Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/0fcd8e-1034-4a75-a070-699f3cd850fa/1/q-PjH1KT9kZP3WLc4rvVsvKuBmM.roa
File:                     q-PjH1KT9kZP3WLc4rvVsvKuBmM.roa (raw, json)
Hash identifier:          3yxw3uJx6pIQjNiHjL8MY4/E1fhQG7OtTShKPth4wZw=
Subject key identifier:   AB:E3:E3:1F:52:93:F6:46:4F:DD:62:DC:E2:BB:D5:B2:F2:AE:06:63
Certificate issuer:       /CN=8b2e0d184ff553375c847c38d4dfcdcde1219fd3
Certificate serial:       018E75D3E64E7062C23D5580C146129300BE
Authority key identifier: 8B:2E:0D:18:4F:F5:53:37:5C:84:7C:38:D4:DF:CD:CD:E1:21:9F:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iy4NGE_1UzdchHw41N_NzeEhn9M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/0fcd8e-1034-4a75-a070-699f3cd850fa/1/q-PjH1KT9kZP3WLc4rvVsvKuBmM.roa
Signing time:             Mon 25 Mar 2024 13:36:45 +0000
ROA not before:           Mon 25 Mar 2024 13:36:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213373
IP address blocks:        146.19.173.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/0fcd8e-1034-4a75-a070-699f3cd850fa/1/iy4NGE_1UzdchHw41N_NzeEhn9M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/0fcd8e-1034-4a75-a070-699f3cd850fa/1/iy4NGE_1UzdchHw41N_NzeEhn9M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iy4NGE_1UzdchHw41N_NzeEhn9M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:75:d3:e6:4e:70:62:c2:3d:55:80:c1:46:12:93:00:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b2e0d184ff553375c847c38d4dfcdcde1219fd3
        Validity
            Not Before: Mar 25 13:36:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=abe3e31f5293f6464fdd62dce2bbd5b2f2ae0663
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:6f:2c:fa:4f:b1:7f:9f:83:2e:23:53:17:23:
                    c4:e3:6d:aa:58:d5:66:11:09:a6:33:f5:46:1e:8b:
                    a8:f9:65:a8:82:c2:1d:33:87:82:d1:9f:0d:26:9e:
                    d1:f5:60:9e:ea:43:86:ff:35:da:cc:cd:eb:f8:2d:
                    4f:f9:e0:a6:a6:97:05:fb:58:cd:51:6b:ca:33:39:
                    32:6e:23:fe:fe:7d:50:63:5e:0c:08:f1:c5:ea:cc:
                    a6:0d:3c:6b:71:75:0e:06:31:00:78:2d:8e:57:3f:
                    52:73:c5:67:37:25:9a:bc:d9:b8:73:aa:28:d1:38:
                    f7:36:12:a8:51:a0:5e:ba:18:99:13:4a:8b:e7:21:
                    55:a0:a4:9d:a6:fc:41:fa:22:6d:80:df:ab:bb:5c:
                    47:ad:0c:59:a9:16:28:6c:db:fa:f1:4c:84:e1:28:
                    13:9b:ef:28:e0:14:97:ba:54:54:f3:63:99:a0:7f:
                    3f:8d:d8:1f:7b:75:42:88:e2:7c:04:93:27:03:5e:
                    f0:6e:81:c6:2d:af:5f:ea:7c:dc:07:8e:46:b7:f2:
                    6d:90:5b:d8:dd:57:59:2e:f2:d5:41:34:30:69:31:
                    89:ed:d1:b3:b2:aa:e6:01:a1:79:52:a7:50:f0:f8:
                    13:ac:23:8b:a1:0f:2a:a4:e5:53:41:ae:70:aa:bf:
                    92:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:E3:E3:1F:52:93:F6:46:4F:DD:62:DC:E2:BB:D5:B2:F2:AE:06:63
            X509v3 Authority Key Identifier:
                keyid:8B:2E:0D:18:4F:F5:53:37:5C:84:7C:38:D4:DF:CD:CD:E1:21:9F:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iy4NGE_1UzdchHw41N_NzeEhn9M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/0fcd8e-1034-4a75-a070-699f3cd850fa/1/q-PjH1KT9kZP3WLc4rvVsvKuBmM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/0fcd8e-1034-4a75-a070-699f3cd850fa/1/iy4NGE_1UzdchHw41N_NzeEhn9M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:5d:fd:a0:a2:6f:96:87:03:1c:f6:90:5e:34:87:3b:f9:bc:
         fb:ff:36:a3:b0:03:07:ef:75:a3:0a:42:c2:72:3f:8a:f7:05:
         b1:21:68:ea:a4:21:54:02:4f:0c:8e:cd:ab:31:35:13:e1:05:
         53:4c:7b:3a:20:76:41:7f:c5:6c:c8:51:c2:52:44:56:ad:4f:
         e2:71:ba:13:57:8d:23:7c:16:0b:d0:32:f3:d4:e2:11:6d:09:
         b5:31:2c:0f:4f:52:e8:3c:4a:93:9b:78:99:d5:e8:26:b6:c2:
         9c:23:2d:0d:9d:68:7b:c1:9f:90:b9:39:99:50:e6:f4:99:16:
         b7:1b:79:cf:55:fd:13:59:6a:cf:63:4f:cf:20:9c:e3:07:68:
         ef:7b:de:ad:b8:22:94:02:32:c4:a8:eb:96:ed:85:ef:a0:c0:
         67:cb:25:79:aa:4f:96:25:ba:2e:79:3b:5c:1b:03:71:1c:59:
         0c:16:a5:69:bd:9f:ca:30:64:d2:c3:d3:6e:db:fd:6a:ca:e9:
         58:8e:29:e6:9b:f6:50:1b:37:75:5d:ec:98:cc:b2:c6:a1:14:
         90:59:19:7a:65:de:27:79:ec:24:1d:e1:af:7f:6a:e9:34:3e:
         b3:ba:f9:17:c0:18:a5:30:f7:e1:86:b5:4c:f2:3b:6e:45:f4:
         34:5f:32:80
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY510+ZOcGLCPVWAwUYSkwC+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiMmUwZDE4NGZmNTUzMzc1Yzg0N2MzOGQ0ZGZjZGNkZTEy
MTlmZDMwHhcNMjQwMzI1MTMzNjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmUzZTMxZjUyOTNmNjQ2NGZkZDYyZGNlMmJiZDViMmYyYWUwNjYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApW8s+k+xf5+DLiNTFyPE422qWNVm
EQmmM/VGHouo+WWogsIdM4eC0Z8NJp7R9WCe6kOG/zXazM3r+C1P+eCmppcF+1jN
UWvKMzkybiP+/n1QY14MCPHF6symDTxrcXUOBjEAeC2OVz9Sc8VnNyWavNm4c6oo
0Tj3NhKoUaBeuhiZE0qL5yFVoKSdpvxB+iJtgN+ru1xHrQxZqRYobNv68UyE4SgT
m+8o4BSXulRU82OZoH8/jdgfe3VCiOJ8BJMnA17wboHGLa9f6nzcB45Gt/JtkFvY
3VdZLvLVQTQwaTGJ7dGzsqrmAaF5UqdQ8PgTrCOLoQ8qpOVTQa5wqr+SmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKvj4x9Sk/ZGT91i3OK71bLyrgZjMB8GA1UdIwQY
MBaAFIsuDRhP9VM3XIR8ONTfzc3hIZ/TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXk0TkdFXzFVemRjaEh3NDFOX056ZUVobjlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy8wZmNkOGUtMTAzNC00YTc1LWEwNzAt
Njk5ZjNjZDg1MGZhLzEvcS1QakgxS1Q5a1pQM1dMYzRydlZzdkt1Qm1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy8wZmNkOGUtMTAzNC00YTc1LWEwNzAtNjk5ZjNjZDg1MGZh
LzEvaXk0TkdFXzFVemRjaEh3NDFOX056ZUVobjlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkhOtMA0G
CSqGSIb3DQEBCwUAA4IBAQA0Xf2gom+WhwMc9pBeNIc7+bz7/zajsAMH73WjCkLC
cj+K9wWxIWjqpCFUAk8Mjs2rMTUT4QVTTHs6IHZBf8VsyFHCUkRWrU/icboTV40j
fBYL0DLz1OIRbQm1MSwPT1LoPEqTm3iZ1egmtsKcIy0NnWh7wZ+QuTmZUOb0mRa3
G3nPVf0TWWrPY0/PIJzjB2jve96tuCKUAjLEqOuW7YXvoMBnyyV5qk+WJboueTtc
GwNxHFkMFqVpvZ/KMGTSw9Nu2/1qyulYjinmm/ZQGzd1XeyYzLLGoRSQWRl6Zd4n
eewkHeGvf2rpND6zuvkXwBilMPfhhrVM8jtuRfQ0XzKA
-----END CERTIFICATE-----