Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/pqVJ_G4GgjhiaIbV4sEKOYqwH14.roa
File:                     pqVJ_G4GgjhiaIbV4sEKOYqwH14.roa (raw, json)
Hash identifier:          cHp88GpKTQlsWmm/DolINnVvCb7KmDJk3DMtpK2X+vc=
Subject key identifier:   A6:A5:49:FC:6E:06:82:38:62:68:86:D5:E2:C1:0A:39:8A:B0:1F:5E
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA2A044BCA7689B3D38C27443DBDA1CB
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/pqVJ_G4GgjhiaIbV4sEKOYqwH14.roa
Signing time:             Tue 02 Jan 2024 12:33:20 +0000
ROA not before:           Tue 02 Jan 2024 12:33:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49465
IP address blocks:        2a02:128:16::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:04:4b:ca:76:89:b3:d3:8c:27:44:3d:bd:a1:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a6a549fc6e068238626886d5e2c10a398ab01f5e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:6d:74:54:56:a6:77:a1:d1:42:48:ec:78:bf:
                    8c:4a:11:20:0b:3b:0d:07:66:7a:16:b8:c5:de:3d:
                    30:dd:73:d8:a7:18:4d:17:85:e3:20:82:c6:91:a8:
                    c3:8c:e2:b0:00:7e:df:97:a3:d1:62:99:07:20:a2:
                    77:cd:fb:50:12:61:be:aa:69:45:39:29:ad:82:00:
                    8b:6b:fb:d5:67:e8:b0:18:d8:b1:72:10:34:e2:f1:
                    42:af:85:be:ed:55:9b:e6:76:8f:54:c0:60:8a:17:
                    29:f0:a4:56:d1:d0:e9:be:7e:60:fc:65:bd:59:1b:
                    eb:5d:9e:79:4a:38:91:85:f4:81:89:f8:2e:e8:f3:
                    4a:46:23:72:db:66:6e:84:5b:f7:ea:17:16:e9:57:
                    81:6f:7c:9c:d1:04:7c:38:09:98:d2:7c:b9:6b:4c:
                    99:9f:f4:7d:15:cf:03:83:65:cf:9f:74:ed:a7:40:
                    eb:6d:1f:36:c6:aa:84:fb:14:42:19:8d:ce:49:bc:
                    6c:dc:ed:ab:b3:3e:5d:44:5b:28:15:a0:c8:d2:8b:
                    37:1e:7d:c3:f2:03:02:a3:db:39:1d:0d:68:af:84:
                    92:82:42:b3:5f:b1:8d:40:38:7b:d2:71:bc:a0:d3:
                    97:7e:2d:7e:1a:1c:32:c4:09:74:e5:74:66:f8:52:
                    39:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:A5:49:FC:6E:06:82:38:62:68:86:D5:E2:C1:0A:39:8A:B0:1F:5E
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/pqVJ_G4GgjhiaIbV4sEKOYqwH14.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:128:16::/48

    Signature Algorithm: sha256WithRSAEncryption
         8b:bc:b7:7b:1b:e4:b5:80:31:90:93:00:f5:e2:d7:ca:76:31:
         c0:fc:54:ca:28:d4:fe:54:82:cb:46:62:f8:dc:94:b4:b2:e1:
         da:c0:8a:1f:44:9e:a9:b6:20:e9:41:5f:79:2a:df:47:75:be:
         2f:ff:37:bd:b6:5a:6b:42:12:d0:e5:f4:42:aa:15:8b:7f:42:
         e0:0c:84:7f:c5:a8:ae:b8:ed:b1:0b:03:9a:26:f0:bb:f9:68:
         50:de:0a:d0:e5:39:e5:68:22:cf:e4:0b:bf:35:6f:2c:3e:9a:
         91:04:34:0d:93:f6:db:42:15:ba:5b:2a:3f:e4:6d:4b:82:41:
         1c:1d:93:b1:b0:00:7a:e7:a4:25:6a:5a:a7:ff:b9:97:f2:22:
         7a:e0:2a:ca:a0:f6:45:1a:eb:8d:2c:50:bc:f0:c8:3a:5e:16:
         a0:2c:4c:6e:4a:7f:81:8f:02:a8:f6:71:4d:f4:9e:7d:c1:7a:
         27:71:44:e9:d3:bd:6e:66:ee:b3:9d:e6:db:da:26:1c:c4:eb:
         dc:b0:d1:d1:7a:d7:de:49:6c:d3:61:66:c6:5c:05:cb:cf:88:
         89:3a:09:d3:e2:b0:cb:1f:bc:47:64:ac:a8:68:57:2c:52:24:
         48:61:05:9a:bb:24:73:de:89:a8:4c:f0:a8:c0:c1:8e:00:f3:
         9d:fb:09:34
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKgRLynaJs9OMJ0Q9vaHLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNmE1NDlmYzZlMDY4MjM4NjI2ODg2ZDVlMmMxMGEzOThhYjAxZjVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu210VFamd6HRQkjseL+MShEgCzsN
B2Z6FrjF3j0w3XPYpxhNF4XjIILGkajDjOKwAH7fl6PRYpkHIKJ3zftQEmG+qmlF
OSmtggCLa/vVZ+iwGNixchA04vFCr4W+7VWb5naPVMBgihcp8KRW0dDpvn5g/GW9
WRvrXZ55SjiRhfSBifgu6PNKRiNy22ZuhFv36hcW6VeBb3yc0QR8OAmY0ny5a0yZ
n/R9Fc8Dg2XPn3Ttp0DrbR82xqqE+xRCGY3OSbxs3O2rsz5dRFsoFaDI0os3Hn3D
8gMCo9s5HQ1or4SSgkKzX7GNQDh70nG8oNOXfi1+GhwyxAl05XRm+FI55QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKalSfxuBoI4YmiG1eLBCjmKsB9eMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvcHFWSl9HNEdnamhpYUliVjRzRUtPWXF3SDE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgIBKAAW
MA0GCSqGSIb3DQEBCwUAA4IBAQCLvLd7G+S1gDGQkwD14tfKdjHA/FTKKNT+VILL
RmL43JS0suHawIofRJ6ptiDpQV95Kt9Hdb4v/ze9tlprQhLQ5fRCqhWLf0LgDIR/
xaiuuO2xCwOaJvC7+WhQ3grQ5TnlaCLP5Au/NW8sPpqRBDQNk/bbQhW6Wyo/5G1L
gkEcHZOxsAB656Qlalqn/7mX8iJ64CrKoPZFGuuNLFC88Mg6XhagLExuSn+BjwKo
9nFN9J59wXoncUTp071uZu6znebb2iYcxOvcsNHRetfeSWzTYWbGXAXLz4iJOgnT
4rDLH7xHZKyoaFcsUiRIYQWauyRz3omoTPCowMGOAPOd+wk0
-----END CERTIFICATE-----