Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/q9wiVN6y07jLfbsB39s4gKOzTpQ.roa
File:                     q9wiVN6y07jLfbsB39s4gKOzTpQ.roa (raw, json)
Hash identifier:          0mdfwSVie3bsGQnrgtbJC0R01lRbDDwgCo70csoyloc=
Subject key identifier:   AB:DC:22:54:DE:B2:D3:B8:CB:7D:BB:01:DF:DB:38:80:A3:B3:4E:94
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018F2EDD08A249CFA878E6426F7420E862D6
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/q9wiVN6y07jLfbsB39s4gKOzTpQ.roa
Signing time:             Tue 30 Apr 2024 11:56:28 +0000
ROA not before:           Tue 30 Apr 2024 11:56:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43391
IP address blocks:        194.180.38.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:2e:dd:08:a2:49:cf:a8:78:e6:42:6f:74:20:e8:62:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Apr 30 11:56:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=abdc2254deb2d3b8cb7dbb01dfdb3880a3b34e94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:68:39:a2:3f:50:42:c9:ed:12:a8:7d:d3:53:
                    0b:5c:3e:e5:2c:d6:db:69:c9:7d:de:1e:9a:c7:74:
                    b5:b4:5a:d8:57:5b:52:6c:d5:5f:d2:e2:cf:da:da:
                    2f:83:a0:c4:d4:9d:db:a6:1e:96:c6:cb:7b:0a:06:
                    f8:17:36:f0:5f:61:db:60:94:1d:8d:f4:bb:33:a9:
                    4c:4d:98:fe:2a:87:20:dd:00:18:d7:b3:e9:23:81:
                    07:d4:14:10:89:11:d5:22:a0:4c:18:92:f1:64:18:
                    d6:04:6b:e3:74:60:25:fb:ac:b3:79:f0:4f:ba:55:
                    46:66:a8:9e:dd:7e:45:60:7c:ec:2d:89:e7:ec:27:
                    fb:f1:f6:1b:ba:14:d9:59:20:53:c0:e4:03:39:53:
                    47:7a:05:c4:63:f2:65:ed:b6:33:86:e4:0a:6e:f5:
                    fe:0c:2b:13:4c:27:27:2b:56:c8:6d:52:82:b3:4e:
                    46:87:83:e1:21:3f:83:28:65:26:c5:d8:c0:95:36:
                    a3:5b:9b:c0:61:ca:42:8b:12:fe:86:f6:4f:a1:65:
                    b6:ed:8a:81:7e:9a:71:fe:e0:f7:b7:50:fb:a5:86:
                    cc:62:eb:cc:0f:d6:8a:28:01:6b:6b:15:db:e2:9c:
                    db:c0:de:a4:1a:04:d1:c0:62:5a:6a:8e:ab:bd:72:
                    14:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:DC:22:54:DE:B2:D3:B8:CB:7D:BB:01:DF:DB:38:80:A3:B3:4E:94
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/q9wiVN6y07jLfbsB39s4gKOzTpQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.180.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:cc:59:8a:76:e4:fe:da:3c:15:33:4c:cc:0b:e9:4f:33:2c:
         e7:b2:1c:11:9f:ec:5a:6c:08:14:56:72:1f:c0:2c:38:58:e4:
         7a:3e:6b:49:df:c8:9c:49:e8:d3:1b:b6:29:05:da:51:f9:f7:
         34:56:bc:d2:e1:3c:85:52:c2:3f:4b:fa:da:c7:bd:b2:2f:f6:
         97:cd:fe:05:09:e9:3d:63:29:4c:62:d9:c4:2b:c0:9c:d0:4f:
         df:5c:c3:17:3c:c9:4f:67:0c:82:5c:d8:c1:d8:ac:1d:76:be:
         ce:d6:0a:08:ef:ef:ca:81:55:27:b0:69:af:e6:b2:c2:51:ef:
         bc:51:b1:6e:2d:d6:b5:04:9c:a2:d5:4b:82:7a:30:5e:ab:67:
         01:da:4e:38:29:6e:ed:62:34:f5:b5:17:23:8d:68:3b:b8:53:
         8e:43:0f:f9:c7:6f:2f:cd:b9:85:65:20:37:c2:6d:db:ad:ec:
         d9:0d:4f:2f:43:95:31:87:04:00:c5:c3:e8:1a:f1:e2:bd:10:
         a0:51:71:48:01:90:08:5d:b9:cb:4f:44:01:24:ab:5f:b0:c7:
         a7:da:da:fc:3a:2a:ec:a6:9e:17:c9:99:dc:91:eb:77:12:af:
         0d:c0:2f:91:95:f7:a6:a8:e9:cc:46:f1:13:2b:4d:bf:63:a0:
         d0:13:17:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8u3QiiSc+oeOZCb3Qg6GLWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwNDMwMTE1NjI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmRjMjI1NGRlYjJkM2I4Y2I3ZGJiMDFkZmRiMzg4MGEzYjM0ZTk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxGg5oj9QQsntEqh901MLXD7lLNbb
acl93h6ax3S1tFrYV1tSbNVf0uLP2tovg6DE1J3bph6Wxst7Cgb4FzbwX2HbYJQd
jfS7M6lMTZj+Kocg3QAY17PpI4EH1BQQiRHVIqBMGJLxZBjWBGvjdGAl+6yzefBP
ulVGZqie3X5FYHzsLYnn7Cf78fYbuhTZWSBTwOQDOVNHegXEY/Jl7bYzhuQKbvX+
DCsTTCcnK1bIbVKCs05Gh4PhIT+DKGUmxdjAlTajW5vAYcpCixL+hvZPoWW27YqB
fppx/uD3t1D7pYbMYuvMD9aKKAFraxXb4pzbwN6kGgTRwGJaao6rvXIUlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKvcIlTestO4y327Ad/bOICjs06UMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvcTl3aVZONnkwN2pMZmJzQjM5czRnS096VHBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwrQmMA0G
CSqGSIb3DQEBCwUAA4IBAQAMzFmKduT+2jwVM0zMC+lPMyznshwRn+xabAgUVnIf
wCw4WOR6PmtJ38icSejTG7YpBdpR+fc0VrzS4TyFUsI/S/rax72yL/aXzf4FCek9
YylMYtnEK8Cc0E/fXMMXPMlPZwyCXNjB2Kwddr7O1goI7+/KgVUnsGmv5rLCUe+8
UbFuLda1BJyi1UuCejBeq2cB2k44KW7tYjT1tRcjjWg7uFOOQw/5x28vzbmFZSA3
wm3brezZDU8vQ5UxhwQAxcPoGvHivRCgUXFIAZAIXbnLT0QBJKtfsMen2tr8Oirs
pp4XyZncket3Eq8NwC+RlfemqOnMRvETK02/Y6DQExdn
-----END CERTIFICATE-----