Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/aa6629-d149-4197-a315-d21071ef735b/1/q4DLCiwmDYirYaXR0pW6mQzOUDQ.roa
File:                     q4DLCiwmDYirYaXR0pW6mQzOUDQ.roa (raw, json)
Hash identifier:          H1CEraYZFINGnfV6Z5SIpsKJRSIFzd5ruH7vpV3vCt0=
Subject key identifier:   AB:80:CB:0A:2C:26:0D:88:AB:61:A5:D1:D2:95:BA:99:0C:CE:50:34
Certificate issuer:       /CN=fa3d0bc11b29da44ad57304c3f8568870a019c24
Certificate serial:       0190DB48CAA8E2C85CF0C12C410B0D60FBA2
Authority key identifier: FA:3D:0B:C1:1B:29:DA:44:AD:57:30:4C:3F:85:68:87:0A:01:9C:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-j0LwRsp2kStVzBMP4VohwoBnCQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/aa6629-d149-4197-a315-d21071ef735b/1/q4DLCiwmDYirYaXR0pW6mQzOUDQ.roa
Signing time:             Mon 22 Jul 2024 16:31:38 +0000
ROA not before:           Mon 22 Jul 2024 16:31:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215480
IP address blocks:        185.49.106.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/aa6629-d149-4197-a315-d21071ef735b/1/1-j0LwRsp2kStVzBMP4VohwoBnCQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/aa6629-d149-4197-a315-d21071ef735b/1/1-j0LwRsp2kStVzBMP4VohwoBnCQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-j0LwRsp2kStVzBMP4VohwoBnCQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:db:48:ca:a8:e2:c8:5c:f0:c1:2c:41:0b:0d:60:fb:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fa3d0bc11b29da44ad57304c3f8568870a019c24
        Validity
            Not Before: Jul 22 16:31:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ab80cb0a2c260d88ab61a5d1d295ba990cce5034
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:40:2c:76:9f:1f:a8:63:5d:ba:03:9f:16:bd:
                    bc:d4:22:26:d4:c1:de:92:6a:ab:09:10:38:c7:4e:
                    d1:6e:70:56:a4:c9:50:b0:f1:28:2d:02:2b:bf:42:
                    e7:c8:e1:9e:f5:cc:cf:54:84:4d:f8:de:c4:7b:a5:
                    3a:c0:90:fe:69:97:e6:33:e6:b8:1d:18:00:82:18:
                    e4:63:c5:8b:7e:2c:08:6b:2a:66:af:91:43:a4:ae:
                    33:0a:1b:02:ab:54:47:2f:4e:f3:66:86:80:9e:bb:
                    5d:5c:41:95:9f:4b:6b:cb:2d:b6:5d:98:2a:ec:92:
                    24:ea:45:18:ac:0b:fb:87:2a:2b:dd:49:be:40:53:
                    d1:ff:4a:93:f7:4b:8d:20:39:44:53:43:e4:8d:52:
                    45:0f:50:63:50:56:2b:9e:9a:7e:d6:e0:ee:ce:3c:
                    a5:de:45:66:d0:63:fa:7a:45:16:25:ef:16:3b:5e:
                    ee:e3:ba:c9:4a:49:2d:2b:92:56:9c:a2:7b:b0:04:
                    95:a7:6b:0e:02:2e:bc:87:ff:d5:20:5a:7d:01:b9:
                    36:7f:6a:df:a4:39:14:48:13:18:fe:67:2e:9f:40:
                    8b:e0:c2:62:28:fa:0c:ed:c6:e9:ba:d7:bb:01:88:
                    b5:95:e0:4a:a1:78:2f:a1:e0:10:f1:2f:61:b6:7e:
                    c0:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:80:CB:0A:2C:26:0D:88:AB:61:A5:D1:D2:95:BA:99:0C:CE:50:34
            X509v3 Authority Key Identifier:
                keyid:FA:3D:0B:C1:1B:29:DA:44:AD:57:30:4C:3F:85:68:87:0A:01:9C:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-j0LwRsp2kStVzBMP4VohwoBnCQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/aa6629-d149-4197-a315-d21071ef735b/1/q4DLCiwmDYirYaXR0pW6mQzOUDQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/aa6629-d149-4197-a315-d21071ef735b/1/1-j0LwRsp2kStVzBMP4VohwoBnCQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.49.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:0b:d5:24:1d:e4:11:a8:48:c0:61:78:97:14:31:0d:ff:21:
         6c:a1:70:21:a7:7c:6f:31:f4:59:67:c1:60:55:29:4c:80:11:
         79:18:dc:d0:bd:62:d6:e4:3d:53:ed:6b:03:75:47:e4:c5:a6:
         54:02:79:45:c8:2b:02:f4:70:2a:0a:2d:95:07:7b:54:a0:d5:
         6e:ac:89:be:97:22:7e:07:ad:91:9f:74:e0:e1:f6:36:3a:04:
         c3:03:dd:41:49:60:9e:62:0f:4c:ba:83:8a:0f:48:9c:9d:53:
         64:85:19:18:2f:13:4a:13:93:30:de:ee:8d:39:f2:b1:ca:bd:
         5b:c0:dc:90:6b:7c:04:6e:06:89:24:d8:5e:08:50:71:1b:29:
         ba:ed:91:c8:f3:f3:de:57:f9:ec:5a:a5:9d:13:1e:c2:66:f1:
         65:3c:ab:ec:81:f2:f2:1d:7f:c7:cd:ee:7c:ce:ec:99:8d:2d:
         d0:f6:9e:17:f6:f7:37:62:15:2e:49:1b:7a:3d:38:3f:1c:d1:
         c8:a4:17:e9:ac:3a:2a:1b:25:1d:5d:53:06:be:34:3e:8e:28:
         53:31:ec:e3:21:04:b7:a5:1a:4a:53:32:5b:ca:00:d4:15:b7:
         5d:6b:5d:8a:b1:b0:29:c0:f4:bc:7e:fd:af:75:88:5c:89:fc:
         1b:26:bb:16
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZDbSMqo4shc8MEsQQsNYPuiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhM2QwYmMxMWIyOWRhNDRhZDU3MzA0YzNmODU2ODg3MGEw
MTljMjQwHhcNMjQwNzIyMTYzMTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjgwY2IwYTJjMjYwZDg4YWI2MWE1ZDFkMjk1YmE5OTBjY2U1MDM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtkAsdp8fqGNdugOfFr281CIm1MHe
kmqrCRA4x07RbnBWpMlQsPEoLQIrv0LnyOGe9czPVIRN+N7Ee6U6wJD+aZfmM+a4
HRgAghjkY8WLfiwIaypmr5FDpK4zChsCq1RHL07zZoaAnrtdXEGVn0tryy22XZgq
7JIk6kUYrAv7hyor3Um+QFPR/0qT90uNIDlEU0PkjVJFD1BjUFYrnpp+1uDuzjyl
3kVm0GP6ekUWJe8WO17u47rJSkktK5JWnKJ7sASVp2sOAi68h//VIFp9Abk2f2rf
pDkUSBMY/mcun0CL4MJiKPoM7cbpute7AYi1leBKoXgvoeAQ8S9htn7AkQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFKuAywosJg2Iq2Gl0dKVupkMzlA0MB8GA1UdIwQY
MBaAFPo9C8EbKdpErVcwTD+FaIcKAZwkMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1qMEx3UnNwMmtTdFZ6Qk1QNFZvaHdvQm5DUS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzMvYWE2NjI5LWQxNDktNDE5Ny1hMzE1
LWQyMTA3MWVmNzM1Yi8xL3E0RExDaXdtRFlpcllhWFIwcFc2bVF6T1VEUS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYzMvYWE2NjI5LWQxNDktNDE5Ny1hMzE1LWQyMTA3MWVmNzM1
Yi8xLzEtajBMd1JzcDJrU3RWekJNUDRWb2h3b0JuQ1EuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC5MWow
DQYJKoZIhvcNAQELBQADggEBAB4L1SQd5BGoSMBheJcUMQ3/IWyhcCGnfG8x9Fln
wWBVKUyAEXkY3NC9YtbkPVPtawN1R+TFplQCeUXIKwL0cCoKLZUHe1Sg1W6sib6X
In4HrZGfdODh9jY6BMMD3UFJYJ5iD0y6g4oPSJydU2SFGRgvE0oTkzDe7o058rHK
vVvA3JBrfARuBokk2F4IUHEbKbrtkcjz895X+exapZ0THsJm8WU8q+yB8vIdf8fN
7nzO7JmNLdD2nhf29zdiFS5JG3o9OD8c0cikF+msOiobJR1dUwa+ND6OKFMx7OMh
BLelGkpTMlvKANQVt11rXYqxsCnA9Lx+/a91iFyJ/BsmuxY=
-----END CERTIFICATE-----