Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/a2df79-d4ff-40c7-b4a4-7aec558eb40d/1/A-QT-jU-t7Jk8YNGwT4720rjYj4.roa
File:                     A-QT-jU-t7Jk8YNGwT4720rjYj4.roa (raw, json)
Hash identifier:          e02JlFirOvYeuzZs5HFVLKnrHP6CoOqrgcY8xkF42zA=
Subject key identifier:   03:E4:13:FA:35:3E:B7:B2:64:F1:83:46:C1:3E:3B:DB:4A:E3:62:3E
Certificate issuer:       /CN=88fc58875608970d9a728347d05ef00d0f1d5611
Certificate serial:       018CC3B683F1DBA255439D35F1F8F44A8874
Authority key identifier: 88:FC:58:87:56:08:97:0D:9A:72:83:47:D0:5E:F0:0D:0F:1D:56:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iPxYh1YIlw2acoNH0F7wDQ8dVhE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/a2df79-d4ff-40c7-b4a4-7aec558eb40d/1/A-QT-jU-t7Jk8YNGwT4720rjYj4.roa
Signing time:             Mon 01 Jan 2024 06:29:27 +0000
ROA not before:           Mon 01 Jan 2024 06:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8412
IP address blocks:        91.198.142.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/a2df79-d4ff-40c7-b4a4-7aec558eb40d/1/iPxYh1YIlw2acoNH0F7wDQ8dVhE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/a2df79-d4ff-40c7-b4a4-7aec558eb40d/1/iPxYh1YIlw2acoNH0F7wDQ8dVhE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iPxYh1YIlw2acoNH0F7wDQ8dVhE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 03:05:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:83:f1:db:a2:55:43:9d:35:f1:f8:f4:4a:88:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88fc58875608970d9a728347d05ef00d0f1d5611
        Validity
            Not Before: Jan  1 06:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=03e413fa353eb7b264f18346c13e3bdb4ae3623e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:f3:72:05:0f:57:3a:7b:e0:02:c8:a7:4c:c6:
                    cf:ce:f0:63:55:74:18:77:06:88:da:5d:02:bf:b3:
                    83:7d:6b:e3:b3:9f:a0:4f:0f:23:3f:1a:9b:27:8c:
                    67:bf:19:ad:d4:a6:e9:91:b0:c8:1d:3a:bc:cc:c4:
                    38:93:ff:8b:86:16:63:c7:c0:c0:40:39:ab:4e:9a:
                    a2:16:da:37:1d:09:4c:03:8e:97:fd:3a:6a:46:6d:
                    0e:c4:53:39:9b:e4:23:3f:78:9d:8d:26:b9:65:07:
                    e1:df:ea:b4:a0:db:fe:de:91:e1:a4:ab:19:aa:10:
                    a2:08:ad:3d:b4:b4:f0:37:a5:99:b5:3d:b4:f9:1b:
                    0e:14:5d:9c:26:61:d8:62:3a:94:fe:54:48:81:f8:
                    52:dc:4a:87:61:75:d1:d4:cf:64:3f:8b:fe:cf:a0:
                    75:4c:9a:6d:60:d7:1e:d7:d4:93:14:e9:7d:d0:3b:
                    e2:08:cc:25:18:b9:32:91:18:22:d9:47:44:66:ee:
                    dc:f0:a9:4c:0b:db:b2:8b:69:c5:53:cc:8a:fb:49:
                    90:e3:ca:db:bb:ed:35:02:a4:34:98:46:8a:68:80:
                    c2:dd:de:2a:30:4f:ef:b6:4c:69:11:4a:63:db:9f:
                    b4:81:07:5e:9e:b7:6b:5e:fe:48:58:b7:02:04:bf:
                    18:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:E4:13:FA:35:3E:B7:B2:64:F1:83:46:C1:3E:3B:DB:4A:E3:62:3E
            X509v3 Authority Key Identifier:
                keyid:88:FC:58:87:56:08:97:0D:9A:72:83:47:D0:5E:F0:0D:0F:1D:56:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iPxYh1YIlw2acoNH0F7wDQ8dVhE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/a2df79-d4ff-40c7-b4a4-7aec558eb40d/1/A-QT-jU-t7Jk8YNGwT4720rjYj4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/a2df79-d4ff-40c7-b4a4-7aec558eb40d/1/iPxYh1YIlw2acoNH0F7wDQ8dVhE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:06:27:04:bf:cd:c1:16:38:e4:6b:44:5c:13:b2:79:93:98:
         e8:a3:3f:a9:4d:25:0b:81:0b:88:7e:de:45:f2:06:5f:19:54:
         a2:2c:f3:a2:92:b4:ca:91:45:d8:d2:5d:13:3d:43:e1:a8:fa:
         a2:9d:a9:4b:78:01:f8:41:d6:67:e4:33:20:1e:e2:75:05:8e:
         1b:89:9b:45:f9:c5:85:0b:67:23:b0:b1:26:4a:3d:bc:69:ac:
         31:b3:d3:b0:32:6e:08:53:a3:16:ce:cd:be:e9:90:b5:64:3e:
         93:a8:42:a1:95:be:53:d9:87:31:fa:13:03:f3:34:39:ad:9d:
         28:14:9b:d2:1c:74:2e:9d:9d:0c:7d:0b:54:d3:10:26:a3:d1:
         d6:5e:0a:51:e8:80:13:61:80:b9:c5:ac:b8:c3:9d:5c:0d:28:
         7b:6e:82:5d:4d:33:b8:73:e0:f4:4f:fc:f7:36:5f:e2:01:57:
         c8:4e:29:95:20:29:d7:63:ac:6e:f3:7a:df:37:4d:0d:f9:a5:
         da:78:64:e7:c7:75:62:42:f7:2a:f1:2b:e2:f1:66:f5:fe:ec:
         1b:ce:02:74:e9:57:b8:2b:c1:f0:92:5a:82:6c:83:a2:b3:4b:
         96:81:a4:9a:79:22:c5:df:99:a7:1e:8b:77:a2:d3:f9:0d:47:
         4f:08:4f:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtoPx26JVQ5018fj0Soh0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4ZmM1ODg3NTYwODk3MGQ5YTcyODM0N2QwNWVmMDBkMGYx
ZDU2MTEwHhcNMjQwMTAxMDYyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwM2U0MTNmYTM1M2ViN2IyNjRmMTgzNDZjMTNlM2JkYjRhZTM2MjNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwvNyBQ9XOnvgAsinTMbPzvBjVXQY
dwaI2l0Cv7ODfWvjs5+gTw8jPxqbJ4xnvxmt1KbpkbDIHTq8zMQ4k/+LhhZjx8DA
QDmrTpqiFto3HQlMA46X/TpqRm0OxFM5m+QjP3idjSa5ZQfh3+q0oNv+3pHhpKsZ
qhCiCK09tLTwN6WZtT20+RsOFF2cJmHYYjqU/lRIgfhS3EqHYXXR1M9kP4v+z6B1
TJptYNce19STFOl90DviCMwlGLkykRgi2UdEZu7c8KlMC9uyi2nFU8yK+0mQ48rb
u+01AqQ0mEaKaIDC3d4qME/vtkxpEUpj25+0gQdenrdrXv5IWLcCBL8YxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAPkE/o1PreyZPGDRsE+O9tK42I+MB8GA1UdIwQY
MBaAFIj8WIdWCJcNmnKDR9Be8A0PHVYRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVB4WWgxWUlsdzJhY29OSDBGN3dEUThkVmhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni9hMmRmNzktZDRmZi00MGM3LWI0YTQt
N2FlYzU1OGViNDBkLzEvQS1RVC1qVS10N0prOFlOR3dUNDcyMHJqWWo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni9hMmRmNzktZDRmZi00MGM3LWI0YTQtN2FlYzU1OGViNDBk
LzEvaVB4WWgxWUlsdzJhY29OSDBGN3dEUThkVmhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8aOMA0G
CSqGSIb3DQEBCwUAA4IBAQB3BicEv83BFjjka0RcE7J5k5jooz+pTSULgQuIft5F
8gZfGVSiLPOikrTKkUXY0l0TPUPhqPqinalLeAH4QdZn5DMgHuJ1BY4biZtF+cWF
C2cjsLEmSj28aawxs9OwMm4IU6MWzs2+6ZC1ZD6TqEKhlb5T2Ycx+hMD8zQ5rZ0o
FJvSHHQunZ0MfQtU0xAmo9HWXgpR6IATYYC5xay4w51cDSh7boJdTTO4c+D0T/z3
Nl/iAVfITimVICnXY6xu83rfN00N+aXaeGTnx3ViQvcq8Svi8Wb1/uwbzgJ06Ve4
K8HwklqCbIOis0uWgaSaeSLF35mnHot3otP5DUdPCE8T
-----END CERTIFICATE-----