Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/2fbf83-b28b-4d36-b118-eb1086075167/1/QrmyC4CIx2vv7Z-lUNdnjNCZypc.roa
File:                     QrmyC4CIx2vv7Z-lUNdnjNCZypc.roa (raw, json)
Hash identifier:          IKXQv/kemTMUqLb8i87zPHnPLw6tP7Q9dpNF+PZ6HJ0=
Subject key identifier:   42:B9:B2:0B:80:88:C7:6B:EF:ED:9F:A5:50:D7:67:8C:D0:99:CA:97
Certificate issuer:       /CN=6827dc221544fc74215112a5812de196a2872e86
Certificate serial:       018FA2312C656CF9F71E289D3B7705FD06B6
Authority key identifier: 68:27:DC:22:15:44:FC:74:21:51:12:A5:81:2D:E1:96:A2:87:2E:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aCfcIhVE_HQhURKlgS3hlqKHLoY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/2fbf83-b28b-4d36-b118-eb1086075167/1/QrmyC4CIx2vv7Z-lUNdnjNCZypc.roa
Signing time:             Wed 22 May 2024 21:24:42 +0000
ROA not before:           Wed 22 May 2024 21:24:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9032
IP address blocks:        188.92.176.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/2fbf83-b28b-4d36-b118-eb1086075167/1/aCfcIhVE_HQhURKlgS3hlqKHLoY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/2fbf83-b28b-4d36-b118-eb1086075167/1/aCfcIhVE_HQhURKlgS3hlqKHLoY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aCfcIhVE_HQhURKlgS3hlqKHLoY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 03:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:a2:31:2c:65:6c:f9:f7:1e:28:9d:3b:77:05:fd:06:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6827dc221544fc74215112a5812de196a2872e86
        Validity
            Not Before: May 22 21:24:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=42b9b20b8088c76befed9fa550d7678cd099ca97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:de:72:95:31:9c:65:8f:81:03:2a:0d:5b:fb:
                    1b:6b:a9:d5:1d:00:80:43:5a:a0:5a:a8:34:cd:e6:
                    e9:e3:5c:b8:6c:85:a4:a3:9d:87:e3:2b:07:77:59:
                    85:5e:65:97:5d:b8:cb:9c:4d:06:76:35:7c:f2:e3:
                    77:d5:22:16:9a:f7:93:58:5a:2b:ae:a4:b0:22:21:
                    ff:b4:e7:32:d7:a5:34:ba:dc:09:25:e3:25:6b:f7:
                    5c:81:94:e3:5a:29:af:aa:56:b7:49:88:d5:31:68:
                    6f:a8:a4:2c:78:11:2f:14:68:54:da:c0:cf:9d:22:
                    2e:f9:6b:9d:e5:f8:27:b1:a6:1a:99:43:83:cc:23:
                    0a:f7:3b:46:73:a6:46:36:5c:f3:3a:1f:4c:97:df:
                    7d:aa:93:be:95:c7:46:c2:31:b8:1b:e0:50:9a:93:
                    d3:b7:e5:27:cc:31:52:b4:fd:1e:65:37:f2:d3:94:
                    ac:9e:18:5a:31:a4:77:dc:48:78:9f:8f:c3:df:09:
                    a1:3f:15:a2:61:ce:56:ba:2d:ca:0e:d6:3e:21:f7:
                    b0:7c:eb:b2:30:3c:9a:6d:39:4e:67:83:20:cd:29:
                    dc:c5:f5:ad:ee:56:95:64:57:2d:45:0c:5e:d2:f1:
                    a6:2e:a4:fb:25:ea:81:a3:b7:d3:9f:10:6e:7f:83:
                    23:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:B9:B2:0B:80:88:C7:6B:EF:ED:9F:A5:50:D7:67:8C:D0:99:CA:97
            X509v3 Authority Key Identifier:
                keyid:68:27:DC:22:15:44:FC:74:21:51:12:A5:81:2D:E1:96:A2:87:2E:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aCfcIhVE_HQhURKlgS3hlqKHLoY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/2fbf83-b28b-4d36-b118-eb1086075167/1/QrmyC4CIx2vv7Z-lUNdnjNCZypc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/2fbf83-b28b-4d36-b118-eb1086075167/1/aCfcIhVE_HQhURKlgS3hlqKHLoY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.92.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         aa:84:b5:36:a1:40:02:a0:e6:29:6e:0f:20:db:8d:52:65:13:
         30:b5:00:dc:1a:3c:66:85:d4:05:aa:83:74:5a:52:a0:d6:8f:
         79:5a:26:9e:39:c2:38:f1:61:ba:82:a5:50:18:54:37:34:61:
         61:da:a9:c2:0b:21:36:42:b0:7e:11:3d:ed:8c:21:ac:00:85:
         8e:ea:16:51:70:be:ec:9f:2f:24:38:cc:33:e2:fc:b9:a2:93:
         ba:41:7b:44:de:23:fd:c5:d7:d3:bb:37:54:0b:e7:41:3c:17:
         be:8c:4c:7b:e5:b8:ac:c5:e5:bf:8e:fe:16:2c:aa:6b:98:a7:
         71:4c:20:d4:48:ea:72:ec:a7:a7:e2:35:66:06:e8:07:b4:54:
         92:6c:0c:bd:c3:fd:da:4b:77:ee:02:17:7a:7c:53:34:64:9e:
         6f:6d:55:21:61:b9:cd:f2:bc:e7:3d:13:a9:4f:bd:f0:6e:77:
         11:e5:ff:01:68:ea:85:b6:ba:cb:e9:16:91:6f:a1:69:4f:9d:
         61:3f:bc:80:90:cf:52:4f:6e:2c:30:30:c6:87:eb:f9:7e:30:
         76:f3:48:bc:28:90:b9:fb:a0:20:c9:75:c6:43:24:9e:7c:aa:
         f1:79:97:10:59:b2:5a:86:43:65:39:a5:9e:3c:f5:05:0b:59:
         1b:09:25:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+iMSxlbPn3HiidO3cF/Qa2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4MjdkYzIyMTU0NGZjNzQyMTUxMTJhNTgxMmRlMTk2YTI4
NzJlODYwHhcNMjQwNTIyMjEyNDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MmI5YjIwYjgwODhjNzZiZWZlZDlmYTU1MGQ3Njc4Y2QwOTljYTk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq95ylTGcZY+BAyoNW/sba6nVHQCA
Q1qgWqg0zebp41y4bIWko52H4ysHd1mFXmWXXbjLnE0GdjV88uN31SIWmveTWFor
rqSwIiH/tOcy16U0utwJJeMla/dcgZTjWimvqla3SYjVMWhvqKQseBEvFGhU2sDP
nSIu+Wud5fgnsaYamUODzCMK9ztGc6ZGNlzzOh9Ml999qpO+lcdGwjG4G+BQmpPT
t+UnzDFStP0eZTfy05SsnhhaMaR33Eh4n4/D3wmhPxWiYc5Wui3KDtY+IfewfOuy
MDyabTlOZ4MgzSncxfWt7laVZFctRQxe0vGmLqT7JeqBo7fTnxBuf4Mj3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEK5sguAiMdr7+2fpVDXZ4zQmcqXMB8GA1UdIwQY
MBaAFGgn3CIVRPx0IVESpYEt4Zaihy6GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYUNmY0loVkVfSFFoVVJLbGdTM2hscUtITG9ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC8yZmJmODMtYjI4Yi00ZDM2LWIxMTgt
ZWIxMDg2MDc1MTY3LzEvUXJteUM0Q0l4MnZ2N1otbFVOZG5qTkNaeXBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC8yZmJmODMtYjI4Yi00ZDM2LWIxMTgtZWIxMDg2MDc1MTY3
LzEvYUNmY0loVkVfSFFoVVJLbGdTM2hscUtITG9ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCvFywMA0G
CSqGSIb3DQEBCwUAA4IBAQCqhLU2oUACoOYpbg8g241SZRMwtQDcGjxmhdQFqoN0
WlKg1o95WiaeOcI48WG6gqVQGFQ3NGFh2qnCCyE2QrB+ET3tjCGsAIWO6hZRcL7s
ny8kOMwz4vy5opO6QXtE3iP9xdfTuzdUC+dBPBe+jEx75bisxeW/jv4WLKprmKdx
TCDUSOpy7Ken4jVmBugHtFSSbAy9w/3aS3fuAhd6fFM0ZJ5vbVUhYbnN8rznPROp
T73wbncR5f8BaOqFtrrL6RaRb6FpT51hP7yAkM9ST24sMDDGh+v5fjB280i8KJC5
+6AgyXXGQySefKrxeZcQWbJahkNlOaWePPUFC1kbCSUG
-----END CERTIFICATE-----