Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/aQakZoVpblIF2l8ftAcQYXpdYPs.roa
File:                     aQakZoVpblIF2l8ftAcQYXpdYPs.roa (raw, json)
Hash identifier:          Qz6LkCub4Rva7m+YCvP3MwxbyfAomWKSd3klSr+E1Ag=
Subject key identifier:   69:06:A4:66:85:69:6E:52:05:DA:5F:1F:B4:07:10:61:7A:5D:60:FB
Certificate issuer:       /CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Certificate serial:       019427B563D0FAD0E0FDA5EE1B0435BD2B0D
Authority key identifier: 75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/aQakZoVpblIF2l8ftAcQYXpdYPs.roa
Signing time:             Thu 02 Jan 2025 15:49:46 +0000
ROA not before:           Thu 02 Jan 2025 15:49:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51628
IP address blocks:        192.145.99.0/24 maxlen: 24
                          2a09:6280:2::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 03:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:63:d0:fa:d0:e0:fd:a5:ee:1b:04:35:bd:2b:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
        Validity
            Not Before: Jan  2 15:49:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6906a46685696e5205da5f1fb40710617a5d60fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:fb:75:42:43:3e:2a:32:16:54:57:f8:6e:62:
                    36:26:eb:70:ab:e2:fa:fc:6f:67:49:91:98:d5:86:
                    bc:e2:e3:49:7a:7d:0b:21:08:34:3c:d0:02:72:6d:
                    20:ba:e5:4f:87:95:3b:92:59:f8:49:82:65:dd:9e:
                    7d:60:9e:8e:7b:da:0e:c9:17:da:86:d5:59:1d:cb:
                    ce:20:68:1d:5c:fd:ea:1f:a5:2a:d7:cb:83:4d:e9:
                    b8:0e:59:d3:d0:2a:6e:46:af:e6:ae:6a:ff:60:46:
                    b9:e2:30:50:2e:b1:e1:2e:b2:c0:9a:b9:69:d9:f3:
                    50:c2:56:48:85:d4:1f:33:15:e4:38:8c:35:e4:81:
                    e9:b3:f6:4c:eb:a4:d6:c3:12:a7:68:9c:13:34:78:
                    54:33:66:86:72:e1:e2:f8:27:03:e8:96:38:65:d9:
                    76:9f:07:5d:cf:de:ed:96:81:d9:bc:8e:b9:f9:89:
                    95:e9:b9:63:ce:bc:d0:2a:9a:7e:1a:37:81:e1:a7:
                    47:cd:82:99:72:6e:85:bc:98:df:d0:01:34:2c:1b:
                    1e:37:55:37:94:24:16:9c:8c:84:37:ba:e0:ea:4d:
                    40:61:e9:a9:d3:0a:2f:f5:fe:28:5a:41:40:b5:17:
                    b9:cd:40:c0:c1:93:14:a9:cd:5d:5a:77:fa:5d:1b:
                    6c:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:06:A4:66:85:69:6E:52:05:DA:5F:1F:B4:07:10:61:7A:5D:60:FB
            X509v3 Authority Key Identifier:
                keyid:75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/aQakZoVpblIF2l8ftAcQYXpdYPs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.145.99.0/24
                IPv6:
                  2a09:6280:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         12:56:8c:f8:31:0a:8f:d3:57:b4:a6:c6:7d:3f:86:d4:24:15:
         4f:4d:e9:5a:52:c7:fd:4f:78:58:ba:d1:a8:8e:36:9c:6c:90:
         91:31:94:a6:04:75:f1:e0:3a:72:0b:44:b6:08:40:39:53:15:
         44:c0:9f:4f:a9:e7:f0:b9:85:fb:e7:51:c4:6f:7f:84:af:63:
         49:4a:9b:aa:4a:67:79:23:26:b1:50:b7:87:52:a2:a9:48:89:
         73:ed:ec:33:ee:c1:18:b0:a9:38:1e:ab:62:77:ae:67:58:48:
         4e:a8:12:14:69:3d:5a:a6:30:fd:26:30:49:58:b8:53:43:6a:
         58:28:3a:3c:c9:22:6e:d9:6b:7a:74:8f:56:0e:48:bf:dd:db:
         22:6a:ae:56:a7:f0:54:2c:1b:f3:28:fd:2e:49:93:f5:33:b1:
         d4:f4:1d:06:36:0e:3e:3d:19:de:74:76:00:64:c1:ef:70:a4:
         7b:a2:52:f1:6d:b4:15:78:b6:7b:d9:c5:cc:e8:72:7a:aa:b7:
         75:41:46:b4:87:22:49:2a:1c:17:3e:ca:8b:24:a4:a6:b7:a7:
         c3:c8:01:7e:4e:be:b5:7a:fe:3d:48:c9:c1:58:be:a6:19:62:
         69:5f:d7:42:42:3e:1f:d2:fd:0c:b2:7c:c0:ca:6c:42:37:4f:
         3a:ab:29:e5
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQntWPQ+tDg/aXuGwQ1vSsNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MDg0NzVmZjBkOGVjOTYwMzM2MDE2ZTBlMDQyMjFhOThl
NWVjZjIwHhcNMjUwMTAyMTU0OTQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTA2YTQ2Njg1Njk2ZTUyMDVkYTVmMWZiNDA3MTA2MTdhNWQ2MGZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn/t1QkM+KjIWVFf4bmI2Jutwq+L6
/G9nSZGY1Ya84uNJen0LIQg0PNACcm0guuVPh5U7kln4SYJl3Z59YJ6Oe9oOyRfa
htVZHcvOIGgdXP3qH6Uq18uDTem4DlnT0CpuRq/mrmr/YEa54jBQLrHhLrLAmrlp
2fNQwlZIhdQfMxXkOIw15IHps/ZM66TWwxKnaJwTNHhUM2aGcuHi+CcD6JY4Zdl2
nwddz97tloHZvI65+YmV6bljzrzQKpp+GjeB4adHzYKZcm6FvJjf0AE0LBseN1U3
lCQWnIyEN7rg6k1AYemp0wov9f4oWkFAtRe5zUDAwZMUqc1dWnf6XRtsKwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGkGpGaFaW5SBdpfH7QHEGF6XWD7MB8GA1UdIwQY
MBaAFHUIR1/w2OyWAzYBbg4EIhqY5ezyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWIt
MTcxYzM2N2JlNzgyLzEvYVFha1pvVnBibElGMmw4ZnRBY1FZWHBkWVBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWItMTcxYzM2N2JlNzgy
LzEvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwJFjMA8E
AgACMAkDBwAqCWKAAAIwDQYJKoZIhvcNAQELBQADggEBABJWjPgxCo/TV7Smxn0/
htQkFU9N6VpSx/1PeFi60aiONpxskJExlKYEdfHgOnILRLYIQDlTFUTAn0+p5/C5
hfvnUcRvf4SvY0lKm6pKZ3kjJrFQt4dSoqlIiXPt7DPuwRiwqTgeq2J3rmdYSE6o
EhRpPVqmMP0mMElYuFNDalgoOjzJIm7Za3p0j1YOSL/d2yJqrlan8FQsG/Mo/S5J
k/UzsdT0HQY2Dj49Gd50dgBkwe9wpHuiUvFttBV4tnvZxczocnqqt3VBRrSHIkkq
HBc+yoskpKa3p8PIAX5OvrV6/j1IycFYvqYZYmlf10JCPh/S/QyyfMDKbEI3Tzqr
KeU=
-----END CERTIFICATE-----