Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/b25cf4-0a35-4bdb-9dcd-ee16086cfc72/1/Qu7yyD6p8Xqu7jSzdVwEkKbOxTQ.roa
File:                     Qu7yyD6p8Xqu7jSzdVwEkKbOxTQ.roa (raw, json)
Hash identifier:          08GYJzUz0FIxrHD0dOoyYwjeXS/M8kAi1lDBmOAWqsE=
Subject key identifier:   42:EE:F2:C8:3E:A9:F1:7A:AE:EE:34:B3:75:5C:04:90:A6:CE:C5:34
Certificate issuer:       /CN=1683805319d8485584dc39cf5381583fb6431d7a
Certificate serial:       018CC3B6B375BB4C0D73DF5EE7CF64FE6E96
Authority key identifier: 16:83:80:53:19:D8:48:55:84:DC:39:CF:53:81:58:3F:B6:43:1D:7A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FoOAUxnYSFWE3DnPU4FYP7ZDHXo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/b25cf4-0a35-4bdb-9dcd-ee16086cfc72/1/Qu7yyD6p8Xqu7jSzdVwEkKbOxTQ.roa
Signing time:             Mon 01 Jan 2024 06:29:39 +0000
ROA not before:           Mon 01 Jan 2024 06:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205189
IP address blocks:        185.226.217.0/24 maxlen: 24
                          185.226.216.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/b25cf4-0a35-4bdb-9dcd-ee16086cfc72/1/FoOAUxnYSFWE3DnPU4FYP7ZDHXo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/b25cf4-0a35-4bdb-9dcd-ee16086cfc72/1/FoOAUxnYSFWE3DnPU4FYP7ZDHXo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FoOAUxnYSFWE3DnPU4FYP7ZDHXo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:b3:75:bb:4c:0d:73:df:5e:e7:cf:64:fe:6e:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1683805319d8485584dc39cf5381583fb6431d7a
        Validity
            Not Before: Jan  1 06:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=42eef2c83ea9f17aaeee34b3755c0490a6cec534
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:9e:13:b0:bb:26:ae:44:34:97:56:1a:1a:63:
                    34:90:27:6b:e5:bf:be:f0:c9:b6:8c:e3:cf:c9:09:
                    da:4d:a2:71:6f:32:4e:33:85:12:ed:3e:28:d3:90:
                    bd:aa:84:f6:f6:94:e5:45:2d:58:0b:ed:f0:51:2e:
                    7f:43:86:aa:66:5d:ed:42:4b:5f:6a:5c:70:6c:f1:
                    f3:a0:ef:58:8f:b6:0d:74:45:f4:a8:e7:87:3d:a5:
                    7a:ab:d0:65:c5:30:45:26:80:32:84:41:9f:1e:ff:
                    b7:00:9d:9e:92:83:62:b5:f7:96:46:30:cd:01:2d:
                    bc:3b:f0:c4:76:47:f6:cb:61:67:50:aa:d9:7e:ab:
                    33:a6:3a:59:1e:b2:79:62:e1:77:73:32:ae:89:89:
                    24:81:1f:0a:16:36:02:c5:49:8b:9e:62:60:ac:75:
                    bb:8c:18:6a:a5:96:84:03:08:7d:2e:b2:47:d0:fe:
                    35:22:96:7c:4d:35:8c:77:b3:bb:95:e1:9b:75:59:
                    8e:1b:f2:64:04:d5:4d:ea:2c:1e:d4:17:c9:fc:4a:
                    93:00:cf:b1:1e:ad:80:be:90:2a:8c:79:1a:ba:0e:
                    e3:d9:f1:cf:f8:11:6b:73:48:33:98:d4:70:f3:20:
                    27:c6:54:d0:13:e7:b4:de:33:d8:26:d3:a2:69:b0:
                    8b:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:EE:F2:C8:3E:A9:F1:7A:AE:EE:34:B3:75:5C:04:90:A6:CE:C5:34
            X509v3 Authority Key Identifier:
                keyid:16:83:80:53:19:D8:48:55:84:DC:39:CF:53:81:58:3F:B6:43:1D:7A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FoOAUxnYSFWE3DnPU4FYP7ZDHXo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/b25cf4-0a35-4bdb-9dcd-ee16086cfc72/1/Qu7yyD6p8Xqu7jSzdVwEkKbOxTQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/b25cf4-0a35-4bdb-9dcd-ee16086cfc72/1/FoOAUxnYSFWE3DnPU4FYP7ZDHXo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.226.216.0/23

    Signature Algorithm: sha256WithRSAEncryption
         c8:3c:8b:cc:9c:ac:a6:d9:ed:96:0f:b5:5d:0d:48:8f:39:80:
         83:f1:1e:19:f9:06:e5:63:4d:f9:71:6c:be:7e:05:d2:c4:76:
         a9:32:8e:35:7d:3a:27:9f:f6:77:b6:ca:3c:9e:a2:c6:5c:a5:
         18:d5:e8:49:66:66:7b:e4:91:89:47:0a:91:62:83:c2:f0:df:
         dc:1f:c5:37:1c:2e:f3:a1:e5:ae:26:a3:36:09:97:b0:85:ed:
         c8:33:04:c2:57:5c:c3:17:d5:05:dd:1f:b5:71:4c:a2:8b:bc:
         07:d9:74:58:d5:06:89:6a:cc:17:86:91:90:88:f6:9e:b3:78:
         0e:f6:6f:49:a4:05:c9:ae:fc:48:f9:d4:b5:1f:de:01:a9:1b:
         cf:c7:aa:29:00:03:7f:46:00:bd:a1:85:85:71:0c:a9:e5:fb:
         60:e9:f1:6d:bd:28:52:ec:7a:ba:20:89:a7:df:17:16:57:c2:
         26:42:f7:e2:33:3e:90:57:aa:87:85:8b:25:bf:87:f2:a6:23:
         f8:71:28:d6:a1:a7:fd:47:0c:fb:71:4e:be:e7:64:2a:08:de:
         db:22:3b:ee:5d:53:26:d0:1d:d7:33:35:d2:01:23:a3:3b:fd:
         dc:70:f4:1d:b0:c7:88:5c:08:a6:f2:8a:8b:4e:e7:69:4a:27:
         6b:3e:f7:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtrN1u0wNc99e589k/m6WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2ODM4MDUzMTlkODQ4NTU4NGRjMzljZjUzODE1ODNmYjY0
MzFkN2EwHhcNMjQwMTAxMDYyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MmVlZjJjODNlYTlmMTdhYWVlZTM0YjM3NTVjMDQ5MGE2Y2VjNTM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv54TsLsmrkQ0l1YaGmM0kCdr5b++
8Mm2jOPPyQnaTaJxbzJOM4US7T4o05C9qoT29pTlRS1YC+3wUS5/Q4aqZl3tQktf
alxwbPHzoO9Yj7YNdEX0qOeHPaV6q9BlxTBFJoAyhEGfHv+3AJ2ekoNitfeWRjDN
AS28O/DEdkf2y2FnUKrZfqszpjpZHrJ5YuF3czKuiYkkgR8KFjYCxUmLnmJgrHW7
jBhqpZaEAwh9LrJH0P41IpZ8TTWMd7O7leGbdVmOG/JkBNVN6iwe1BfJ/EqTAM+x
Hq2AvpAqjHkaug7j2fHP+BFrc0gzmNRw8yAnxlTQE+e03jPYJtOiabCLhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFELu8sg+qfF6ru40s3VcBJCmzsU0MB8GA1UdIwQY
MBaAFBaDgFMZ2EhVhNw5z1OBWD+2Qx16MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRm9PQVV4bllTRldFM0RuUFU0RllQN1pESFhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9iMjVjZjQtMGEzNS00YmRiLTlkY2Qt
ZWUxNjA4NmNmYzcyLzEvUXU3eXlENnA4WHF1N2pTemRWd0VrS2JPeFRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9iMjVjZjQtMGEzNS00YmRiLTlkY2QtZWUxNjA4NmNmYzcy
LzEvRm9PQVV4bllTRldFM0RuUFU0RllQN1pESFhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBueLYMA0G
CSqGSIb3DQEBCwUAA4IBAQDIPIvMnKym2e2WD7VdDUiPOYCD8R4Z+QblY035cWy+
fgXSxHapMo41fTonn/Z3tso8nqLGXKUY1ehJZmZ75JGJRwqRYoPC8N/cH8U3HC7z
oeWuJqM2CZewhe3IMwTCV1zDF9UF3R+1cUyii7wH2XRY1QaJaswXhpGQiPaes3gO
9m9JpAXJrvxI+dS1H94BqRvPx6opAAN/RgC9oYWFcQyp5ftg6fFtvShS7Hq6IImn
3xcWV8ImQvfiMz6QV6qHhYslv4fypiP4cSjWoaf9Rwz7cU6+52QqCN7bIjvuXVMm
0B3XMzXSASOjO/3ccPQdsMeIXAim8oqLTudpSidrPvfu
-----END CERTIFICATE-----