Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/MQQNQpnOLo7xjqCOz6nT8mwPN1c.roa
File:                     MQQNQpnOLo7xjqCOz6nT8mwPN1c.roa (raw, json)
Hash identifier:          2PaPwlupHN5M6LnrEQtTQs0LPCM/gyDxtY5UHvVEJSQ=
Subject key identifier:   31:04:0D:42:99:CE:2E:8E:F1:8E:A0:8E:CF:A9:D3:F2:6C:0F:37:57
Certificate issuer:       /CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
Certificate serial:       0196A43AF9FDD386B896127277F682A0FF92
Authority key identifier: 6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/MQQNQpnOLo7xjqCOz6nT8mwPN1c.roa
Signing time:             Tue 06 May 2025 06:14:10 +0000
ROA not before:           Tue 06 May 2025 06:14:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16276
IP address blocks:        217.179.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 May 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:a4:3a:f9:fd:d3:86:b8:96:12:72:77:f6:82:a0:ff:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
        Validity
            Not Before: May  6 06:14:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=31040d4299ce2e8ef18ea08ecfa9d3f26c0f3757
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:99:d5:9e:c4:48:80:50:37:e1:47:2f:46:e7:
                    a4:41:bc:0d:94:31:c3:9b:b5:3f:ab:a4:be:96:b8:
                    4b:f7:17:a0:36:67:4c:5f:73:ec:05:62:45:e2:1e:
                    c3:2a:30:d3:8f:ed:8f:ea:8c:b2:ce:0e:49:1f:c1:
                    ac:b8:66:a3:64:d7:e6:fc:c5:74:9d:25:4c:91:48:
                    0a:cf:7c:b2:f2:ea:8b:04:20:ea:50:6e:a2:02:92:
                    3a:82:1d:5f:af:e5:e5:52:88:ac:4a:39:bf:f0:35:
                    5f:a3:5a:fa:57:08:11:32:da:76:f1:95:ea:77:b9:
                    ba:4e:85:b7:18:28:de:3e:30:84:17:8f:fa:0d:6b:
                    a6:bb:11:34:77:71:71:20:bc:84:45:b2:4a:72:d1:
                    2c:0b:0e:32:1b:40:a0:99:cb:02:8a:29:85:f1:d3:
                    08:90:1f:36:b0:dd:17:50:85:d2:79:31:ca:5e:42:
                    e3:c9:cc:91:66:1e:13:77:4d:47:a0:81:fc:40:f6:
                    3a:9f:03:97:75:d0:0f:ce:d7:4c:4d:1f:1b:31:8d:
                    a8:8a:4a:f2:c6:98:b1:4b:51:46:c6:2f:28:b1:e6:
                    d3:27:76:21:dd:d8:12:ff:bd:6a:92:6d:35:0a:cb:
                    0a:ce:56:10:d9:2a:21:3d:35:43:d1:3b:5a:89:54:
                    b2:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:04:0D:42:99:CE:2E:8E:F1:8E:A0:8E:CF:A9:D3:F2:6C:0F:37:57
            X509v3 Authority Key Identifier:
                keyid:6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/MQQNQpnOLo7xjqCOz6nT8mwPN1c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.179.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:45:b9:cc:26:dd:59:a6:63:4f:20:af:47:6e:ad:54:34:be:
         eb:65:f8:82:8e:3a:c8:b8:2f:b5:08:3f:e8:f0:ee:66:fc:7b:
         d6:db:11:fa:b0:6e:c4:4f:54:d9:50:8a:78:6b:71:25:66:e2:
         14:66:ae:b8:cc:c3:4f:e9:7a:de:5b:4a:8d:73:6f:8b:29:16:
         51:a1:89:35:47:30:43:59:3a:ba:a6:27:bf:b3:aa:d7:3a:4e:
         8f:8e:cb:ea:fd:e2:6c:d4:13:86:c8:1b:06:48:a0:60:47:2d:
         44:1a:b5:e9:9c:72:0b:c9:36:d6:63:1f:40:c4:d1:6c:a0:3e:
         0e:a8:7a:37:b3:88:9c:0a:69:f4:c6:22:c9:5d:22:69:5c:f4:
         70:ac:93:4e:af:9f:b7:06:f8:fe:d0:03:9e:0f:3d:aa:9a:58:
         a8:e6:a6:5c:15:4e:b4:07:60:f1:74:e2:a4:e5:c3:32:4a:d5:
         82:2d:bb:52:7e:9b:be:63:9f:3b:ca:ec:81:5f:0f:46:37:7a:
         e3:0e:b9:ec:81:ce:7f:40:cb:d6:6c:96:c3:12:d7:3d:f5:64:
         2e:e2:f8:9a:4c:02:b3:21:0b:d7:c9:ed:55:39:ef:46:c8:8f:
         b8:60:26:e2:1c:f7:83:98:67:57:57:ba:5b:27:8d:b3:f0:d3:
         5e:b3:98:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZakOvn904a4lhJyd/aCoP+SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhNTgzNmRkZTliOWRhZWYzNWE4YTdmNzRkNjMyNmY2YjQy
ZGE3NGQwHhcNMjUwNTA2MDYxNDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTA0MGQ0Mjk5Y2UyZThlZjE4ZWEwOGVjZmE5ZDNmMjZjMGYzNzU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy5nVnsRIgFA34UcvRuekQbwNlDHD
m7U/q6S+lrhL9xegNmdMX3PsBWJF4h7DKjDTj+2P6oyyzg5JH8GsuGajZNfm/MV0
nSVMkUgKz3yy8uqLBCDqUG6iApI6gh1fr+XlUoisSjm/8DVfo1r6VwgRMtp28ZXq
d7m6ToW3GCjePjCEF4/6DWumuxE0d3FxILyERbJKctEsCw4yG0CgmcsCiimF8dMI
kB82sN0XUIXSeTHKXkLjycyRZh4Td01HoIH8QPY6nwOXddAPztdMTR8bMY2oikry
xpixS1FGxi8osebTJ3Yh3dgS/71qkm01CssKzlYQ2SohPTVD0TtaiVSyywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDEEDUKZzi6O8Y6gjs+p0/JsDzdXMB8GA1UdIwQY
MBaAFGpYNt3pudrvNain901jJva0LadNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUt
YzE5OTQyNzM3ZTZkLzEvTVFRTlFwbk9Mbzd4anFDT3o2blQ4bXdQTjFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUtYzE5OTQyNzM3ZTZk
LzEvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2bMHMA0G
CSqGSIb3DQEBCwUAA4IBAQCMRbnMJt1ZpmNPIK9Hbq1UNL7rZfiCjjrIuC+1CD/o
8O5m/HvW2xH6sG7ET1TZUIp4a3ElZuIUZq64zMNP6XreW0qNc2+LKRZRoYk1RzBD
WTq6pie/s6rXOk6Pjsvq/eJs1BOGyBsGSKBgRy1EGrXpnHILyTbWYx9AxNFsoD4O
qHo3s4icCmn0xiLJXSJpXPRwrJNOr5+3Bvj+0AOeDz2qmlio5qZcFU60B2DxdOKk
5cMyStWCLbtSfpu+Y587yuyBXw9GN3rjDrnsgc5/QMvWbJbDEtc99WQu4viaTAKz
IQvXye1VOe9GyI+4YCbiHPeDmGdXV7pbJ42z8NNes5hK
-----END CERTIFICATE-----