Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/fd8457-810f-4f7e-9e58-56cc39db6ed6/1/QBxIvICmDiIKK-jd_58Fmk0Nyqo.roa
File:                     QBxIvICmDiIKK-jd_58Fmk0Nyqo.roa (raw, json)
Hash identifier:          GzeupVBY60Z7IZqtITho1fGBMqbC4IpkKqihDhFZ9sM=
Subject key identifier:   40:1C:48:BC:80:A6:0E:22:0A:2B:E8:DD:FF:9F:05:9A:4D:0D:CA:AA
Certificate issuer:       /CN=c59bd1e8c58f641bd944305f11c54efe5f3a0ce2
Certificate serial:       018EF1A414A83D5673E49FD6599FBC39461A
Authority key identifier: C5:9B:D1:E8:C5:8F:64:1B:D9:44:30:5F:11:C5:4E:FE:5F:3A:0C:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xZvR6MWPZBvZRDBfEcVO_l86DOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/fd8457-810f-4f7e-9e58-56cc39db6ed6/1/QBxIvICmDiIKK-jd_58Fmk0Nyqo.roa
Signing time:             Thu 18 Apr 2024 14:37:25 +0000
ROA not before:           Thu 18 Apr 2024 14:37:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56715
IP address blocks:        45.93.169.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/fd8457-810f-4f7e-9e58-56cc39db6ed6/1/xZvR6MWPZBvZRDBfEcVO_l86DOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/fd8457-810f-4f7e-9e58-56cc39db6ed6/1/xZvR6MWPZBvZRDBfEcVO_l86DOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xZvR6MWPZBvZRDBfEcVO_l86DOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 03:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:f1:a4:14:a8:3d:56:73:e4:9f:d6:59:9f:bc:39:46:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c59bd1e8c58f641bd944305f11c54efe5f3a0ce2
        Validity
            Not Before: Apr 18 14:37:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=401c48bc80a60e220a2be8ddff9f059a4d0dcaaa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:22:ed:76:91:2c:ee:bb:ea:91:65:7d:d1:db:
                    2d:9a:ff:63:14:73:bd:9e:47:52:35:70:a9:b7:9e:
                    19:c1:8b:ad:23:da:58:fa:77:a9:46:a5:e2:82:8e:
                    73:90:e3:ec:37:98:56:cf:b5:ed:fc:c8:ee:51:0c:
                    66:f0:16:85:08:1f:34:fa:a2:db:e4:c7:f2:0d:23:
                    78:28:b2:5e:d9:8b:f2:f3:aa:e9:1d:87:fd:9a:6b:
                    5b:57:1e:5e:c1:2f:df:c7:4f:fb:e4:67:bf:22:13:
                    c5:a9:43:2a:82:0e:37:88:1c:ae:5d:eb:fe:3d:92:
                    4b:28:cc:56:59:e1:78:a0:8d:62:44:3d:d3:7e:b3:
                    c0:83:97:69:d1:20:6b:9f:4f:8c:b3:db:44:52:03:
                    bb:24:15:19:32:0c:c9:3e:d3:2d:76:0f:72:8c:6f:
                    f1:c6:25:d0:14:0b:cd:94:bc:21:1a:ff:f2:4e:b1:
                    dd:f5:25:9d:d7:c0:36:9a:3b:25:e5:6b:4e:df:a5:
                    35:d7:4b:9c:d7:af:83:3c:07:fe:6d:ef:2a:db:75:
                    93:19:fb:33:66:c0:5a:8e:31:48:c0:52:61:f9:fa:
                    96:16:f0:ef:94:a6:dd:1c:5a:05:d9:1d:c2:d2:30:
                    0c:a2:20:c8:6d:c4:93:93:a3:49:1b:fb:d8:f5:ed:
                    9a:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:1C:48:BC:80:A6:0E:22:0A:2B:E8:DD:FF:9F:05:9A:4D:0D:CA:AA
            X509v3 Authority Key Identifier:
                keyid:C5:9B:D1:E8:C5:8F:64:1B:D9:44:30:5F:11:C5:4E:FE:5F:3A:0C:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xZvR6MWPZBvZRDBfEcVO_l86DOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/fd8457-810f-4f7e-9e58-56cc39db6ed6/1/QBxIvICmDiIKK-jd_58Fmk0Nyqo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/fd8457-810f-4f7e-9e58-56cc39db6ed6/1/xZvR6MWPZBvZRDBfEcVO_l86DOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.93.169.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:d8:d8:07:33:bf:9e:c8:28:a4:6b:84:a0:d4:58:9d:22:c7:
         76:b9:c8:56:a9:e3:f4:c0:c7:78:b2:59:ca:2e:4d:a9:d0:d7:
         f7:a7:00:20:73:2d:08:20:f2:69:8f:91:0f:d0:7f:69:b3:62:
         26:ee:82:21:b4:c4:bb:be:da:05:62:82:cf:aa:40:ed:7a:bc:
         a6:d3:f7:a3:23:65:68:66:58:34:11:9b:7b:72:90:5f:67:a9:
         44:d0:10:02:6e:05:ec:91:f8:5b:f6:7d:47:36:3a:b6:42:ed:
         48:77:54:45:12:da:3a:b8:98:4e:d6:58:0e:3e:70:9c:88:8b:
         1e:06:de:3d:97:6a:c1:a3:e3:c1:dc:da:32:1b:38:a7:76:fc:
         0b:fa:8c:1e:5e:cc:83:63:e5:e7:e0:3c:d0:3a:0c:99:58:78:
         f7:8f:ca:1c:16:69:e0:d6:cc:ae:00:cb:21:c8:60:7c:2e:08:
         2e:5a:a8:a6:d4:84:ec:e4:f5:a5:8e:f1:94:8c:47:ed:53:8f:
         3d:23:a6:72:3c:24:86:8c:92:97:50:19:39:c9:48:c4:ca:a9:
         66:1e:94:ce:ac:4d:2c:3e:3b:ff:92:85:aa:89:7b:02:83:42:
         d7:49:33:42:83:a9:20:14:f3:c9:3a:c5:cb:e1:be:8b:96:f5:
         72:2d:d8:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7xpBSoPVZz5J/WWZ+8OUYaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1OWJkMWU4YzU4ZjY0MWJkOTQ0MzA1ZjExYzU0ZWZlNWYz
YTBjZTIwHhcNMjQwNDE4MTQzNzI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDFjNDhiYzgwYTYwZTIyMGEyYmU4ZGRmZjlmMDU5YTRkMGRjYWFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkyLtdpEs7rvqkWV90dstmv9jFHO9
nkdSNXCpt54ZwYutI9pY+nepRqXigo5zkOPsN5hWz7Xt/MjuUQxm8BaFCB80+qLb
5MfyDSN4KLJe2Yvy86rpHYf9mmtbVx5ewS/fx0/75Ge/IhPFqUMqgg43iByuXev+
PZJLKMxWWeF4oI1iRD3TfrPAg5dp0SBrn0+Ms9tEUgO7JBUZMgzJPtMtdg9yjG/x
xiXQFAvNlLwhGv/yTrHd9SWd18A2mjsl5WtO36U110uc16+DPAf+be8q23WTGfsz
ZsBajjFIwFJh+fqWFvDvlKbdHFoF2R3C0jAMoiDIbcSTk6NJG/vY9e2a7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEAcSLyApg4iCivo3f+fBZpNDcqqMB8GA1UdIwQY
MBaAFMWb0ejFj2Qb2UQwXxHFTv5fOgziMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFp2UjZNV1BaQnZaUkRCZkVjVk9fbDg2RE9JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi9mZDg0NTctODEwZi00ZjdlLTllNTgt
NTZjYzM5ZGI2ZWQ2LzEvUUJ4SXZJQ21EaUlLSy1qZF81OEZtazBOeXFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi9mZDg0NTctODEwZi00ZjdlLTllNTgtNTZjYzM5ZGI2ZWQ2
LzEveFp2UjZNV1BaQnZaUkRCZkVjVk9fbDg2RE9JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALV2pMA0G
CSqGSIb3DQEBCwUAA4IBAQCk2NgHM7+eyCika4Sg1FidIsd2uchWqeP0wMd4slnK
Lk2p0Nf3pwAgcy0IIPJpj5EP0H9ps2Im7oIhtMS7vtoFYoLPqkDterym0/ejI2Vo
Zlg0EZt7cpBfZ6lE0BACbgXskfhb9n1HNjq2Qu1Id1RFEto6uJhO1lgOPnCciIse
Bt49l2rBo+PB3NoyGzindvwL+oweXsyDY+Xn4DzQOgyZWHj3j8ocFmng1syuAMsh
yGB8LgguWqim1ITs5PWljvGUjEftU489I6ZyPCSGjJKXUBk5yUjEyqlmHpTOrE0s
Pjv/koWqiXsCg0LXSTNCg6kgFPPJOsXL4b6LlvVyLdhF
-----END CERTIFICATE-----