Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/QQ9WCB260gyOsWox8m_pKFKSpQM.roa
File:                     QQ9WCB260gyOsWox8m_pKFKSpQM.roa (raw, json)
Hash identifier:          FHb0r1qMEEIvKCbqilL0ZCuMIBzCr9rcN8dVDO/KcmA=
Subject key identifier:   41:0F:56:08:1D:BA:D2:0C:8E:B1:6A:31:F2:6F:E9:28:52:92:A5:03
Certificate issuer:       /CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
Certificate serial:       018E751BE2142920E76D60977284DBDB9D3A
Authority key identifier: 86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/QQ9WCB260gyOsWox8m_pKFKSpQM.roa
Signing time:             Mon 25 Mar 2024 10:15:45 +0000
ROA not before:           Mon 25 Mar 2024 10:15:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     63902
IP address blocks:        5.102.120.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 03:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:75:1b:e2:14:29:20:e7:6d:60:97:72:84:db:db:9d:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
        Validity
            Not Before: Mar 25 10:15:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=410f56081dbad20c8eb16a31f26fe9285292a503
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:aa:71:aa:98:2d:d2:79:fe:09:92:ab:d2:12:
                    93:fe:ac:71:b5:5b:c3:c8:0f:f6:4c:27:18:eb:f1:
                    24:9a:26:14:df:69:02:54:3e:b3:22:76:e8:32:ac:
                    8f:a3:da:de:3c:da:0c:38:dc:30:74:f5:44:ff:3a:
                    ae:a2:b6:46:ee:ba:c9:f7:e5:3a:83:28:15:69:73:
                    36:ce:4f:7e:9e:4b:e9:d0:06:40:fe:48:fa:42:81:
                    da:24:37:a5:71:ad:0e:04:1b:d5:02:95:bf:87:d2:
                    49:91:4e:48:10:e8:43:f9:52:a2:ec:4d:8c:ef:e6:
                    9f:be:cb:dc:20:90:37:bf:78:5d:5c:64:aa:50:7c:
                    f1:20:db:13:f4:dd:8e:bb:fa:47:8a:1d:6c:82:fb:
                    b4:b5:c1:c5:2b:4d:08:91:8e:2b:e3:c7:13:a1:ed:
                    36:7d:98:d3:b4:98:34:50:01:10:ce:dd:fa:c3:6f:
                    5e:66:f4:e3:41:46:17:7d:7b:2b:c1:fb:2e:8e:9d:
                    e4:68:3c:d6:c0:79:5c:be:b8:48:7e:c2:eb:6b:3a:
                    44:40:eb:fa:3f:38:bd:5f:7f:32:97:c9:f5:29:c2:
                    15:d5:83:24:e1:cf:3f:6f:53:a3:73:02:a2:15:fb:
                    30:3e:73:a5:cc:7f:82:07:1b:cf:97:61:70:20:62:
                    b7:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:0F:56:08:1D:BA:D2:0C:8E:B1:6A:31:F2:6F:E9:28:52:92:A5:03
            X509v3 Authority Key Identifier:
                keyid:86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/QQ9WCB260gyOsWox8m_pKFKSpQM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.102.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         22:73:7e:5d:d9:4c:77:0a:bf:90:f7:6a:8d:bd:8f:c5:58:f4:
         35:8c:6d:3a:d3:8f:5e:b8:6d:0e:b1:54:a4:26:45:4c:17:ed:
         16:b3:ff:c3:7e:8d:18:7d:d9:f7:7f:53:1f:62:98:30:e2:63:
         19:95:90:61:da:94:01:2b:f9:a7:4a:35:5b:31:89:e7:a6:79:
         d1:c6:2a:13:b2:bc:50:b6:03:ea:9d:0c:07:8b:5b:67:db:d2:
         35:71:58:94:07:e8:83:c7:c4:e5:d1:a4:0b:d7:e3:2c:87:a4:
         07:b0:a4:d7:fb:4a:22:d6:7e:e2:dd:a0:05:5e:9f:c5:73:e6:
         ee:3c:c8:75:29:f6:70:ff:61:5e:9e:e4:a9:2d:3f:92:29:e6:
         26:31:ab:f5:77:20:6e:27:47:b1:55:12:5b:7a:5c:03:e7:37:
         3e:10:3a:9e:bb:92:84:bc:84:3d:58:65:89:1f:2d:fe:ca:c7:
         72:97:59:ac:89:85:0f:5d:2c:c5:5d:74:15:05:e8:c9:77:b9:
         10:0a:58:98:a8:9b:7c:ed:c6:aa:8f:61:f0:0f:cd:11:d2:cc:
         e1:5e:db:d7:4c:90:b4:03:ae:4c:8f:46:e6:51:28:fb:a1:8c:
         e0:a0:f0:4e:2e:a1:45:d4:2f:7c:56:10:9e:64:d5:55:89:0f:
         48:04:2f:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY51G+IUKSDnbWCXcoTb2506MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2Y2NlMDZlNzBkZjk3MGQ5MGFiZmUzY2JlN2ZhODgyZjQ2
N2IxZTQwHhcNMjQwMzI1MTAxNTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTBmNTYwODFkYmFkMjBjOGViMTZhMzFmMjZmZTkyODUyOTJhNTAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnKpxqpgt0nn+CZKr0hKT/qxxtVvD
yA/2TCcY6/EkmiYU32kCVD6zInboMqyPo9rePNoMONwwdPVE/zquorZG7rrJ9+U6
gygVaXM2zk9+nkvp0AZA/kj6QoHaJDelca0OBBvVApW/h9JJkU5IEOhD+VKi7E2M
7+afvsvcIJA3v3hdXGSqUHzxINsT9N2Ou/pHih1sgvu0tcHFK00IkY4r48cToe02
fZjTtJg0UAEQzt36w29eZvTjQUYXfXsrwfsujp3kaDzWwHlcvrhIfsLrazpEQOv6
Pzi9X38yl8n1KcIV1YMk4c8/b1OjcwKiFfswPnOlzH+CBxvPl2FwIGK3rQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEEPVggdutIMjrFqMfJv6ShSkqUDMB8GA1UdIwQY
MBaAFIbM4G5w35cNkKv+PL5/qIL0Z7HkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2Ut
ODk3MTRhN2U4ZDU4LzEvUVE5V0NCMjYwZ3lPc1dveDhtX3BLRktTcFFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2UtODk3MTRhN2U4ZDU4
LzEvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBWZ4MA0G
CSqGSIb3DQEBCwUAA4IBAQAic35d2Ux3Cr+Q92qNvY/FWPQ1jG06049euG0OsVSk
JkVMF+0Ws//Dfo0Yfdn3f1MfYpgw4mMZlZBh2pQBK/mnSjVbMYnnpnnRxioTsrxQ
tgPqnQwHi1tn29I1cViUB+iDx8Tl0aQL1+Msh6QHsKTX+0oi1n7i3aAFXp/Fc+bu
PMh1KfZw/2FenuSpLT+SKeYmMav1dyBuJ0exVRJbelwD5zc+EDqeu5KEvIQ9WGWJ
Hy3+ysdyl1msiYUPXSzFXXQVBejJd7kQCliYqJt87caqj2HwD80R0szhXtvXTJC0
A65Mj0bmUSj7oYzgoPBOLqFF1C98VhCeZNVViQ9IBC+o
-----END CERTIFICATE-----