Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/MrqpvKVhGghgWqjcBqKvEuXDI-w.roa
File:                     MrqpvKVhGghgWqjcBqKvEuXDI-w.roa (raw, json)
Hash identifier:          2m6ct1yYKNn97oNHEpEMtqOhuEyZV5Dslxg+dpwmv70=
Subject key identifier:   32:BA:A9:BC:A5:61:1A:08:60:5A:A8:DC:06:A2:AF:12:E5:C3:23:EC
Certificate issuer:       /CN=e760126dce78bc16e66c2e6e7635848ac46846af
Certificate serial:       019423D7F76C232A2778F7681245C1F0504C
Authority key identifier: E7:60:12:6D:CE:78:BC:16:E6:6C:2E:6E:76:35:84:8A:C4:68:46:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/52ASbc54vBbmbC5udjWEisRoRq8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/MrqpvKVhGghgWqjcBqKvEuXDI-w.roa
Signing time:             Wed 01 Jan 2025 21:49:03 +0000
ROA not before:           Wed 01 Jan 2025 21:49:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58061
IP address blocks:        146.247.105.0/24 maxlen: 24
                          146.247.110.0/24 maxlen: 24
                          146.247.124.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/52ASbc54vBbmbC5udjWEisRoRq8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/52ASbc54vBbmbC5udjWEisRoRq8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/52ASbc54vBbmbC5udjWEisRoRq8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 21:01:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:f7:6c:23:2a:27:78:f7:68:12:45:c1:f0:50:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e760126dce78bc16e66c2e6e7635848ac46846af
        Validity
            Not Before: Jan  1 21:49:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=32baa9bca5611a08605aa8dc06a2af12e5c323ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:37:a4:2f:37:f0:ba:79:b6:14:3a:5c:4a:8e:
                    8f:cb:1d:54:a7:b0:c1:7c:c1:80:1d:f3:06:64:a0:
                    fc:9d:e4:5c:b3:9a:3d:20:9c:97:07:6b:0c:58:54:
                    cb:3a:6d:4f:a6:52:b8:49:41:71:28:1d:1c:33:c3:
                    4d:e4:eb:29:a6:dd:e2:08:1b:f4:b5:2d:28:33:6b:
                    a6:0f:8b:82:fe:f0:24:9f:96:80:d5:ca:02:d1:00:
                    a2:2e:d9:e8:7e:69:14:56:7a:e3:57:9f:c5:f4:23:
                    5e:31:81:37:41:8d:c8:4c:15:3b:fe:16:09:a4:48:
                    f3:bd:b8:28:93:77:80:cb:a2:e3:eb:ed:54:f7:2c:
                    28:83:84:2d:44:10:a9:fe:e2:bc:5c:84:b7:69:07:
                    b7:03:41:b8:05:06:17:b4:41:1b:85:f4:a2:5b:c1:
                    e1:1a:29:c8:b9:02:fb:8d:e5:98:ab:5f:d9:f9:72:
                    ee:74:fd:2f:1c:67:c9:90:3e:a5:c9:5d:6b:e8:98:
                    44:b2:a7:aa:58:1b:4a:11:e9:27:2b:05:54:79:75:
                    5e:64:02:28:1f:33:cf:b4:61:6e:8b:05:0c:1c:06:
                    77:0d:89:30:8c:f3:43:a4:79:06:42:9e:88:be:f1:
                    c5:13:03:a9:f3:28:61:e1:dd:00:8b:7c:3a:45:61:
                    17:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:BA:A9:BC:A5:61:1A:08:60:5A:A8:DC:06:A2:AF:12:E5:C3:23:EC
            X509v3 Authority Key Identifier:
                keyid:E7:60:12:6D:CE:78:BC:16:E6:6C:2E:6E:76:35:84:8A:C4:68:46:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/52ASbc54vBbmbC5udjWEisRoRq8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/MrqpvKVhGghgWqjcBqKvEuXDI-w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/52ASbc54vBbmbC5udjWEisRoRq8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.247.105.0/24
                  146.247.110.0/24
                  146.247.124.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9c:82:f6:e6:e5:c3:47:31:7f:b4:d6:f5:be:24:b1:95:06:be:
         33:f1:f5:13:46:75:ab:97:a6:be:b2:9a:a7:73:17:be:e2:1f:
         b9:22:08:ab:bd:8e:6f:2a:61:18:c6:32:85:8a:4d:85:bf:1d:
         66:0a:f8:14:69:04:cd:9c:0b:6a:d4:a8:bf:ad:8b:b1:33:f4:
         99:ee:a1:a1:c8:15:39:40:d8:f0:0b:ca:ba:e9:68:15:88:3b:
         d9:34:e1:01:1c:94:ca:6a:98:c1:19:98:dd:ed:8d:55:38:a3:
         54:69:b4:b6:76:0a:13:9c:c5:bb:ab:0a:6b:6d:87:a4:c8:7c:
         ad:af:30:29:e5:5c:9d:3e:81:29:9a:c4:4b:3c:d2:52:38:a7:
         b8:6a:f4:78:e0:3d:23:20:14:bc:62:fa:9a:15:73:03:1c:f9:
         04:03:15:bd:3f:c8:04:a5:5b:e0:e4:21:42:45:52:24:78:50:
         40:19:a6:97:7d:74:42:ab:99:ae:e1:c8:3c:60:0a:72:b0:44:
         db:83:7d:fa:50:2a:62:12:fe:17:03:cc:08:41:e2:cc:30:0f:
         24:3a:5c:ba:71:bf:cf:33:9f:34:bd:95:95:72:71:dd:ac:45:
         69:17:95:76:13:60:76:4b:b0:c8:5e:54:54:ff:77:e8:b7:da:
         ef:c2:55:8f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQj1/dsIyonePdoEkXB8FBMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NjAxMjZkY2U3OGJjMTZlNjZjMmU2ZTc2MzU4NDhhYzQ2
ODQ2YWYwHhcNMjUwMTAxMjE0OTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMmJhYTliY2E1NjExYTA4NjA1YWE4ZGMwNmEyYWYxMmU1YzMyM2VjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtTekLzfwunm2FDpcSo6Pyx1Up7DB
fMGAHfMGZKD8neRcs5o9IJyXB2sMWFTLOm1PplK4SUFxKB0cM8NN5Osppt3iCBv0
tS0oM2umD4uC/vAkn5aA1coC0QCiLtnofmkUVnrjV5/F9CNeMYE3QY3ITBU7/hYJ
pEjzvbgok3eAy6Lj6+1U9ywog4QtRBCp/uK8XIS3aQe3A0G4BQYXtEEbhfSiW8Hh
GinIuQL7jeWYq1/Z+XLudP0vHGfJkD6lyV1r6JhEsqeqWBtKEeknKwVUeXVeZAIo
HzPPtGFuiwUMHAZ3DYkwjPNDpHkGQp6IvvHFEwOp8yhh4d0Ai3w6RWEX7wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDK6qbylYRoIYFqo3AairxLlwyPsMB8GA1UdIwQY
MBaAFOdgEm3OeLwW5mwubnY1hIrEaEavMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTJBU2JjNTR2QmJtYkM1dWRqV0Vpc1JvUnE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS80ODhmNjEtMmYwMC00NjM5LTk3Yjgt
ZDI0ZjU2MmRlZGQyLzEvTXJxcHZLVmhHZ2hnV3FqY0JxS3ZFdVhESS13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS80ODhmNjEtMmYwMC00NjM5LTk3YjgtZDI0ZjU2MmRlZGQy
LzEvNTJBU2JjNTR2QmJtYkM1dWRqV0Vpc1JvUnE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAkvdpAwQA
kvduAwQBkvd8MA0GCSqGSIb3DQEBCwUAA4IBAQCcgvbm5cNHMX+01vW+JLGVBr4z
8fUTRnWrl6a+spqncxe+4h+5IgirvY5vKmEYxjKFik2Fvx1mCvgUaQTNnAtq1Ki/
rYuxM/SZ7qGhyBU5QNjwC8q66WgViDvZNOEBHJTKapjBGZjd7Y1VOKNUabS2dgoT
nMW7qwprbYekyHytrzAp5VydPoEpmsRLPNJSOKe4avR44D0jIBS8YvqaFXMDHPkE
AxW9P8gEpVvg5CFCRVIkeFBAGaaXfXRCq5mu4cg8YApysETbg336UCpiEv4XA8wI
QeLMMA8kOly6cb/PM580vZWVcnHdrEVpF5V2E2B2S7DIXlRU/3fot9rvwlWP
-----END CERTIFICATE-----