Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/3O-PquqRfbA6nwdvb9qh_AlphQI.roa
File:                     3O-PquqRfbA6nwdvb9qh_AlphQI.roa (raw, json)
Hash identifier:          ui7wdGtAkSn5jSbzg9QOpRGaOjEkXjjG4DHPpDLyVM8=
Subject key identifier:   DC:EF:8F:AA:EA:91:7D:B0:3A:9F:07:6F:6F:DA:A1:FC:09:69:85:02
Certificate issuer:       /CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
Certificate serial:       019420D5E634924B9C40D0DFD1C2E50A4F6C
Authority key identifier: 7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/3O-PquqRfbA6nwdvb9qh_AlphQI.roa
Signing time:             Wed 01 Jan 2025 07:47:56 +0000
ROA not before:           Wed 01 Jan 2025 07:47:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212607
IP address blocks:        5.10.248.0/24 maxlen: 24
                          5.10.249.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 13:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:e6:34:92:4b:9c:40:d0:df:d1:c2:e5:0a:4f:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
        Validity
            Not Before: Jan  1 07:47:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dcef8faaea917db03a9f076f6fdaa1fc09698502
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:8b:ef:bc:23:8c:33:e6:47:2a:c0:29:22:b7:
                    c6:90:ff:4b:5f:aa:84:06:d8:96:04:8d:69:fa:e0:
                    58:87:a3:27:4a:c1:e2:d9:fb:88:ba:7c:af:88:8b:
                    83:d3:df:8e:aa:e3:6d:f4:7c:99:f2:04:2e:11:ed:
                    6a:6e:6b:67:c4:ce:62:dd:b1:c9:1c:f1:40:50:e1:
                    44:9d:f1:bc:bd:0f:6a:31:11:22:83:57:17:37:2f:
                    4d:8a:8a:1e:e4:5a:6f:2a:9b:c8:b7:ef:95:b7:bf:
                    76:cd:b3:7b:09:9c:ad:6e:3c:66:fa:e4:71:96:a2:
                    5e:20:1e:b4:98:4b:3f:ec:6a:df:33:c3:e0:c2:f7:
                    7d:13:c7:34:82:2f:08:3f:9a:67:70:d1:3a:98:dc:
                    fc:c4:07:14:18:c6:43:5b:47:8c:1f:e7:6e:ee:3a:
                    de:84:5f:95:2a:15:21:d7:bb:08:74:23:ed:3d:d7:
                    ab:12:7a:61:58:1f:60:28:ea:1d:06:31:75:05:ba:
                    b1:d5:19:4d:84:05:5b:13:64:fb:7e:ca:4e:b8:b9:
                    f0:28:e8:11:78:a7:b2:66:9e:af:fd:a0:a6:de:81:
                    e3:91:e0:81:09:51:b7:0f:1e:92:c8:18:80:ad:33:
                    d7:b5:6d:72:f3:a2:13:c8:52:ad:ff:18:99:77:e7:
                    38:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:EF:8F:AA:EA:91:7D:B0:3A:9F:07:6F:6F:DA:A1:FC:09:69:85:02
            X509v3 Authority Key Identifier:
                keyid:7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/3O-PquqRfbA6nwdvb9qh_AlphQI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.10.248.0/23

    Signature Algorithm: sha256WithRSAEncryption
         41:10:98:b1:12:c7:c2:f0:a0:66:36:17:f9:5c:05:3c:00:80:
         77:34:b4:e8:25:a5:47:0a:db:06:33:1e:a4:1c:0d:e5:ae:3a:
         fb:ca:ee:e7:cb:f8:51:b5:6a:cb:c4:83:67:cc:bc:0e:e0:6a:
         a5:ad:46:b6:7f:43:5d:c3:ba:eb:a0:fe:b1:97:ed:77:78:9f:
         77:f8:53:35:bf:4f:cb:a3:3d:e4:9c:79:b5:12:5f:8d:f0:71:
         4e:44:19:f9:d6:e0:d5:d2:2d:e8:52:41:d6:8e:26:5a:67:40:
         e7:bf:60:65:07:c9:cd:5f:9d:c1:09:f7:00:5b:be:0a:7b:20:
         66:00:35:14:d2:1d:13:f4:aa:4c:31:d7:3f:ad:71:29:7f:4f:
         1d:65:65:93:fe:6f:16:33:26:75:0a:d5:f2:9b:e5:a0:c6:03:
         4f:d2:d2:1b:a5:08:0f:16:28:1b:8c:40:ef:ed:da:f4:15:12:
         1a:82:e3:78:97:95:94:1e:5d:05:33:71:f4:85:c1:20:87:84:
         40:fc:52:21:e7:a0:84:36:36:23:4f:e5:e6:b5:07:29:34:26:
         49:a7:78:18:a9:3b:d9:84:2f:4c:35:e4:5d:7e:b7:69:df:eb:
         e6:6e:60:d7:a3:ff:ec:f3:03:a2:46:b6:31:81:29:b9:0f:5b:
         ec:d6:55:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1eY0kkucQNDf0cLlCk9sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMDZhNDJiYjI0NDZlNTFmMTkyZWEzNzViZGY3ZWVjNWE1
MWM3N2YwHhcNMjUwMTAxMDc0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2VmOGZhYWVhOTE3ZGIwM2E5ZjA3NmY2ZmRhYTFmYzA5Njk4NTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvIvvvCOMM+ZHKsApIrfGkP9LX6qE
BtiWBI1p+uBYh6MnSsHi2fuIunyviIuD09+OquNt9HyZ8gQuEe1qbmtnxM5i3bHJ
HPFAUOFEnfG8vQ9qMREig1cXNy9Niooe5FpvKpvIt++Vt792zbN7CZytbjxm+uRx
lqJeIB60mEs/7GrfM8Pgwvd9E8c0gi8IP5pncNE6mNz8xAcUGMZDW0eMH+du7jre
hF+VKhUh17sIdCPtPderEnphWB9gKOodBjF1Bbqx1RlNhAVbE2T7fspOuLnwKOgR
eKeyZp6v/aCm3oHjkeCBCVG3Dx6SyBiArTPXtW1y86ITyFKt/xiZd+c4RwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNzvj6rqkX2wOp8Hb2/aofwJaYUCMB8GA1UdIwQY
MBaAFH0GpCuyRG5R8ZLqN1vffuxaUcd/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUt
MmNmODA2YjJkMGYyLzEvM08tUHF1cVJmYkE2bndkdmI5cWhfQWxwaFFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUtMmNmODA2YjJkMGYy
LzEvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBBQr4MA0G
CSqGSIb3DQEBCwUAA4IBAQBBEJixEsfC8KBmNhf5XAU8AIB3NLToJaVHCtsGMx6k
HA3lrjr7yu7ny/hRtWrLxINnzLwO4GqlrUa2f0Ndw7rroP6xl+13eJ93+FM1v0/L
oz3knHm1El+N8HFORBn51uDV0i3oUkHWjiZaZ0Dnv2BlB8nNX53BCfcAW74KeyBm
ADUU0h0T9KpMMdc/rXEpf08dZWWT/m8WMyZ1CtXym+WgxgNP0tIbpQgPFigbjEDv
7dr0FRIaguN4l5WUHl0FM3H0hcEgh4RA/FIh56CENjYjT+XmtQcpNCZJp3gYqTvZ
hC9MNeRdfrdp3+vmbmDXo//s8wOiRrYxgSm5D1vs1lWr
-----END CERTIFICATE-----