Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/307b98-c222-4835-8381-09c8fe724cd7/1/QML8pzL9Iu-fY699i8MX4_vOfog.roa
File:                     QML8pzL9Iu-fY699i8MX4_vOfog.roa (raw, json)
Hash identifier:          Y4Ew0D9xxn+fFK0UC4D/O/SPpLzTfVMCs8gHL8EqCn0=
Subject key identifier:   40:C2:FC:A7:32:FD:22:EF:9F:63:AF:7D:8B:C3:17:E3:FB:CE:7E:88
Certificate issuer:       /CN=d9f200e2d38683a7cb1ce5cabbee34c068834a0b
Certificate serial:       018CC86F2A78DD42728D25D5EEB73B4587E2
Authority key identifier: D9:F2:00:E2:D3:86:83:A7:CB:1C:E5:CA:BB:EE:34:C0:68:83:4A:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2fIA4tOGg6fLHOXKu-40wGiDSgs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/307b98-c222-4835-8381-09c8fe724cd7/1/QML8pzL9Iu-fY699i8MX4_vOfog.roa
Signing time:             Tue 02 Jan 2024 04:29:37 +0000
ROA not before:           Tue 02 Jan 2024 04:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        193.134.240.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/307b98-c222-4835-8381-09c8fe724cd7/1/2fIA4tOGg6fLHOXKu-40wGiDSgs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/307b98-c222-4835-8381-09c8fe724cd7/1/2fIA4tOGg6fLHOXKu-40wGiDSgs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2fIA4tOGg6fLHOXKu-40wGiDSgs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:02:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:2a:78:dd:42:72:8d:25:d5:ee:b7:3b:45:87:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d9f200e2d38683a7cb1ce5cabbee34c068834a0b
        Validity
            Not Before: Jan  2 04:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=40c2fca732fd22ef9f63af7d8bc317e3fbce7e88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:db:f4:0d:a1:1a:94:7a:9b:e7:66:9f:7c:5d:
                    23:57:fa:f3:44:2c:9b:65:00:27:05:d9:b9:02:b6:
                    f2:02:83:b3:52:32:b6:f9:bf:b5:ae:b7:8b:50:cf:
                    63:26:13:85:72:d9:b3:5a:b5:d7:83:fb:4b:fc:07:
                    40:df:30:80:17:1e:db:08:67:6a:d1:7c:f6:f1:91:
                    d2:b8:c7:12:d1:f3:38:37:37:1a:0b:58:cc:75:42:
                    a6:8e:c6:47:30:1a:95:4d:26:08:a2:16:19:50:64:
                    68:e9:c5:81:39:0e:9c:43:c6:9d:18:df:91:e3:0b:
                    67:ba:63:f5:46:1b:2d:fe:5c:9b:be:a6:71:c0:28:
                    e2:d9:5e:dc:83:46:f0:bd:14:17:c2:c9:54:fe:47:
                    8b:c5:6b:2f:2c:1d:2b:f4:b9:bd:92:a2:d2:4b:78:
                    74:d1:48:90:9a:db:1c:31:72:16:1d:fa:ab:71:48:
                    e2:b0:90:bf:c2:ec:5c:dd:fd:99:98:54:51:1a:b6:
                    d6:1c:9e:f7:ce:b8:8d:51:b3:be:93:bd:d1:bc:d2:
                    36:80:52:4c:09:67:1a:3f:47:d6:e1:24:80:fa:ac:
                    02:f0:9d:3a:e8:33:5e:82:f6:f7:31:f1:51:38:e9:
                    c1:c1:82:fa:87:52:52:2a:e8:40:44:eb:62:7e:85:
                    07:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:C2:FC:A7:32:FD:22:EF:9F:63:AF:7D:8B:C3:17:E3:FB:CE:7E:88
            X509v3 Authority Key Identifier:
                keyid:D9:F2:00:E2:D3:86:83:A7:CB:1C:E5:CA:BB:EE:34:C0:68:83:4A:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2fIA4tOGg6fLHOXKu-40wGiDSgs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/307b98-c222-4835-8381-09c8fe724cd7/1/QML8pzL9Iu-fY699i8MX4_vOfog.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/307b98-c222-4835-8381-09c8fe724cd7/1/2fIA4tOGg6fLHOXKu-40wGiDSgs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.134.240.0/21

    Signature Algorithm: sha256WithRSAEncryption
         71:72:1a:5a:67:22:3a:cc:26:61:94:67:d7:4e:56:8f:d5:b2:
         10:6c:f6:27:63:b6:7b:ad:59:cb:69:a5:04:36:72:b2:ac:e9:
         ef:a9:79:62:10:cb:32:a1:3d:7f:24:8b:fb:57:12:54:42:15:
         59:9b:80:ec:6e:11:3d:a6:19:e4:16:42:55:de:6e:14:bd:08:
         cf:91:b4:3c:b9:73:1e:50:01:7a:f1:b2:c9:f6:ea:91:21:3e:
         af:fe:db:f0:a5:e8:4d:3a:cf:46:5a:ea:c4:d4:b0:ec:a0:22:
         0d:f8:f2:4f:a3:06:eb:0a:a4:40:11:dd:f7:4b:fa:09:ee:0a:
         ea:6c:ca:d0:6a:f3:46:47:7d:8b:4d:09:1b:ae:ad:1e:23:01:
         ee:13:40:87:77:83:c1:c3:bc:4e:e0:74:ec:d2:ef:47:ae:fa:
         7a:25:65:68:56:61:7a:e9:22:e2:96:79:48:f0:b9:87:48:58:
         c7:9e:67:b2:58:e6:91:80:3b:fa:f8:0c:52:20:f4:5e:8e:ce:
         6c:1e:40:37:6e:b8:f7:8c:2e:4b:fa:f4:e1:a8:eb:9c:fc:14:
         1b:f1:06:4a:6b:d3:4a:5e:2b:41:a0:60:de:b6:80:77:c5:e9:
         48:7e:56:df:92:20:e2:a0:12:76:49:24:7a:52:1f:e1:2a:f0:
         4a:0d:99:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbyp43UJyjSXV7rc7RYfiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5ZjIwMGUyZDM4NjgzYTdjYjFjZTVjYWJiZWUzNGMwNjg4
MzRhMGIwHhcNMjQwMTAyMDQyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGMyZmNhNzMyZmQyMmVmOWY2M2FmN2Q4YmMzMTdlM2ZiY2U3ZTg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9Nv0DaEalHqb52affF0jV/rzRCyb
ZQAnBdm5ArbyAoOzUjK2+b+1rreLUM9jJhOFctmzWrXXg/tL/AdA3zCAFx7bCGdq
0Xz28ZHSuMcS0fM4NzcaC1jMdUKmjsZHMBqVTSYIohYZUGRo6cWBOQ6cQ8adGN+R
4wtnumP1Rhst/lybvqZxwCji2V7cg0bwvRQXwslU/keLxWsvLB0r9Lm9kqLSS3h0
0UiQmtscMXIWHfqrcUjisJC/wuxc3f2ZmFRRGrbWHJ73zriNUbO+k73RvNI2gFJM
CWcaP0fW4SSA+qwC8J066DNegvb3MfFROOnBwYL6h1JSKuhAROtifoUHbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEDC/Kcy/SLvn2OvfYvDF+P7zn6IMB8GA1UdIwQY
MBaAFNnyAOLThoOnyxzlyrvuNMBog0oLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmZJQTR0T0dnNmZMSE9YS3UtNDB3R2lEU2dzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC8zMDdiOTgtYzIyMi00ODM1LTgzODEt
MDljOGZlNzI0Y2Q3LzEvUU1MOHB6TDlJdS1mWTY5OWk4TVg0X3ZPZm9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC8zMDdiOTgtYzIyMi00ODM1LTgzODEtMDljOGZlNzI0Y2Q3
LzEvMmZJQTR0T0dnNmZMSE9YS3UtNDB3R2lEU2dzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDwYbwMA0G
CSqGSIb3DQEBCwUAA4IBAQBxchpaZyI6zCZhlGfXTlaP1bIQbPYnY7Z7rVnLaaUE
NnKyrOnvqXliEMsyoT1/JIv7VxJUQhVZm4DsbhE9phnkFkJV3m4UvQjPkbQ8uXMe
UAF68bLJ9uqRIT6v/tvwpehNOs9GWurE1LDsoCIN+PJPowbrCqRAEd33S/oJ7grq
bMrQavNGR32LTQkbrq0eIwHuE0CHd4PBw7xO4HTs0u9Hrvp6JWVoVmF66SLilnlI
8LmHSFjHnmeyWOaRgDv6+AxSIPRejs5sHkA3brj3jC5L+vThqOuc/BQb8QZKa9NK
XitBoGDetoB3xelIflbfkiDioBJ2SSR6Uh/hKvBKDZkJ
-----END CERTIFICATE-----