Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/9c6e07-693f-46ce-8646-d7abcd0ef64a/1/00cQex51GHGxs4FaRub87d2tPVA.roa
File:                     00cQex51GHGxs4FaRub87d2tPVA.roa (raw, json)
Hash identifier:          1/lpQZHEp348GjG2CHIdY1fOCMocN9qIfo9Azf0UjXM=
Subject key identifier:   D3:47:10:7B:1E:75:18:71:B1:B3:81:5A:46:E6:FC:ED:DD:AD:3D:50
Certificate issuer:       /CN=8a5a3417fbe25c2e467c18485c181a7776f96ff4
Certificate serial:       019113F934D09F6706177F45E4FF520AF737
Authority key identifier: 8A:5A:34:17:FB:E2:5C:2E:46:7C:18:48:5C:18:1A:77:76:F9:6F:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ilo0F_viXC5GfBhIXBgad3b5b_Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/9c6e07-693f-46ce-8646-d7abcd0ef64a/1/00cQex51GHGxs4FaRub87d2tPVA.roa
Signing time:             Fri 02 Aug 2024 16:43:04 +0000
ROA not before:           Fri 02 Aug 2024 16:43:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216022
IP address blocks:        185.101.47.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/9c6e07-693f-46ce-8646-d7abcd0ef64a/1/ilo0F_viXC5GfBhIXBgad3b5b_Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/9c6e07-693f-46ce-8646-d7abcd0ef64a/1/ilo0F_viXC5GfBhIXBgad3b5b_Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ilo0F_viXC5GfBhIXBgad3b5b_Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 10:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:13:f9:34:d0:9f:67:06:17:7f:45:e4:ff:52:0a:f7:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a5a3417fbe25c2e467c18485c181a7776f96ff4
        Validity
            Not Before: Aug  2 16:43:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d347107b1e751871b1b3815a46e6fcedddad3d50
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:86:b8:ab:d4:d7:c9:6a:e1:3d:f0:75:53:d2:
                    13:c6:a4:5e:a0:69:af:ca:39:3b:6b:b4:cf:b7:8b:
                    67:81:cc:10:82:b0:13:4e:d0:33:c5:4d:08:50:d3:
                    3e:46:41:e9:42:f3:58:fd:08:45:d6:ff:1f:3d:2a:
                    1c:f9:1d:42:c1:10:bd:3a:3e:62:08:ad:6b:16:b6:
                    66:64:26:d6:6c:57:cf:41:46:b2:90:52:50:e0:10:
                    ce:d5:91:85:77:7f:73:93:c0:06:cb:7e:a0:60:b5:
                    94:a2:e3:b6:20:56:3b:4c:44:fd:a6:49:06:0c:b6:
                    39:fe:33:23:3d:a4:08:83:86:41:e8:8a:69:c3:3a:
                    3a:d5:20:cf:75:e4:15:f4:b0:f3:aa:e6:66:5c:2d:
                    b9:b9:b9:f3:4c:78:86:5b:cf:df:77:3e:06:f1:3b:
                    53:ff:90:03:d2:a9:a9:9b:8d:37:9d:70:66:a5:a6:
                    ba:29:99:5c:84:ff:db:33:cb:93:b7:3b:a1:d7:1c:
                    d2:a7:d4:d8:10:58:89:dc:19:4b:23:c4:7b:a1:69:
                    ef:60:3a:96:e6:0d:cc:07:8e:3a:da:67:10:94:fa:
                    b9:87:ca:6a:15:66:74:0b:50:ae:94:ed:11:8b:e5:
                    74:19:9e:50:07:f1:db:d6:2c:3a:43:0f:ef:ab:7d:
                    52:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:47:10:7B:1E:75:18:71:B1:B3:81:5A:46:E6:FC:ED:DD:AD:3D:50
            X509v3 Authority Key Identifier:
                keyid:8A:5A:34:17:FB:E2:5C:2E:46:7C:18:48:5C:18:1A:77:76:F9:6F:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ilo0F_viXC5GfBhIXBgad3b5b_Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/9c6e07-693f-46ce-8646-d7abcd0ef64a/1/00cQex51GHGxs4FaRub87d2tPVA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/9c6e07-693f-46ce-8646-d7abcd0ef64a/1/ilo0F_viXC5GfBhIXBgad3b5b_Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.101.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:94:28:b6:8b:f6:a3:74:79:82:01:bc:2d:a6:92:d7:41:12:
         21:6e:c0:e2:f9:fa:68:03:98:96:79:be:19:9d:cb:05:02:56:
         79:a0:6d:1c:ea:33:93:24:b0:e6:5a:a8:46:ed:c3:8d:ba:1b:
         9b:b9:8a:a9:07:c7:f2:b1:b7:a8:9d:80:0e:84:db:ec:23:57:
         77:71:e9:9a:cd:66:92:e4:27:04:9b:00:98:ce:cd:62:cf:bf:
         8b:40:b4:e9:e8:4c:ba:3d:fa:c7:e7:92:ea:0c:35:42:2e:c4:
         8b:82:7b:6d:bc:44:88:bf:16:84:e9:e8:82:24:30:3d:08:0a:
         b0:be:98:1b:0b:72:fb:1e:47:0e:7f:25:db:23:ff:98:d2:0e:
         db:ba:07:77:97:b2:bd:65:bf:4a:e7:79:03:b6:65:85:52:fb:
         e8:89:17:44:c4:c8:95:26:04:a5:d7:a0:20:9c:c5:e8:2e:66:
         e0:89:b1:6c:cf:74:83:9f:25:71:18:85:c8:a8:a5:dd:75:04:
         75:41:6d:e5:cb:c5:d5:34:ae:c7:cb:4b:aa:ba:81:22:ed:1b:
         1f:d3:b8:e6:0c:ec:6d:69:30:55:bf:40:28:17:5c:d9:63:59:
         6d:11:28:47:69:f1:73:70:8c:6a:aa:86:cf:51:f9:87:ce:f2:
         23:29:ce:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZET+TTQn2cGF39F5P9SCvc3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhNWEzNDE3ZmJlMjVjMmU0NjdjMTg0ODVjMTgxYTc3NzZm
OTZmZjQwHhcNMjQwODAyMTY0MzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzQ3MTA3YjFlNzUxODcxYjFiMzgxNWE0NmU2ZmNlZGRkYWQzZDUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkoa4q9TXyWrhPfB1U9ITxqReoGmv
yjk7a7TPt4tngcwQgrATTtAzxU0IUNM+RkHpQvNY/QhF1v8fPSoc+R1CwRC9Oj5i
CK1rFrZmZCbWbFfPQUaykFJQ4BDO1ZGFd39zk8AGy36gYLWUouO2IFY7TET9pkkG
DLY5/jMjPaQIg4ZB6Ippwzo61SDPdeQV9LDzquZmXC25ubnzTHiGW8/fdz4G8TtT
/5AD0qmpm403nXBmpaa6KZlchP/bM8uTtzuh1xzSp9TYEFiJ3BlLI8R7oWnvYDqW
5g3MB4462mcQlPq5h8pqFWZ0C1CulO0Ri+V0GZ5QB/Hb1iw6Qw/vq31SyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNNHEHsedRhxsbOBWkbm/O3drT1QMB8GA1UdIwQY
MBaAFIpaNBf74lwuRnwYSFwYGnd2+W/0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWxvMEZfdmlYQzVHZkJoSVhCZ2FkM2I1Yl9RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC85YzZlMDctNjkzZi00NmNlLTg2NDYt
ZDdhYmNkMGVmNjRhLzEvMDBjUWV4NTFHSEd4czRGYVJ1Yjg3ZDJ0UFZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC85YzZlMDctNjkzZi00NmNlLTg2NDYtZDdhYmNkMGVmNjRh
LzEvaWxvMEZfdmlYQzVHZkJoSVhCZ2FkM2I1Yl9RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWUvMA0G
CSqGSIb3DQEBCwUAA4IBAQCOlCi2i/ajdHmCAbwtppLXQRIhbsDi+fpoA5iWeb4Z
ncsFAlZ5oG0c6jOTJLDmWqhG7cONuhubuYqpB8fysbeonYAOhNvsI1d3cemazWaS
5CcEmwCYzs1iz7+LQLTp6Ey6PfrH55LqDDVCLsSLgnttvESIvxaE6eiCJDA9CAqw
vpgbC3L7HkcOfyXbI/+Y0g7bugd3l7K9Zb9K53kDtmWFUvvoiRdExMiVJgSl16Ag
nMXoLmbgibFsz3SDnyVxGIXIqKXddQR1QW3ly8XVNK7Hy0uquoEi7Rsf07jmDOxt
aTBVv0AoF1zZY1ltEShHafFzcIxqqobPUfmHzvIjKc71
-----END CERTIFICATE-----