Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/SQmOD4ONbbNgxfX0D0uk_AC6woA.roa
File:                     SQmOD4ONbbNgxfX0D0uk_AC6woA.roa (raw, json)
Hash identifier:          mYFAhOKzrtDH3gt5j/A8Fdb+HiEEGrHT5/Pr+jTdujY=
Subject key identifier:   49:09:8E:0F:83:8D:6D:B3:60:C5:F5:F4:0F:4B:A4:FC:00:BA:C2:80
Certificate issuer:       /CN=21bad74e7f6c0949a2736a57478496d7d8b450e6
Certificate serial:       018CC8DF3244D2048A58FF54BD8748BF6CC7
Authority key identifier: 21:BA:D7:4E:7F:6C:09:49:A2:73:6A:57:47:84:96:D7:D8:B4:50:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IbrXTn9sCUmic2pXR4SW19i0UOY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/SQmOD4ONbbNgxfX0D0uk_AC6woA.roa
Signing time:             Tue 02 Jan 2024 06:31:59 +0000
ROA not before:           Tue 02 Jan 2024 06:31:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205650
IP address blocks:        147.234.18.0/24 maxlen: 24
                          147.234.19.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/IbrXTn9sCUmic2pXR4SW19i0UOY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/IbrXTn9sCUmic2pXR4SW19i0UOY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IbrXTn9sCUmic2pXR4SW19i0UOY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:32:44:d2:04:8a:58:ff:54:bd:87:48:bf:6c:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21bad74e7f6c0949a2736a57478496d7d8b450e6
        Validity
            Not Before: Jan  2 06:31:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=49098e0f838d6db360c5f5f40f4ba4fc00bac280
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:ad:f7:2c:4b:40:69:ea:f9:ac:c6:44:fa:5f:
                    da:4f:d4:e3:1f:1c:1e:61:11:a4:d0:a8:ef:3e:47:
                    09:3f:68:2c:70:03:ef:7b:11:23:0f:d1:63:ad:de:
                    24:32:42:03:e5:28:9a:86:6a:46:84:34:d8:5d:e3:
                    44:8a:c5:0c:95:22:4c:29:99:d7:3f:3e:ac:f9:37:
                    1a:90:c3:79:4d:2b:a7:47:df:7a:14:bf:f0:6f:8d:
                    1d:89:d5:cb:29:07:b3:7e:cb:67:0f:f0:ef:7d:df:
                    d2:10:73:a7:96:60:a1:d3:e6:b5:1f:4f:ea:c2:49:
                    66:8a:dc:9b:78:3a:e6:28:56:3d:00:ec:43:50:e9:
                    b0:11:60:50:e5:e7:fc:73:e3:b6:6e:b2:99:47:b4:
                    61:f0:0c:22:68:39:f3:6d:67:c7:91:b4:aa:5d:22:
                    1d:28:36:79:63:ff:84:99:5c:15:37:6c:4b:8a:d3:
                    b8:79:f7:e1:cb:ec:2c:4d:75:e9:ea:c8:13:c8:d3:
                    66:5f:4b:70:fc:9b:7d:85:f8:8b:35:dc:11:d0:78:
                    6e:3a:d0:f7:c2:cf:b9:25:f6:c3:25:1c:60:be:5f:
                    de:48:e7:2d:9c:88:f9:2f:b5:79:04:bb:12:ea:56:
                    dd:81:e7:92:de:0d:70:1f:66:28:ae:46:44:8c:a2:
                    57:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:09:8E:0F:83:8D:6D:B3:60:C5:F5:F4:0F:4B:A4:FC:00:BA:C2:80
            X509v3 Authority Key Identifier:
                keyid:21:BA:D7:4E:7F:6C:09:49:A2:73:6A:57:47:84:96:D7:D8:B4:50:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IbrXTn9sCUmic2pXR4SW19i0UOY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/SQmOD4ONbbNgxfX0D0uk_AC6woA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/IbrXTn9sCUmic2pXR4SW19i0UOY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.234.18.0/23

    Signature Algorithm: sha256WithRSAEncryption
         23:14:55:c6:2e:98:37:9e:06:be:b9:a2:03:19:c7:8a:40:0e:
         e8:a5:0c:c1:d6:8f:f5:16:04:b5:f9:4c:6e:4e:dc:df:80:f6:
         ca:f7:d0:5e:8a:35:bc:11:30:4c:8a:6b:4d:e9:9e:7c:c3:86:
         64:b9:d8:fd:b8:b8:6d:70:e0:e1:a5:ba:2d:42:9b:54:f6:3a:
         a7:f0:46:d7:f6:dc:41:13:12:f4:14:6f:2f:b7:34:b6:f6:5f:
         e5:94:5b:eb:36:f8:0f:de:d9:2c:26:0f:44:f6:b4:b0:8e:31:
         4f:34:1a:c5:d4:9f:20:81:6e:38:79:82:f9:b5:65:39:ce:53:
         6e:47:fc:08:f8:20:92:f0:15:14:ca:51:63:b9:9a:ee:85:d7:
         9f:3e:79:1e:1f:94:76:ac:19:3d:cd:bf:b0:42:fd:48:40:ea:
         be:1d:be:d7:d3:c4:b4:73:b9:a9:22:35:d0:ae:fc:90:1e:e2:
         b1:ba:8f:cb:e1:e6:47:97:c3:3a:b9:fa:cb:04:23:43:1e:7d:
         20:ef:44:b6:6c:a1:90:bd:e2:bc:30:d7:3c:80:3b:fe:10:c9:
         eb:f9:67:54:85:94:d7:83:d4:90:f0:61:a1:e3:6e:33:ba:5b:
         2e:88:51:af:a8:a6:7f:80:67:9c:3a:ce:83:24:b1:af:b2:ad:
         c1:cb:3b:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3zJE0gSKWP9UvYdIv2zHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxYmFkNzRlN2Y2YzA5NDlhMjczNmE1NzQ3ODQ5NmQ3ZDhi
NDUwZTYwHhcNMjQwMTAyMDYzMTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTA5OGUwZjgzOGQ2ZGIzNjBjNWY1ZjQwZjRiYTRmYzAwYmFjMjgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4q33LEtAaer5rMZE+l/aT9TjHxwe
YRGk0KjvPkcJP2gscAPvexEjD9Fjrd4kMkID5SiahmpGhDTYXeNEisUMlSJMKZnX
Pz6s+TcakMN5TSunR996FL/wb40didXLKQezfstnD/Dvfd/SEHOnlmCh0+a1H0/q
wklmitybeDrmKFY9AOxDUOmwEWBQ5ef8c+O2brKZR7Rh8AwiaDnzbWfHkbSqXSId
KDZ5Y/+EmVwVN2xLitO4effhy+wsTXXp6sgTyNNmX0tw/Jt9hfiLNdwR0HhuOtD3
ws+5JfbDJRxgvl/eSOctnIj5L7V5BLsS6lbdgeeS3g1wH2YorkZEjKJXwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEkJjg+DjW2zYMX19A9LpPwAusKAMB8GA1UdIwQY
MBaAFCG6105/bAlJonNqV0eEltfYtFDmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWJyWFRuOXNDVW1pYzJwWFI0U1cxOWkwVU9ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC84ZGRjMzgtN2ExYS00OTA2LWE4ZWQt
NDQzMzIyOWE4NDczLzEvU1FtT0Q0T05iYk5neGZYMEQwdWtfQUM2d29BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC84ZGRjMzgtN2ExYS00OTA2LWE4ZWQtNDQzMzIyOWE4NDcz
LzEvSWJyWFRuOXNDVW1pYzJwWFI0U1cxOWkwVU9ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBk+oSMA0G
CSqGSIb3DQEBCwUAA4IBAQAjFFXGLpg3nga+uaIDGceKQA7opQzB1o/1FgS1+Uxu
TtzfgPbK99BeijW8ETBMimtN6Z58w4Zkudj9uLhtcODhpbotQptU9jqn8EbX9txB
ExL0FG8vtzS29l/llFvrNvgP3tksJg9E9rSwjjFPNBrF1J8ggW44eYL5tWU5zlNu
R/wI+CCS8BUUylFjuZruhdefPnkeH5R2rBk9zb+wQv1IQOq+Hb7X08S0c7mpIjXQ
rvyQHuKxuo/L4eZHl8M6ufrLBCNDHn0g70S2bKGQveK8MNc8gDv+EMnr+WdUhZTX
g9SQ8GGh424zulsuiFGvqKZ/gGecOs6DJLGvsq3Byzt7
-----END CERTIFICATE-----