Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/71bf6f-1e3c-404a-82d0-788c5b75754b/1/1-wq3-R3TERL1t2bL6vQF0r7HQfU.roa
File:                     1-wq3-R3TERL1t2bL6vQF0r7HQfU.roa (raw, json)
Hash identifier:          I8tXyCkAvkpuLMXgHngDTdRtlMLHIlvtcPRRYfcHcak=
Subject key identifier:   FB:0A:B7:F9:1D:D3:11:12:F5:B7:66:CB:EA:F4:05:D2:BE:C7:41:F5
Certificate issuer:       /CN=d95e046e7d393c14fcbaee7f1c43980e3da11fb1
Certificate serial:       018CC9BBE1292BEFD1F93759AAC7C7F26F3A
Authority key identifier: D9:5E:04:6E:7D:39:3C:14:FC:BA:EE:7F:1C:43:98:0E:3D:A1:1F:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2V4Ebn05PBT8uu5_HEOYDj2hH7E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/71bf6f-1e3c-404a-82d0-788c5b75754b/1/1-wq3-R3TERL1t2bL6vQF0r7HQfU.roa
Signing time:             Tue 02 Jan 2024 10:33:02 +0000
ROA not before:           Tue 02 Jan 2024 10:33:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211091
IP address blocks:        185.188.42.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/71bf6f-1e3c-404a-82d0-788c5b75754b/1/2V4Ebn05PBT8uu5_HEOYDj2hH7E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/71bf6f-1e3c-404a-82d0-788c5b75754b/1/2V4Ebn05PBT8uu5_HEOYDj2hH7E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2V4Ebn05PBT8uu5_HEOYDj2hH7E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:e1:29:2b:ef:d1:f9:37:59:aa:c7:c7:f2:6f:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d95e046e7d393c14fcbaee7f1c43980e3da11fb1
        Validity
            Not Before: Jan  2 10:33:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fb0ab7f91dd31112f5b766cbeaf405d2bec741f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:f9:81:1a:07:f2:6a:e7:c6:0a:48:92:93:83:
                    ff:2d:ea:81:21:e6:c4:a0:0e:90:49:fc:7a:0b:12:
                    62:87:41:15:1b:01:6d:96:49:41:3a:cb:96:4a:ff:
                    48:7c:72:34:9e:6f:3a:a8:21:8b:f4:36:2f:ae:12:
                    18:08:13:fb:8e:b5:8c:bd:42:3f:93:76:5f:1f:4b:
                    ec:5b:70:a4:56:e8:ef:91:6a:0e:21:0e:2d:ef:65:
                    ac:2f:8d:bb:4f:a2:8d:40:fd:ac:6b:82:88:e7:20:
                    92:31:70:f3:cb:8b:a9:60:15:b4:34:41:08:83:29:
                    46:76:d6:1a:cc:1f:cc:36:4c:38:9c:a9:01:62:2d:
                    2e:66:b4:da:3d:f0:8a:ec:1b:61:05:bf:ee:7b:4f:
                    db:fe:3e:14:da:94:9b:31:92:a7:ec:7c:57:e0:5b:
                    87:23:6a:b4:f9:53:0d:7c:bf:5b:af:47:94:8d:4b:
                    fd:f3:21:de:9e:69:71:b7:34:cc:62:d7:77:51:1e:
                    b2:af:e2:a8:16:15:62:a3:5d:d6:a4:fb:31:4d:14:
                    4e:91:c9:a6:8a:98:fa:bc:0c:a7:12:02:5d:ce:b2:
                    54:bc:7e:fa:f8:b5:d2:9e:f9:99:2c:34:46:fb:0e:
                    41:98:bc:c8:9d:57:14:4a:be:4c:37:65:b6:06:84:
                    b8:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:0A:B7:F9:1D:D3:11:12:F5:B7:66:CB:EA:F4:05:D2:BE:C7:41:F5
            X509v3 Authority Key Identifier:
                keyid:D9:5E:04:6E:7D:39:3C:14:FC:BA:EE:7F:1C:43:98:0E:3D:A1:1F:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2V4Ebn05PBT8uu5_HEOYDj2hH7E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/71bf6f-1e3c-404a-82d0-788c5b75754b/1/1-wq3-R3TERL1t2bL6vQF0r7HQfU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/71bf6f-1e3c-404a-82d0-788c5b75754b/1/2V4Ebn05PBT8uu5_HEOYDj2hH7E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.188.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:c6:5f:ea:25:2a:bd:da:75:48:26:8f:80:2a:c6:6b:59:58:
         3d:1e:21:18:3a:ed:6f:6c:58:fe:df:e8:fc:04:97:08:70:58:
         e5:67:b7:1a:17:24:03:4e:fd:27:e7:9b:3e:16:91:6d:d9:4c:
         2d:ee:58:fd:cf:bd:91:0b:03:aa:87:83:39:3a:f7:c4:22:87:
         9d:7d:71:98:d2:aa:b6:c1:89:89:5a:78:16:ae:b7:38:9b:87:
         f4:d9:91:0a:de:51:bd:40:68:b1:48:ed:40:89:7c:12:9d:3b:
         91:d6:fe:40:86:e7:26:71:53:56:6b:ed:ed:6e:46:9a:5d:16:
         17:8a:4a:f4:96:6d:1c:7c:54:41:26:39:87:2a:97:a8:04:e4:
         8a:27:b9:05:bc:0d:23:dd:c1:40:67:d4:73:9b:27:4f:4a:55:
         0c:31:78:da:2c:cb:74:bf:44:44:eb:84:68:0f:8f:74:3a:62:
         db:3e:4d:ff:a4:02:27:60:f2:77:fe:e0:ad:a6:c9:83:1b:ab:
         b4:10:20:91:a5:45:ff:70:82:cb:83:b8:29:44:d2:b4:fd:97:
         fb:80:a6:c7:9c:e4:86:43:c8:5c:2c:c0:d8:75:b8:77:0c:a9:
         12:7f:6b:f7:e5:b9:4e:92:9a:e4:c6:d5:94:a6:2f:b3:8c:ef:
         4b:cd:5d:2c
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzJu+EpK+/R+TdZqsfH8m86MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5NWUwNDZlN2QzOTNjMTRmY2JhZWU3ZjFjNDM5ODBlM2Rh
MTFmYjEwHhcNMjQwMTAyMTAzMzAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjBhYjdmOTFkZDMxMTEyZjViNzY2Y2JlYWY0MDVkMmJlYzc0MWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzPmBGgfyaufGCkiSk4P/LeqBIebE
oA6QSfx6CxJih0EVGwFtlklBOsuWSv9IfHI0nm86qCGL9DYvrhIYCBP7jrWMvUI/
k3ZfH0vsW3CkVujvkWoOIQ4t72WsL427T6KNQP2sa4KI5yCSMXDzy4upYBW0NEEI
gylGdtYazB/MNkw4nKkBYi0uZrTaPfCK7BthBb/ue0/b/j4U2pSbMZKn7HxX4FuH
I2q0+VMNfL9br0eUjUv98yHenmlxtzTMYtd3UR6yr+KoFhVio13WpPsxTRROkcmm
ipj6vAynEgJdzrJUvH76+LXSnvmZLDRG+w5BmLzInVcUSr5MN2W2BoS4+wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPsKt/kd0xES9bdmy+r0BdK+x0H1MB8GA1UdIwQY
MBaAFNleBG59OTwU/LrufxxDmA49oR+xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlY0RWJuMDVQQlQ4dXU1X0hFT1lEajJoSDdFLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC83MWJmNmYtMWUzYy00MDRhLTgyZDAt
Nzg4YzViNzU3NTRiLzEvMS13cTMtUjNURVJMMXQyYkw2dlFGMHI3SFFmVS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvODAvNzFiZjZmLTFlM2MtNDA0YS04MmQwLTc4OGM1Yjc1NzU0
Yi8xLzJWNEVibjA1UEJUOHV1NV9IRU9ZRGoyaEg3RS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALm8KjAN
BgkqhkiG9w0BAQsFAAOCAQEAS8Zf6iUqvdp1SCaPgCrGa1lYPR4hGDrtb2xY/t/o
/ASXCHBY5We3GhckA079J+ebPhaRbdlMLe5Y/c+9kQsDqoeDOTr3xCKHnX1xmNKq
tsGJiVp4Fq63OJuH9NmRCt5RvUBosUjtQIl8Ep07kdb+QIbnJnFTVmvt7W5Gml0W
F4pK9JZtHHxUQSY5hyqXqATkiie5BbwNI93BQGfUc5snT0pVDDF42izLdL9EROuE
aA+PdDpi2z5N/6QCJ2Dyd/7grabJgxurtBAgkaVF/3CCy4O4KUTStP2X+4Cmx5zk
hkPIXCzA2HW4dwypEn9r9+W5TpKa5MbVlKYvs4zvS81dLA==
-----END CERTIFICATE-----