Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/qkU8D4V8A1-Q-5qOhwY9HicfrvM.roa
File:                     qkU8D4V8A1-Q-5qOhwY9HicfrvM.roa (raw, json)
Hash identifier:          XT8GS4fq0LNRMuMNg+lqzwo3qFnU0zQ6DPjn39EOP2c=
Subject key identifier:   AA:45:3C:0F:85:7C:03:5F:90:FB:9A:8E:87:06:3D:1E:27:1F:AE:F3
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       018E664ADA5576F259A51AD381A391F5584A
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/qkU8D4V8A1-Q-5qOhwY9HicfrvM.roa
Signing time:             Fri 22 Mar 2024 13:12:45 +0000
ROA not before:           Fri 22 Mar 2024 13:12:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211270
IP address blocks:        147.45.112.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 22:03:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:66:4a:da:55:76:f2:59:a5:1a:d3:81:a3:91:f5:58:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Mar 22 13:12:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aa453c0f857c035f90fb9a8e87063d1e271faef3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:a0:c0:4a:0e:ac:31:c8:b8:fd:e3:31:42:a6:
                    8e:6f:e1:4b:84:dc:13:c7:53:9e:4a:f9:0b:61:cd:
                    1a:a8:8d:02:2e:85:ad:a0:bf:d2:24:b9:43:25:cd:
                    ec:83:6f:79:d6:a5:8d:56:52:7a:b6:d7:8c:0f:2b:
                    9b:3e:ed:79:f7:15:af:ea:c1:ad:cd:61:18:8d:c5:
                    e4:7c:24:66:14:7e:c0:a4:19:6e:0d:d4:7f:a5:32:
                    8a:ed:40:a2:c1:0d:9b:ab:7c:23:93:d0:92:68:fa:
                    ec:7b:9b:cf:14:22:ab:e8:5b:8e:7e:a2:5c:a2:ef:
                    b5:1f:b2:f8:22:1e:c4:98:7c:99:ae:6a:7b:96:9a:
                    b7:5e:bf:da:ca:9b:b8:fd:50:1b:23:ee:47:9f:db:
                    e4:81:97:da:fa:bf:1b:ec:f0:00:82:cc:91:f1:21:
                    c6:7e:80:95:a1:fb:c6:ad:b3:ee:6d:2b:34:cb:c0:
                    02:d6:42:94:bf:89:3e:98:e9:94:92:1c:d2:83:28:
                    4a:19:7b:d1:ba:fd:c5:a3:73:1b:af:1e:8f:ad:6d:
                    b7:5d:5d:9d:fe:2e:07:7a:32:9d:55:85:b6:16:2f:
                    0b:75:d2:e9:d5:61:f2:84:4f:3a:a8:57:8a:33:c1:
                    23:cd:ef:af:ee:19:95:c6:a9:b6:1d:b1:9a:5f:0e:
                    7d:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:45:3C:0F:85:7C:03:5F:90:FB:9A:8E:87:06:3D:1E:27:1F:AE:F3
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/qkU8D4V8A1-Q-5qOhwY9HicfrvM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.45.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:3c:9d:38:d1:6c:a9:e0:f0:67:f0:b4:3e:d4:c0:d8:ee:73:
         d5:88:d2:26:f9:5a:4a:24:1a:8e:69:bb:78:16:b6:e4:10:6e:
         92:7b:dd:cf:7f:80:04:09:12:06:3d:39:99:85:69:d4:72:aa:
         45:07:d6:6c:9d:c0:0c:64:7a:8e:b5:6f:6f:12:b9:cb:aa:9d:
         64:78:3b:3f:5f:f2:9b:af:20:ba:6b:19:e9:2c:05:69:3f:0e:
         b7:70:4d:45:26:c8:32:b0:2f:7e:3a:25:9f:0e:2d:8a:29:54:
         7e:b3:ee:09:63:17:3b:f9:2b:15:88:52:ad:7b:d7:1d:c2:f3:
         e7:90:75:db:9d:cf:2e:7b:fd:16:f3:14:61:de:c9:52:5b:bd:
         57:e2:2f:02:61:75:fc:eb:76:b0:11:6e:06:e5:89:96:c0:10:
         b6:33:e2:82:fe:df:bc:ce:20:2f:69:f8:04:17:bc:19:5e:03:
         27:09:2d:4d:f0:d1:71:aa:44:20:e6:13:f0:22:b4:2d:d6:cb:
         e4:dc:e8:91:6a:83:f4:05:f8:6b:1c:c8:92:34:b9:53:9e:2e:
         1d:de:5e:36:c3:06:7a:0a:4b:3d:0b:0d:23:93:28:a4:e4:aa:
         fa:f7:2d:4d:f6:09:50:29:8e:7e:1b:4f:b1:11:ed:81:66:d6:
         44:5d:72:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5mStpVdvJZpRrTgaOR9VhKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjQwMzIyMTMxMjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTQ1M2MwZjg1N2MwMzVmOTBmYjlhOGU4NzA2M2QxZTI3MWZhZWYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv6DASg6sMci4/eMxQqaOb+FLhNwT
x1OeSvkLYc0aqI0CLoWtoL/SJLlDJc3sg2951qWNVlJ6tteMDyubPu159xWv6sGt
zWEYjcXkfCRmFH7ApBluDdR/pTKK7UCiwQ2bq3wjk9CSaPrse5vPFCKr6FuOfqJc
ou+1H7L4Ih7EmHyZrmp7lpq3Xr/aypu4/VAbI+5Hn9vkgZfa+r8b7PAAgsyR8SHG
foCVofvGrbPubSs0y8AC1kKUv4k+mOmUkhzSgyhKGXvRuv3Fo3Mbrx6PrW23XV2d
/i4HejKdVYW2Fi8LddLp1WHyhE86qFeKM8Ejze+v7hmVxqm2HbGaXw59sQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKpFPA+FfANfkPuajocGPR4nH67zMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvcWtVOEQ0VjhBMS1RLTVxT2h3WTlIaWNmcnZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAky1wMA0G
CSqGSIb3DQEBCwUAA4IBAQAzPJ040Wyp4PBn8LQ+1MDY7nPViNIm+VpKJBqOabt4
FrbkEG6Se93Pf4AECRIGPTmZhWnUcqpFB9ZsncAMZHqOtW9vErnLqp1keDs/X/Kb
ryC6axnpLAVpPw63cE1FJsgysC9+OiWfDi2KKVR+s+4JYxc7+SsViFKte9cdwvPn
kHXbnc8ue/0W8xRh3slSW71X4i8CYXX863awEW4G5YmWwBC2M+KC/t+8ziAvafgE
F7wZXgMnCS1N8NFxqkQg5hPwIrQt1svk3OiRaoP0BfhrHMiSNLlTni4d3l42wwZ6
Cks9Cw0jkyik5Kr69y1N9glQKY5+G0+xEe2BZtZEXXIC
-----END CERTIFICATE-----