Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/1aa0a3-fcab-481e-86f5-88938bd53c16/1/aLQQDXXyyFCFCxYHC8_say5CLUI.roa
File:                     aLQQDXXyyFCFCxYHC8_say5CLUI.roa (raw, json)
Hash identifier:          zI2tGfqAmXq7ygJfVvFOBT2dePoqj3hccAoRf3t6VUo=
Subject key identifier:   68:B4:10:0D:75:F2:C8:50:85:0B:16:07:0B:CF:EC:6B:2E:42:2D:42
Certificate issuer:       /CN=d26d4c75cebe89614cf2e7e2e614c036f6f53ee2
Certificate serial:       019420D5C73CA8879645D237E43A0279478E
Authority key identifier: D2:6D:4C:75:CE:BE:89:61:4C:F2:E7:E2:E6:14:C0:36:F6:F5:3E:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0m1Mdc6-iWFM8ufi5hTANvb1PuI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/1aa0a3-fcab-481e-86f5-88938bd53c16/1/aLQQDXXyyFCFCxYHC8_say5CLUI.roa
Signing time:             Wed 01 Jan 2025 07:47:48 +0000
ROA not before:           Wed 01 Jan 2025 07:47:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     680
IP address blocks:        137.248.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/1aa0a3-fcab-481e-86f5-88938bd53c16/1/0m1Mdc6-iWFM8ufi5hTANvb1PuI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/1aa0a3-fcab-481e-86f5-88938bd53c16/1/0m1Mdc6-iWFM8ufi5hTANvb1PuI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0m1Mdc6-iWFM8ufi5hTANvb1PuI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:c7:3c:a8:87:96:45:d2:37:e4:3a:02:79:47:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d26d4c75cebe89614cf2e7e2e614c036f6f53ee2
        Validity
            Not Before: Jan  1 07:47:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=68b4100d75f2c850850b16070bcfec6b2e422d42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:54:ae:61:66:71:95:aa:32:91:17:14:0b:34:
                    b8:f4:92:eb:33:c8:38:2b:91:21:ae:cb:6b:fd:51:
                    33:af:58:86:a7:ae:9e:aa:6b:5f:2b:91:29:09:85:
                    03:ca:d1:d1:bd:5b:79:f9:f9:2b:87:cf:e0:11:49:
                    55:8d:35:29:21:af:ec:08:b8:1d:10:aa:f1:3c:b2:
                    4b:2f:3a:5d:11:e3:ae:c2:58:6f:7d:3e:77:ea:b4:
                    40:67:0c:bc:c7:25:6e:cc:13:11:4f:23:8d:42:86:
                    65:02:eb:76:78:0c:16:a4:ac:4d:10:32:6c:d4:41:
                    0e:02:77:e1:95:17:7a:7c:81:93:03:7c:5e:1f:8e:
                    2e:0f:c8:ab:e7:30:d8:d7:16:1e:2f:ca:74:40:95:
                    11:60:88:1e:fb:bd:dd:cc:7d:2a:cf:d0:5b:39:bc:
                    bf:05:ed:b9:76:9e:2b:58:c9:86:91:f6:00:32:2b:
                    80:77:a0:36:99:b8:59:2b:37:44:58:ef:5e:f7:74:
                    67:83:67:f2:f1:17:2d:bd:be:39:cf:0f:f9:c4:b0:
                    d9:ae:6c:d4:dc:b8:c9:a4:69:cc:27:77:0e:29:dc:
                    9c:48:cc:71:b2:ab:94:42:3e:bc:44:b2:8a:4a:83:
                    df:c0:40:ed:f8:ca:12:9b:30:b8:8f:5f:4b:b4:aa:
                    31:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:B4:10:0D:75:F2:C8:50:85:0B:16:07:0B:CF:EC:6B:2E:42:2D:42
            X509v3 Authority Key Identifier:
                keyid:D2:6D:4C:75:CE:BE:89:61:4C:F2:E7:E2:E6:14:C0:36:F6:F5:3E:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0m1Mdc6-iWFM8ufi5hTANvb1PuI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/1aa0a3-fcab-481e-86f5-88938bd53c16/1/aLQQDXXyyFCFCxYHC8_say5CLUI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/1aa0a3-fcab-481e-86f5-88938bd53c16/1/0m1Mdc6-iWFM8ufi5hTANvb1PuI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  137.248.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         11:6b:3c:c8:d0:a8:48:54:d5:bf:05:11:20:b8:23:77:db:07:
         5e:70:2d:12:65:41:86:3a:34:16:42:2e:05:d6:91:da:41:d7:
         14:f7:e1:a5:d7:ed:15:9d:67:70:56:89:4f:6c:36:47:6f:8c:
         bc:ce:ad:98:f1:4f:d1:6e:98:cc:25:c5:be:49:46:71:4b:8f:
         09:f1:d7:46:71:b6:73:26:cd:05:40:85:ed:06:81:c9:8e:65:
         9a:c8:83:89:c1:52:09:fe:a7:73:60:58:54:09:02:2d:1c:b2:
         f7:65:50:df:f0:0c:3b:d2:09:3d:67:ee:52:98:74:34:c9:48:
         c2:ad:e0:b5:e1:a3:4c:26:84:0b:b6:93:df:a3:7f:1c:de:32:
         20:8b:e8:05:9f:35:66:df:33:43:70:c3:10:02:7c:f5:af:bd:
         23:77:06:50:9b:93:af:67:f2:14:5b:2a:ea:f5:16:d2:cd:f5:
         83:32:14:8c:a0:e0:53:9d:92:35:db:a5:e4:cb:d6:fc:0c:4c:
         5a:cc:d6:82:5a:03:26:ad:df:8b:09:19:a9:5a:ce:ac:cd:4c:
         2e:71:31:2d:0f:bd:ba:87:83:ad:de:8c:db:f4:bc:c9:ed:8b:
         aa:a6:b0:0a:83:b3:2d:b5:2a:a2:20:7a:d3:4f:16:d6:c8:47:
         7f:e5:25:d6
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZQg1cc8qIeWRdI35DoCeUeOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyNmQ0Yzc1Y2ViZTg5NjE0Y2YyZTdlMmU2MTRjMDM2ZjZm
NTNlZTIwHhcNMjUwMTAxMDc0NzQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGI0MTAwZDc1ZjJjODUwODUwYjE2MDcwYmNmZWM2YjJlNDIyZDQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuVSuYWZxlaoykRcUCzS49JLrM8g4
K5Ehrstr/VEzr1iGp66eqmtfK5EpCYUDytHRvVt5+fkrh8/gEUlVjTUpIa/sCLgd
EKrxPLJLLzpdEeOuwlhvfT536rRAZwy8xyVuzBMRTyONQoZlAut2eAwWpKxNEDJs
1EEOAnfhlRd6fIGTA3xeH44uD8ir5zDY1xYeL8p0QJURYIge+73dzH0qz9BbOby/
Be25dp4rWMmGkfYAMiuAd6A2mbhZKzdEWO9e93Rng2fy8Rctvb45zw/5xLDZrmzU
3LjJpGnMJ3cOKdycSMxxsquUQj68RLKKSoPfwEDt+MoSmzC4j19LtKoxLwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFGi0EA118shQhQsWBwvP7GsuQi1CMB8GA1UdIwQY
MBaAFNJtTHXOvolhTPLn4uYUwDb29T7iMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMG0xTWRjNi1pV0ZNOHVmaTVoVEFOdmIxUHVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8xYWEwYTMtZmNhYi00ODFlLTg2ZjUt
ODg5MzhiZDUzYzE2LzEvYUxRUURYWHl5RkNGQ3hZSEM4X3NheTVDTFVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8xYWEwYTMtZmNhYi00ODFlLTg2ZjUtODg5MzhiZDUzYzE2
LzEvMG0xTWRjNi1pV0ZNOHVmaTVoVEFOdmIxUHVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAifgwDQYJ
KoZIhvcNAQELBQADggEBABFrPMjQqEhU1b8FESC4I3fbB15wLRJlQYY6NBZCLgXW
kdpB1xT34aXX7RWdZ3BWiU9sNkdvjLzOrZjxT9FumMwlxb5JRnFLjwnx10ZxtnMm
zQVAhe0GgcmOZZrIg4nBUgn+p3NgWFQJAi0csvdlUN/wDDvSCT1n7lKYdDTJSMKt
4LXho0wmhAu2k9+jfxzeMiCL6AWfNWbfM0NwwxACfPWvvSN3BlCbk69n8hRbKur1
FtLN9YMyFIyg4FOdkjXbpeTL1vwMTFrM1oJaAyat34sJGalazqzNTC5xMS0PvbqH
g63ejNv0vMnti6qmsAqDsy21KqIgetNPFtbIR3/lJdY=
-----END CERTIFICATE-----