Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/TQQkxeTd_YjR7074nu9GmYgJt9w.roa
File:                     TQQkxeTd_YjR7074nu9GmYgJt9w.roa (raw, json)
Hash identifier:          On3ey3IriGm7Qpk4h5006gQhXYbim7IaasZCn89CUoo=
Subject key identifier:   4D:04:24:C5:E4:DD:FD:88:D1:EF:4E:F8:9E:EF:46:99:88:09:B7:DC
Certificate issuer:       /CN=3af09ba33b5ae581b0d29323249314f76aa10511
Certificate serial:       018CC3B735468630618628AEA5C9278F0567
Authority key identifier: 3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/TQQkxeTd_YjR7074nu9GmYgJt9w.roa
Signing time:             Mon 01 Jan 2024 06:30:12 +0000
ROA not before:           Mon 01 Jan 2024 06:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31204
IP address blocks:        92.181.0.0/17 maxlen: 24
                          92.181.128.0/19 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 31 May 2024 07:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:35:46:86:30:61:86:28:ae:a5:c9:27:8f:05:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3af09ba33b5ae581b0d29323249314f76aa10511
        Validity
            Not Before: Jan  1 06:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4d0424c5e4ddfd88d1ef4ef89eef46998809b7dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:04:37:70:a3:e6:88:e9:18:6c:32:67:71:40:
                    1c:c1:85:ef:18:da:42:57:2c:ea:c8:86:fd:78:18:
                    cf:25:a1:f9:eb:95:10:0a:5c:39:34:56:cb:37:a6:
                    52:b6:11:60:de:b5:fd:78:cd:66:62:ef:23:03:0c:
                    f5:a3:4e:d4:7a:b3:0d:fa:42:32:5a:1b:b9:bf:ba:
                    d8:0e:c5:75:e9:b3:2e:d7:6e:50:83:ae:a2:41:e8:
                    cb:65:48:e9:c6:c5:a7:0c:ea:f9:7b:71:c8:51:38:
                    47:94:ab:5e:3f:a6:09:13:07:56:73:23:ba:8c:33:
                    c0:06:30:cc:ad:34:f7:a1:a2:2e:bd:40:a5:88:7c:
                    03:35:d3:1c:b9:f4:69:43:e4:b5:9a:b1:8c:45:5c:
                    38:9d:af:a3:2a:55:bf:da:7d:47:49:fc:d2:0f:e5:
                    92:18:27:0a:06:8e:4b:d8:aa:1b:77:02:8e:3c:33:
                    38:b6:f1:13:6f:0c:6d:a4:84:e4:0e:41:3b:c2:d5:
                    ed:6c:84:d6:c6:a0:57:82:69:28:ca:f3:ec:20:8c:
                    3b:6c:99:d2:39:db:41:4a:33:27:d9:05:ab:8e:36:
                    67:de:5c:75:e6:08:29:b9:48:fe:d1:2e:da:d5:49:
                    5f:f2:1f:03:54:78:5e:af:31:67:75:e4:86:ba:c9:
                    8d:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:04:24:C5:E4:DD:FD:88:D1:EF:4E:F8:9E:EF:46:99:88:09:B7:DC
            X509v3 Authority Key Identifier:
                keyid:3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/TQQkxeTd_YjR7074nu9GmYgJt9w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.181.0.0-92.181.159.255

    Signature Algorithm: sha256WithRSAEncryption
         aa:e7:73:82:f3:42:a4:9c:0b:3e:b2:f4:93:ff:b7:67:fe:75:
         f2:c6:02:bb:3d:1d:2d:24:c6:11:06:5c:3c:a6:bd:e1:23:87:
         91:a0:14:cc:b4:f2:73:1e:ab:76:5b:01:a6:3c:34:c5:bb:aa:
         7b:28:82:8e:1d:28:28:16:09:94:72:ab:7f:59:99:ad:27:88:
         22:eb:4e:c4:8c:c7:4a:03:30:7c:c5:55:9d:8e:9f:29:24:f2:
         86:f0:a0:31:de:45:9e:53:d0:e0:ac:22:2d:22:c7:1d:ec:56:
         cb:dd:43:dc:21:3e:fb:e4:81:7e:87:41:c8:59:4b:f9:b7:ee:
         64:7b:cc:06:ea:94:6b:be:a2:8c:86:df:b9:d6:79:c7:ba:45:
         ac:0a:31:1c:27:58:17:96:8d:62:05:5b:29:f7:bf:80:98:6d:
         16:35:4d:d8:3e:2f:f3:61:4f:87:c0:4f:27:a8:70:9d:aa:c0:
         64:df:6c:bf:31:03:f0:81:84:fb:07:7d:62:12:55:31:13:91:
         e7:9c:06:2d:04:2c:0f:eb:f7:bc:e9:2b:65:20:1d:b1:de:ee:
         38:0c:e2:f7:55:9c:4a:e3:6e:8c:1e:b0:f4:5a:a6:eb:ab:9f:
         46:ff:74:ef:5d:40:c4:b0:b6:f9:bb:90:e1:a3:b3:29:9a:a0:
         4a:ea:2c:24
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAYzDtzVGhjBhhiiupcknjwVnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjA5YmEzM2I1YWU1ODFiMGQyOTMyMzI0OTMxNGY3NmFh
MTA1MTEwHhcNMjQwMTAxMDYzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDA0MjRjNWU0ZGRmZDg4ZDFlZjRlZjg5ZWVmNDY5OTg4MDliN2RjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArAQ3cKPmiOkYbDJncUAcwYXvGNpC
VyzqyIb9eBjPJaH565UQClw5NFbLN6ZSthFg3rX9eM1mYu8jAwz1o07UerMN+kIy
Whu5v7rYDsV16bMu125Qg66iQejLZUjpxsWnDOr5e3HIUThHlKteP6YJEwdWcyO6
jDPABjDMrTT3oaIuvUCliHwDNdMcufRpQ+S1mrGMRVw4na+jKlW/2n1HSfzSD+WS
GCcKBo5L2KobdwKOPDM4tvETbwxtpITkDkE7wtXtbITWxqBXgmkoyvPsIIw7bJnS
OdtBSjMn2QWrjjZn3lx15ggpuUj+0S7a1Ulf8h8DVHherzFndeSGusmNZwIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFE0EJMXk3f2I0e9O+J7vRpmICbfcMB8GA1UdIwQY
MBaAFDrwm6M7WuWBsNKTIySTFPdqoQURMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQt
NDU5MzVmNTA2YTEyLzEvVFFRa3hlVGRfWWpSNzA3NG51OUdtWWdKdDl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQtNDU5MzVmNTA2YTEy
LzEvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCYGCCsGAQUFBwEHAQH/BBcwFTATBAIAATANMAsDAwBctQME
BVy1gDANBgkqhkiG9w0BAQsFAAOCAQEAqudzgvNCpJwLPrL0k/+3Z/518sYCuz0d
LSTGEQZcPKa94SOHkaAUzLTycx6rdlsBpjw0xbuqeyiCjh0oKBYJlHKrf1mZrSeI
IutOxIzHSgMwfMVVnY6fKSTyhvCgMd5FnlPQ4KwiLSLHHexWy91D3CE+++SBfodB
yFlL+bfuZHvMBuqUa76ijIbfudZ5x7pFrAoxHCdYF5aNYgVbKfe/gJhtFjVN2D4v
82FPh8BPJ6hwnarAZN9svzED8IGE+wd9YhJVMROR55wGLQQsD+v3vOkrZSAdsd7u
OAzi91WcSuNujB6w9Fqm66ufRv90711AxLC2+buQ4aOzKZqgSuosJA==
-----END CERTIFICATE-----