Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/6c06c9-3f46-4658-ae89-9bf226402fd4/1/qZsOyKtTgekRA0jTE3eI_fdS3z8.roa
File:                     qZsOyKtTgekRA0jTE3eI_fdS3z8.roa (raw, json)
Hash identifier:          Xy9+4WsS7nz6XKIr80xb/uFsCgOW8apynmBj3gNchYc=
Subject key identifier:   A9:9B:0E:C8:AB:53:81:E9:11:03:48:D3:13:77:88:FD:F7:52:DF:3F
Certificate issuer:       /CN=a91fe2672c8f1c12b27ada0fccbaa7c212cbd71c
Certificate serial:       018CC3B68232B003A81A3FBC2925145B3725
Authority key identifier: A9:1F:E2:67:2C:8F:1C:12:B2:7A:DA:0F:CC:BA:A7:C2:12:CB:D7:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qR_iZyyPHBKyetoPzLqnwhLL1xw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/6c06c9-3f46-4658-ae89-9bf226402fd4/1/qZsOyKtTgekRA0jTE3eI_fdS3z8.roa
Signing time:             Mon 01 Jan 2024 06:29:27 +0000
ROA not before:           Mon 01 Jan 2024 06:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50133
IP address blocks:        185.182.40.0/22 maxlen: 24
                          109.71.128.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/6c06c9-3f46-4658-ae89-9bf226402fd4/1/qR_iZyyPHBKyetoPzLqnwhLL1xw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/6c06c9-3f46-4658-ae89-9bf226402fd4/1/qR_iZyyPHBKyetoPzLqnwhLL1xw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qR_iZyyPHBKyetoPzLqnwhLL1xw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 00:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:82:32:b0:03:a8:1a:3f:bc:29:25:14:5b:37:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a91fe2672c8f1c12b27ada0fccbaa7c212cbd71c
        Validity
            Not Before: Jan  1 06:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a99b0ec8ab5381e9110348d3137788fdf752df3f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:0b:d5:63:cb:1c:ae:56:fc:ad:20:8c:02:f3:
                    b0:c4:a2:3b:93:fa:59:29:59:f4:a8:7c:4f:ec:5d:
                    b6:71:51:30:1a:96:05:21:59:45:88:08:79:3d:a9:
                    20:e0:c8:ac:5c:2b:99:e0:6b:76:ed:09:2c:da:5d:
                    cb:e4:96:a2:11:7e:40:44:d1:7a:c3:32:17:60:c4:
                    ab:99:23:b3:a7:3b:c2:69:35:b2:62:04:c4:62:8d:
                    36:42:cd:9b:8d:4e:31:c5:19:20:de:a0:e6:17:ea:
                    15:ef:32:6f:fa:5d:93:7c:d2:4f:13:91:85:a5:46:
                    6e:88:37:52:7d:2d:e1:b9:23:89:5e:98:f3:ab:23:
                    8b:a5:be:48:d4:b3:71:4a:22:41:2a:46:dc:c4:3f:
                    37:58:c2:82:98:9f:07:67:08:32:d9:d6:7e:00:f6:
                    fd:61:e9:4c:d0:0c:e0:a1:30:cf:b2:40:99:fd:97:
                    5b:b6:92:32:20:b2:4d:cb:5e:28:60:c8:70:3b:75:
                    dc:58:9a:2e:71:08:7c:c0:3f:47:87:ce:7c:e8:36:
                    24:1c:e5:7c:9a:6e:22:8b:fa:60:16:5e:6b:4b:2c:
                    a9:12:c9:fd:fb:3d:ba:76:58:24:3b:33:63:6d:d5:
                    5c:94:5a:82:45:29:fe:14:f8:06:b7:b9:cb:a8:33:
                    54:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:9B:0E:C8:AB:53:81:E9:11:03:48:D3:13:77:88:FD:F7:52:DF:3F
            X509v3 Authority Key Identifier:
                keyid:A9:1F:E2:67:2C:8F:1C:12:B2:7A:DA:0F:CC:BA:A7:C2:12:CB:D7:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qR_iZyyPHBKyetoPzLqnwhLL1xw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/6c06c9-3f46-4658-ae89-9bf226402fd4/1/qZsOyKtTgekRA0jTE3eI_fdS3z8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/6c06c9-3f46-4658-ae89-9bf226402fd4/1/qR_iZyyPHBKyetoPzLqnwhLL1xw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.71.128.0/21
                  185.182.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0a:09:e6:d7:92:58:8e:9f:95:fc:74:8c:64:8e:e2:60:20:cd:
         78:6e:58:6d:5a:86:49:79:f7:c5:4a:3d:3f:42:90:63:db:c3:
         ef:af:23:2f:bf:cd:59:54:0b:39:24:c4:88:40:e4:61:a7:0d:
         f4:11:08:12:c1:1d:13:2a:e3:87:a1:d9:ee:f7:d8:8a:41:f9:
         9c:c6:a1:85:ae:40:40:07:77:b4:7c:6c:bb:f3:c5:bb:d2:19:
         e1:dc:4f:c2:b3:71:d2:56:73:9c:7b:89:2f:dc:82:11:78:20:
         d5:16:57:45:64:b4:2e:e1:78:01:93:d8:b7:63:ed:b9:c5:48:
         97:be:29:46:d7:87:18:d6:bb:66:bd:7e:54:b1:23:f0:1a:4f:
         00:4a:af:38:fa:47:17:da:db:72:3a:e9:c9:26:b6:62:fb:88:
         2b:4b:c5:0a:7d:2e:fc:cf:ca:e1:13:b5:10:12:dc:88:25:9c:
         12:e9:7f:58:e3:9f:20:fb:60:87:b9:42:8b:07:b6:ae:e6:e3:
         5c:b3:06:cd:01:8b:b9:08:72:b4:bf:8e:8d:b7:cf:ae:cc:64:
         63:90:53:c1:9a:f9:28:46:06:a0:fc:94:67:9f:6d:fe:c4:1e:
         5c:e1:f5:e6:f9:eb:d9:13:bd:90:d6:ce:c9:d4:ad:e6:56:39:
         9a:17:99:80
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDtoIysAOoGj+8KSUUWzclMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5MWZlMjY3MmM4ZjFjMTJiMjdhZGEwZmNjYmFhN2MyMTJj
YmQ3MWMwHhcNMjQwMTAxMDYyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTliMGVjOGFiNTM4MWU5MTEwMzQ4ZDMxMzc3ODhmZGY3NTJkZjNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxQvVY8scrlb8rSCMAvOwxKI7k/pZ
KVn0qHxP7F22cVEwGpYFIVlFiAh5Pakg4MisXCuZ4Gt27Qks2l3L5JaiEX5ARNF6
wzIXYMSrmSOzpzvCaTWyYgTEYo02Qs2bjU4xxRkg3qDmF+oV7zJv+l2TfNJPE5GF
pUZuiDdSfS3huSOJXpjzqyOLpb5I1LNxSiJBKkbcxD83WMKCmJ8HZwgy2dZ+APb9
YelM0AzgoTDPskCZ/ZdbtpIyILJNy14oYMhwO3XcWJoucQh8wD9Hh8586DYkHOV8
mm4ii/pgFl5rSyypEsn9+z26dlgkOzNjbdVclFqCRSn+FPgGt7nLqDNUtwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKmbDsirU4HpEQNI0xN3iP33Ut8/MB8GA1UdIwQY
MBaAFKkf4mcsjxwSsnraD8y6p8ISy9ccMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcVJfaVp5eVBIQkt5ZXRvUHpMcW53aExMMXh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS82YzA2YzktM2Y0Ni00NjU4LWFlODkt
OWJmMjI2NDAyZmQ0LzEvcVpzT3lLdFRnZWtSQTBqVEUzZUlfZmRTM3o4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS82YzA2YzktM2Y0Ni00NjU4LWFlODktOWJmMjI2NDAyZmQ0
LzEvcVJfaVp5eVBIQkt5ZXRvUHpMcW53aExMMXh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDbUeAAwQC
ubYoMA0GCSqGSIb3DQEBCwUAA4IBAQAKCebXkliOn5X8dIxkjuJgIM14blhtWoZJ
effFSj0/QpBj28PvryMvv81ZVAs5JMSIQORhpw30EQgSwR0TKuOHodnu99iKQfmc
xqGFrkBAB3e0fGy788W70hnh3E/Cs3HSVnOce4kv3IIReCDVFldFZLQu4XgBk9i3
Y+25xUiXvilG14cY1rtmvX5UsSPwGk8ASq84+kcX2ttyOunJJrZi+4grS8UKfS78
z8rhE7UQEtyIJZwS6X9Y458g+2CHuUKLB7au5uNcswbNAYu5CHK0v46Nt8+uzGRj
kFPBmvkoRgag/JRnn23+xB5c4fXm+evZE72Q1s7J1K3mVjmaF5mA
-----END CERTIFICATE-----