Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/a27b39-8011-4142-86c2-cf83d6e40558/1/0qrM3yqA3oEFvheNd0n_v477POY.roa
File:                     0qrM3yqA3oEFvheNd0n_v477POY.roa (raw, json)
Hash identifier:          Yz4Fi0AIf55HgtvXw6RQMgelR1manPtu+PbTTJ5tZzw=
Subject key identifier:   D2:AA:CC:DF:2A:80:DE:81:05:BE:17:8D:77:49:FF:BF:8E:FB:3C:E6
Certificate issuer:       /CN=bda96d02a822f46253c2aee680441d5ac27c3df5
Certificate serial:       018DC8066A65770F15AA6065AE737C7B30C7
Authority key identifier: BD:A9:6D:02:A8:22:F4:62:53:C2:AE:E6:80:44:1D:5A:C2:7C:3D:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/valtAqgi9GJTwq7mgEQdWsJ8PfU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/a27b39-8011-4142-86c2-cf83d6e40558/1/0qrM3yqA3oEFvheNd0n_v477POY.roa
Signing time:             Tue 20 Feb 2024 19:38:00 +0000
ROA not before:           Tue 20 Feb 2024 19:38:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42831
IP address blocks:        141.138.224.0/24 maxlen: 24
                          2a00:10e8:100::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/a27b39-8011-4142-86c2-cf83d6e40558/1/valtAqgi9GJTwq7mgEQdWsJ8PfU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/a27b39-8011-4142-86c2-cf83d6e40558/1/valtAqgi9GJTwq7mgEQdWsJ8PfU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/valtAqgi9GJTwq7mgEQdWsJ8PfU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c8:06:6a:65:77:0f:15:aa:60:65:ae:73:7c:7b:30:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bda96d02a822f46253c2aee680441d5ac27c3df5
        Validity
            Not Before: Feb 20 19:38:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d2aaccdf2a80de8105be178d7749ffbf8efb3ce6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:28:b2:c5:9d:75:5d:b0:80:00:83:4c:24:d3:
                    71:27:f1:eb:56:8b:a1:1b:eb:c2:51:04:4a:db:80:
                    07:9a:cf:9f:27:27:62:60:8d:92:1a:3b:e1:53:52:
                    2f:72:e4:9e:89:ff:53:a6:cf:20:5c:b2:ad:3b:e6:
                    6c:06:f5:81:d4:d6:f3:11:81:bb:72:c7:54:98:8d:
                    d0:4a:6c:99:6f:05:80:79:b6:60:6e:dc:ef:b9:09:
                    23:78:57:b9:03:ec:3a:b8:96:f4:f3:81:24:de:c1:
                    e6:2a:61:e2:41:2d:43:d3:06:f1:5f:85:e9:b7:76:
                    a8:e9:e5:2a:9e:24:7d:07:59:a9:30:a7:fb:17:dd:
                    a3:18:02:77:17:fe:63:76:8d:da:96:4e:4e:2e:64:
                    54:0e:3b:f8:81:9b:fc:ee:7b:6e:64:ab:3f:ce:6f:
                    74:46:ae:8f:aa:0b:d3:ee:c2:f2:c9:82:5d:f3:8b:
                    cc:f9:5a:6e:28:96:55:b4:f4:4a:a6:68:b0:53:8c:
                    a4:99:be:f2:19:cd:c5:e1:f3:94:28:5c:a7:2a:43:
                    e3:3f:1c:ed:fb:92:6d:ae:51:6d:1d:90:43:d6:6d:
                    a7:59:9d:ab:34:6e:f5:90:6e:fb:52:17:e0:86:0d:
                    71:8c:7d:8b:31:13:79:95:7f:fa:1e:15:86:8c:53:
                    6c:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:AA:CC:DF:2A:80:DE:81:05:BE:17:8D:77:49:FF:BF:8E:FB:3C:E6
            X509v3 Authority Key Identifier:
                keyid:BD:A9:6D:02:A8:22:F4:62:53:C2:AE:E6:80:44:1D:5A:C2:7C:3D:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/valtAqgi9GJTwq7mgEQdWsJ8PfU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/a27b39-8011-4142-86c2-cf83d6e40558/1/0qrM3yqA3oEFvheNd0n_v477POY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/a27b39-8011-4142-86c2-cf83d6e40558/1/valtAqgi9GJTwq7mgEQdWsJ8PfU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.138.224.0/24
                IPv6:
                  2a00:10e8:100::/48

    Signature Algorithm: sha256WithRSAEncryption
         57:90:a9:20:e0:e2:a3:65:78:47:19:b3:2a:bf:c0:51:4f:e5:
         89:e2:10:0c:4d:78:ba:35:2f:7d:d9:c7:9a:d3:59:64:e1:9a:
         da:fb:e7:10:88:29:1b:44:9d:30:74:a2:1f:bb:51:e1:5e:00:
         0a:89:fa:ad:e6:fe:c9:1f:17:18:27:04:05:6b:1e:15:81:fe:
         5c:1e:a8:d1:d9:95:d2:7b:a7:b5:15:8f:7f:20:49:d0:a9:8c:
         15:57:ea:ea:28:52:cc:25:f5:82:fc:56:c9:16:e1:5a:98:24:
         e3:35:a1:da:dc:e8:43:80:7c:df:a5:91:68:f8:14:1a:2c:f7:
         bf:a8:ad:40:56:87:cb:e7:55:f2:d6:54:f6:72:38:72:35:cc:
         b6:9b:78:e8:5d:f0:24:76:45:b3:6c:6c:12:05:6f:ec:b8:15:
         fe:1c:4b:dd:07:74:f6:f9:2e:c3:d8:c5:de:cd:e0:69:12:7b:
         67:11:96:0d:cd:fe:96:53:13:3f:58:cc:20:29:b2:cd:79:a9:
         6c:b3:81:ae:ba:25:13:c9:77:6f:9e:30:6c:0c:b6:69:c5:42:
         30:45:da:77:fd:8c:0c:c0:7c:77:e9:21:77:95:78:f1:a1:e6:
         a8:60:ee:fb:a6:7a:f3:3d:8b:4e:b6:32:0b:28:3d:75:f6:21:
         e1:26:f5:63
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY3IBmpldw8VqmBlrnN8ezDHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkYTk2ZDAyYTgyMmY0NjI1M2MyYWVlNjgwNDQxZDVhYzI3
YzNkZjUwHhcNMjQwMjIwMTkzODAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmFhY2NkZjJhODBkZTgxMDViZTE3OGQ3NzQ5ZmZiZjhlZmIzY2U2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApyiyxZ11XbCAAINMJNNxJ/HrVouh
G+vCUQRK24AHms+fJydiYI2SGjvhU1IvcuSeif9Tps8gXLKtO+ZsBvWB1NbzEYG7
csdUmI3QSmyZbwWAebZgbtzvuQkjeFe5A+w6uJb084Ek3sHmKmHiQS1D0wbxX4Xp
t3ao6eUqniR9B1mpMKf7F92jGAJ3F/5jdo3alk5OLmRUDjv4gZv87ntuZKs/zm90
Rq6PqgvT7sLyyYJd84vM+VpuKJZVtPRKpmiwU4ykmb7yGc3F4fOUKFynKkPjPxzt
+5JtrlFtHZBD1m2nWZ2rNG71kG77Uhfghg1xjH2LMRN5lX/6HhWGjFNsVQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNKqzN8qgN6BBb4XjXdJ/7+O+zzmMB8GA1UdIwQY
MBaAFL2pbQKoIvRiU8Ku5oBEHVrCfD31MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmFsdEFxZ2k5R0pUd3E3bWdFUWRXc0o4UGZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi9hMjdiMzktODAxMS00MTQyLTg2YzIt
Y2Y4M2Q2ZTQwNTU4LzEvMHFyTTN5cUEzb0VGdmhlTmQwbl92NDc3UE9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi9hMjdiMzktODAxMS00MTQyLTg2YzItY2Y4M2Q2ZTQwNTU4
LzEvdmFsdEFxZ2k5R0pUd3E3bWdFUWRXc0o4UGZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAjYrgMA8E
AgACMAkDBwAqABDoAQAwDQYJKoZIhvcNAQELBQADggEBAFeQqSDg4qNleEcZsyq/
wFFP5YniEAxNeLo1L33Zx5rTWWThmtr75xCIKRtEnTB0oh+7UeFeAAqJ+q3m/skf
FxgnBAVrHhWB/lweqNHZldJ7p7UVj38gSdCpjBVX6uooUswl9YL8VskW4VqYJOM1
odrc6EOAfN+lkWj4FBos97+orUBWh8vnVfLWVPZyOHI1zLabeOhd8CR2RbNsbBIF
b+y4Ff4cS90HdPb5LsPYxd7N4GkSe2cRlg3N/pZTEz9YzCApss15qWyzga66JRPJ
d2+eMGwMtmnFQjBF2nf9jAzAfHfpIXeVePGh5qhg7vumevM9i062MgsoPXX2IeEm
9WM=
-----END CERTIFICATE-----