Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/3b0009-f152-4d9c-af96-a5e5d0084701/1/_QwS-Cevr9pk-qlX6YZX0hI4GIM.roa
File:                     _QwS-Cevr9pk-qlX6YZX0hI4GIM.roa (raw, json)
Hash identifier:          Z/xgUbAj3Dovre2Pxn7vZEEMjAOQnLCtyovTfOFBpbA=
Subject key identifier:   FD:0C:12:F8:27:AF:AF:DA:64:FA:A9:57:E9:86:57:D2:12:38:18:83
Certificate issuer:       /CN=b5e9a780130b7c52b010fd7138bf0b723be207c3
Certificate serial:       018E9F191612C9BECB0BBFF39C98EA654E99
Authority key identifier: B5:E9:A7:80:13:0B:7C:52:B0:10:FD:71:38:BF:0B:72:3B:E2:07:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/temngBMLfFKwEP1xOL8LcjviB8M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/3b0009-f152-4d9c-af96-a5e5d0084701/1/_QwS-Cevr9pk-qlX6YZX0hI4GIM.roa
Signing time:             Tue 02 Apr 2024 13:56:44 +0000
ROA not before:           Tue 02 Apr 2024 13:56:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215249
IP address blocks:        185.108.124.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/3b0009-f152-4d9c-af96-a5e5d0084701/1/temngBMLfFKwEP1xOL8LcjviB8M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/3b0009-f152-4d9c-af96-a5e5d0084701/1/temngBMLfFKwEP1xOL8LcjviB8M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/temngBMLfFKwEP1xOL8LcjviB8M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 04:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:9f:19:16:12:c9:be:cb:0b:bf:f3:9c:98:ea:65:4e:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5e9a780130b7c52b010fd7138bf0b723be207c3
        Validity
            Not Before: Apr  2 13:56:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fd0c12f827afafda64faa957e98657d212381883
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:36:b7:07:85:6e:1d:c3:84:cc:30:0f:e1:40:
                    9d:8e:4a:90:e0:47:4f:d7:b1:1e:1b:34:51:6a:d2:
                    fe:4d:1f:36:fd:5f:15:e5:7e:92:bc:e9:77:b1:2a:
                    86:9d:16:96:7e:ef:18:e0:92:c7:37:07:b8:7d:51:
                    ad:64:19:32:fe:d7:c3:66:11:b0:57:41:b3:e5:1e:
                    a5:98:5d:fd:ae:8c:6e:84:56:01:18:09:76:4f:63:
                    5d:9f:fd:8b:8d:48:2f:cb:14:32:32:4a:85:63:68:
                    ed:9a:26:74:04:7a:49:6c:57:72:ed:48:ef:e2:21:
                    30:0e:96:fd:8e:52:40:48:e9:4a:f5:e7:6f:35:23:
                    3e:cc:26:80:2e:52:51:92:47:cd:c1:c4:b8:0f:c8:
                    45:09:1d:3e:5a:78:ed:39:b8:d4:3f:71:c6:61:3c:
                    f0:0b:1b:82:0e:00:74:bb:b9:bb:b8:a4:be:1a:cc:
                    29:39:e4:0d:0b:09:ac:97:5c:22:8c:50:67:24:71:
                    dc:02:24:ea:34:90:32:41:7c:13:51:8e:94:68:7e:
                    18:b8:7c:40:34:41:de:fd:2e:ab:ec:3b:38:23:82:
                    69:37:75:09:31:d2:3b:9a:8e:0f:67:4a:de:4a:36:
                    9f:2c:ee:5a:5d:b1:4a:fc:a5:a1:4f:c5:40:cd:b9:
                    25:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:0C:12:F8:27:AF:AF:DA:64:FA:A9:57:E9:86:57:D2:12:38:18:83
            X509v3 Authority Key Identifier:
                keyid:B5:E9:A7:80:13:0B:7C:52:B0:10:FD:71:38:BF:0B:72:3B:E2:07:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/temngBMLfFKwEP1xOL8LcjviB8M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/3b0009-f152-4d9c-af96-a5e5d0084701/1/_QwS-Cevr9pk-qlX6YZX0hI4GIM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/3b0009-f152-4d9c-af96-a5e5d0084701/1/temngBMLfFKwEP1xOL8LcjviB8M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.108.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:dc:5f:0e:ba:3d:03:48:98:eb:e7:5b:22:81:a9:fb:0d:80:
         82:67:29:3e:ea:70:02:8b:5a:12:bb:b7:4b:53:6b:c0:55:fd:
         e6:23:bc:cd:2c:bc:fa:72:02:9f:58:6e:8f:a8:d4:a1:1b:95:
         91:b5:24:ac:c3:2c:8c:98:45:fe:36:a4:82:5d:6c:e2:0a:7a:
         23:74:6c:d0:5f:e9:36:10:42:8e:ee:e1:7c:ea:4d:64:78:c8:
         27:7b:e6:1c:b7:cf:6e:82:4b:af:cc:64:dc:a1:43:78:2a:74:
         30:4e:af:47:b2:ad:d5:0a:ce:31:ac:6d:af:a4:f4:aa:3d:38:
         c3:b7:6b:fb:f2:f1:80:b0:0c:aa:90:1a:64:44:8a:2d:6a:4d:
         4b:20:8f:f4:79:ff:36:b9:3e:13:83:b1:20:bc:68:66:8f:f7:
         62:6e:0a:06:94:3f:78:2a:48:0a:a4:60:ce:68:6d:bd:be:50:
         7c:06:6a:fe:f9:58:32:ba:d4:37:e9:98:63:9e:ab:0b:f6:96:
         a4:c0:86:ca:94:48:da:c8:6d:31:08:78:a9:9d:1b:81:7a:1c:
         ee:fb:1d:fb:3c:fc:e1:ca:2a:e5:5e:bb:f2:1e:76:17:3f:f8:
         20:cc:c9:5e:29:19:90:39:b9:5b:d8:21:8c:f6:f5:1b:56:75:
         8f:35:ac:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6fGRYSyb7LC7/znJjqZU6ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1ZTlhNzgwMTMwYjdjNTJiMDEwZmQ3MTM4YmYwYjcyM2Jl
MjA3YzMwHhcNMjQwNDAyMTM1NjQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDBjMTJmODI3YWZhZmRhNjRmYWE5NTdlOTg2NTdkMjEyMzgxODgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsTa3B4VuHcOEzDAP4UCdjkqQ4EdP
17EeGzRRatL+TR82/V8V5X6SvOl3sSqGnRaWfu8Y4JLHNwe4fVGtZBky/tfDZhGw
V0Gz5R6lmF39roxuhFYBGAl2T2Ndn/2LjUgvyxQyMkqFY2jtmiZ0BHpJbFdy7Ujv
4iEwDpb9jlJASOlK9edvNSM+zCaALlJRkkfNwcS4D8hFCR0+WnjtObjUP3HGYTzw
CxuCDgB0u7m7uKS+GswpOeQNCwmsl1wijFBnJHHcAiTqNJAyQXwTUY6UaH4YuHxA
NEHe/S6r7Ds4I4JpN3UJMdI7mo4PZ0reSjafLO5aXbFK/KWhT8VAzbklMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP0MEvgnr6/aZPqpV+mGV9ISOBiDMB8GA1UdIwQY
MBaAFLXpp4ATC3xSsBD9cTi/C3I74gfDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdGVtbmdCTUxmRkt3RVAxeE9MOExjanZpQjhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My8zYjAwMDktZjE1Mi00ZDljLWFmOTYt
YTVlNWQwMDg0NzAxLzEvX1F3Uy1DZXZyOXBrLXFsWDZZWlgwaEk0R0lNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My8zYjAwMDktZjE1Mi00ZDljLWFmOTYtYTVlNWQwMDg0NzAx
LzEvdGVtbmdCTUxmRkt3RVAxeE9MOExjanZpQjhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWx8MA0G
CSqGSIb3DQEBCwUAA4IBAQAS3F8Ouj0DSJjr51sigan7DYCCZyk+6nACi1oSu7dL
U2vAVf3mI7zNLLz6cgKfWG6PqNShG5WRtSSswyyMmEX+NqSCXWziCnojdGzQX+k2
EEKO7uF86k1keMgne+Yct89ugkuvzGTcoUN4KnQwTq9Hsq3VCs4xrG2vpPSqPTjD
t2v78vGAsAyqkBpkRIotak1LII/0ef82uT4Tg7EgvGhmj/dibgoGlD94KkgKpGDO
aG29vlB8Bmr++VgyutQ36ZhjnqsL9pakwIbKlEjayG0xCHipnRuBehzu+x37PPzh
yirlXrvyHnYXP/ggzMleKRmQOblb2CGM9vUbVnWPNaxP
-----END CERTIFICATE-----