Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/0e4dd5-9c8f-4856-90d7-1e1e9cbf47da/1/QKgDF8e57QF3eXJrK-FiCPDHmfU.roa
File:                     QKgDF8e57QF3eXJrK-FiCPDHmfU.roa (raw, json)
Hash identifier:          +E1BqSBrlnTbnzWLAAzKH9Q0vqlEI8vEJvPvq//8UvY=
Subject key identifier:   40:A8:03:17:C7:B9:ED:01:77:79:72:6B:2B:E1:62:08:F0:C7:99:F5
Certificate issuer:       /CN=6911245ae2025155c09bec25a8991d567af1841d
Certificate serial:       018CC492FB15C51A466EBD9E2508A12F563F
Authority key identifier: 69:11:24:5A:E2:02:51:55:C0:9B:EC:25:A8:99:1D:56:7A:F1:84:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aREkWuICUVXAm-wlqJkdVnrxhB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/0e4dd5-9c8f-4856-90d7-1e1e9cbf47da/1/QKgDF8e57QF3eXJrK-FiCPDHmfU.roa
Signing time:             Mon 01 Jan 2024 10:30:16 +0000
ROA not before:           Mon 01 Jan 2024 10:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203752
IP address blocks:        185.125.60.0/22 maxlen: 22
                          2a03:94a0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/0e4dd5-9c8f-4856-90d7-1e1e9cbf47da/1/aREkWuICUVXAm-wlqJkdVnrxhB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/0e4dd5-9c8f-4856-90d7-1e1e9cbf47da/1/aREkWuICUVXAm-wlqJkdVnrxhB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aREkWuICUVXAm-wlqJkdVnrxhB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:fb:15:c5:1a:46:6e:bd:9e:25:08:a1:2f:56:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6911245ae2025155c09bec25a8991d567af1841d
        Validity
            Not Before: Jan  1 10:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=40a80317c7b9ed017779726b2be16208f0c799f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:5e:1b:5c:0d:15:38:24:e9:5e:20:56:89:67:
                    d4:48:ab:63:f5:d3:70:fe:76:b3:4a:11:fb:7e:c8:
                    1a:30:7f:5e:e9:fb:ba:55:fe:eb:cd:59:de:12:67:
                    2c:2c:87:3b:d4:a0:41:dc:97:16:a9:13:77:78:6c:
                    de:a9:d5:ff:48:c8:96:ed:62:9a:2c:f1:07:e2:00:
                    ed:bb:db:f4:91:e8:5b:79:83:42:51:84:45:18:88:
                    4b:b1:fb:1b:0f:66:a6:39:30:41:96:8c:fb:76:36:
                    44:bc:83:1e:22:99:6e:c0:d0:37:90:0e:40:f8:41:
                    69:a3:83:86:3b:38:9c:88:11:b2:81:24:16:7b:5f:
                    78:ea:f4:98:f6:d4:6d:ed:c5:27:aa:fb:2e:d0:29:
                    91:4c:aa:31:06:34:45:b9:03:98:bf:e7:df:3d:1f:
                    5a:dd:c3:c8:1c:00:2f:66:c0:c4:2a:fa:d5:a8:eb:
                    74:21:eb:2a:b6:1f:b9:63:f0:a1:d2:de:2c:7e:c5:
                    ff:b3:b6:98:4d:f6:cd:0e:65:e2:3d:e5:e6:d2:a2:
                    34:64:62:3c:dc:64:1c:7f:da:0f:f9:8e:f8:98:6e:
                    be:70:f7:50:03:70:5f:37:ff:43:9a:bb:05:24:76:
                    1a:3f:28:82:dc:fd:c0:e3:19:a3:08:6f:b3:25:94:
                    43:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:A8:03:17:C7:B9:ED:01:77:79:72:6B:2B:E1:62:08:F0:C7:99:F5
            X509v3 Authority Key Identifier:
                keyid:69:11:24:5A:E2:02:51:55:C0:9B:EC:25:A8:99:1D:56:7A:F1:84:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aREkWuICUVXAm-wlqJkdVnrxhB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/0e4dd5-9c8f-4856-90d7-1e1e9cbf47da/1/QKgDF8e57QF3eXJrK-FiCPDHmfU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/0e4dd5-9c8f-4856-90d7-1e1e9cbf47da/1/aREkWuICUVXAm-wlqJkdVnrxhB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.125.60.0/22
                IPv6:
                  2a03:94a0::/32

    Signature Algorithm: sha256WithRSAEncryption
         a3:1a:ed:6c:5e:f9:c1:fd:5f:b5:c7:c0:31:6e:57:11:5e:66:
         4f:74:64:9b:e4:80:4e:0e:e8:07:2a:d4:ea:3a:54:3e:01:24:
         1d:b3:c8:60:43:7a:27:c4:88:f3:a5:f6:c3:da:a3:44:14:10:
         19:d8:77:1b:29:d4:b8:0c:7e:5a:47:83:1a:dd:06:19:55:b1:
         35:e0:da:e8:b9:dc:4b:5f:17:3e:b0:86:e0:86:bb:d5:30:50:
         b6:91:4b:65:68:aa:a5:30:53:ab:6e:51:49:cf:cf:6a:e2:e8:
         4b:53:c6:d3:8d:b4:31:5e:24:af:7e:02:4a:ec:8e:64:c1:6a:
         0b:95:e0:d6:fc:b0:67:70:96:14:fa:98:cf:e2:fe:69:66:59:
         11:d0:2d:a6:76:21:e7:3a:28:57:ef:38:46:3c:47:2f:fa:d6:
         b0:44:8f:16:71:b2:a2:1e:ce:74:37:19:0b:38:f3:36:56:b9:
         46:a4:61:a0:44:3d:b0:b4:fb:a1:81:fd:50:5d:72:00:4a:99:
         c0:19:d9:fb:18:4d:eb:fa:14:2a:41:29:2f:e8:47:b2:ad:0b:
         f8:a2:06:7c:f9:e6:35:b1:33:49:22:df:ff:ae:6f:03:f2:fd:
         00:fc:d6:27:3c:c6:fb:e9:b7:19:eb:fe:ff:02:81:34:40:ca:
         a1:06:71:66
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEkvsVxRpGbr2eJQihL1Y/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5MTEyNDVhZTIwMjUxNTVjMDliZWMyNWE4OTkxZDU2N2Fm
MTg0MWQwHhcNMjQwMTAxMTAzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGE4MDMxN2M3YjllZDAxNzc3OTcyNmIyYmUxNjIwOGYwYzc5OWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArV4bXA0VOCTpXiBWiWfUSKtj9dNw
/nazShH7fsgaMH9e6fu6Vf7rzVneEmcsLIc71KBB3JcWqRN3eGzeqdX/SMiW7WKa
LPEH4gDtu9v0kehbeYNCUYRFGIhLsfsbD2amOTBBloz7djZEvIMeIpluwNA3kA5A
+EFpo4OGOziciBGygSQWe1946vSY9tRt7cUnqvsu0CmRTKoxBjRFuQOYv+ffPR9a
3cPIHAAvZsDEKvrVqOt0Iesqth+5Y/Ch0t4sfsX/s7aYTfbNDmXiPeXm0qI0ZGI8
3GQcf9oP+Y74mG6+cPdQA3BfN/9DmrsFJHYaPyiC3P3A4xmjCG+zJZRDFwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFECoAxfHue0Bd3lyayvhYgjwx5n1MB8GA1UdIwQY
MBaAFGkRJFriAlFVwJvsJaiZHVZ68YQdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVJFa1d1SUNVVlhBbS13bHFKa2RWbnJ4aEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS8wZTRkZDUtOWM4Zi00ODU2LTkwZDct
MWUxZTljYmY0N2RhLzEvUUtnREY4ZTU3UUYzZVhKckstRmlDUERIbWZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS8wZTRkZDUtOWM4Zi00ODU2LTkwZDctMWUxZTljYmY0N2Rh
LzEvYVJFa1d1SUNVVlhBbS13bHFKa2RWbnJ4aEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuX08MA0E
AgACMAcDBQAqA5SgMA0GCSqGSIb3DQEBCwUAA4IBAQCjGu1sXvnB/V+1x8AxblcR
XmZPdGSb5IBODugHKtTqOlQ+ASQds8hgQ3onxIjzpfbD2qNEFBAZ2HcbKdS4DH5a
R4Ma3QYZVbE14NroudxLXxc+sIbghrvVMFC2kUtlaKqlMFOrblFJz89q4uhLU8bT
jbQxXiSvfgJK7I5kwWoLleDW/LBncJYU+pjP4v5pZlkR0C2mdiHnOihX7zhGPEcv
+tawRI8WcbKiHs50NxkLOPM2VrlGpGGgRD2wtPuhgf1QXXIASpnAGdn7GE3r+hQq
QSkv6EeyrQv4ogZ8+eY1sTNJIt//rm8D8v0A/NYnPMb76bcZ6/7/AoE0QMqhBnFm
-----END CERTIFICATE-----