Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/d48cd4-2088-4025-aa17-f72233179ccf/1/QaiA1bZYqqrrTFcETKEeVAb9d0I.roa
File:                     QaiA1bZYqqrrTFcETKEeVAb9d0I.roa (raw, json)
Hash identifier:          3/CpVEgMrkvVAywW4VLDUD5sCi7Crs9f+8Us3UCgxOg=
Subject key identifier:   41:A8:80:D5:B6:58:AA:AA:EB:4C:57:04:4C:A1:1E:54:06:FD:77:42
Certificate issuer:       /CN=eeea4d4a6ad6b7289b1822ff4e3837a0a0619204
Certificate serial:       0196C86FC5203B7554EC284722496569BBAF
Authority key identifier: EE:EA:4D:4A:6A:D6:B7:28:9B:18:22:FF:4E:38:37:A0:A0:61:92:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7upNSmrWtyibGCL_Tjg3oKBhkgQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/d48cd4-2088-4025-aa17-f72233179ccf/1/QaiA1bZYqqrrTFcETKEeVAb9d0I.roa
Signing time:             Tue 13 May 2025 06:58:10 +0000
ROA not before:           Tue 13 May 2025 06:58:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56971
IP address blocks:        91.108.189.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/d48cd4-2088-4025-aa17-f72233179ccf/1/7upNSmrWtyibGCL_Tjg3oKBhkgQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/d48cd4-2088-4025-aa17-f72233179ccf/1/7upNSmrWtyibGCL_Tjg3oKBhkgQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7upNSmrWtyibGCL_Tjg3oKBhkgQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 14 May 2025 22:19:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:c8:6f:c5:20:3b:75:54:ec:28:47:22:49:65:69:bb:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eeea4d4a6ad6b7289b1822ff4e3837a0a0619204
        Validity
            Not Before: May 13 06:58:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=41a880d5b658aaaaeb4c57044ca11e5406fd7742
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:96:d2:3a:93:9a:1d:32:3a:cb:c9:e6:88:67:
                    ce:07:c4:10:77:67:87:af:db:44:49:81:2c:b3:97:
                    d2:83:73:28:76:30:49:74:31:c8:d8:90:33:57:34:
                    08:3f:20:ae:88:c5:b9:8f:e3:a4:4f:fd:d6:8e:e1:
                    2f:88:5e:29:00:92:f7:45:2a:6c:3b:d5:9e:f7:9f:
                    9a:f6:b3:e4:a0:85:ae:49:13:de:7e:ba:7e:18:2b:
                    5e:7b:a7:bf:d4:ed:d1:2a:fa:85:29:13:4a:a0:21:
                    73:19:5f:f4:ec:e9:b3:4c:63:24:76:02:fb:d6:ca:
                    4c:55:87:79:87:c3:a6:4b:38:e1:b9:ce:e4:c7:09:
                    44:8c:fb:28:3e:41:0d:b2:00:a6:e2:5b:16:77:5e:
                    8f:f2:2d:7f:8e:6f:c0:97:bc:63:9f:d1:18:15:53:
                    04:18:ae:39:44:47:57:75:f7:43:31:27:b6:ed:ea:
                    9a:15:4f:26:d8:51:44:45:0e:62:9d:37:03:3e:23:
                    74:3f:95:1c:86:1e:60:b0:1a:90:7f:03:57:06:68:
                    3b:1a:48:0c:a1:50:6d:2e:dc:91:c8:bd:3d:a6:80:
                    00:37:1b:cb:6e:fe:e3:97:06:da:75:41:ba:03:ae:
                    f2:f1:e9:f6:bb:72:96:8b:ab:9e:80:59:3c:cb:0d:
                    e2:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:A8:80:D5:B6:58:AA:AA:EB:4C:57:04:4C:A1:1E:54:06:FD:77:42
            X509v3 Authority Key Identifier:
                keyid:EE:EA:4D:4A:6A:D6:B7:28:9B:18:22:FF:4E:38:37:A0:A0:61:92:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7upNSmrWtyibGCL_Tjg3oKBhkgQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/d48cd4-2088-4025-aa17-f72233179ccf/1/QaiA1bZYqqrrTFcETKEeVAb9d0I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/d48cd4-2088-4025-aa17-f72233179ccf/1/7upNSmrWtyibGCL_Tjg3oKBhkgQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.108.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:aa:8b:24:27:e8:83:bb:cf:0d:70:5f:d3:08:47:70:a0:3c:
         43:6f:09:70:7e:66:24:ed:43:9e:9c:90:e7:5e:b2:ab:a0:da:
         8c:82:f6:52:c8:e2:50:70:5d:51:5c:0f:f4:3e:62:da:d8:8c:
         20:85:d2:57:44:35:99:c9:45:e1:ac:24:49:c3:76:9d:fb:85:
         21:93:01:7d:cd:cd:f7:3a:6b:f1:d8:96:af:0a:87:79:cb:1d:
         06:de:93:e8:52:9a:83:5e:09:53:48:27:96:43:07:bc:7e:b1:
         da:a8:bd:7f:79:a9:a9:18:72:da:18:68:1e:17:10:75:1d:c3:
         1b:95:2a:4f:a9:3a:a2:65:c1:a4:0b:be:56:f8:3a:93:9f:0c:
         7a:29:6a:27:5c:f2:af:f5:3d:c3:71:5c:f5:55:9d:96:ca:c7:
         c0:b4:16:6a:7c:b9:cd:16:42:e9:e9:93:aa:49:2c:ad:71:39:
         8b:4f:48:6e:00:64:c2:7a:dd:1b:0d:23:78:fc:cf:c1:d4:89:
         ef:c4:04:54:57:11:76:30:5e:08:02:39:06:1f:d7:ec:ac:f4:
         6e:5e:a1:26:97:ed:b4:c8:fd:5b:aa:39:c7:5d:be:96:70:10:
         c7:f1:15:8b:51:eb:14:5f:47:4d:99:1c:12:6d:f1:a7:70:f9:
         0b:7e:0e:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbIb8UgO3VU7ChHIkllabuvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlZWE0ZDRhNmFkNmI3Mjg5YjE4MjJmZjRlMzgzN2EwYTA2
MTkyMDQwHhcNMjUwNTEzMDY1ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWE4ODBkNWI2NThhYWFhZWI0YzU3MDQ0Y2ExMWU1NDA2ZmQ3NzQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoJbSOpOaHTI6y8nmiGfOB8QQd2eH
r9tESYEss5fSg3ModjBJdDHI2JAzVzQIPyCuiMW5j+OkT/3WjuEviF4pAJL3RSps
O9We95+a9rPkoIWuSRPefrp+GCtee6e/1O3RKvqFKRNKoCFzGV/07OmzTGMkdgL7
1spMVYd5h8OmSzjhuc7kxwlEjPsoPkENsgCm4lsWd16P8i1/jm/Al7xjn9EYFVME
GK45REdXdfdDMSe27eqaFU8m2FFERQ5inTcDPiN0P5Uchh5gsBqQfwNXBmg7GkgM
oVBtLtyRyL09poAANxvLbv7jlwbadUG6A67y8en2u3KWi6uegFk8yw3iJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEGogNW2WKqq60xXBEyhHlQG/XdCMB8GA1UdIwQY
MBaAFO7qTUpq1rcomxgi/044N6CgYZIEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3VwTlNtcld0eWliR0NMX1RqZzNvS0Joa2dRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC9kNDhjZDQtMjA4OC00MDI1LWFhMTct
ZjcyMjMzMTc5Y2NmLzEvUWFpQTFiWllxcXJyVEZjRVRLRWVWQWI5ZDBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC9kNDhjZDQtMjA4OC00MDI1LWFhMTctZjcyMjMzMTc5Y2Nm
LzEvN3VwTlNtcld0eWliR0NMX1RqZzNvS0Joa2dRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW2y9MA0G
CSqGSIb3DQEBCwUAA4IBAQCrqoskJ+iDu88NcF/TCEdwoDxDbwlwfmYk7UOenJDn
XrKroNqMgvZSyOJQcF1RXA/0PmLa2IwghdJXRDWZyUXhrCRJw3ad+4UhkwF9zc33
Omvx2JavCod5yx0G3pPoUpqDXglTSCeWQwe8frHaqL1/eampGHLaGGgeFxB1HcMb
lSpPqTqiZcGkC75W+DqTnwx6KWonXPKv9T3DcVz1VZ2WysfAtBZqfLnNFkLp6ZOq
SSytcTmLT0huAGTCet0bDSN4/M/B1InvxARUVxF2MF4IAjkGH9fsrPRuXqEml+20
yP1bqjnHXb6WcBDH8RWLUesUX0dNmRwSbfGncPkLfg77
-----END CERTIFICATE-----