-6a8033dcbe1c/1/PZQks8jnL3RqWesZlFWqNkajpFc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PZQks8jnL3RqWesZlFWqNkajpFc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:42:27:48:97:8c:19:b4:56:54:d8:24:00:91:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d9424b3c8e72f746a59eb199455aa3646a3a457
        Validity
            Not Before: Jan  1 15:48:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=40867ba01f3ae2d0a046dfe8ef422975dd0538ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:ed:88:ab:6c:8a:4e:fe:02:d4:e9:7b:ab:19:
                    63:6b:27:da:ad:42:88:dd:60:7a:d0:28:eb:c4:0f:
                    9a:6f:fb:eb:d7:f5:fc:b8:9d:14:6b:50:13:09:d6:
                    e6:5d:c6:87:28:b2:18:18:9e:f6:fb:04:92:09:9e:
                    78:e4:f0:6b:fd:bb:bb:06:5d:e4:81:ea:5d:b8:ce:
                    38:f4:70:0b:77:b7:79:04:81:44:03:c4:b1:c6:c6:
                    9e:f5:66:2c:9f:bc:7d:a7:20:fd:bd:cf:d2:7f:e2:
                    0d:c3:3b:08:34:d7:74:23:ca:a5:90:99:00:da:aa:
                    d3:85:27:5a:ec:26:37:05:d3:cb:05:5a:0d:0a:c7:
                    4f:09:c6:da:ee:6e:79:96:e8:87:54:ba:0b:18:2e:
                    0e:2e:4e:fa:e6:91:95:c0:19:6b:ab:5f:51:a3:42:
                    52:75:1f:b6:83:24:d1:be:60:9f:56:74:54:b7:3e:
                    23:9c:8e:37:2c:b8:64:8a:6f:d2:da:77:b7:1f:dc:
                    f4:d1:11:df:b3:6a:54:42:de:5c:1a:fe:51:43:f1:
                    2c:cf:aa:c3:a1:38:de:49:e2:b5:f4:b9:65:7c:bc:
                    4b:ae:e7:62:68:e8:0e:91:29:0f:09:f6:34:9a:bb:
                    f1:65:b8:45:7c:40:41:f3:f5:3d:2b:40:fe:c0:26:
                    2e:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:86:7B:A0:1F:3A:E2:D0:A0:46:DF:E8:EF:42:29:75:DD:05:38:AD
            X509v3 Authority Key Identifier:
                keyid:3D:94:24:B3:C8:E7:2F:74:6A:59:EB:19:94:55:AA:36:46:A3:A4:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PZQks8jnL3RqWesZlFWqNkajpFc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/df2947-cd05-4405-949a-6a8033dcbe1c/1/QIZ7oB864tCgRt_o70Ipdd0FOK0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/df2947-cd05-4405-949a-6a8033dcbe1c/1/PZQks8jnL3RqWesZlFWqNkajpFc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.232.220.0/22
                  193.109.238.0/24
                IPv6:
                  2a0c:d100::/29

    Signature Algorithm: sha256WithRSAEncryption
         74:23:2e:e4:e8:87:76:2c:fc:fc:f2:7a:23:37:bb:a1:df:08:
         64:36:c8:52:14:58:77:2a:49:dd:7f:77:15:01:50:61:98:dc:
         8a:e5:1c:cd:56:46:e0:48:3b:b1:1a:d4:d0:74:c4:3a:33:11:
         8d:75:a5:f1:96:57:76:c8:88:b5:28:c1:6c:e1:a3:a8:57:7d:
         d7:52:c2:c3:7b:ed:ea:62:ed:86:e2:a5:d1:9c:f9:09:82:f3:
         44:a1:d6:74:b3:56:97:61:37:34:bf:30:b2:04:cf:aa:e1:a6:
         5a:b6:ab:ca:bf:f9:2d:f1:5f:3d:2b:ee:74:2a:78:b0:d9:e1:
         99:cf:5b:b4:5f:1b:63:84:e4:35:10:bc:d3:59:d5:9f:70:cd:
         99:54:16:e9:d8:31:fe:c4:99:ab:07:c5:05:96:74:20:2a:e4:
         e1:90:e8:87:ef:ea:86:3a:a8:59:59:7d:e7:e6:be:67:fc:b3:
         c8:82:80:8b:ea:34:57:7d:1e:0e:cd:77:82:27:32:60:33:e4:
         59:fb:91:62:d8:6b:cc:36:ec:c6:5e:4d:23:48:ec:5c:db:61:
         db:e6:b8:fe:aa:d6:59:b0:da:c3:ec:01:8a:47:b0:61:81:1a:
         33:a6:22:7b:46:48:c3:92:ff:da:50:4a:76:95:b8:85:1b:91:
         ed:d0:4f:4b
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQijkInSJeMGbRWVNgkAJHDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkOTQyNGIzYzhlNzJmNzQ2YTU5ZWIxOTk0NTVhYTM2NDZh
M2E0NTcwHhcNMjUwMTAxMTU0ODU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDg2N2JhMDFmM2FlMmQwYTA0NmRmZThlZjQyMjk3NWRkMDUzOGFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhu2Iq2yKTv4C1Ol7qxljayfarUKI
3WB60CjrxA+ab/vr1/X8uJ0Ua1ATCdbmXcaHKLIYGJ72+wSSCZ545PBr/bu7Bl3k
gepduM449HALd7d5BIFEA8Sxxsae9WYsn7x9pyD9vc/Sf+INwzsINNd0I8qlkJkA
2qrThSda7CY3BdPLBVoNCsdPCcba7m55luiHVLoLGC4OLk765pGVwBlrq19Ro0JS
dR+2gyTRvmCfVnRUtz4jnI43LLhkim/S2ne3H9z00RHfs2pUQt5cGv5RQ/Esz6rD
oTjeSeK19LllfLxLrudiaOgOkSkPCfY0mrvxZbhFfEBB8/U9K0D+wCYuxQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFECGe6AfOuLQoEbf6O9CKXXdBTitMB8GA1UdIwQY
MBaAFD2UJLPI5y90alnrGZRVqjZGo6RXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFpRa3M4am5MM1JxV2VzWmxGV3FOa2FqcEZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy9kZjI5NDctY2QwNS00NDA1LTk0OWEt
NmE4MDMzZGNiZTFjLzEvUUlaN29CODY0dENnUnRfbzcwSXBkZDBGT0swLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy9kZjI5NDctY2QwNS00NDA1LTk0OWEtNmE4MDMzZGNiZTFj
LzEvUFpRa3M4am5MM1JxV2VzWmxGV3FOa2FqcEZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuejcAwQA
wW3uMA0EAgACMAcDBQMqDNEAMA0GCSqGSIb3DQEBCwUAA4IBAQB0Iy7k6Id2LPz8
8nojN7uh3whkNshSFFh3Kkndf3cVAVBhmNyK5RzNVkbgSDuxGtTQdMQ6MxGNdaXx
lld2yIi1KMFs4aOoV33XUsLDe+3qYu2G4qXRnPkJgvNEodZ0s1aXYTc0vzCyBM+q
4aZatqvKv/kt8V89K+50Kniw2eGZz1u0XxtjhOQ1ELzTWdWfcM2ZVBbp2DH+xJmr
B8UFlnQgKuThkOiH7+qGOqhZWX3n5r5n/LPIgoCL6jRXfR4OzXeCJzJgM+RZ+5Fi
2GvMNuzGXk0jSOxc22Hb5rj+qtZZsNrD7AGKR7BhgRozpiJ7RkjDkv/aUEp2lbiF
G5Ht0E9L
-----END CERTIFICATE-----