Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/c10911-4022-46fb-9214-7c6857648666/1/DQGLMYNpzsXO08R3OtD-v_tZtUQ.roa
File:                     DQGLMYNpzsXO08R3OtD-v_tZtUQ.roa (raw, json)
Hash identifier:          lBmlT0x+7mbfduBQVfYLQ8ixKn2fPF7tVMXULW9M0d0=
Subject key identifier:   0D:01:8B:31:83:69:CE:C5:CE:D3:C4:77:3A:D0:FE:BF:FB:59:B5:44
Certificate issuer:       /CN=1f22c0848d3059e5ae55f68c07079cb9a92c279e
Certificate serial:       018CC5DC3632F14E4EF38825108662727317
Authority key identifier: 1F:22:C0:84:8D:30:59:E5:AE:55:F6:8C:07:07:9C:B9:A9:2C:27:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HyLAhI0wWeWuVfaMBwecuaksJ54.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/c10911-4022-46fb-9214-7c6857648666/1/DQGLMYNpzsXO08R3OtD-v_tZtUQ.roa
Signing time:             Mon 01 Jan 2024 16:29:52 +0000
ROA not before:           Mon 01 Jan 2024 16:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60893
IP address blocks:        195.80.40.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/c10911-4022-46fb-9214-7c6857648666/1/HyLAhI0wWeWuVfaMBwecuaksJ54.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/c10911-4022-46fb-9214-7c6857648666/1/HyLAhI0wWeWuVfaMBwecuaksJ54.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HyLAhI0wWeWuVfaMBwecuaksJ54.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 10:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:36:32:f1:4e:4e:f3:88:25:10:86:62:72:73:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f22c0848d3059e5ae55f68c07079cb9a92c279e
        Validity
            Not Before: Jan  1 16:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0d018b318369cec5ced3c4773ad0febffb59b544
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:e2:cb:33:8b:e7:09:39:03:b7:df:f1:5a:6d:
                    ca:a1:3c:3b:ab:24:bd:4c:c0:f3:1a:6d:6c:ff:10:
                    17:51:e7:d5:83:3b:9f:f7:a4:ae:82:85:0d:00:0b:
                    81:f4:c3:da:9f:b0:a2:b1:31:7c:99:5d:e7:3c:c6:
                    b2:50:5f:e0:15:3b:1c:b3:ea:2f:66:04:a3:e8:3a:
                    c5:81:d1:eb:2e:5e:6a:0b:d5:ec:4b:d3:8d:f5:de:
                    a6:be:6e:4a:d5:c1:d7:91:a8:01:19:fe:c3:9e:ed:
                    2b:04:15:52:81:a4:83:a2:38:e0:76:ac:94:a9:95:
                    ff:c1:f8:e9:07:a6:64:c1:4d:a8:a5:40:91:0b:01:
                    d3:71:58:b4:e6:78:20:bc:47:02:a0:b3:d4:a7:bd:
                    2c:4d:cd:50:3d:cf:28:fa:66:47:be:aa:dd:e9:ba:
                    c2:eb:e2:ba:a1:40:c5:5e:25:29:80:24:a9:4b:f9:
                    dc:25:cc:12:57:76:4c:d8:0b:a8:00:3f:76:df:65:
                    7f:c8:39:a0:9b:cb:f2:66:e1:ed:9a:3b:04:c0:43:
                    4b:c6:4c:7e:22:36:d0:63:af:8d:f9:c8:74:cd:04:
                    15:36:f6:f6:b3:93:1d:86:be:87:24:6f:52:62:76:
                    2d:e0:52:82:fc:85:6e:15:63:f6:33:05:11:ae:27:
                    9a:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:01:8B:31:83:69:CE:C5:CE:D3:C4:77:3A:D0:FE:BF:FB:59:B5:44
            X509v3 Authority Key Identifier:
                keyid:1F:22:C0:84:8D:30:59:E5:AE:55:F6:8C:07:07:9C:B9:A9:2C:27:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HyLAhI0wWeWuVfaMBwecuaksJ54.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/c10911-4022-46fb-9214-7c6857648666/1/DQGLMYNpzsXO08R3OtD-v_tZtUQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/c10911-4022-46fb-9214-7c6857648666/1/HyLAhI0wWeWuVfaMBwecuaksJ54.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.80.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         27:95:ab:75:ed:c1:53:48:29:d9:9e:2a:8a:d4:41:88:34:76:
         da:30:fc:e5:ef:79:62:4f:fd:3b:61:a0:bb:22:3e:83:96:33:
         e4:d9:1a:db:3f:fa:11:69:2f:ed:63:37:bc:ed:70:fc:2a:37:
         4e:2b:de:2a:9d:3f:cc:a4:c0:d3:96:d3:ea:1f:9e:81:d9:2c:
         76:f5:1e:80:35:1b:6d:a6:37:11:0f:06:ff:4c:62:dc:11:88:
         2c:39:bd:8b:95:a3:4f:25:e4:4f:41:f4:51:2d:b3:71:48:22:
         99:dc:8a:2c:d5:ec:ba:bd:1d:75:3f:14:9f:82:6d:b1:de:d4:
         24:c2:08:47:55:25:12:99:d7:b8:f9:99:f9:e4:09:a5:5e:fb:
         c0:3e:6a:88:d4:6d:d4:62:51:2c:2f:52:55:03:15:eb:53:ad:
         8d:26:c0:bb:6e:2f:ba:84:e1:60:0e:d5:a0:35:56:7e:e3:04:
         3b:b7:c6:82:6d:80:5a:40:5f:ac:10:fc:cd:db:11:fc:4e:4a:
         a4:81:a1:95:8c:27:d6:95:14:a6:c1:20:4a:f5:ff:cb:d1:0f:
         1c:e9:6c:07:33:3b:5b:dc:95:e1:5b:09:88:92:19:a5:9d:c5:
         9f:a5:be:b5:89:f0:1a:f0:95:92:83:3d:ee:13:d5:3f:27:dc:
         ea:8d:fd:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3DYy8U5O84glEIZicnMXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmMjJjMDg0OGQzMDU5ZTVhZTU1ZjY4YzA3MDc5Y2I5YTky
YzI3OWUwHhcNMjQwMTAxMTYyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDAxOGIzMTgzNjljZWM1Y2VkM2M0NzczYWQwZmViZmZiNTliNTQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAteLLM4vnCTkDt9/xWm3KoTw7qyS9
TMDzGm1s/xAXUefVgzuf96SugoUNAAuB9MPan7CisTF8mV3nPMayUF/gFTscs+ov
ZgSj6DrFgdHrLl5qC9XsS9ON9d6mvm5K1cHXkagBGf7Dnu0rBBVSgaSDojjgdqyU
qZX/wfjpB6ZkwU2opUCRCwHTcVi05nggvEcCoLPUp70sTc1QPc8o+mZHvqrd6brC
6+K6oUDFXiUpgCSpS/ncJcwSV3ZM2AuoAD9232V/yDmgm8vyZuHtmjsEwENLxkx+
IjbQY6+N+ch0zQQVNvb2s5Mdhr6HJG9SYnYt4FKC/IVuFWP2MwURrieaQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA0BizGDac7FztPEdzrQ/r/7WbVEMB8GA1UdIwQY
MBaAFB8iwISNMFnlrlX2jAcHnLmpLCeeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHlMQWhJMHdXZVd1VmZhTUJ3ZWN1YWtzSjU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS9jMTA5MTEtNDAyMi00NmZiLTkyMTQt
N2M2ODU3NjQ4NjY2LzEvRFFHTE1ZTnB6c1hPMDhSM090RC12X3RadFVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS9jMTA5MTEtNDAyMi00NmZiLTkyMTQtN2M2ODU3NjQ4NjY2
LzEvSHlMQWhJMHdXZVd1VmZhTUJ3ZWN1YWtzSjU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCw1AoMA0G
CSqGSIb3DQEBCwUAA4IBAQAnlat17cFTSCnZniqK1EGINHbaMPzl73liT/07YaC7
Ij6DljPk2RrbP/oRaS/tYze87XD8KjdOK94qnT/MpMDTltPqH56B2Sx29R6ANRtt
pjcRDwb/TGLcEYgsOb2LlaNPJeRPQfRRLbNxSCKZ3Ios1ey6vR11PxSfgm2x3tQk
wghHVSUSmde4+Zn55AmlXvvAPmqI1G3UYlEsL1JVAxXrU62NJsC7bi+6hOFgDtWg
NVZ+4wQ7t8aCbYBaQF+sEPzN2xH8TkqkgaGVjCfWlRSmwSBK9f/L0Q8c6WwHMztb
3JXhWwmIkhmlncWfpb61ifAa8JWSgz3uE9U/J9zqjf3X
-----END CERTIFICATE-----