Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/QUEGbcdRVlCBBGhR7kvXnzLCe1Q.roa
File:                     QUEGbcdRVlCBBGhR7kvXnzLCe1Q.roa (raw, json)
Hash identifier:          rhpFPWVSOuNNRsFu8jRdpR/0eGg69bKsJTDAM34KxdU=
Subject key identifier:   41:41:06:6D:C7:51:56:50:81:04:68:51:EE:4B:D7:9F:32:C2:7B:54
Certificate issuer:       /CN=94166b704843d3d9754095c83a91b493828200a2
Certificate serial:       018CC7933D3430476C05D5A9A9720D7FFD90
Authority key identifier: 94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/QUEGbcdRVlCBBGhR7kvXnzLCe1Q.roa
Signing time:             Tue 02 Jan 2024 00:29:24 +0000
ROA not before:           Tue 02 Jan 2024 00:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209439
IP address blocks:        149.232.189.0/24 maxlen: 24
                          2a00:8b80::/32 maxlen: 48
                          2a09:3dc0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:3d:34:30:47:6c:05:d5:a9:a9:72:0d:7f:fd:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94166b704843d3d9754095c83a91b493828200a2
        Validity
            Not Before: Jan  2 00:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4141066dc751565081046851ee4bd79f32c27b54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:90:71:21:8b:7d:7a:0a:61:6c:b2:60:65:4a:
                    4d:c1:7e:f2:8b:1c:41:eb:fe:9f:f6:65:d4:b3:21:
                    6d:2b:a8:d4:b4:9c:30:35:cd:ad:c4:36:e8:1a:cf:
                    d2:c3:dd:27:81:2b:5d:33:09:f3:a0:5b:a6:c8:93:
                    c7:d4:50:d8:50:56:f6:e8:f3:1b:f4:3e:d3:de:79:
                    30:46:0c:c2:7e:96:3c:ac:83:fe:2b:65:d0:d8:06:
                    95:93:30:61:b0:4c:dd:9f:aa:e8:ea:6f:4f:6f:d7:
                    31:12:4a:b3:8a:ca:cc:b5:3e:2d:6e:48:cc:2d:9b:
                    90:7f:38:af:89:ab:66:d2:b0:eb:4c:a2:db:c8:9d:
                    f6:f4:ba:1c:61:84:72:54:84:4c:d3:84:70:0e:65:
                    b9:3c:db:0d:52:53:09:64:e4:5d:07:87:5a:6b:8b:
                    61:3f:dd:45:b4:fc:37:1a:05:19:e1:a0:e5:23:c4:
                    eb:b7:e6:99:db:1d:1c:74:74:84:a9:15:45:a4:55:
                    61:14:20:26:6a:df:bd:cf:c0:dc:e8:dd:4b:9e:09:
                    88:3f:5f:a5:20:5b:05:7f:8a:05:43:59:ed:2c:96:
                    22:b7:3b:81:65:fb:c6:9a:23:d5:01:ea:f2:f4:69:
                    dc:c2:0f:75:32:c2:e7:cb:d8:ba:18:11:17:03:b9:
                    38:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:41:06:6D:C7:51:56:50:81:04:68:51:EE:4B:D7:9F:32:C2:7B:54
            X509v3 Authority Key Identifier:
                keyid:94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/QUEGbcdRVlCBBGhR7kvXnzLCe1Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.232.189.0/24
                IPv6:
                  2a00:8b80::/32
                  2a09:3dc0::/48

    Signature Algorithm: sha256WithRSAEncryption
         49:c4:76:b3:0c:56:24:34:3a:0e:c1:32:6d:db:c8:86:1d:a8:
         02:7a:62:e6:bf:df:30:71:b1:77:db:93:57:f8:44:83:8b:52:
         dd:36:82:06:20:4b:9e:c4:7a:aa:84:f5:5a:f5:a2:b7:fe:1e:
         7e:e7:f2:fd:12:34:ba:26:42:90:46:91:12:f3:40:a2:2d:2e:
         e9:49:71:26:bd:f0:8f:55:ba:5e:70:d7:7a:5c:b7:b9:27:c0:
         dc:b4:fa:14:28:26:3a:ce:f1:bb:a8:35:d4:f0:a7:fb:01:b2:
         53:f3:b2:a9:7f:7c:67:7b:73:c4:59:c0:a7:84:0b:55:d9:53:
         a2:c1:18:c2:3b:45:d7:ed:0d:c0:73:cc:e5:ff:97:f3:9b:db:
         f4:56:59:b1:42:be:f2:13:40:17:30:d8:2b:0c:e4:91:b0:d4:
         29:05:54:42:e3:db:a2:0e:f4:bd:f2:bd:d4:a9:28:d6:12:49:
         c4:1f:6b:c3:42:6f:37:95:e6:52:f3:92:bc:d7:5c:f5:90:d5:
         39:20:1b:41:25:ff:11:c6:41:ca:87:a9:2b:82:7f:17:bd:b2:
         e4:77:dc:db:5b:29:6d:0d:54:72:58:a1:45:cb:5d:1a:b3:da:
         e0:8d:05:ee:28:a3:99:27:ce:6f:01:90:92:e3:89:cb:26:a9:
         26:15:ec:d9
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYzHkz00MEdsBdWpqXINf/2QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MTY2YjcwNDg0M2QzZDk3NTQwOTVjODNhOTFiNDkzODI4
MjAwYTIwHhcNMjQwMTAyMDAyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTQxMDY2ZGM3NTE1NjUwODEwNDY4NTFlZTRiZDc5ZjMyYzI3YjU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtpBxIYt9egphbLJgZUpNwX7yixxB
6/6f9mXUsyFtK6jUtJwwNc2txDboGs/Sw90ngStdMwnzoFumyJPH1FDYUFb26PMb
9D7T3nkwRgzCfpY8rIP+K2XQ2AaVkzBhsEzdn6ro6m9Pb9cxEkqzisrMtT4tbkjM
LZuQfziviatm0rDrTKLbyJ329LocYYRyVIRM04RwDmW5PNsNUlMJZORdB4daa4th
P91FtPw3GgUZ4aDlI8Trt+aZ2x0cdHSEqRVFpFVhFCAmat+9z8Dc6N1LngmIP1+l
IFsFf4oFQ1ntLJYitzuBZfvGmiPVAery9Gncwg91MsLny9i6GBEXA7k43QIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFEFBBm3HUVZQgQRoUe5L158ywntUMB8GA1UdIwQY
MBaAFJQWa3BIQ9PZdUCVyDqRtJOCggCiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYt
NGJlMThlZjEyOGI0LzEvUVVFR2JjZFJWbENCQkdoUjdrdlhuekxDZTFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYtNGJlMThlZjEyOGI0
LzEvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAMBAIAATAGAwQAlei9MBYE
AgACMBADBQAqAIuAAwcAKgk9wAAAMA0GCSqGSIb3DQEBCwUAA4IBAQBJxHazDFYk
NDoOwTJt28iGHagCemLmv98wcbF325NX+ESDi1LdNoIGIEuexHqqhPVa9aK3/h5+
5/L9EjS6JkKQRpES80CiLS7pSXEmvfCPVbpecNd6XLe5J8DctPoUKCY6zvG7qDXU
8Kf7AbJT87Kpf3xne3PEWcCnhAtV2VOiwRjCO0XX7Q3Ac8zl/5fzm9v0VlmxQr7y
E0AXMNgrDOSRsNQpBVRC49uiDvS98r3UqSjWEknEH2vDQm83leZS85K811z1kNU5
IBtBJf8RxkHKh6krgn8XvbLkd9zbWyltDVRyWKFFy10as9rgjQXuKKOZJ85vAZCS
44nLJqkmFezZ
-----END CERTIFICATE-----