Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/QZJnuQyac489RFoA9bz22jWa7LE.roa
File:                     QZJnuQyac489RFoA9bz22jWa7LE.roa (raw, json)
Hash identifier:          56gWm2m7HDC2eg4k9U+VPnDTYX4/gekWV/vqFBmnG94=
Subject key identifier:   41:92:67:B9:0C:9A:73:8F:3D:44:5A:00:F5:BC:F6:DA:35:9A:EC:B1
Certificate issuer:       /CN=28fd66e43a104633b27bac539b98bdf8ebfac9ae
Certificate serial:       018CD16CF7B8D81B9E0539D4DC5CF109AA5B
Authority key identifier: 28:FD:66:E4:3A:10:46:33:B2:7B:AC:53:9B:98:BD:F8:EB:FA:C9:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KP1m5DoQRjOye6xTm5i9-Ov6ya4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/QZJnuQyac489RFoA9bz22jWa7LE.roa
Signing time:             Wed 03 Jan 2024 22:23:48 +0000
ROA not before:           Wed 03 Jan 2024 22:23:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210574
IP address blocks:        2.59.117.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/KP1m5DoQRjOye6xTm5i9-Ov6ya4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/KP1m5DoQRjOye6xTm5i9-Ov6ya4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KP1m5DoQRjOye6xTm5i9-Ov6ya4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 01:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:d1:6c:f7:b8:d8:1b:9e:05:39:d4:dc:5c:f1:09:aa:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28fd66e43a104633b27bac539b98bdf8ebfac9ae
        Validity
            Not Before: Jan  3 22:23:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=419267b90c9a738f3d445a00f5bcf6da359aecb1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:bb:39:ac:03:32:2c:5b:22:31:2e:96:33:0c:
                    78:93:24:ff:59:80:a8:5a:31:7d:a8:41:74:f4:45:
                    cd:05:38:78:b9:6d:77:40:4c:d0:41:81:e6:0c:4f:
                    ab:35:57:8b:86:39:0b:89:56:b0:7c:27:88:12:70:
                    c6:9b:b1:39:26:28:90:85:b0:57:a5:8e:3d:e9:2d:
                    05:61:aa:4b:9f:77:d0:55:a7:b1:0c:ff:dd:e9:2c:
                    65:b3:6f:70:25:41:4f:07:3f:aa:5c:9c:6c:35:02:
                    0d:0e:4e:b6:ec:d9:6d:53:ad:e9:69:00:f6:a7:c1:
                    2a:a2:a1:a2:8c:22:79:8b:7a:ba:02:7a:67:38:63:
                    62:2b:f3:a9:6b:a5:39:83:8c:81:a1:7e:51:09:21:
                    0f:40:4a:20:59:13:33:7d:8b:d6:a9:ca:6a:29:d0:
                    13:2a:85:a4:a9:0a:37:ee:42:bd:e5:38:0f:f7:fb:
                    9f:3b:8f:63:ab:86:f5:07:4f:2e:b6:a8:3b:ec:3c:
                    57:10:cf:ff:a0:07:5f:f3:70:16:de:4a:bd:2e:bf:
                    97:2c:0d:8f:7a:0a:54:73:ee:10:0e:30:49:58:40:
                    81:43:ef:af:3c:87:fc:f2:d2:20:76:ce:41:97:80:
                    fc:61:6d:23:0a:ca:cd:ca:5f:c3:be:0c:c5:93:ff:
                    2c:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:92:67:B9:0C:9A:73:8F:3D:44:5A:00:F5:BC:F6:DA:35:9A:EC:B1
            X509v3 Authority Key Identifier:
                keyid:28:FD:66:E4:3A:10:46:33:B2:7B:AC:53:9B:98:BD:F8:EB:FA:C9:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KP1m5DoQRjOye6xTm5i9-Ov6ya4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/QZJnuQyac489RFoA9bz22jWa7LE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/KP1m5DoQRjOye6xTm5i9-Ov6ya4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:3e:12:28:2f:d1:51:67:19:45:4b:5f:61:f0:e9:53:89:4e:
         5c:46:ad:8b:1c:37:50:96:64:f1:22:c3:4f:e1:59:0f:d0:f8:
         30:11:5c:2d:40:16:53:4d:f7:36:51:ea:72:c2:7d:6b:a0:bc:
         39:05:53:36:69:b4:2a:c3:2b:d3:ba:1f:65:fa:ce:51:a8:fc:
         29:72:27:77:dd:7e:30:9f:dd:40:56:5e:0b:c8:e1:7b:61:48:
         e4:ac:ba:4b:85:2d:15:17:68:7d:fd:23:8b:a1:3c:75:40:45:
         25:35:cc:73:0e:bc:90:53:51:ca:71:11:14:b2:91:4e:1c:27:
         4c:36:23:ce:b7:17:71:72:99:85:69:80:91:ad:a3:63:1a:52:
         f9:2a:dd:24:2f:1b:08:09:53:5c:de:11:f7:40:3d:83:9b:21:
         9a:01:4c:56:ea:b2:b3:69:a9:3e:6a:26:12:76:de:e6:75:3a:
         bc:54:88:96:dd:77:af:83:39:78:8f:32:64:60:e1:70:e5:8f:
         3d:0e:66:41:45:7e:39:f5:a0:89:d5:ab:9e:2d:83:3d:6c:46:
         3e:c8:d2:c5:8b:91:43:f7:1d:31:71:17:c6:bb:b6:f3:19:a2:
         6b:6f:82:2f:74:d2:5d:73:d7:7d:d6:b4:12:0d:5a:b8:73:d5:
         ad:07:1c:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzRbPe42BueBTnU3FzxCapbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4ZmQ2NmU0M2ExMDQ2MzNiMjdiYWM1MzliOThiZGY4ZWJm
YWM5YWUwHhcNMjQwMTAzMjIyMzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTkyNjdiOTBjOWE3MzhmM2Q0NDVhMDBmNWJjZjZkYTM1OWFlY2IxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmLs5rAMyLFsiMS6WMwx4kyT/WYCo
WjF9qEF09EXNBTh4uW13QEzQQYHmDE+rNVeLhjkLiVawfCeIEnDGm7E5JiiQhbBX
pY496S0FYapLn3fQVaexDP/d6Sxls29wJUFPBz+qXJxsNQINDk627NltU63paQD2
p8EqoqGijCJ5i3q6AnpnOGNiK/Opa6U5g4yBoX5RCSEPQEogWRMzfYvWqcpqKdAT
KoWkqQo37kK95TgP9/ufO49jq4b1B08utqg77DxXEM//oAdf83AW3kq9Lr+XLA2P
egpUc+4QDjBJWECBQ++vPIf88tIgds5Bl4D8YW0jCsrNyl/DvgzFk/8shwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEGSZ7kMmnOPPURaAPW89to1muyxMB8GA1UdIwQY
MBaAFCj9ZuQ6EEYzsnusU5uYvfjr+smuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1AxbTVEb1FSak95ZTZ4VG01aTktT3Y2eWE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi84ZWQzYjctYmIyZC00ZjRkLTlkYjYt
MjY3NjY5ZjM1NjQ4LzEvUVpKbnVReWFjNDg5UkZvQTliejIyaldhN0xFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi84ZWQzYjctYmIyZC00ZjRkLTlkYjYtMjY3NjY5ZjM1NjQ4
LzEvS1AxbTVEb1FSak95ZTZ4VG01aTktT3Y2eWE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjt1MA0G
CSqGSIb3DQEBCwUAA4IBAQBWPhIoL9FRZxlFS19h8OlTiU5cRq2LHDdQlmTxIsNP
4VkP0PgwEVwtQBZTTfc2Uepywn1roLw5BVM2abQqwyvTuh9l+s5RqPwpcid33X4w
n91AVl4LyOF7YUjkrLpLhS0VF2h9/SOLoTx1QEUlNcxzDryQU1HKcREUspFOHCdM
NiPOtxdxcpmFaYCRraNjGlL5Kt0kLxsICVNc3hH3QD2DmyGaAUxW6rKzaak+aiYS
dt7mdTq8VIiW3Xevgzl4jzJkYOFw5Y89DmZBRX459aCJ1aueLYM9bEY+yNLFi5FD
9x0xcRfGu7bzGaJrb4IvdNJdc9d91rQSDVq4c9WtBxz/
-----END CERTIFICATE-----