Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/QWIGlGqB_Rc6-9Ut8SRkFYKqeCk.roa
File:                     QWIGlGqB_Rc6-9Ut8SRkFYKqeCk.roa (raw, json)
Hash identifier:          MLsfF8euTy8nQJXNhJ3W4/tt//GrDsNZ9nghr8frYwM=
Subject key identifier:   41:62:06:94:6A:81:FD:17:3A:FB:D5:2D:F1:24:64:15:82:AA:78:29
Certificate issuer:       /CN=3af09ba33b5ae581b0d29323249314f76aa10511
Certificate serial:       018CC3B7384E3E1CC51085E2974C19808479
Authority key identifier: 3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/QWIGlGqB_Rc6-9Ut8SRkFYKqeCk.roa
Signing time:             Mon 01 Jan 2024 06:30:13 +0000
ROA not before:           Mon 01 Jan 2024 06:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39552
IP address blocks:        62.160.183.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 19:51:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:38:4e:3e:1c:c5:10:85:e2:97:4c:19:80:84:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3af09ba33b5ae581b0d29323249314f76aa10511
        Validity
            Not Before: Jan  1 06:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=416206946a81fd173afbd52df124641582aa7829
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:af:d3:91:59:87:cb:3b:55:b5:8b:e6:03:d4:
                    22:82:04:6f:42:1c:cb:77:f3:59:e4:c6:78:8c:1c:
                    bf:b0:c2:cb:45:dd:20:67:72:26:b5:01:23:c9:25:
                    88:75:2f:6f:ab:1b:d0:98:0a:77:57:38:28:47:92:
                    cf:8b:27:46:f2:6c:06:87:07:ee:24:2e:8c:fb:b2:
                    b7:88:a8:bc:52:12:ae:93:f2:ec:5b:87:6c:e7:8d:
                    ef:62:52:4c:cb:7f:9d:61:d4:a9:53:aa:7f:7a:46:
                    4f:e0:68:e4:f2:b2:a6:70:30:66:69:21:20:f2:cd:
                    a4:63:48:c3:02:05:63:03:99:df:96:35:a7:b8:20:
                    7d:b1:8e:c4:c2:76:44:77:c5:85:3d:13:38:ee:7d:
                    cf:a5:17:b9:7f:9e:52:79:08:91:06:e3:74:3d:26:
                    26:ff:45:07:75:42:cf:d3:e8:f5:92:b8:be:c4:8d:
                    1e:26:7a:95:a0:ff:8f:00:e9:37:21:39:97:18:bd:
                    49:89:7f:44:9d:bf:9d:a8:29:69:d2:ee:dc:b4:3f:
                    f3:78:45:cf:49:9d:ff:82:7d:a7:dd:fd:d7:db:97:
                    ee:f9:05:0c:63:ae:f9:58:fb:7b:a3:90:70:13:f9:
                    78:67:52:aa:7e:f3:7e:50:02:b9:cd:c9:9a:56:a5:
                    50:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:62:06:94:6A:81:FD:17:3A:FB:D5:2D:F1:24:64:15:82:AA:78:29
            X509v3 Authority Key Identifier:
                keyid:3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/QWIGlGqB_Rc6-9Ut8SRkFYKqeCk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.160.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:96:5e:bd:26:91:ef:8e:9c:78:30:e3:a3:2c:6a:11:92:e3:
         4d:65:b0:f0:2b:0b:73:16:cc:20:7d:b8:ea:85:46:d6:d9:23:
         a7:08:cb:d9:78:96:f6:2c:bf:81:75:fc:6c:e6:63:86:cc:f5:
         dd:16:89:08:fd:84:6c:73:8b:ab:5b:ff:80:d6:ce:10:79:12:
         74:32:00:6a:a9:bc:f0:43:15:38:f9:14:71:a3:f6:5a:77:6b:
         b3:46:61:4e:3e:bc:2c:b1:23:97:d4:bc:79:43:53:7d:ea:97:
         82:4a:d5:f2:af:b1:5a:59:48:b6:1e:d2:cc:57:7d:5f:e5:ea:
         10:bb:58:6b:39:20:b7:19:7b:8e:57:19:ed:25:8f:c5:6b:44:
         43:f3:97:2c:81:9c:3c:86:62:d1:36:0e:ef:41:f5:4e:d7:db:
         72:20:8c:bf:a5:42:29:78:1a:f6:42:30:74:85:19:67:d4:9f:
         54:c0:00:59:58:c6:1a:53:6e:52:63:cf:a0:58:fe:70:c5:c8:
         42:f9:48:af:47:a0:a9:c6:f7:a8:93:19:78:6b:2a:99:04:8f:
         a5:ef:67:98:86:db:c9:c1:63:1a:c2:9d:a6:79:09:a1:da:19:
         80:f8:be:35:37:19:a3:3b:cd:ae:55:2b:01:0e:85:02:26:71:
         5f:ee:7e:a6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtzhOPhzFEIXil0wZgIR5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjA5YmEzM2I1YWU1ODFiMGQyOTMyMzI0OTMxNGY3NmFh
MTA1MTEwHhcNMjQwMTAxMDYzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTYyMDY5NDZhODFmZDE3M2FmYmQ1MmRmMTI0NjQxNTgyYWE3ODI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1K/TkVmHyztVtYvmA9QiggRvQhzL
d/NZ5MZ4jBy/sMLLRd0gZ3ImtQEjySWIdS9vqxvQmAp3VzgoR5LPiydG8mwGhwfu
JC6M+7K3iKi8UhKuk/LsW4ds543vYlJMy3+dYdSpU6p/ekZP4Gjk8rKmcDBmaSEg
8s2kY0jDAgVjA5nfljWnuCB9sY7EwnZEd8WFPRM47n3PpRe5f55SeQiRBuN0PSYm
/0UHdULP0+j1kri+xI0eJnqVoP+PAOk3ITmXGL1JiX9Enb+dqClp0u7ctD/zeEXP
SZ3/gn2n3f3X25fu+QUMY675WPt7o5BwE/l4Z1KqfvN+UAK5zcmaVqVQ8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEFiBpRqgf0XOvvVLfEkZBWCqngpMB8GA1UdIwQY
MBaAFDrwm6M7WuWBsNKTIySTFPdqoQURMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQt
NDU5MzVmNTA2YTEyLzEvUVdJR2xHcUJfUmM2LTlVdDhTUmtGWUtxZUNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQtNDU5MzVmNTA2YTEy
LzEvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPqC3MA0G
CSqGSIb3DQEBCwUAA4IBAQAmll69JpHvjpx4MOOjLGoRkuNNZbDwKwtzFswgfbjq
hUbW2SOnCMvZeJb2LL+Bdfxs5mOGzPXdFokI/YRsc4urW/+A1s4QeRJ0MgBqqbzw
QxU4+RRxo/Zad2uzRmFOPrwssSOX1Lx5Q1N96peCStXyr7FaWUi2HtLMV31f5eoQ
u1hrOSC3GXuOVxntJY/Fa0RD85csgZw8hmLRNg7vQfVO19tyIIy/pUIpeBr2QjB0
hRln1J9UwABZWMYaU25SY8+gWP5wxchC+UivR6Cpxveokxl4ayqZBI+l72eYhtvJ
wWMawp2meQmh2hmA+L41NxmjO82uVSsBDoUCJnFf7n6m
-----END CERTIFICATE-----