Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/fe2d72-c2dd-46c1-9429-e66369649411/1/QWYJBZh1d2IzpgFUIWxoWFUqq88.roa
File:                     QWYJBZh1d2IzpgFUIWxoWFUqq88.roa (raw, json)
Hash identifier:          jHIhtzN9kmLhIXNzrSXKT2VhXEkQLy9i500bA0i3tyo=
Subject key identifier:   41:66:09:05:98:75:77:62:33:A6:01:54:21:6C:68:58:55:2A:AB:CF
Certificate issuer:       /CN=8817aafec61c3a6b024b6a9f54ffb764ca3df922
Certificate serial:       018CC803044A86D1CE423F609A8F2F6EDD0C
Authority key identifier: 88:17:AA:FE:C6:1C:3A:6B:02:4B:6A:9F:54:FF:B7:64:CA:3D:F9:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iBeq_sYcOmsCS2qfVP-3ZMo9-SI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/fe2d72-c2dd-46c1-9429-e66369649411/1/QWYJBZh1d2IzpgFUIWxoWFUqq88.roa
Signing time:             Tue 02 Jan 2024 02:31:30 +0000
ROA not before:           Tue 02 Jan 2024 02:31:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201965
IP address blocks:        93.175.159.0/24 maxlen: 24
                          2001:67c:2d7c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/fe2d72-c2dd-46c1-9429-e66369649411/1/iBeq_sYcOmsCS2qfVP-3ZMo9-SI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/fe2d72-c2dd-46c1-9429-e66369649411/1/iBeq_sYcOmsCS2qfVP-3ZMo9-SI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iBeq_sYcOmsCS2qfVP-3ZMo9-SI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:03:04:4a:86:d1:ce:42:3f:60:9a:8f:2f:6e:dd:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8817aafec61c3a6b024b6a9f54ffb764ca3df922
        Validity
            Not Before: Jan  2 02:31:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=416609059875776233a60154216c6858552aabcf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:ad:d0:79:8d:bc:73:27:01:42:39:69:7a:86:
                    0a:f7:81:f8:01:8b:0e:2b:43:c5:86:ef:a8:c0:30:
                    56:fd:13:18:a2:80:99:1e:f3:8d:5d:bb:be:dd:bf:
                    2c:85:41:dc:cf:e8:98:a1:27:ac:15:e9:09:8a:4f:
                    5e:81:36:bb:ce:7f:3d:04:32:4b:21:ed:ab:30:38:
                    e9:46:da:29:7c:16:30:10:72:07:8f:af:96:3f:c2:
                    f4:0a:2a:57:d2:74:52:a0:29:b6:c0:80:7b:46:4f:
                    52:5e:21:93:56:4e:8b:2c:48:f7:62:5c:0c:a7:6d:
                    dc:50:29:15:a5:27:8c:2d:a3:4e:26:df:df:c6:38:
                    c0:2a:b6:9b:37:4e:0e:50:83:22:6c:77:4f:4a:18:
                    4e:5c:21:92:d3:d4:7e:99:34:c2:f3:10:2c:8a:d0:
                    9e:38:b7:3d:c2:b6:74:6d:67:68:00:33:87:00:a6:
                    98:cb:83:2c:e7:0b:cd:d2:2c:1c:b9:30:32:11:c1:
                    dc:4c:3e:57:e5:a9:af:12:b7:ad:d9:35:21:b5:b6:
                    e6:98:7e:8b:3e:8b:c7:bf:50:4e:1f:d5:23:f6:df:
                    5d:6f:65:2e:4a:17:59:ae:ec:4b:e7:b2:ab:da:8c:
                    e1:fd:47:d5:d5:fb:14:1c:90:f3:e7:39:01:30:50:
                    ad:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:66:09:05:98:75:77:62:33:A6:01:54:21:6C:68:58:55:2A:AB:CF
            X509v3 Authority Key Identifier:
                keyid:88:17:AA:FE:C6:1C:3A:6B:02:4B:6A:9F:54:FF:B7:64:CA:3D:F9:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iBeq_sYcOmsCS2qfVP-3ZMo9-SI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/fe2d72-c2dd-46c1-9429-e66369649411/1/QWYJBZh1d2IzpgFUIWxoWFUqq88.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/fe2d72-c2dd-46c1-9429-e66369649411/1/iBeq_sYcOmsCS2qfVP-3ZMo9-SI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.175.159.0/24
                IPv6:
                  2001:67c:2d7c::/48

    Signature Algorithm: sha256WithRSAEncryption
         33:a2:c4:b6:d0:82:ef:6e:83:8c:00:1f:b1:70:d0:a2:fb:17:
         ba:c3:fa:cd:a7:eb:69:2d:e1:dd:cb:8e:93:e6:37:fc:ab:e1:
         c3:3b:98:da:ff:e3:ac:6c:77:80:c8:54:7b:1b:b2:00:fa:7a:
         21:f4:5f:46:58:7b:7c:3e:fd:ba:69:c8:aa:6e:48:3f:e9:86:
         92:18:fa:68:8e:58:ef:32:00:9e:f7:b2:ee:d5:b7:d9:ab:e3:
         75:06:87:8a:44:4b:d1:dc:cd:08:0f:28:d0:53:d3:17:05:50:
         b3:c3:8f:8b:e4:fc:bd:9b:92:b7:85:22:6b:ef:a3:ae:3e:39:
         95:ca:52:ed:89:b8:eb:9f:b5:1e:48:14:3c:b6:b0:ca:ea:e7:
         33:1c:70:fa:83:83:4f:9c:9c:5c:98:bb:a9:89:0b:e5:c3:60:
         7a:c1:ba:a3:63:b8:0a:f7:20:af:01:61:13:35:d0:36:48:09:
         4d:2f:3d:de:8a:ac:5b:fb:52:e6:d4:22:53:ae:76:45:fd:47:
         fc:4e:a0:90:de:3f:c9:ae:f5:67:7f:af:02:65:e8:79:2a:20:
         f3:6d:02:a7:0c:40:06:b9:f0:87:e4:34:7d:09:50:e9:0a:0b:
         0e:5e:08:cc:eb:6f:6f:6d:38:28:01:72:05:a2:5a:b3:eb:da:
         52:08:4c:a2
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzIAwRKhtHOQj9gmo8vbt0MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4MTdhYWZlYzYxYzNhNmIwMjRiNmE5ZjU0ZmZiNzY0Y2Ez
ZGY5MjIwHhcNMjQwMTAyMDIzMTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTY2MDkwNTk4NzU3NzYyMzNhNjAxNTQyMTZjNjg1ODU1MmFhYmNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvK3QeY28cycBQjlpeoYK94H4AYsO
K0PFhu+owDBW/RMYooCZHvONXbu+3b8shUHcz+iYoSesFekJik9egTa7zn89BDJL
Ie2rMDjpRtopfBYwEHIHj6+WP8L0CipX0nRSoCm2wIB7Rk9SXiGTVk6LLEj3YlwM
p23cUCkVpSeMLaNOJt/fxjjAKrabN04OUIMibHdPShhOXCGS09R+mTTC8xAsitCe
OLc9wrZ0bWdoADOHAKaYy4Ms5wvN0iwcuTAyEcHcTD5X5amvEret2TUhtbbmmH6L
PovHv1BOH9Uj9t9db2UuShdZruxL57Kr2ozh/UfV1fsUHJDz5zkBMFCthwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEFmCQWYdXdiM6YBVCFsaFhVKqvPMB8GA1UdIwQY
MBaAFIgXqv7GHDprAktqn1T/t2TKPfkiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUJlcV9zWWNPbXNDUzJxZlZQLTNaTW85LVNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My9mZTJkNzItYzJkZC00NmMxLTk0Mjkt
ZTY2MzY5NjQ5NDExLzEvUVdZSkJaaDFkMkl6cGdGVUlXeG9XRlVxcTg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My9mZTJkNzItYzJkZC00NmMxLTk0MjktZTY2MzY5NjQ5NDEx
LzEvaUJlcV9zWWNPbXNDUzJxZlZQLTNaTW85LVNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAXa+fMA8E
AgACMAkDBwAgAQZ8LXwwDQYJKoZIhvcNAQELBQADggEBADOixLbQgu9ug4wAH7Fw
0KL7F7rD+s2n62kt4d3LjpPmN/yr4cM7mNr/46xsd4DIVHsbsgD6eiH0X0ZYe3w+
/bppyKpuSD/phpIY+miOWO8yAJ73su7Vt9mr43UGh4pES9HczQgPKNBT0xcFULPD
j4vk/L2bkreFImvvo64+OZXKUu2JuOuftR5IFDy2sMrq5zMccPqDg0+cnFyYu6mJ
C+XDYHrBuqNjuAr3IK8BYRM10DZICU0vPd6KrFv7UubUIlOudkX9R/xOoJDeP8mu
9Wd/rwJl6HkqIPNtAqcMQAa58IfkNH0JUOkKCw5eCMzrb29tOCgBcgWiWrPr2lII
TKI=
-----END CERTIFICATE-----