Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/QwHW9zRKSDjOPhyCEFmchZNk7yU.roa
File:                     QwHW9zRKSDjOPhyCEFmchZNk7yU.roa (raw, json)
Hash identifier:          myBEZglhsWmrzvYGGPciDpLziFkofoV2gasp2JNcsNM=
Subject key identifier:   43:01:D6:F7:34:4A:48:38:CE:3E:1C:82:10:59:9C:85:93:64:EF:25
Certificate issuer:       /CN=2455d7fee4a499ecaf11d2d3da8e389de323412f
Certificate serial:       018CC9BC5EFAA3353CCD2A3A93F082A33FBE
Authority key identifier: 24:55:D7:FE:E4:A4:99:EC:AF:11:D2:D3:DA:8E:38:9D:E3:23:41:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JFXX_uSkmeyvEdLT2o44neMjQS8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/QwHW9zRKSDjOPhyCEFmchZNk7yU.roa
Signing time:             Tue 02 Jan 2024 10:33:34 +0000
ROA not before:           Tue 02 Jan 2024 10:33:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48847
IP address blocks:        147.78.44.0/24 maxlen: 24
                          147.78.45.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/JFXX_uSkmeyvEdLT2o44neMjQS8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/JFXX_uSkmeyvEdLT2o44neMjQS8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JFXX_uSkmeyvEdLT2o44neMjQS8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:5e:fa:a3:35:3c:cd:2a:3a:93:f0:82:a3:3f:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2455d7fee4a499ecaf11d2d3da8e389de323412f
        Validity
            Not Before: Jan  2 10:33:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4301d6f7344a4838ce3e1c8210599c859364ef25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:5c:e7:15:96:ca:fd:93:1b:93:ab:b2:59:fb:
                    36:dd:62:80:c1:00:f2:4e:fc:be:a1:fa:63:29:81:
                    4f:4e:60:3d:93:77:59:6c:1c:1f:d6:3d:33:37:f0:
                    17:c9:6d:e3:5a:ea:c9:f6:ff:cc:bc:bb:ce:0c:be:
                    73:0d:b5:19:23:c7:15:34:ea:94:34:eb:38:66:e3:
                    68:ba:66:d8:2d:05:f3:b7:4c:d2:84:dc:55:d3:20:
                    95:f3:3e:ef:8c:6d:c9:3d:e1:4f:89:c0:ac:9b:41:
                    2e:27:dc:ff:ba:f4:eb:f0:22:6b:92:e1:92:f3:d5:
                    7f:39:54:12:8c:4b:56:d9:27:f8:b7:75:2e:46:5c:
                    dd:9b:03:ed:fe:24:f9:69:b1:76:ab:25:e4:26:2c:
                    f9:d2:58:6c:78:2a:39:0c:76:1f:e9:02:9f:c4:c0:
                    95:33:cc:00:29:dd:7d:d3:e7:c9:68:5b:cd:36:5e:
                    37:01:e7:55:49:d0:54:16:a0:d6:35:5d:a2:ec:90:
                    ad:c5:8c:15:83:9b:88:15:c5:e7:fa:aa:11:42:68:
                    57:53:e2:12:85:a1:d5:77:91:17:3f:90:54:be:f6:
                    ad:df:f8:4c:c2:ea:de:28:ce:9c:1f:8a:e9:3d:49:
                    fa:81:93:b7:f4:23:66:ce:a5:6e:a1:8a:d5:2f:3e:
                    32:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:01:D6:F7:34:4A:48:38:CE:3E:1C:82:10:59:9C:85:93:64:EF:25
            X509v3 Authority Key Identifier:
                keyid:24:55:D7:FE:E4:A4:99:EC:AF:11:D2:D3:DA:8E:38:9D:E3:23:41:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JFXX_uSkmeyvEdLT2o44neMjQS8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/QwHW9zRKSDjOPhyCEFmchZNk7yU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/JFXX_uSkmeyvEdLT2o44neMjQS8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.78.44.0/23

    Signature Algorithm: sha256WithRSAEncryption
         02:72:76:74:f5:67:c3:cd:16:b9:57:f3:61:af:19:41:83:d2:
         90:a6:a8:cd:5e:a6:a8:e8:00:9b:e9:9b:3e:05:48:f1:73:b7:
         6f:76:7b:09:ed:ca:62:e6:ae:31:0c:00:8a:09:e3:cd:9f:0a:
         e6:1e:3c:30:ad:d1:40:6c:41:d1:17:2a:8e:42:45:4c:cc:d3:
         5b:8c:1c:91:b2:4a:75:a9:55:54:69:18:25:dd:fd:b2:5b:56:
         4d:a8:c0:78:05:55:98:93:56:91:16:9a:fa:b7:00:37:4e:8f:
         3f:c2:06:5c:5b:33:c4:73:4c:4a:8c:97:29:cf:2f:ef:62:60:
         dd:26:4c:ca:8c:34:f8:e1:a9:84:b4:fc:c0:09:c5:47:3e:3b:
         27:e7:97:a6:e8:93:8a:a0:ed:2a:ef:c5:bc:54:c6:39:e0:06:
         7f:a0:38:b9:72:f8:d1:98:17:be:a8:20:28:1b:69:b4:1c:62:
         4b:2a:eb:13:a2:ce:5b:cd:30:f2:54:3f:1e:9a:c0:f5:cf:05:
         7a:45:c9:df:dc:8f:4b:8e:ad:73:c9:44:c0:ea:c7:74:95:d4:
         c4:28:02:1b:ab:ad:66:89:a0:3f:6b:c7:24:ca:f2:81:36:30:
         40:bc:de:45:d7:eb:a3:85:6c:dc:ee:62:2c:60:d5:b9:21:50:
         f2:ef:55:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvF76ozU8zSo6k/CCoz++MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0NTVkN2ZlZTRhNDk5ZWNhZjExZDJkM2RhOGUzODlkZTMy
MzQxMmYwHhcNMjQwMTAyMTAzMzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzAxZDZmNzM0NGE0ODM4Y2UzZTFjODIxMDU5OWM4NTkzNjRlZjI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu1znFZbK/ZMbk6uyWfs23WKAwQDy
Tvy+ofpjKYFPTmA9k3dZbBwf1j0zN/AXyW3jWurJ9v/MvLvODL5zDbUZI8cVNOqU
NOs4ZuNoumbYLQXzt0zShNxV0yCV8z7vjG3JPeFPicCsm0EuJ9z/uvTr8CJrkuGS
89V/OVQSjEtW2Sf4t3UuRlzdmwPt/iT5abF2qyXkJiz50lhseCo5DHYf6QKfxMCV
M8wAKd190+fJaFvNNl43AedVSdBUFqDWNV2i7JCtxYwVg5uIFcXn+qoRQmhXU+IS
haHVd5EXP5BUvvat3/hMwureKM6cH4rpPUn6gZO39CNmzqVuoYrVLz4y8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEMB1vc0Skg4zj4cghBZnIWTZO8lMB8GA1UdIwQY
MBaAFCRV1/7kpJnsrxHS09qOOJ3jI0EvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkZYWF91U2ttZXl2RWRMVDJvNDRuZU1qUVM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy8zZmZiNzYtOTkzMS00OTQyLTlkYTEt
MWUwNDY1NTEzYjYzLzEvUXdIVzl6UktTRGpPUGh5Q0VGbWNoWk5rN3lVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy8zZmZiNzYtOTkzMS00OTQyLTlkYTEtMWUwNDY1NTEzYjYz
LzEvSkZYWF91U2ttZXl2RWRMVDJvNDRuZU1qUVM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBk04sMA0G
CSqGSIb3DQEBCwUAA4IBAQACcnZ09WfDzRa5V/NhrxlBg9KQpqjNXqao6ACb6Zs+
BUjxc7dvdnsJ7cpi5q4xDACKCePNnwrmHjwwrdFAbEHRFyqOQkVMzNNbjByRskp1
qVVUaRgl3f2yW1ZNqMB4BVWYk1aRFpr6twA3To8/wgZcWzPEc0xKjJcpzy/vYmDd
JkzKjDT44amEtPzACcVHPjsn55em6JOKoO0q78W8VMY54AZ/oDi5cvjRmBe+qCAo
G2m0HGJLKusTos5bzTDyVD8emsD1zwV6Rcnf3I9Ljq1zyUTA6sd0ldTEKAIbq61m
iaA/a8ckyvKBNjBAvN5F1+ujhWzc7mIsYNW5IVDy71X6
-----END CERTIFICATE-----