Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/174f32-1ad1-44f8-8a7f-5fdb9563113c/1/QENe-TnhxKKl57v5cRBX2EEaB3c.roa
File:                     QENe-TnhxKKl57v5cRBX2EEaB3c.roa (raw, json)
Hash identifier:          UueRUfcyoo1ubBtHncyx6ZrmAcFJVU5MEYy9JAebCD0=
Subject key identifier:   40:43:5E:F9:39:E1:C4:A2:A5:E7:BB:F9:71:10:57:D8:41:1A:07:77
Certificate issuer:       /CN=e48345aa0cd7026d621c50084f9d9dbb5b9cc2f0
Certificate serial:       018CC7940E7D4795569AD25E279C996103BF
Authority key identifier: E4:83:45:AA:0C:D7:02:6D:62:1C:50:08:4F:9D:9D:BB:5B:9C:C2:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5INFqgzXAm1iHFAIT52du1ucwvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/174f32-1ad1-44f8-8a7f-5fdb9563113c/1/QENe-TnhxKKl57v5cRBX2EEaB3c.roa
Signing time:             Tue 02 Jan 2024 00:30:18 +0000
ROA not before:           Tue 02 Jan 2024 00:30:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212608
IP address blocks:        193.163.53.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/174f32-1ad1-44f8-8a7f-5fdb9563113c/1/5INFqgzXAm1iHFAIT52du1ucwvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/174f32-1ad1-44f8-8a7f-5fdb9563113c/1/5INFqgzXAm1iHFAIT52du1ucwvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5INFqgzXAm1iHFAIT52du1ucwvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:0e:7d:47:95:56:9a:d2:5e:27:9c:99:61:03:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e48345aa0cd7026d621c50084f9d9dbb5b9cc2f0
        Validity
            Not Before: Jan  2 00:30:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=40435ef939e1c4a2a5e7bbf9711057d8411a0777
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:c3:47:85:c1:25:a9:a1:8a:0a:d9:55:05:00:
                    30:21:6f:a2:a5:7b:40:9d:1a:82:c2:6d:6f:3a:e3:
                    17:00:84:2f:0d:b6:5b:d9:73:a3:29:ab:0c:51:2f:
                    b9:c4:6f:d3:df:23:c4:43:3d:f2:55:8b:79:27:51:
                    e2:4a:22:39:c5:c5:9f:5e:40:22:25:7f:22:86:cb:
                    82:9f:72:27:1a:9d:51:e5:4d:c0:b0:5f:4e:1f:88:
                    af:6a:fd:61:a8:56:f0:c7:9d:d7:af:a1:bd:c9:fc:
                    32:40:f2:06:8b:5c:4e:c8:2e:12:36:1a:5a:86:8a:
                    3e:d3:bd:a7:30:6e:47:37:96:82:17:b6:42:9e:4e:
                    26:2a:77:11:1a:af:2d:03:96:86:88:dc:ef:bd:0e:
                    33:e3:23:a8:0c:cc:10:89:ff:1f:3a:05:d2:c9:48:
                    fe:af:ea:c7:e2:be:d1:5e:76:0b:35:94:3c:46:e2:
                    12:aa:e0:90:33:cd:45:a4:a3:68:84:91:df:94:ae:
                    df:5b:68:37:bc:ec:de:67:93:ad:f5:12:6c:84:cd:
                    17:6a:4e:7e:4a:4a:a6:3b:28:e1:77:cd:c5:37:f2:
                    79:39:de:c0:28:b7:b2:90:e5:44:19:b2:12:b2:79:
                    49:3d:a3:f9:e2:54:12:c5:dd:07:60:93:6c:2b:47:
                    83:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:43:5E:F9:39:E1:C4:A2:A5:E7:BB:F9:71:10:57:D8:41:1A:07:77
            X509v3 Authority Key Identifier:
                keyid:E4:83:45:AA:0C:D7:02:6D:62:1C:50:08:4F:9D:9D:BB:5B:9C:C2:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5INFqgzXAm1iHFAIT52du1ucwvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/174f32-1ad1-44f8-8a7f-5fdb9563113c/1/QENe-TnhxKKl57v5cRBX2EEaB3c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/174f32-1ad1-44f8-8a7f-5fdb9563113c/1/5INFqgzXAm1iHFAIT52du1ucwvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.163.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:83:0c:e2:43:e7:e5:df:c4:7e:d9:b4:a6:54:96:a3:8b:31:
         20:53:f4:ac:98:29:e5:11:39:a3:b5:cc:01:a4:84:42:d2:b2:
         c1:9c:2a:83:03:3c:fb:f5:47:cd:a5:20:60:08:37:2c:27:49:
         b5:0f:95:4f:33:16:85:50:be:b9:1e:51:a6:72:2d:62:7f:95:
         5f:dd:1e:7e:58:3e:07:ae:0d:25:ab:48:5c:d9:e6:21:2c:f2:
         19:46:d9:b3:15:55:41:3c:59:95:37:af:ba:5e:a5:1b:9c:4a:
         e1:ce:0c:a3:5a:77:59:a5:51:ba:d3:23:11:8c:1d:00:95:1e:
         a0:1d:9d:c9:45:21:0d:63:13:e4:b7:f7:5a:b4:c8:75:93:f0:
         30:08:0e:86:ed:1d:a4:81:40:2b:14:42:bd:ec:08:e5:01:7d:
         ff:5e:65:c6:ef:cf:f9:d3:a8:59:12:12:9f:7c:f5:5d:c0:6e:
         e5:29:c9:31:d6:f6:fb:80:7a:ea:30:98:d5:a7:39:a0:da:b2:
         20:b1:c2:53:b0:b0:12:76:16:15:fd:8d:b5:4d:db:ec:aa:c6:
         de:0e:b1:59:fb:88:6a:bf:68:f1:56:cc:6e:ef:8c:58:5e:92:
         3c:92:7c:19:f4:f1:db:d8:02:4a:fc:f3:9a:71:73:07:e0:71:
         d5:43:85:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlA59R5VWmtJeJ5yZYQO/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0ODM0NWFhMGNkNzAyNmQ2MjFjNTAwODRmOWQ5ZGJiNWI5
Y2MyZjAwHhcNMjQwMTAyMDAzMDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDQzNWVmOTM5ZTFjNGEyYTVlN2JiZjk3MTEwNTdkODQxMWEwNzc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjsNHhcElqaGKCtlVBQAwIW+ipXtA
nRqCwm1vOuMXAIQvDbZb2XOjKasMUS+5xG/T3yPEQz3yVYt5J1HiSiI5xcWfXkAi
JX8ihsuCn3InGp1R5U3AsF9OH4ivav1hqFbwx53Xr6G9yfwyQPIGi1xOyC4SNhpa
hoo+072nMG5HN5aCF7ZCnk4mKncRGq8tA5aGiNzvvQ4z4yOoDMwQif8fOgXSyUj+
r+rH4r7RXnYLNZQ8RuISquCQM81FpKNohJHflK7fW2g3vOzeZ5Ot9RJshM0Xak5+
SkqmOyjhd83FN/J5Od7AKLeykOVEGbISsnlJPaP54lQSxd0HYJNsK0eDSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEBDXvk54cSipee7+XEQV9hBGgd3MB8GA1UdIwQY
MBaAFOSDRaoM1wJtYhxQCE+dnbtbnMLwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUlORnFnelhBbTFpSEZBSVQ1MmR1MXVjd3ZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi8xNzRmMzItMWFkMS00NGY4LThhN2Yt
NWZkYjk1NjMxMTNjLzEvUUVOZS1Ubmh4S0tsNTd2NWNSQlgyRUVhQjNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi8xNzRmMzItMWFkMS00NGY4LThhN2YtNWZkYjk1NjMxMTNj
LzEvNUlORnFnelhBbTFpSEZBSVQ1MmR1MXVjd3ZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwaM1MA0G
CSqGSIb3DQEBCwUAA4IBAQAygwziQ+fl38R+2bSmVJajizEgU/SsmCnlETmjtcwB
pIRC0rLBnCqDAzz79UfNpSBgCDcsJ0m1D5VPMxaFUL65HlGmci1if5Vf3R5+WD4H
rg0lq0hc2eYhLPIZRtmzFVVBPFmVN6+6XqUbnErhzgyjWndZpVG60yMRjB0AlR6g
HZ3JRSENYxPkt/datMh1k/AwCA6G7R2kgUArFEK97AjlAX3/XmXG78/506hZEhKf
fPVdwG7lKckx1vb7gHrqMJjVpzmg2rIgscJTsLASdhYV/Y21TdvsqsbeDrFZ+4hq
v2jxVsxu74xYXpI8knwZ9PHb2AJK/POacXMH4HHVQ4X+
-----END CERTIFICATE-----