Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/d8fc78-a51b-43dc-b50a-8ae43081aa36/1/DMQ-0Zb6Zg_wWBdrCvBqu7oANFQ.roa
File:                     DMQ-0Zb6Zg_wWBdrCvBqu7oANFQ.roa (raw, json)
Hash identifier:          /K0hKP44/sCFl+UJ4pD09eff9hWflWdLatDyk35J+yw=
Subject key identifier:   0C:C4:3E:D1:96:FA:66:0F:F0:58:17:6B:0A:F0:6A:BB:BA:00:34:54
Certificate issuer:       /CN=9aae46e2135930da268c064dce5adbb63a0cec36
Certificate serial:       018CC3B71618965F7161411CAFCEC86246DF
Authority key identifier: 9A:AE:46:E2:13:59:30:DA:26:8C:06:4D:CE:5A:DB:B6:3A:0C:EC:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mq5G4hNZMNomjAZNzlrbtjoM7DY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/d8fc78-a51b-43dc-b50a-8ae43081aa36/1/DMQ-0Zb6Zg_wWBdrCvBqu7oANFQ.roa
Signing time:             Mon 01 Jan 2024 06:30:05 +0000
ROA not before:           Mon 01 Jan 2024 06:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210875
IP address blocks:        87.236.160.0/24 maxlen: 24
                          2a11:4c80::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/d8fc78-a51b-43dc-b50a-8ae43081aa36/1/mq5G4hNZMNomjAZNzlrbtjoM7DY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/d8fc78-a51b-43dc-b50a-8ae43081aa36/1/mq5G4hNZMNomjAZNzlrbtjoM7DY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mq5G4hNZMNomjAZNzlrbtjoM7DY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:16:18:96:5f:71:61:41:1c:af:ce:c8:62:46:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9aae46e2135930da268c064dce5adbb63a0cec36
        Validity
            Not Before: Jan  1 06:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0cc43ed196fa660ff058176b0af06abbba003454
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:4b:0e:6c:0c:7c:99:25:cb:00:fe:a3:ae:09:
                    c9:ec:0b:af:05:9d:99:ff:49:af:2b:2e:c0:fa:cf:
                    fe:60:7d:a1:82:f4:5c:66:22:f8:11:d7:76:fb:4f:
                    54:48:82:0a:ad:7c:52:6b:8b:13:7c:d1:f5:3b:27:
                    44:fc:1b:9e:c8:32:46:b2:02:a1:6b:14:63:88:04:
                    0b:aa:e9:73:b0:22:a9:6f:c6:f4:6a:e4:d5:28:d2:
                    a0:4f:44:d1:a0:3d:d1:0a:9a:54:28:cd:f1:45:ee:
                    97:06:20:ff:0e:a9:21:7d:92:78:15:eb:fc:c1:ee:
                    40:86:6f:5c:36:fd:09:c8:1e:f7:22:ff:42:82:27:
                    f1:61:4d:a7:b3:4f:be:5f:93:dd:c6:78:b2:17:2f:
                    d0:88:48:3a:b2:1c:6d:4c:2c:f9:b4:46:38:a5:2a:
                    41:2f:d6:6f:10:2a:d6:5f:7a:c5:b1:eb:36:57:12:
                    46:aa:64:44:13:01:06:3d:c3:2f:24:48:25:df:1e:
                    0a:35:b7:72:78:12:24:c5:32:7f:32:72:e7:23:b7:
                    df:35:f5:0e:0b:55:87:25:99:32:fc:cf:d3:2f:a8:
                    be:fc:3a:85:7b:c7:3b:f5:fe:97:48:8e:7e:13:d4:
                    f2:30:4f:9a:c3:04:5d:34:35:5a:b2:44:15:c5:e6:
                    bc:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:C4:3E:D1:96:FA:66:0F:F0:58:17:6B:0A:F0:6A:BB:BA:00:34:54
            X509v3 Authority Key Identifier:
                keyid:9A:AE:46:E2:13:59:30:DA:26:8C:06:4D:CE:5A:DB:B6:3A:0C:EC:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mq5G4hNZMNomjAZNzlrbtjoM7DY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/d8fc78-a51b-43dc-b50a-8ae43081aa36/1/DMQ-0Zb6Zg_wWBdrCvBqu7oANFQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/d8fc78-a51b-43dc-b50a-8ae43081aa36/1/mq5G4hNZMNomjAZNzlrbtjoM7DY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.236.160.0/24
                IPv6:
                  2a11:4c80::/29

    Signature Algorithm: sha256WithRSAEncryption
         57:9f:45:34:c7:c6:33:c2:00:f4:e9:bb:a7:9a:40:74:18:52:
         2b:0a:b1:41:a8:43:cd:7e:12:67:a4:33:70:62:80:1d:9a:f7:
         97:f0:37:40:56:23:b6:61:71:34:e5:de:13:d1:f2:20:b0:06:
         14:a9:32:56:0b:64:c0:de:7c:56:20:ce:21:7a:bd:93:50:b4:
         2f:8a:82:60:ae:ae:66:4e:de:03:9d:57:8a:56:b0:16:b3:38:
         ec:fa:8e:a9:c8:25:4d:f3:07:be:43:05:f7:83:eb:8a:ac:1d:
         77:93:8f:bd:24:ab:6d:dc:c4:2c:37:47:9c:60:43:99:70:d4:
         e8:f6:2d:47:8b:9d:f5:93:76:bf:8f:8a:86:10:41:5d:79:f5:
         a8:e0:34:d5:10:0b:b1:6b:53:23:61:7c:c2:e9:70:d9:90:b1:
         92:02:19:22:f4:1e:00:37:31:7d:1e:f2:05:14:e1:a7:e9:e4:
         94:68:79:a7:cc:61:85:3d:fa:a0:b2:4b:66:7b:c2:00:d9:81:
         ec:8b:de:93:5e:65:96:6a:e8:e6:85:1e:65:7e:a0:38:26:1a:
         e6:cb:bd:08:88:36:9e:0a:57:ba:33:f0:28:39:a9:4a:2b:0b:
         29:7f:98:d4:a5:23:06:30:f3:75:e5:81:eb:40:1f:36:0f:0a:
         b5:ea:e9:9f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDtxYYll9xYUEcr87IYkbfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhYWU0NmUyMTM1OTMwZGEyNjhjMDY0ZGNlNWFkYmI2M2Ew
Y2VjMzYwHhcNMjQwMTAxMDYzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2M0M2VkMTk2ZmE2NjBmZjA1ODE3NmIwYWYwNmFiYmJhMDAzNDU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk0sObAx8mSXLAP6jrgnJ7AuvBZ2Z
/0mvKy7A+s/+YH2hgvRcZiL4Edd2+09USIIKrXxSa4sTfNH1OydE/BueyDJGsgKh
axRjiAQLqulzsCKpb8b0auTVKNKgT0TRoD3RCppUKM3xRe6XBiD/DqkhfZJ4Fev8
we5Ahm9cNv0JyB73Iv9CgifxYU2ns0++X5PdxniyFy/QiEg6shxtTCz5tEY4pSpB
L9ZvECrWX3rFses2VxJGqmREEwEGPcMvJEgl3x4KNbdyeBIkxTJ/MnLnI7ffNfUO
C1WHJZky/M/TL6i+/DqFe8c79f6XSI5+E9TyME+awwRdNDVaskQVxea8TQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAzEPtGW+mYP8FgXawrwaru6ADRUMB8GA1UdIwQY
MBaAFJquRuITWTDaJowGTc5a27Y6DOw2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXE1RzRoTlpNTm9takFaTnpscmJ0am9NN0RZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9kOGZjNzgtYTUxYi00M2RjLWI1MGEt
OGFlNDMwODFhYTM2LzEvRE1RLTBaYjZaZ193V0JkckN2QnF1N29BTkZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9kOGZjNzgtYTUxYi00M2RjLWI1MGEtOGFlNDMwODFhYTM2
LzEvbXE1RzRoTlpNTm9takFaTnpscmJ0am9NN0RZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAV+ygMA0E
AgACMAcDBQMqEUyAMA0GCSqGSIb3DQEBCwUAA4IBAQBXn0U0x8YzwgD06bunmkB0
GFIrCrFBqEPNfhJnpDNwYoAdmveX8DdAViO2YXE05d4T0fIgsAYUqTJWC2TA3nxW
IM4her2TULQvioJgrq5mTt4DnVeKVrAWszjs+o6pyCVN8we+QwX3g+uKrB13k4+9
JKtt3MQsN0ecYEOZcNTo9i1Hi531k3a/j4qGEEFdefWo4DTVEAuxa1MjYXzC6XDZ
kLGSAhki9B4ANzF9HvIFFOGn6eSUaHmnzGGFPfqgsktme8IA2YHsi96TXmWWaujm
hR5lfqA4Jhrmy70IiDaeCle6M/AoOalKKwspf5jUpSMGMPN15YHrQB82Dwq16umf
-----END CERTIFICATE-----