Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/36d6e4-8d77-48d5-afb6-e0ac7263db12/1/fqo7HkVJJwmlEsTn9r6pCLVTWAE.roa
File:                     fqo7HkVJJwmlEsTn9r6pCLVTWAE.roa (raw, json)
Hash identifier:          R0dCU60kvksUiBAV5xMILOor6WJ1ok8PqoqowEFx/dM=
Subject key identifier:   7E:AA:3B:1E:45:49:27:09:A5:12:C4:E7:F6:BE:A9:08:B5:53:58:01
Certificate issuer:       /CN=3de2681dda00702a7597a71257e14f7a725e890e
Certificate serial:       018CC5DC0A0022807F34B3971A2F9B81CC84
Authority key identifier: 3D:E2:68:1D:DA:00:70:2A:75:97:A7:12:57:E1:4F:7A:72:5E:89:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PeJoHdoAcCp1l6cSV-FPenJeiQ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/36d6e4-8d77-48d5-afb6-e0ac7263db12/1/fqo7HkVJJwmlEsTn9r6pCLVTWAE.roa
Signing time:             Mon 01 Jan 2024 16:29:41 +0000
ROA not before:           Mon 01 Jan 2024 16:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15830
IP address blocks:        145.43.244.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/36d6e4-8d77-48d5-afb6-e0ac7263db12/1/PeJoHdoAcCp1l6cSV-FPenJeiQ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/36d6e4-8d77-48d5-afb6-e0ac7263db12/1/PeJoHdoAcCp1l6cSV-FPenJeiQ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PeJoHdoAcCp1l6cSV-FPenJeiQ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 20:58:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:0a:00:22:80:7f:34:b3:97:1a:2f:9b:81:cc:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3de2681dda00702a7597a71257e14f7a725e890e
        Validity
            Not Before: Jan  1 16:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7eaa3b1e45492709a512c4e7f6bea908b5535801
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:d2:b1:c2:32:12:ad:14:d1:84:95:20:98:29:
                    90:93:2f:b8:0e:0c:4f:97:5f:f3:61:dd:c8:e6:86:
                    d6:06:84:26:55:b6:8d:ec:8d:ac:28:a6:1b:c8:dc:
                    f1:22:22:35:35:42:6a:8d:71:ac:93:10:ac:99:3d:
                    cc:6c:4c:4e:be:24:61:e6:25:2a:6e:e4:b1:3d:e6:
                    78:3a:cf:71:de:02:6e:1e:e0:ca:20:8f:5c:33:0a:
                    86:6e:f3:2d:0a:3d:68:d6:9e:d2:86:be:0e:75:fb:
                    86:16:e3:64:13:db:d3:f1:4b:c3:60:81:c6:ff:01:
                    c5:25:49:14:b5:0b:fd:06:b3:1f:d2:51:13:92:de:
                    fc:13:b0:fd:7f:e3:94:e7:00:4e:74:af:ef:d5:d1:
                    4d:3a:5c:5c:9e:43:73:d6:01:37:5d:12:9f:26:27:
                    47:67:d8:fb:97:ec:e9:64:f0:1d:db:82:8c:4f:b0:
                    8f:b1:a1:56:40:4e:1b:bd:fc:db:e9:f0:3e:af:3e:
                    bd:96:2f:f5:f8:5f:09:18:d9:f8:36:f2:24:fc:e3:
                    52:38:63:88:1a:26:84:91:5c:da:94:e1:6b:15:13:
                    1c:00:db:95:08:b2:cc:7a:83:a5:63:53:ff:30:3a:
                    70:e0:2f:9b:60:d5:29:4c:62:e5:63:36:5c:44:f6:
                    4b:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:AA:3B:1E:45:49:27:09:A5:12:C4:E7:F6:BE:A9:08:B5:53:58:01
            X509v3 Authority Key Identifier:
                keyid:3D:E2:68:1D:DA:00:70:2A:75:97:A7:12:57:E1:4F:7A:72:5E:89:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PeJoHdoAcCp1l6cSV-FPenJeiQ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/36d6e4-8d77-48d5-afb6-e0ac7263db12/1/fqo7HkVJJwmlEsTn9r6pCLVTWAE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/36d6e4-8d77-48d5-afb6-e0ac7263db12/1/PeJoHdoAcCp1l6cSV-FPenJeiQ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.43.244.0/22

    Signature Algorithm: sha256WithRSAEncryption
         01:12:6b:d1:6d:b1:6c:98:16:4d:43:30:f1:89:2c:76:9d:ca:
         ca:07:97:11:d1:aa:1d:96:a2:bd:c5:5f:3f:15:ed:ba:b1:64:
         2d:19:a9:e4:cb:84:33:67:07:df:1c:8f:49:be:51:4b:f7:7d:
         bb:85:f3:5a:69:9b:79:58:54:fd:67:28:4d:05:2c:c4:3d:d5:
         eb:85:e3:eb:26:75:aa:b8:7d:a3:7a:0c:f8:67:b1:ab:eb:d0:
         b6:61:71:b4:04:16:c6:f8:52:a7:dd:11:e3:56:82:0c:d8:5a:
         1b:d7:e8:4f:36:6e:89:57:2a:4a:d9:cf:d2:0b:83:46:81:f4:
         29:ee:97:95:a0:ac:98:09:1a:1b:1b:67:11:d0:6c:3e:2b:88:
         e3:56:f4:dd:4e:0a:d3:3f:98:10:7c:10:46:25:6d:4e:6c:66:
         f7:31:0c:f0:18:57:c9:00:a1:d5:aa:5c:d8:b4:a3:a8:7c:67:
         a2:36:70:76:0a:42:2f:7e:68:7b:a8:bb:06:ba:7a:fb:14:5a:
         0f:e3:40:95:7d:0d:fe:75:27:66:f9:9a:12:15:0e:65:3f:3d:
         db:fd:45:9f:98:15:6c:a9:59:64:7f:fd:a9:a3:0f:8d:da:f1:
         55:67:6f:64:ad:fe:67:50:0e:66:0d:d3:ca:e8:2f:da:9b:d9:
         37:2e:74:3b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3AoAIoB/NLOXGi+bgcyEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkZTI2ODFkZGEwMDcwMmE3NTk3YTcxMjU3ZTE0ZjdhNzI1
ZTg5MGUwHhcNMjQwMTAxMTYyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZWFhM2IxZTQ1NDkyNzA5YTUxMmM0ZTdmNmJlYTkwOGI1NTM1ODAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxNKxwjISrRTRhJUgmCmQky+4DgxP
l1/zYd3I5obWBoQmVbaN7I2sKKYbyNzxIiI1NUJqjXGskxCsmT3MbExOviRh5iUq
buSxPeZ4Os9x3gJuHuDKII9cMwqGbvMtCj1o1p7Shr4OdfuGFuNkE9vT8UvDYIHG
/wHFJUkUtQv9BrMf0lETkt78E7D9f+OU5wBOdK/v1dFNOlxcnkNz1gE3XRKfJidH
Z9j7l+zpZPAd24KMT7CPsaFWQE4bvfzb6fA+rz69li/1+F8JGNn4NvIk/ONSOGOI
GiaEkVzalOFrFRMcANuVCLLMeoOlY1P/MDpw4C+bYNUpTGLlYzZcRPZLdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH6qOx5FSScJpRLE5/a+qQi1U1gBMB8GA1UdIwQY
MBaAFD3iaB3aAHAqdZenElfhT3pyXokOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGVKb0hkb0FjQ3AxbDZjU1YtRlBlbkplaVE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS8zNmQ2ZTQtOGQ3Ny00OGQ1LWFmYjYt
ZTBhYzcyNjNkYjEyLzEvZnFvN0hrVkpKd21sRXNUbjlyNnBDTFZUV0FFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS8zNmQ2ZTQtOGQ3Ny00OGQ1LWFmYjYtZTBhYzcyNjNkYjEy
LzEvUGVKb0hkb0FjQ3AxbDZjU1YtRlBlbkplaVE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCkSv0MA0G
CSqGSIb3DQEBCwUAA4IBAQABEmvRbbFsmBZNQzDxiSx2ncrKB5cR0aodlqK9xV8/
Fe26sWQtGanky4QzZwffHI9JvlFL9327hfNaaZt5WFT9ZyhNBSzEPdXrhePrJnWq
uH2jegz4Z7Gr69C2YXG0BBbG+FKn3RHjVoIM2Fob1+hPNm6JVypK2c/SC4NGgfQp
7peVoKyYCRobG2cR0Gw+K4jjVvTdTgrTP5gQfBBGJW1ObGb3MQzwGFfJAKHVqlzY
tKOofGeiNnB2CkIvfmh7qLsGunr7FFoP40CVfQ3+dSdm+ZoSFQ5lPz3b/UWfmBVs
qVlkf/2pow+N2vFVZ29krf5nUA5mDdPK6C/am9k3LnQ7
-----END CERTIFICATE-----