Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/rmuqy-xExjile8qJp1uOFOrQbPc.roa
File:                     rmuqy-xExjile8qJp1uOFOrQbPc.roa (raw, json)
Hash identifier:          FBnylWmYGnDek9Q6c4M/TqkLAHqiejS8YPOAIKdvnTw=
Subject key identifier:   AE:6B:AA:CB:EC:44:C6:38:A5:7B:CA:89:A7:5B:8E:14:EA:D0:6C:F7
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       0196875CD71402E4D0EFE18A2FF45F0422CF
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/rmuqy-xExjile8qJp1uOFOrQbPc.roa
Signing time:             Wed 30 Apr 2025 15:42:10 +0000
ROA not before:           Wed 30 Apr 2025 15:42:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     268624
IP address blocks:        124.198.135.0/24 maxlen: 24
                          155.2.189.0/24 maxlen: 24
                          170.62.161.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 10 May 2025 13:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:87:5c:d7:14:02:e4:d0:ef:e1:8a:2f:f4:5f:04:22:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Apr 30 15:42:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ae6baacbec44c638a57bca89a75b8e14ead06cf7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:f6:4b:7a:4d:a0:75:b9:e6:c9:bf:38:c5:1d:
                    1e:56:28:97:2b:d6:ad:d7:59:46:08:24:d0:de:62:
                    5c:2f:48:4d:e2:ad:c5:c9:40:70:2b:6f:1c:46:ba:
                    9c:06:58:b0:a1:6f:ce:0b:29:c3:20:11:40:6a:5c:
                    ec:73:14:7f:40:ad:8b:f8:46:76:61:ac:20:d9:f6:
                    da:2f:f9:eb:fd:87:82:10:80:b8:bd:4e:1e:4d:92:
                    a0:f8:89:9c:83:dd:5f:5c:50:f3:df:6a:ed:c0:15:
                    43:ef:68:eb:aa:b3:33:53:90:f4:f6:bb:47:73:22:
                    34:98:fc:8d:13:fc:b3:85:8f:98:b2:42:43:1c:37:
                    8c:7e:c1:4e:48:70:7a:a9:ce:35:8e:33:5a:b2:68:
                    a7:f1:42:f0:e2:1c:97:da:2f:96:00:2e:4f:22:23:
                    7a:e0:3f:56:e3:7b:ae:1a:12:a2:28:cd:bc:62:72:
                    9b:de:5c:60:18:96:08:e4:4c:90:f7:68:4a:2b:6d:
                    00:4e:88:7c:de:2b:ee:38:4a:cb:ca:e8:3e:c8:7d:
                    ef:7c:42:6d:36:7e:b1:ff:22:fd:bf:db:21:59:d7:
                    51:4d:95:fb:cb:cf:0f:39:b2:30:4f:3a:fd:f2:2b:
                    87:48:69:26:bc:d5:65:93:89:f8:47:a7:7d:e4:b3:
                    32:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:6B:AA:CB:EC:44:C6:38:A5:7B:CA:89:A7:5B:8E:14:EA:D0:6C:F7
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/rmuqy-xExjile8qJp1uOFOrQbPc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  124.198.135.0/24
                  155.2.189.0/24
                  170.62.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:25:1a:cf:a1:f7:0f:88:4f:5c:7e:22:98:62:8d:ad:11:fd:
         b5:3c:40:59:27:17:79:18:28:38:46:c3:c3:54:ca:f0:e7:f0:
         9f:e8:36:2f:c5:11:6e:a5:df:4b:a1:be:a6:4a:6c:74:dc:11:
         ed:4a:06:94:69:1e:13:9c:8f:86:fa:e5:51:a5:77:62:3d:d5:
         87:a0:7e:a1:61:37:b0:cc:80:86:93:dd:88:b3:19:da:26:29:
         1b:fd:48:ef:ee:bc:6b:98:4a:ab:be:d4:e8:a5:75:dc:7e:54:
         5e:f5:7f:71:6c:62:5e:1a:47:45:95:79:bd:34:34:c2:ad:a4:
         ba:e5:ef:ca:5e:40:6c:7e:f6:2e:38:94:41:2c:8a:55:63:fd:
         10:a5:03:9d:68:28:60:41:1e:9d:e5:27:96:6c:32:df:62:17:
         24:e0:90:ee:11:9e:bc:ed:b8:ee:7e:ac:20:fd:7f:36:a9:a0:
         bb:5c:7f:f5:0c:7e:cd:e2:82:98:86:5b:82:2d:af:68:5b:0d:
         20:42:4c:7d:71:91:dd:d6:cd:8c:72:82:ca:8a:4e:ce:24:45:
         af:dc:a0:bc:73:a5:68:b0:dc:a7:b1:d9:5c:99:84:6e:eb:d6:
         95:33:99:2c:2a:4d:14:93:13:c8:bf:27:a0:da:f0:b5:57:95:
         60:56:86:49
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZaHXNcUAuTQ7+GKL/RfBCLPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjUwNDMwMTU0MjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTZiYWFjYmVjNDRjNjM4YTU3YmNhODlhNzViOGUxNGVhZDA2Y2Y3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt/ZLek2gdbnmyb84xR0eViiXK9at
11lGCCTQ3mJcL0hN4q3FyUBwK28cRrqcBliwoW/OCynDIBFAalzscxR/QK2L+EZ2
Yawg2fbaL/nr/YeCEIC4vU4eTZKg+Imcg91fXFDz32rtwBVD72jrqrMzU5D09rtH
cyI0mPyNE/yzhY+YskJDHDeMfsFOSHB6qc41jjNasmin8ULw4hyX2i+WAC5PIiN6
4D9W43uuGhKiKM28YnKb3lxgGJYI5EyQ92hKK20AToh83ivuOErLyug+yH3vfEJt
Nn6x/yL9v9shWddRTZX7y88PObIwTzr98iuHSGkmvNVlk4n4R6d95LMyuQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFK5rqsvsRMY4pXvKiadbjhTq0Gz3MB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvcm11cXkteEV4amlsZThxSnAxdU9GT3JRYlBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAfMaHAwQA
mwK9AwQAqj6hMA0GCSqGSIb3DQEBCwUAA4IBAQANJRrPofcPiE9cfiKYYo2tEf21
PEBZJxd5GCg4RsPDVMrw5/Cf6DYvxRFupd9Lob6mSmx03BHtSgaUaR4TnI+G+uVR
pXdiPdWHoH6hYTewzICGk92IsxnaJikb/Ujv7rxrmEqrvtTopXXcflRe9X9xbGJe
GkdFlXm9NDTCraS65e/KXkBsfvYuOJRBLIpVY/0QpQOdaChgQR6d5SeWbDLfYhck
4JDuEZ687bjufqwg/X82qaC7XH/1DH7N4oKYhluCLa9oWw0gQkx9cZHd1s2McoLK
ik7OJEWv3KC8c6VosNynsdlcmYRu69aVM5ksKk0UkxPIvyeg2vC1V5VgVoZJ
-----END CERTIFICATE-----