Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/3f7e56-0916-47ac-8586-a9388f31b47e/1/qqax0ZTNG9tSfdV7qUPWsgclcq0.roa
File:                     qqax0ZTNG9tSfdV7qUPWsgclcq0.roa (raw, json)
Hash identifier:          unUMSF4KnqgjuYsW9QglGkCYb3OEQlBYydqSyLWqdkQ=
Subject key identifier:   AA:A6:B1:D1:94:CD:1B:DB:52:7D:D5:7B:A9:43:D6:B2:07:25:72:AD
Certificate issuer:       /CN=3cd37ec23719b2f142f46e6f3317664034adf598
Certificate serial:       018D98F47B00A2371A404DAA3C41C239705F
Authority key identifier: 3C:D3:7E:C2:37:19:B2:F1:42:F4:6E:6F:33:17:66:40:34:AD:F5:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PNN-wjcZsvFC9G5vMxdmQDSt9Zg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/3f7e56-0916-47ac-8586-a9388f31b47e/1/qqax0ZTNG9tSfdV7qUPWsgclcq0.roa
Signing time:             Sun 11 Feb 2024 16:16:15 +0000
ROA not before:           Sun 11 Feb 2024 16:16:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216054
IP address blocks:        185.83.182.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/3f7e56-0916-47ac-8586-a9388f31b47e/1/PNN-wjcZsvFC9G5vMxdmQDSt9Zg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/3f7e56-0916-47ac-8586-a9388f31b47e/1/PNN-wjcZsvFC9G5vMxdmQDSt9Zg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PNN-wjcZsvFC9G5vMxdmQDSt9Zg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 23:23:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:98:f4:7b:00:a2:37:1a:40:4d:aa:3c:41:c2:39:70:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3cd37ec23719b2f142f46e6f3317664034adf598
        Validity
            Not Before: Feb 11 16:16:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aaa6b1d194cd1bdb527dd57ba943d6b2072572ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:e1:bd:7b:47:24:62:8a:5a:8f:92:30:fa:99:
                    26:f8:b3:76:56:9d:d2:f1:85:6d:a2:78:0c:a8:80:
                    4c:a4:70:c6:a9:90:9a:02:24:5c:f0:c4:3a:dd:2b:
                    ef:d5:39:e8:f6:d7:c9:5a:29:8e:f7:6d:34:92:2e:
                    94:4e:6d:32:7c:f1:89:05:bd:74:09:04:50:41:be:
                    bf:55:24:67:62:eb:28:6d:65:9f:eb:7c:54:82:9a:
                    27:90:f2:a5:1e:9b:c6:aa:9f:2b:a9:69:16:ee:74:
                    ba:ea:ef:37:ca:69:b7:f8:de:de:3c:7a:fe:be:32:
                    74:65:15:83:79:57:22:e1:5a:e7:65:27:11:b4:d8:
                    44:16:99:1c:60:2b:6b:53:72:3e:f2:b8:f1:70:73:
                    e4:8b:66:e5:80:d0:86:9e:07:e5:d1:36:d9:c3:2c:
                    e8:40:ce:c6:85:40:2b:20:bb:52:d8:3f:83:64:e6:
                    83:ed:87:dc:c3:9c:b3:3c:b2:35:7d:d9:f6:95:b1:
                    b7:bd:5d:bf:7b:01:df:42:19:ae:47:f7:90:21:78:
                    a0:aa:01:7f:2f:28:89:a9:8e:5f:13:12:54:ec:c4:
                    46:98:1a:42:a9:cc:03:d7:59:a7:a1:e1:8f:b1:02:
                    3d:c5:f9:44:3b:51:df:c9:0b:ca:58:e5:d2:9c:23:
                    b2:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:A6:B1:D1:94:CD:1B:DB:52:7D:D5:7B:A9:43:D6:B2:07:25:72:AD
            X509v3 Authority Key Identifier:
                keyid:3C:D3:7E:C2:37:19:B2:F1:42:F4:6E:6F:33:17:66:40:34:AD:F5:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PNN-wjcZsvFC9G5vMxdmQDSt9Zg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/3f7e56-0916-47ac-8586-a9388f31b47e/1/qqax0ZTNG9tSfdV7qUPWsgclcq0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/3f7e56-0916-47ac-8586-a9388f31b47e/1/PNN-wjcZsvFC9G5vMxdmQDSt9Zg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.83.182.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:51:08:fd:89:5f:18:29:4b:f2:b8:85:a9:a7:eb:81:e9:6e:
         b4:19:08:15:a1:b2:7c:58:16:82:fb:cc:1d:be:19:13:ed:f2:
         e6:10:12:fb:ec:ec:f0:c2:2f:36:ab:69:5b:1a:ac:b6:d3:92:
         08:b1:a1:17:98:61:75:ef:f6:6c:b6:7b:77:0d:07:42:ba:02:
         48:9d:42:80:84:95:74:be:c9:8e:e6:71:3c:3a:21:b2:17:31:
         a3:57:e3:c4:90:c5:7b:d2:3a:c5:7f:59:ea:e0:cd:df:80:16:
         90:86:db:75:6a:7b:a4:eb:c5:66:fd:a6:2c:1a:ee:4d:1b:cf:
         2e:fb:bb:40:06:11:ec:4b:76:a6:92:84:35:72:f2:6c:4d:7e:
         79:1f:30:70:1f:f5:e3:f9:41:22:8c:d7:ce:03:70:77:41:b3:
         8f:6d:82:25:dd:73:39:18:41:74:29:e1:b3:52:16:34:4e:39:
         d3:30:4a:55:e2:32:92:36:e5:8f:ab:f7:54:01:c7:c7:a8:26:
         0b:71:02:8c:9c:ae:fb:25:8f:86:bd:b9:2e:f0:58:70:9e:3b:
         2d:6e:0d:5c:6a:52:ac:e8:b4:cd:cf:c6:31:9a:77:83:ec:ca:
         3d:c3:52:01:7c:20:d8:a1:0c:20:98:b8:d0:2f:27:12:d9:16:
         79:43:a4:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2Y9HsAojcaQE2qPEHCOXBfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjZDM3ZWMyMzcxOWIyZjE0MmY0NmU2ZjMzMTc2NjQwMzRh
ZGY1OTgwHhcNMjQwMjExMTYxNjE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYWE2YjFkMTk0Y2QxYmRiNTI3ZGQ1N2JhOTQzZDZiMjA3MjU3MmFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjOG9e0ckYopaj5Iw+pkm+LN2Vp3S
8YVtongMqIBMpHDGqZCaAiRc8MQ63Svv1Tno9tfJWimO9200ki6UTm0yfPGJBb10
CQRQQb6/VSRnYusobWWf63xUgponkPKlHpvGqp8rqWkW7nS66u83ymm3+N7ePHr+
vjJ0ZRWDeVci4VrnZScRtNhEFpkcYCtrU3I+8rjxcHPki2blgNCGngfl0TbZwyzo
QM7GhUArILtS2D+DZOaD7Yfcw5yzPLI1fdn2lbG3vV2/ewHfQhmuR/eQIXigqgF/
LyiJqY5fExJU7MRGmBpCqcwD11mnoeGPsQI9xflEO1HfyQvKWOXSnCOyAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKqmsdGUzRvbUn3Ve6lD1rIHJXKtMB8GA1UdIwQY
MBaAFDzTfsI3GbLxQvRubzMXZkA0rfWYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUE5OLXdqY1pzdkZDOUc1dk14ZG1RRFN0OVpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS8zZjdlNTYtMDkxNi00N2FjLTg1ODYt
YTkzODhmMzFiNDdlLzEvcXFheDBaVE5HOXRTZmRWN3FVUFdzZ2NsY3EwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS8zZjdlNTYtMDkxNi00N2FjLTg1ODYtYTkzODhmMzFiNDdl
LzEvUE5OLXdqY1pzdkZDOUc1dk14ZG1RRFN0OVpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVO2MA0G
CSqGSIb3DQEBCwUAA4IBAQAsUQj9iV8YKUvyuIWpp+uB6W60GQgVobJ8WBaC+8wd
vhkT7fLmEBL77Ozwwi82q2lbGqy205IIsaEXmGF17/Zstnt3DQdCugJInUKAhJV0
vsmO5nE8OiGyFzGjV+PEkMV70jrFf1nq4M3fgBaQhtt1anuk68Vm/aYsGu5NG88u
+7tABhHsS3amkoQ1cvJsTX55HzBwH/Xj+UEijNfOA3B3QbOPbYIl3XM5GEF0KeGz
UhY0TjnTMEpV4jKSNuWPq/dUAcfHqCYLcQKMnK77JY+Gvbku8Fhwnjstbg1calKs
6LTNz8YxmneD7Mo9w1IBfCDYoQwgmLjQLycS2RZ5Q6T0
-----END CERTIFICATE-----