Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/1a15fa-ace6-464d-8969-e4928180033c/1/qKEUMube2W-a8-E6pqowKmnZkCk.roa
File:                     qKEUMube2W-a8-E6pqowKmnZkCk.roa (raw, json)
Hash identifier:          zfMD3lZDc0BYBR5R5zpdNRcwVRCEZEftmSakeqjfh5w=
Subject key identifier:   A8:A1:14:32:E6:DE:D9:6F:9A:F3:E1:3A:A6:AA:30:2A:69:D9:90:29
Certificate issuer:       /CN=4c1740cef9749dc2b0f5f88cdf1034da81d606dc
Certificate serial:       018CC94D9D5F000AE6CE26A55AB17149780B
Authority key identifier: 4C:17:40:CE:F9:74:9D:C2:B0:F5:F8:8C:DF:10:34:DA:81:D6:06:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TBdAzvl0ncKw9fiM3xA02oHWBtw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/1a15fa-ace6-464d-8969-e4928180033c/1/qKEUMube2W-a8-E6pqowKmnZkCk.roa
Signing time:             Tue 02 Jan 2024 08:32:36 +0000
ROA not before:           Tue 02 Jan 2024 08:32:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2877
IP address blocks:        194.50.105.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/1a15fa-ace6-464d-8969-e4928180033c/1/TBdAzvl0ncKw9fiM3xA02oHWBtw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/1a15fa-ace6-464d-8969-e4928180033c/1/TBdAzvl0ncKw9fiM3xA02oHWBtw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TBdAzvl0ncKw9fiM3xA02oHWBtw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:9d:5f:00:0a:e6:ce:26:a5:5a:b1:71:49:78:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c1740cef9749dc2b0f5f88cdf1034da81d606dc
        Validity
            Not Before: Jan  2 08:32:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a8a11432e6ded96f9af3e13aa6aa302a69d99029
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:c3:3d:04:e3:d5:eb:ae:27:74:54:28:5c:ec:
                    22:14:a4:02:8f:c3:93:95:51:1a:d0:04:97:a5:4a:
                    76:1b:b5:ef:f3:be:fe:0b:7b:04:5d:0b:ea:2b:1a:
                    a1:a6:97:d4:2a:53:25:05:ab:b0:82:78:5a:91:97:
                    58:d2:d2:41:f7:a8:30:c9:35:24:d7:1f:ea:eb:fd:
                    59:06:ba:e3:42:09:32:86:61:87:a9:80:1a:09:b4:
                    d8:be:01:5f:72:a9:77:51:91:1d:03:b7:b8:58:a4:
                    06:ce:7d:0b:d9:be:b4:e7:c1:52:a3:1b:f9:77:52:
                    5c:41:64:c9:36:ba:d2:fb:f8:c7:8a:2f:56:60:d6:
                    33:31:62:24:11:22:62:57:c9:aa:9a:43:33:d3:be:
                    cf:50:6d:4e:48:d0:a5:b7:c1:de:7d:80:8d:7d:9b:
                    0c:6b:bf:30:e0:c3:21:39:91:f8:c0:4c:b5:c4:86:
                    42:02:74:95:58:6d:65:db:5d:ef:f3:80:36:34:ba:
                    c0:60:97:86:72:51:da:a8:98:0e:50:f0:1a:36:14:
                    ea:2a:83:2a:66:44:73:a4:f0:d4:d3:be:58:97:04:
                    a1:d2:fe:04:59:01:c1:3a:9c:b2:ef:e2:15:eb:d4:
                    e1:ef:66:83:d0:ca:f6:70:e5:6e:c8:da:86:80:6f:
                    00:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:A1:14:32:E6:DE:D9:6F:9A:F3:E1:3A:A6:AA:30:2A:69:D9:90:29
            X509v3 Authority Key Identifier:
                keyid:4C:17:40:CE:F9:74:9D:C2:B0:F5:F8:8C:DF:10:34:DA:81:D6:06:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TBdAzvl0ncKw9fiM3xA02oHWBtw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/1a15fa-ace6-464d-8969-e4928180033c/1/qKEUMube2W-a8-E6pqowKmnZkCk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/1a15fa-ace6-464d-8969-e4928180033c/1/TBdAzvl0ncKw9fiM3xA02oHWBtw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.50.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:55:d3:d9:7a:d2:75:06:de:87:00:74:7b:a1:30:5d:65:ec:
         46:c4:63:6b:f4:b4:03:42:fa:05:62:46:f7:44:fa:ff:b8:4c:
         47:b4:a2:a9:f6:26:eb:fd:2d:bc:5c:5d:51:f5:2c:de:c4:66:
         c1:94:ed:48:ab:6d:a4:77:a4:6e:9e:ef:a0:83:82:be:f2:82:
         e3:1c:c7:80:b1:07:8f:c0:f8:0a:6b:0c:b4:ab:1d:4c:8b:63:
         28:cf:d6:7e:2c:1c:48:6d:e6:0c:e6:08:35:34:ef:0f:05:9c:
         32:09:41:07:61:50:3a:b4:01:f3:66:45:b7:b7:73:23:77:a6:
         d8:9a:d4:61:98:13:ea:b7:f4:1e:6b:fd:12:5b:b1:14:74:bf:
         f5:e1:fe:0a:5d:25:ad:39:d3:77:2a:21:47:64:e1:08:47:6e:
         6b:1c:05:33:1c:f7:6a:0a:f0:84:82:94:6a:17:e8:a6:44:47:
         df:47:11:87:05:87:63:43:bb:5e:b4:ba:e4:ca:d4:5e:c5:41:
         88:c6:6a:8e:10:96:b7:86:cb:cc:f5:ac:81:d5:b8:ce:69:8f:
         4d:3f:30:d0:d9:33:aa:ba:ed:8f:df:f1:67:4c:9a:ca:ab:ab:
         29:28:bb:07:1e:e4:f4:f6:24:f0:0d:13:f2:6f:dd:df:87:a3:
         db:62:3e:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTZ1fAArmzialWrFxSXgLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjMTc0MGNlZjk3NDlkYzJiMGY1Zjg4Y2RmMTAzNGRhODFk
NjA2ZGMwHhcNMjQwMTAyMDgzMjM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGExMTQzMmU2ZGVkOTZmOWFmM2UxM2FhNmFhMzAyYTY5ZDk5MDI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmsM9BOPV664ndFQoXOwiFKQCj8OT
lVEa0ASXpUp2G7Xv877+C3sEXQvqKxqhppfUKlMlBauwgnhakZdY0tJB96gwyTUk
1x/q6/1ZBrrjQgkyhmGHqYAaCbTYvgFfcql3UZEdA7e4WKQGzn0L2b6058FSoxv5
d1JcQWTJNrrS+/jHii9WYNYzMWIkESJiV8mqmkMz077PUG1OSNClt8HefYCNfZsM
a78w4MMhOZH4wEy1xIZCAnSVWG1l213v84A2NLrAYJeGclHaqJgOUPAaNhTqKoMq
ZkRzpPDU075YlwSh0v4EWQHBOpyy7+IV69Th72aD0Mr2cOVuyNqGgG8ALQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKihFDLm3tlvmvPhOqaqMCpp2ZApMB8GA1UdIwQY
MBaAFEwXQM75dJ3CsPX4jN8QNNqB1gbcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEJkQXp2bDBuY0t3OWZpTTN4QTAyb0hXQnR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS8xYTE1ZmEtYWNlNi00NjRkLTg5Njkt
ZTQ5MjgxODAwMzNjLzEvcUtFVU11YmUyVy1hOC1FNnBxb3dLbW5aa0NrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS8xYTE1ZmEtYWNlNi00NjRkLTg5NjktZTQ5MjgxODAwMzNj
LzEvVEJkQXp2bDBuY0t3OWZpTTN4QTAyb0hXQnR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjJpMA0G
CSqGSIb3DQEBCwUAA4IBAQBBVdPZetJ1Bt6HAHR7oTBdZexGxGNr9LQDQvoFYkb3
RPr/uExHtKKp9ibr/S28XF1R9SzexGbBlO1Iq22kd6Runu+gg4K+8oLjHMeAsQeP
wPgKawy0qx1Mi2Moz9Z+LBxIbeYM5gg1NO8PBZwyCUEHYVA6tAHzZkW3t3Mjd6bY
mtRhmBPqt/Qea/0SW7EUdL/14f4KXSWtOdN3KiFHZOEIR25rHAUzHPdqCvCEgpRq
F+imREffRxGHBYdjQ7tetLrkytRexUGIxmqOEJa3hsvM9ayB1bjOaY9NPzDQ2TOq
uu2P3/FnTJrKq6spKLsHHuT09iTwDRPyb93fh6PbYj55
-----END CERTIFICATE-----