Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/59c4b8-87f4-4f2f-a449-aabb062e40db/1/Q2-sQnLsuAPtuHrO-bGzXxyUoTo.roa
File:                     Q2-sQnLsuAPtuHrO-bGzXxyUoTo.roa (raw, json)
Hash identifier:          g74M2o/fvtFZBcFjqYZ6hezOWYRJbsJmGZ6wZ+OouRY=
Subject key identifier:   43:6F:AC:42:72:EC:B8:03:ED:B8:7A:CE:F9:B1:B3:5F:1C:94:A1:3A
Certificate issuer:       /CN=3545a7200164912041bb931efb1feac123b43a18
Certificate serial:       018CC9BB922F54C897852AF02A5124D43863
Authority key identifier: 35:45:A7:20:01:64:91:20:41:BB:93:1E:FB:1F:EA:C1:23:B4:3A:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NUWnIAFkkSBBu5Me-x_qwSO0Ohg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/59c4b8-87f4-4f2f-a449-aabb062e40db/1/Q2-sQnLsuAPtuHrO-bGzXxyUoTo.roa
Signing time:             Tue 02 Jan 2024 10:32:42 +0000
ROA not before:           Tue 02 Jan 2024 10:32:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20746
IP address blocks:        82.102.4.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/59c4b8-87f4-4f2f-a449-aabb062e40db/1/NUWnIAFkkSBBu5Me-x_qwSO0Ohg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/59c4b8-87f4-4f2f-a449-aabb062e40db/1/NUWnIAFkkSBBu5Me-x_qwSO0Ohg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NUWnIAFkkSBBu5Me-x_qwSO0Ohg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 13:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:92:2f:54:c8:97:85:2a:f0:2a:51:24:d4:38:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3545a7200164912041bb931efb1feac123b43a18
        Validity
            Not Before: Jan  2 10:32:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=436fac4272ecb803edb87acef9b1b35f1c94a13a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:fd:0c:bf:48:4b:a4:9a:b4:1d:72:bd:60:5a:
                    b2:cf:89:5f:6f:11:da:6f:14:8e:d4:67:37:3c:dd:
                    91:18:52:2d:42:24:3e:b4:5c:33:79:b6:4a:7c:6a:
                    c8:53:c6:93:64:ac:08:9e:09:d8:68:7a:9a:4f:9c:
                    99:01:0c:2a:d6:db:60:9a:7b:17:90:d4:7b:bc:f6:
                    e9:24:f0:c8:5d:61:25:5a:62:17:71:e9:6d:3a:4d:
                    27:68:28:47:b4:f7:28:59:73:bd:da:a6:22:c9:76:
                    67:4d:61:14:8c:7c:7d:d2:66:37:2f:63:3f:c8:38:
                    b1:47:37:38:7c:54:77:c7:01:b7:bc:9b:af:18:8d:
                    e8:e9:cc:76:9b:0f:24:7f:3e:44:d5:3c:59:6a:03:
                    88:6c:14:76:89:db:8a:2b:52:79:aa:f1:55:3d:e6:
                    63:ed:a5:00:2c:da:c9:58:73:c2:67:ae:ee:5e:49:
                    7a:1c:7b:43:d4:3c:d8:e3:4b:7c:d3:5d:5a:36:8f:
                    af:3f:be:9f:ec:da:08:c6:e4:fc:8d:fb:9f:10:b6:
                    14:1c:36:5e:09:08:1d:32:df:ad:59:d8:8b:34:21:
                    87:c4:16:e4:37:d1:33:4d:39:cb:f1:1b:2f:fa:7c:
                    ce:67:10:b6:96:f6:7b:86:e0:8c:74:cb:83:9d:ad:
                    e1:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:6F:AC:42:72:EC:B8:03:ED:B8:7A:CE:F9:B1:B3:5F:1C:94:A1:3A
            X509v3 Authority Key Identifier:
                keyid:35:45:A7:20:01:64:91:20:41:BB:93:1E:FB:1F:EA:C1:23:B4:3A:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NUWnIAFkkSBBu5Me-x_qwSO0Ohg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/59c4b8-87f4-4f2f-a449-aabb062e40db/1/Q2-sQnLsuAPtuHrO-bGzXxyUoTo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/59c4b8-87f4-4f2f-a449-aabb062e40db/1/NUWnIAFkkSBBu5Me-x_qwSO0Ohg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.102.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:4b:27:0a:80:f1:d4:7b:bc:95:89:7d:0a:75:cf:6c:ea:48:
         a8:da:44:e0:18:c2:4a:a2:09:bb:7b:80:f2:bb:97:c9:3d:65:
         24:00:e9:91:c9:fa:88:d6:b8:8e:89:2d:e7:01:dc:2b:69:d9:
         26:53:fa:12:44:7f:bc:75:4e:d4:f7:45:93:6d:45:eb:d3:cc:
         0f:7c:54:ec:59:1d:d4:9f:4e:80:f8:a3:95:49:f1:35:cb:19:
         46:98:9f:c6:3b:1a:e1:47:d6:6e:b6:ce:82:d7:3f:05:7d:d1:
         1b:47:a0:71:7b:42:35:e1:04:b5:0e:03:fc:3d:f0:ee:9d:6a:
         21:79:5a:5a:b5:8e:12:05:36:cf:86:c1:13:ad:d0:63:62:87:
         f4:fd:2e:ef:e5:ca:e8:69:a7:e2:e6:35:19:3a:69:a9:da:2f:
         2b:96:5c:d8:d4:35:3d:1a:57:44:6d:b0:b1:80:60:81:18:7c:
         5a:be:5f:08:75:ee:29:f5:38:15:0d:84:2a:b2:df:52:eb:e5:
         06:7e:89:21:32:cc:4a:e6:3c:17:03:9c:c2:f9:ec:84:3f:ef:
         b4:3d:2e:7b:2b:be:cc:d2:3f:41:00:70:44:de:72:12:44:a1:
         80:3d:cb:80:49:88:a7:65:16:2e:c2:97:75:67:40:a3:f7:62:
         e9:91:82:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJu5IvVMiXhSrwKlEk1DhjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NDVhNzIwMDE2NDkxMjA0MWJiOTMxZWZiMWZlYWMxMjNi
NDNhMTgwHhcNMjQwMTAyMTAzMjQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzZmYWM0MjcyZWNiODAzZWRiODdhY2VmOWIxYjM1ZjFjOTRhMTNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz/0Mv0hLpJq0HXK9YFqyz4lfbxHa
bxSO1Gc3PN2RGFItQiQ+tFwzebZKfGrIU8aTZKwIngnYaHqaT5yZAQwq1ttgmnsX
kNR7vPbpJPDIXWElWmIXceltOk0naChHtPcoWXO92qYiyXZnTWEUjHx90mY3L2M/
yDixRzc4fFR3xwG3vJuvGI3o6cx2mw8kfz5E1TxZagOIbBR2iduKK1J5qvFVPeZj
7aUALNrJWHPCZ67uXkl6HHtD1DzY40t8011aNo+vP76f7NoIxuT8jfufELYUHDZe
CQgdMt+tWdiLNCGHxBbkN9EzTTnL8Rsv+nzOZxC2lvZ7huCMdMuDna3hKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFENvrEJy7LgD7bh6zvmxs18clKE6MB8GA1UdIwQY
MBaAFDVFpyABZJEgQbuTHvsf6sEjtDoYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlVXbklBRmtrU0JCdTVNZS14X3F3U08wT2hnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy81OWM0YjgtODdmNC00ZjJmLWE0NDkt
YWFiYjA2MmU0MGRiLzEvUTItc1FuTHN1QVB0dUhyTy1iR3pYeHlVb1RvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy81OWM0YjgtODdmNC00ZjJmLWE0NDktYWFiYjA2MmU0MGRi
LzEvTlVXbklBRmtrU0JCdTVNZS14X3F3U08wT2hnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUmYEMA0G
CSqGSIb3DQEBCwUAA4IBAQCOSycKgPHUe7yViX0Kdc9s6kio2kTgGMJKogm7e4Dy
u5fJPWUkAOmRyfqI1riOiS3nAdwradkmU/oSRH+8dU7U90WTbUXr08wPfFTsWR3U
n06A+KOVSfE1yxlGmJ/GOxrhR9Zuts6C1z8FfdEbR6Bxe0I14QS1DgP8PfDunWoh
eVpatY4SBTbPhsETrdBjYof0/S7v5croaafi5jUZOmmp2i8rllzY1DU9GldEbbCx
gGCBGHxavl8Ide4p9TgVDYQqst9S6+UGfokhMsxK5jwXA5zC+eyEP++0PS57K77M
0j9BAHBE3nISRKGAPcuASYinZRYuwpd1Z0Cj92LpkYJk
-----END CERTIFICATE-----