Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/4ec569-8caf-4198-bae1-773120ff7c0f/1/QcNrAePIHNJY7dEM1KriCUd_Rjw.roa
File:                     QcNrAePIHNJY7dEM1KriCUd_Rjw.roa (raw, json)
Hash identifier:          qLFH0H2AJ+zfGDME3tJVMsNeYXLbEvrLVrPKea7ZjVA=
Subject key identifier:   41:C3:6B:01:E3:C8:1C:D2:58:ED:D1:0C:D4:AA:E2:09:47:7F:46:3C
Certificate issuer:       /CN=a016588bd1ccb2dd221c6f87838567475d7ef29b
Certificate serial:       018CC26D632BB055D00773FCE300B9BD9BB2
Authority key identifier: A0:16:58:8B:D1:CC:B2:DD:22:1C:6F:87:83:85:67:47:5D:7E:F2:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oBZYi9HMst0iHG-Hg4VnR11-8ps.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/4ec569-8caf-4198-bae1-773120ff7c0f/1/QcNrAePIHNJY7dEM1KriCUd_Rjw.roa
Signing time:             Mon 01 Jan 2024 00:29:57 +0000
ROA not before:           Mon 01 Jan 2024 00:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212942
IP address blocks:        176.105.167.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/4ec569-8caf-4198-bae1-773120ff7c0f/1/oBZYi9HMst0iHG-Hg4VnR11-8ps.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/4ec569-8caf-4198-bae1-773120ff7c0f/1/oBZYi9HMst0iHG-Hg4VnR11-8ps.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oBZYi9HMst0iHG-Hg4VnR11-8ps.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 21:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:63:2b:b0:55:d0:07:73:fc:e3:00:b9:bd:9b:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a016588bd1ccb2dd221c6f87838567475d7ef29b
        Validity
            Not Before: Jan  1 00:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=41c36b01e3c81cd258edd10cd4aae209477f463c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:13:5c:c5:9c:7c:8a:5e:cd:ab:7e:9a:e3:67:
                    a0:73:15:d1:43:db:a5:bb:39:5f:5b:a1:87:f9:8b:
                    33:3b:d0:83:fe:de:f5:5b:e4:9e:72:30:ad:83:67:
                    8b:8c:91:02:e0:e0:fd:47:c0:09:71:f7:6d:24:0f:
                    61:af:fc:e3:ba:26:20:de:5b:5f:fb:15:2d:8a:ef:
                    87:49:62:ef:69:dc:44:79:11:7d:0b:ef:9b:49:93:
                    cb:e0:ae:cd:d2:63:53:a5:29:59:7d:ad:95:ac:e3:
                    11:4d:b1:1d:af:e7:4e:92:e2:79:9f:c0:b1:e5:ea:
                    18:97:e0:bf:9f:06:c7:2f:68:59:b4:c4:75:32:42:
                    72:37:67:7a:cc:01:e8:54:13:01:72:12:95:5e:dd:
                    72:6d:85:87:9c:6d:7c:e0:42:50:14:91:2d:ce:15:
                    88:47:16:e9:02:08:65:5f:de:b4:2b:60:88:cb:83:
                    7d:33:fc:21:a3:85:27:5e:fa:3f:a8:b4:34:ed:e0:
                    75:44:aa:ae:8d:e1:44:ad:30:b6:ae:b2:38:d0:5c:
                    60:69:03:9d:50:0e:6e:3c:3c:a1:ef:ad:73:c3:ff:
                    38:6b:31:25:b2:70:5c:c4:85:1f:4a:c4:f1:77:4e:
                    9c:84:ec:69:6d:03:30:d8:d2:51:fc:0a:c0:54:89:
                    7f:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:C3:6B:01:E3:C8:1C:D2:58:ED:D1:0C:D4:AA:E2:09:47:7F:46:3C
            X509v3 Authority Key Identifier:
                keyid:A0:16:58:8B:D1:CC:B2:DD:22:1C:6F:87:83:85:67:47:5D:7E:F2:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oBZYi9HMst0iHG-Hg4VnR11-8ps.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/4ec569-8caf-4198-bae1-773120ff7c0f/1/QcNrAePIHNJY7dEM1KriCUd_Rjw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/4ec569-8caf-4198-bae1-773120ff7c0f/1/oBZYi9HMst0iHG-Hg4VnR11-8ps.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.105.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:2c:38:11:ff:01:40:bb:70:d0:cb:a8:73:49:c5:51:1c:f8:
         70:f6:8a:6b:1c:eb:c2:e0:47:02:4b:a1:db:65:b7:8f:82:d5:
         c6:f4:d1:81:63:8c:d6:84:54:a0:f5:1c:3e:76:7d:75:61:ef:
         7c:20:7f:a4:34:6c:77:7a:ce:ee:bb:26:a7:51:95:6b:85:80:
         93:8f:c4:38:8d:5e:df:a1:d6:ff:c1:6f:42:2e:0b:11:4a:36:
         ae:65:48:f8:32:b5:43:0a:30:d7:21:14:aa:5a:30:36:70:4c:
         39:8a:3a:01:5d:65:0b:8c:06:67:fb:ad:e7:88:03:1e:24:19:
         02:00:64:03:90:b6:6d:5c:48:a6:05:2d:7b:80:3d:06:af:d1:
         26:a8:f9:0a:b9:88:96:d4:5f:14:b9:26:eb:24:13:17:53:ce:
         81:83:fe:b7:9d:d9:08:26:a0:92:96:91:15:f4:b6:a2:fa:92:
         30:94:cf:42:fe:e8:6c:fc:e1:4a:4a:71:66:fc:31:b5:87:94:
         df:65:d5:6d:30:94:ca:06:25:21:c7:80:1d:6d:78:17:7e:1e:
         f3:0d:f6:ca:3a:6c:49:46:b0:1b:45:e0:b0:dc:a1:d6:e5:f7:
         ee:97:2c:65:0c:9c:f1:c2:9a:17:c9:26:f5:5b:ad:de:67:98:
         da:6a:3e:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbWMrsFXQB3P84wC5vZuyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwMTY1ODhiZDFjY2IyZGQyMjFjNmY4NzgzODU2NzQ3NWQ3
ZWYyOWIwHhcNMjQwMTAxMDAyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWMzNmIwMWUzYzgxY2QyNThlZGQxMGNkNGFhZTIwOTQ3N2Y0NjNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjxNcxZx8il7Nq36a42egcxXRQ9ul
uzlfW6GH+YszO9CD/t71W+SecjCtg2eLjJEC4OD9R8AJcfdtJA9hr/zjuiYg3ltf
+xUtiu+HSWLvadxEeRF9C++bSZPL4K7N0mNTpSlZfa2VrOMRTbEdr+dOkuJ5n8Cx
5eoYl+C/nwbHL2hZtMR1MkJyN2d6zAHoVBMBchKVXt1ybYWHnG184EJQFJEtzhWI
RxbpAghlX960K2CIy4N9M/who4UnXvo/qLQ07eB1RKqujeFErTC2rrI40FxgaQOd
UA5uPDyh761zw/84azElsnBcxIUfSsTxd06chOxpbQMw2NJR/ArAVIl/zwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEHDawHjyBzSWO3RDNSq4glHf0Y8MB8GA1UdIwQY
MBaAFKAWWIvRzLLdIhxvh4OFZ0ddfvKbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb0JaWWk5SE1zdDBpSEctSGc0Vm5SMTEtOHBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi80ZWM1NjktOGNhZi00MTk4LWJhZTEt
NzczMTIwZmY3YzBmLzEvUWNOckFlUElITkpZN2RFTTFLcmlDVWRfUmp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi80ZWM1NjktOGNhZi00MTk4LWJhZTEtNzczMTIwZmY3YzBm
LzEvb0JaWWk5SE1zdDBpSEctSGc0Vm5SMTEtOHBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsGmnMA0G
CSqGSIb3DQEBCwUAA4IBAQBcLDgR/wFAu3DQy6hzScVRHPhw9oprHOvC4EcCS6Hb
ZbePgtXG9NGBY4zWhFSg9Rw+dn11Ye98IH+kNGx3es7uuyanUZVrhYCTj8Q4jV7f
odb/wW9CLgsRSjauZUj4MrVDCjDXIRSqWjA2cEw5ijoBXWULjAZn+63niAMeJBkC
AGQDkLZtXEimBS17gD0Gr9EmqPkKuYiW1F8UuSbrJBMXU86Bg/63ndkIJqCSlpEV
9Lai+pIwlM9C/uhs/OFKSnFm/DG1h5TfZdVtMJTKBiUhx4AdbXgXfh7zDfbKOmxJ
RrAbReCw3KHW5ffulyxlDJzxwpoXySb1W63eZ5jaaj4P
-----END CERTIFICATE-----