Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/Qc-vdaxHHC2qzqiVtbU3NtwhIEc.roa
File:                     Qc-vdaxHHC2qzqiVtbU3NtwhIEc.roa (raw, json)
Hash identifier:          wVyehcP8j17dziTYbaWirEAmJhgDZnn/ypyZbyof4dI=
Subject key identifier:   41:CF:AF:75:AC:47:1C:2D:AA:CE:A8:95:B5:B5:37:36:DC:21:20:47
Certificate issuer:       /CN=2455d7fee4a499ecaf11d2d3da8e389de323412f
Certificate serial:       018CC9BC5D8251E178CA5084B457893155AB
Authority key identifier: 24:55:D7:FE:E4:A4:99:EC:AF:11:D2:D3:DA:8E:38:9D:E3:23:41:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JFXX_uSkmeyvEdLT2o44neMjQS8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/Qc-vdaxHHC2qzqiVtbU3NtwhIEc.roa
Signing time:             Tue 02 Jan 2024 10:33:34 +0000
ROA not before:           Tue 02 Jan 2024 10:33:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31390
IP address blocks:        185.100.219.0/24 maxlen: 24
                          185.100.218.0/24 maxlen: 24
                          185.100.217.0/24 maxlen: 24
                          185.100.216.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/JFXX_uSkmeyvEdLT2o44neMjQS8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/JFXX_uSkmeyvEdLT2o44neMjQS8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JFXX_uSkmeyvEdLT2o44neMjQS8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:5d:82:51:e1:78:ca:50:84:b4:57:89:31:55:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2455d7fee4a499ecaf11d2d3da8e389de323412f
        Validity
            Not Before: Jan  2 10:33:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=41cfaf75ac471c2daacea895b5b53736dc212047
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:9d:0c:2d:00:e7:9a:ac:7b:16:03:5f:1b:02:
                    5f:59:f7:4e:d8:87:38:e3:e5:0f:48:bc:2f:67:27:
                    a7:7d:34:e2:ca:27:b8:fb:b4:b9:81:08:0b:ed:22:
                    a8:36:ef:d2:94:4f:ce:12:18:c4:48:1a:28:cb:0b:
                    cd:03:3a:81:3a:c6:f9:42:a0:29:ca:89:6a:d2:88:
                    89:02:e1:8f:dc:c9:0c:3c:d6:a7:a8:d3:ba:9a:86:
                    9b:a9:0b:f7:e4:15:47:91:fa:ba:a9:39:a4:00:53:
                    c7:f1:78:cf:40:6c:fd:0e:5b:b0:a9:81:1e:c2:3a:
                    71:c9:4e:49:fc:6f:43:66:2e:0f:b1:ac:05:29:09:
                    ad:f6:07:0d:57:1c:2f:17:0c:ec:70:28:9c:be:db:
                    b7:ab:9c:c6:5f:e5:4f:eb:79:4a:b2:c3:1d:c7:11:
                    73:be:9b:08:12:af:0b:f0:84:8c:50:e9:de:8b:e9:
                    f2:05:3a:ac:59:c3:d4:01:c6:cb:e8:75:36:cd:ce:
                    69:56:7a:72:44:c7:cd:ff:2f:ab:2b:f2:51:eb:a0:
                    ac:25:dd:f4:d5:75:97:95:7a:00:95:c8:6e:6a:04:
                    ba:28:f1:49:27:aa:00:da:82:49:fd:d1:1e:6e:eb:
                    12:bc:84:29:5d:d5:12:e1:a7:5f:40:35:b4:82:25:
                    f8:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:CF:AF:75:AC:47:1C:2D:AA:CE:A8:95:B5:B5:37:36:DC:21:20:47
            X509v3 Authority Key Identifier:
                keyid:24:55:D7:FE:E4:A4:99:EC:AF:11:D2:D3:DA:8E:38:9D:E3:23:41:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JFXX_uSkmeyvEdLT2o44neMjQS8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/Qc-vdaxHHC2qzqiVtbU3NtwhIEc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/JFXX_uSkmeyvEdLT2o44neMjQS8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.100.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5d:bb:1d:ff:8b:f6:7a:6c:c9:6c:77:0a:f2:ff:3d:9c:83:e0:
         e2:b1:05:a3:eb:2a:dc:c3:aa:ce:08:ac:49:d2:8f:e7:2b:9b:
         7c:09:1b:50:a7:0c:11:ff:22:c4:22:bb:ad:e3:d7:e0:68:0d:
         fd:c5:05:8a:52:13:ea:e6:67:ee:26:2b:1d:f2:4c:86:b0:a9:
         6f:46:08:be:b0:9a:b1:1f:54:fc:ab:37:0d:56:4c:f3:e4:78:
         cb:e9:d0:44:73:ed:c9:43:56:89:81:ff:04:79:46:20:be:bc:
         62:12:6e:0c:96:b6:34:bf:46:cc:04:92:c6:8e:ac:21:94:80:
         30:38:f6:ce:7d:60:e0:e9:bd:d1:a9:c2:5a:85:59:33:66:3c:
         72:16:b4:10:e8:c4:51:f3:88:c7:15:e8:dd:8f:9d:ad:6b:95:
         94:4f:38:da:e4:a6:b4:ac:67:4d:87:61:1f:1d:03:7e:9e:de:
         6b:c9:cc:c1:71:d5:13:f0:a0:9b:77:12:4e:12:92:ab:04:25:
         30:ea:06:d6:43:a0:d1:e1:ba:39:b2:17:f9:49:65:d9:1f:f4:
         36:e5:a9:b0:be:7e:04:33:fb:af:1d:14:a4:bf:e1:3f:ed:93:
         60:23:19:21:7c:5a:ed:e0:5f:dd:37:d5:25:72:a4:78:f1:06:
         96:e2:15:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvF2CUeF4ylCEtFeJMVWrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0NTVkN2ZlZTRhNDk5ZWNhZjExZDJkM2RhOGUzODlkZTMy
MzQxMmYwHhcNMjQwMTAyMTAzMzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWNmYWY3NWFjNDcxYzJkYWFjZWE4OTViNWI1MzczNmRjMjEyMDQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuJ0MLQDnmqx7FgNfGwJfWfdO2Ic4
4+UPSLwvZyenfTTiyie4+7S5gQgL7SKoNu/SlE/OEhjESBooywvNAzqBOsb5QqAp
yolq0oiJAuGP3MkMPNanqNO6moabqQv35BVHkfq6qTmkAFPH8XjPQGz9DluwqYEe
wjpxyU5J/G9DZi4PsawFKQmt9gcNVxwvFwzscCicvtu3q5zGX+VP63lKssMdxxFz
vpsIEq8L8ISMUOnei+nyBTqsWcPUAcbL6HU2zc5pVnpyRMfN/y+rK/JR66CsJd30
1XWXlXoAlchuagS6KPFJJ6oA2oJJ/dEebusSvIQpXdUS4adfQDW0giX4BwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEHPr3WsRxwtqs6olbW1NzbcISBHMB8GA1UdIwQY
MBaAFCRV1/7kpJnsrxHS09qOOJ3jI0EvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkZYWF91U2ttZXl2RWRMVDJvNDRuZU1qUVM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy8zZmZiNzYtOTkzMS00OTQyLTlkYTEt
MWUwNDY1NTEzYjYzLzEvUWMtdmRheEhIQzJxenFpVnRiVTNOdHdoSUVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy8zZmZiNzYtOTkzMS00OTQyLTlkYTEtMWUwNDY1NTEzYjYz
LzEvSkZYWF91U2ttZXl2RWRMVDJvNDRuZU1qUVM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuWTYMA0G
CSqGSIb3DQEBCwUAA4IBAQBdux3/i/Z6bMlsdwry/z2cg+DisQWj6yrcw6rOCKxJ
0o/nK5t8CRtQpwwR/yLEIrut49fgaA39xQWKUhPq5mfuJisd8kyGsKlvRgi+sJqx
H1T8qzcNVkzz5HjL6dBEc+3JQ1aJgf8EeUYgvrxiEm4MlrY0v0bMBJLGjqwhlIAw
OPbOfWDg6b3RqcJahVkzZjxyFrQQ6MRR84jHFejdj52ta5WUTzja5Ka0rGdNh2Ef
HQN+nt5ryczBcdUT8KCbdxJOEpKrBCUw6gbWQ6DR4bo5shf5SWXZH/Q25amwvn4E
M/uvHRSkv+E/7ZNgIxkhfFrt4F/dN9UlcqR48QaW4hV3
-----END CERTIFICATE-----