Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/ab5e88-d2f9-487b-bb92-a4cb1cfd00b8/1/QZ-_aU3a6vpmf99Pa_FukQrqMsU.roa
File:                     QZ-_aU3a6vpmf99Pa_FukQrqMsU.roa (raw, json)
Hash identifier:          WBkqdPylOGOlo1tfXaETFSSNLG2F34gUGhwQYHR23cY=
Subject key identifier:   41:9F:BF:69:4D:DA:EA:FA:66:7F:DF:4F:6B:F1:6E:91:0A:EA:32:C5
Certificate issuer:       /CN=2989647851efcd198972ed3d149ccbbde9c55c00
Certificate serial:       018CC7259F0C013D4F773A96F306474D749C
Authority key identifier: 29:89:64:78:51:EF:CD:19:89:72:ED:3D:14:9C:CB:BD:E9:C5:5C:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KYlkeFHvzRmJcu09FJzLvenFXAA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/ab5e88-d2f9-487b-bb92-a4cb1cfd00b8/1/QZ-_aU3a6vpmf99Pa_FukQrqMsU.roa
Signing time:             Mon 01 Jan 2024 22:29:40 +0000
ROA not before:           Mon 01 Jan 2024 22:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41993
IP address blocks:        185.82.144.0/22 maxlen: 22
                          2a05:9100::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/ab5e88-d2f9-487b-bb92-a4cb1cfd00b8/1/KYlkeFHvzRmJcu09FJzLvenFXAA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/ab5e88-d2f9-487b-bb92-a4cb1cfd00b8/1/KYlkeFHvzRmJcu09FJzLvenFXAA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KYlkeFHvzRmJcu09FJzLvenFXAA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Jun 2024 07:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:9f:0c:01:3d:4f:77:3a:96:f3:06:47:4d:74:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2989647851efcd198972ed3d149ccbbde9c55c00
        Validity
            Not Before: Jan  1 22:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=419fbf694ddaeafa667fdf4f6bf16e910aea32c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:52:1f:0e:ee:e1:14:b1:74:d5:a2:c2:ca:69:
                    b3:1c:fb:55:5a:1c:f9:94:d4:b2:aa:24:42:3c:58:
                    16:f8:22:67:e2:b2:5e:03:44:62:e3:c7:77:83:3c:
                    93:6f:1a:09:fc:5d:49:1c:ad:9b:23:e5:e9:84:ba:
                    3f:64:d7:74:a4:20:23:1f:26:c9:50:32:7b:7e:67:
                    cc:3a:3d:83:e6:1d:4e:5e:2f:32:1e:83:df:ad:15:
                    8c:f3:54:51:09:ba:23:a5:8d:a5:39:c0:c9:15:82:
                    25:62:71:85:8d:8f:1a:39:66:3a:99:d0:cb:0d:bc:
                    55:ef:ed:95:32:c8:13:7f:82:5b:e8:73:40:76:3b:
                    30:5e:6c:26:47:be:94:15:1d:9e:ba:94:4c:b4:82:
                    cd:2f:9e:81:a0:06:00:69:24:e0:81:21:f4:ed:d7:
                    6c:93:f5:b5:14:8e:f2:9f:fc:d0:07:ab:1b:31:ac:
                    ee:b2:cc:2c:74:72:6d:9d:e3:bb:3c:a7:66:67:1e:
                    9d:80:46:de:47:20:fa:67:2f:0e:d1:b4:74:b5:4f:
                    35:5b:9b:79:75:99:35:a7:4a:f8:ae:bc:cd:a4:c5:
                    f3:a0:29:5b:ce:ae:47:ed:17:ff:18:48:72:bf:53:
                    d5:77:40:64:78:23:ad:5b:6f:1d:df:cd:0b:0e:db:
                    fd:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:9F:BF:69:4D:DA:EA:FA:66:7F:DF:4F:6B:F1:6E:91:0A:EA:32:C5
            X509v3 Authority Key Identifier:
                keyid:29:89:64:78:51:EF:CD:19:89:72:ED:3D:14:9C:CB:BD:E9:C5:5C:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KYlkeFHvzRmJcu09FJzLvenFXAA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/ab5e88-d2f9-487b-bb92-a4cb1cfd00b8/1/QZ-_aU3a6vpmf99Pa_FukQrqMsU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/ab5e88-d2f9-487b-bb92-a4cb1cfd00b8/1/KYlkeFHvzRmJcu09FJzLvenFXAA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.82.144.0/22
                IPv6:
                  2a05:9100::/29

    Signature Algorithm: sha256WithRSAEncryption
         10:d6:3b:4d:fa:a9:67:81:33:bb:fc:05:dd:4d:4e:fa:f9:ac:
         87:23:06:2f:28:09:0f:f8:e3:8e:f0:2b:29:33:1a:36:fa:05:
         51:32:df:66:03:07:94:99:4c:7d:83:8d:da:5f:22:2a:40:c8:
         01:7e:20:ef:60:e6:a5:a9:d4:d0:02:e7:b7:c5:9a:c3:7a:b9:
         0b:6c:0f:75:92:76:5b:07:4b:06:33:4e:2d:27:43:96:74:44:
         b0:9f:a0:17:73:96:95:06:6c:cb:8e:c9:6d:38:2d:0d:5c:50:
         22:1c:cf:b3:5e:19:13:e1:57:24:73:44:97:54:fa:ab:34:b1:
         4b:6c:0d:be:61:5a:e9:12:07:e8:fa:ee:9d:31:0c:1d:90:65:
         39:99:a5:08:ee:9d:e6:e6:c3:6f:b2:2a:b3:9b:12:93:4d:47:
         0f:cb:2f:15:9b:1d:a1:d3:1b:1b:23:32:8f:0c:79:6b:83:e0:
         c7:09:c2:d1:e7:be:67:d6:e1:7d:f9:07:4a:8a:c4:46:9a:6f:
         99:51:c1:52:1f:55:dc:be:d6:b6:f3:a8:d4:08:6e:f0:11:9e:
         c4:5b:e5:70:ff:73:65:0f:67:5e:c8:ee:3a:31:11:5e:8e:90:
         50:d2:0a:3d:74:3c:1e:ba:17:9c:22:57:23:d5:88:c2:2f:0d:
         09:70:3a:7a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHJZ8MAT1PdzqW8wZHTXScMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ODk2NDc4NTFlZmNkMTk4OTcyZWQzZDE0OWNjYmJkZTlj
NTVjMDAwHhcNMjQwMTAxMjIyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTlmYmY2OTRkZGFlYWZhNjY3ZmRmNGY2YmYxNmU5MTBhZWEzMmM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhlIfDu7hFLF01aLCymmzHPtVWhz5
lNSyqiRCPFgW+CJn4rJeA0Ri48d3gzyTbxoJ/F1JHK2bI+XphLo/ZNd0pCAjHybJ
UDJ7fmfMOj2D5h1OXi8yHoPfrRWM81RRCbojpY2lOcDJFYIlYnGFjY8aOWY6mdDL
DbxV7+2VMsgTf4Jb6HNAdjswXmwmR76UFR2eupRMtILNL56BoAYAaSTggSH07dds
k/W1FI7yn/zQB6sbMazusswsdHJtneO7PKdmZx6dgEbeRyD6Zy8O0bR0tU81W5t5
dZk1p0r4rrzNpMXzoClbzq5H7Rf/GEhyv1PVd0BkeCOtW28d380LDtv9AQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEGfv2lN2ur6Zn/fT2vxbpEK6jLFMB8GA1UdIwQY
MBaAFCmJZHhR780ZiXLtPRScy73pxVwAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1lsa2VGSHZ6Um1KY3UwOUZKekx2ZW5GWEFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy9hYjVlODgtZDJmOS00ODdiLWJiOTIt
YTRjYjFjZmQwMGI4LzEvUVotX2FVM2E2dnBtZjk5UGFfRnVrUXJxTXNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy9hYjVlODgtZDJmOS00ODdiLWJiOTItYTRjYjFjZmQwMGI4
LzEvS1lsa2VGSHZ6Um1KY3UwOUZKekx2ZW5GWEFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuVKQMA0E
AgACMAcDBQMqBZEAMA0GCSqGSIb3DQEBCwUAA4IBAQAQ1jtN+qlngTO7/AXdTU76
+ayHIwYvKAkP+OOO8CspMxo2+gVRMt9mAweUmUx9g43aXyIqQMgBfiDvYOalqdTQ
Aue3xZrDerkLbA91knZbB0sGM04tJ0OWdESwn6AXc5aVBmzLjsltOC0NXFAiHM+z
XhkT4Vckc0SXVPqrNLFLbA2+YVrpEgfo+u6dMQwdkGU5maUI7p3m5sNvsiqzmxKT
TUcPyy8Vmx2h0xsbIzKPDHlrg+DHCcLR575n1uF9+QdKisRGmm+ZUcFSH1Xcvta2
86jUCG7wEZ7EW+Vw/3NlD2deyO46MRFejpBQ0go9dDweuhecIlcj1YjCLw0JcDp6
-----END CERTIFICATE-----