Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/QT1l8Sj5UuzdlSt-WXP21lVP30w.roa
File:                     QT1l8Sj5UuzdlSt-WXP21lVP30w.roa (raw, json)
Hash identifier:          CZXAnAE8/atNfg95vN2RZGlC4y/VFVDs22/H5EthjgI=
Subject key identifier:   41:3D:65:F1:28:F9:52:EC:DD:95:2B:7E:59:73:F6:D6:55:4F:DF:4C
Certificate issuer:       /CN=0802b95ce6239d526c35ae7a8e2ceb48aeb82b5f
Certificate serial:       018CC9BCD623014DFD390A9BE37A6713FFCD
Authority key identifier: 08:02:B9:5C:E6:23:9D:52:6C:35:AE:7A:8E:2C:EB:48:AE:B8:2B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/QT1l8Sj5UuzdlSt-WXP21lVP30w.roa
Signing time:             Tue 02 Jan 2024 10:34:05 +0000
ROA not before:           Tue 02 Jan 2024 10:34:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42218
IP address blocks:        195.54.204.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:d6:23:01:4d:fd:39:0a:9b:e3:7a:67:13:ff:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0802b95ce6239d526c35ae7a8e2ceb48aeb82b5f
        Validity
            Not Before: Jan  2 10:34:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=413d65f128f952ecdd952b7e5973f6d6554fdf4c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:fa:89:eb:bf:4e:90:fb:cf:21:f0:89:20:6d:
                    fe:86:5e:aa:e0:27:eb:cf:50:c6:a0:1d:1e:ac:1e:
                    13:9a:45:fb:e7:12:d9:88:e8:36:95:0e:ba:74:d9:
                    d6:37:6e:3d:f4:54:50:b9:53:e6:fa:05:2e:a5:d1:
                    69:12:74:2b:fc:8b:b4:12:d0:04:de:d7:6c:8a:a9:
                    9f:59:61:c6:b9:37:ab:14:10:82:03:26:31:bd:60:
                    e8:aa:2a:4b:c8:c4:4c:e8:f3:88:2c:ca:f1:fd:b1:
                    6d:5c:c6:7e:58:c3:01:96:22:87:54:e0:48:b6:5c:
                    cc:c8:64:c2:db:9b:68:29:a2:c8:1c:6a:30:e5:d2:
                    5e:49:a1:f3:db:31:ee:c9:8f:38:94:b7:70:e7:e4:
                    83:5a:3b:e2:cc:85:5f:9d:ba:34:66:17:2b:ce:c7:
                    cb:93:ec:1f:1e:4d:f1:99:d8:c4:34:1a:19:33:34:
                    e3:80:fc:2c:2c:a4:3f:28:a1:2e:36:9a:a0:85:57:
                    15:32:1c:ee:05:7a:be:48:03:9b:d7:f4:b2:41:50:
                    ae:65:1d:ea:cb:ff:9a:a3:2f:8a:3c:0c:2b:8e:3c:
                    38:a0:37:63:44:64:94:f1:ce:79:d1:ad:c9:3a:02:
                    86:66:1c:30:b8:d8:ae:09:66:df:70:72:ae:90:85:
                    dc:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:3D:65:F1:28:F9:52:EC:DD:95:2B:7E:59:73:F6:D6:55:4F:DF:4C
            X509v3 Authority Key Identifier:
                keyid:08:02:B9:5C:E6:23:9D:52:6C:35:AE:7A:8E:2C:EB:48:AE:B8:2B:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/QT1l8Sj5UuzdlSt-WXP21lVP30w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.54.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1c:9e:98:4b:d4:39:51:01:0b:75:f0:d0:96:86:11:d1:31:99:
         af:94:18:da:cf:31:72:0b:07:46:6c:95:1a:97:98:ff:59:37:
         f9:cb:6d:0c:12:45:d8:bc:93:5b:78:82:a8:1f:98:cf:45:ca:
         7d:40:d6:75:51:e8:06:0f:37:8d:87:8a:88:2e:7c:64:01:e5:
         58:b3:24:38:f4:39:46:aa:45:aa:ff:0d:54:bc:79:e9:1d:12:
         f5:4f:23:3d:55:3e:a4:56:d9:fa:60:bf:b8:09:6e:f7:59:12:
         3b:13:2f:eb:27:25:cd:f5:28:ca:ee:26:0b:97:3b:2f:06:d8:
         fb:d5:3a:96:03:7e:97:1f:16:fc:b0:f2:bf:97:d7:28:84:f4:
         ae:81:d8:c4:fe:b7:39:aa:32:d7:40:f1:0e:3f:cc:99:e0:ec:
         e0:45:bb:2a:00:3c:73:b3:77:8b:8a:af:fc:a8:62:2d:b8:75:
         79:9e:db:27:65:c1:2a:86:34:67:de:29:5a:84:b5:eb:a7:ea:
         5d:2f:22:df:5c:95:97:ea:d8:b9:58:e5:19:54:0e:e3:dc:bc:
         ab:ed:47:54:62:70:91:e7:f6:6b:b2:12:d9:1c:9b:0d:c7:5d:
         11:50:9c:77:a8:57:58:b6:63:5f:76:cd:86:c8:f4:fb:7f:73:
         a4:8a:09:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvNYjAU39OQqb43pnE//NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MDJiOTVjZTYyMzlkNTI2YzM1YWU3YThlMmNlYjQ4YWVi
ODJiNWYwHhcNMjQwMTAyMTAzNDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTNkNjVmMTI4Zjk1MmVjZGQ5NTJiN2U1OTczZjZkNjU1NGZkZjRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgPqJ679OkPvPIfCJIG3+hl6q4Cfr
z1DGoB0erB4TmkX75xLZiOg2lQ66dNnWN2499FRQuVPm+gUupdFpEnQr/Iu0EtAE
3tdsiqmfWWHGuTerFBCCAyYxvWDoqipLyMRM6POILMrx/bFtXMZ+WMMBliKHVOBI
tlzMyGTC25toKaLIHGow5dJeSaHz2zHuyY84lLdw5+SDWjvizIVfnbo0ZhcrzsfL
k+wfHk3xmdjENBoZMzTjgPwsLKQ/KKEuNpqghVcVMhzuBXq+SAOb1/SyQVCuZR3q
y/+aoy+KPAwrjjw4oDdjRGSU8c550a3JOgKGZhwwuNiuCWbfcHKukIXczQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEE9ZfEo+VLs3ZUrfllz9tZVT99MMB8GA1UdIwQY
MBaAFAgCuVzmI51SbDWueo4s60iuuCtfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0FLNVhPWWpuVkpzTmE1NmppenJTSzY0SzE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8xMGU5NjUtNzQwOS00NGQ4LTk1MDIt
Y2YwYWEzZWNhZDI4LzEvUVQxbDhTajVVdXpkbFN0LVdYUDIxbFZQMzB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC8xMGU5NjUtNzQwOS00NGQ4LTk1MDItY2YwYWEzZWNhZDI4
LzEvQ0FLNVhPWWpuVkpzTmE1NmppenJTSzY0SzE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwzbMMA0G
CSqGSIb3DQEBCwUAA4IBAQAcnphL1DlRAQt18NCWhhHRMZmvlBjazzFyCwdGbJUa
l5j/WTf5y20MEkXYvJNbeIKoH5jPRcp9QNZ1UegGDzeNh4qILnxkAeVYsyQ49DlG
qkWq/w1UvHnpHRL1TyM9VT6kVtn6YL+4CW73WRI7Ey/rJyXN9SjK7iYLlzsvBtj7
1TqWA36XHxb8sPK/l9cohPSugdjE/rc5qjLXQPEOP8yZ4OzgRbsqADxzs3eLiq/8
qGItuHV5ntsnZcEqhjRn3ilahLXrp+pdLyLfXJWX6ti5WOUZVA7j3Lyr7UdUYnCR
5/ZrshLZHJsNx10RUJx3qFdYtmNfds2GyPT7f3OkigmG
-----END CERTIFICATE-----