Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/QjljuzHqJ-fUlDfpW6ZZ4fW8EYo.roa
File:                     QjljuzHqJ-fUlDfpW6ZZ4fW8EYo.roa (raw, json)
Hash identifier:          Qs7zzFaEsSq9RUT1oNRD8hROpxZAr1zeoy9VJCgm0vM=
Subject key identifier:   42:39:63:BB:31:EA:27:E7:D4:94:37:E9:5B:A6:59:E1:F5:BC:11:8A
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018D452E32DC3B3AC1E539211AB99DF9A450
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/QjljuzHqJ-fUlDfpW6ZZ4fW8EYo.roa
Signing time:             Fri 26 Jan 2024 09:51:11 +0000
ROA not before:           Fri 26 Jan 2024 09:51:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35793
IP address blocks:        45.9.208.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 06:47:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:45:2e:32:dc:3b:3a:c1:e5:39:21:1a:b9:9d:f9:a4:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan 26 09:51:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=423963bb31ea27e7d49437e95ba659e1f5bc118a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:fa:8e:70:ac:e4:6d:40:94:a6:f8:50:ff:d8:
                    0f:77:92:8c:bf:58:19:63:2f:a0:a5:0b:40:2f:12:
                    05:71:a1:71:fe:e7:8c:97:29:62:9d:25:31:54:97:
                    c4:44:ea:d5:27:09:e6:d6:a3:b8:fd:90:27:48:a8:
                    8f:ff:fe:d9:f2:29:8e:00:a1:33:d7:9e:55:2d:79:
                    bf:2f:8d:7f:30:52:58:d5:b4:71:09:64:f7:ad:e7:
                    7c:a2:64:20:da:21:cd:e1:36:8d:f4:54:c3:7f:46:
                    cc:59:8b:27:d8:12:98:ed:52:65:84:b8:d1:59:6a:
                    ca:5b:e7:e9:77:dd:72:bb:61:cf:ee:77:48:63:67:
                    9c:1b:68:af:6f:17:8f:20:93:32:cc:5f:f5:db:67:
                    41:55:fa:f3:7c:ad:7d:9e:ea:07:38:a1:16:e6:e1:
                    dd:db:eb:52:4f:af:2c:f5:cd:85:bd:e5:27:ea:e7:
                    a4:8c:a6:a0:e2:c0:83:1d:16:40:8b:d5:54:85:25:
                    97:b3:4d:bc:16:24:d4:7f:f2:70:8c:8c:79:90:45:
                    93:00:c6:e3:6a:d1:fb:8a:d7:44:f5:79:9f:50:bb:
                    bf:ac:bd:37:71:a9:ad:0f:86:ed:23:40:ee:25:41:
                    a2:b2:68:50:0f:c7:bd:f5:ec:2f:53:db:33:4b:55:
                    33:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:39:63:BB:31:EA:27:E7:D4:94:37:E9:5B:A6:59:E1:F5:BC:11:8A
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/QjljuzHqJ-fUlDfpW6ZZ4fW8EYo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         11:91:49:d2:d1:6c:3c:f7:58:7c:47:6e:69:d4:e7:83:75:e9:
         d3:fa:ab:52:e4:83:5a:e9:82:35:68:51:e8:99:67:84:82:23:
         ab:2d:13:e9:b3:67:57:85:09:d6:c5:d3:c2:19:df:a8:54:d8:
         dc:06:37:2b:6e:6b:88:6c:14:4c:2f:9c:30:b0:d0:c6:4b:04:
         0b:b4:c2:4b:20:0a:3d:91:47:50:0d:52:a2:a2:c5:95:6a:12:
         2f:ec:af:8c:66:74:1e:8e:a5:3b:a7:ca:e3:c7:71:08:0a:68:
         30:04:10:a7:8d:23:a7:b5:25:9a:2d:25:66:6b:6a:34:ac:ed:
         93:b2:03:eb:21:ae:e9:8a:b9:b9:7e:43:17:f9:3b:72:1f:54:
         08:be:01:cf:cd:4a:c0:af:35:74:b1:38:d1:45:f3:5b:7f:ae:
         a7:43:7e:73:1a:a5:92:d9:af:f9:dd:5c:d7:97:c1:e5:ef:2d:
         41:8d:7d:db:f0:dc:07:77:66:28:29:5d:6a:b9:9c:66:70:bd:
         37:cb:1b:e1:8b:4f:e6:be:9c:ed:8b:83:e7:5c:83:25:7a:cb:
         ca:66:7f:24:c5:82:f3:1a:01:e7:c8:64:3f:29:d1:5c:22:42:
         79:a9:3a:55:c9:88:a6:52:99:3b:2b:73:48:30:ea:8f:0a:d8:
         06:ee:22:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1FLjLcOzrB5TkhGrmd+aRQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMTI2MDk1MTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjM5NjNiYjMxZWEyN2U3ZDQ5NDM3ZTk1YmE2NTllMWY1YmMxMThhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp/qOcKzkbUCUpvhQ/9gPd5KMv1gZ
Yy+gpQtALxIFcaFx/ueMlylinSUxVJfEROrVJwnm1qO4/ZAnSKiP//7Z8imOAKEz
155VLXm/L41/MFJY1bRxCWT3red8omQg2iHN4TaN9FTDf0bMWYsn2BKY7VJlhLjR
WWrKW+fpd91yu2HP7ndIY2ecG2ivbxePIJMyzF/122dBVfrzfK19nuoHOKEW5uHd
2+tST68s9c2FveUn6uekjKag4sCDHRZAi9VUhSWXs028FiTUf/JwjIx5kEWTAMbj
atH7itdE9XmfULu/rL03camtD4btI0DuJUGismhQD8e99ewvU9szS1UzDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEI5Y7sx6ifn1JQ36VumWeH1vBGKMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvUWpsanV6SHFKLWZVbERmcFc2Wlo0Zlc4RVlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLQnQMA0G
CSqGSIb3DQEBCwUAA4IBAQARkUnS0Ww891h8R25p1OeDdenT+qtS5INa6YI1aFHo
mWeEgiOrLRPps2dXhQnWxdPCGd+oVNjcBjcrbmuIbBRML5wwsNDGSwQLtMJLIAo9
kUdQDVKiosWVahIv7K+MZnQejqU7p8rjx3EICmgwBBCnjSOntSWaLSVma2o0rO2T
sgPrIa7pirm5fkMX+TtyH1QIvgHPzUrArzV0sTjRRfNbf66nQ35zGqWS2a/53VzX
l8Hl7y1BjX3b8NwHd2YoKV1quZxmcL03yxvhi0/mvpzti4PnXIMlesvKZn8kxYLz
GgHnyGQ/KdFcIkJ5qTpVyYimUpk7K3NIMOqPCtgG7iJU
-----END CERTIFICATE-----