Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/qkynhrIBhZKTpF50cFGG_J5tZkM.roa
File:                     qkynhrIBhZKTpF50cFGG_J5tZkM.roa (raw, json)
Hash identifier:          yP4+np6DdoTOEIWBziS6vcOAcw307cpZh24fFixMLqg=
Subject key identifier:   AA:4C:A7:86:B2:01:85:92:93:A4:5E:74:70:51:86:FC:9E:6D:66:43
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018F3848F6B7A502FE17FE5EA6423A334ED6
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/qkynhrIBhZKTpF50cFGG_J5tZkM.roa
Signing time:             Thu 02 May 2024 07:50:56 +0000
ROA not before:           Thu 02 May 2024 07:50:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     151106
IP address blocks:        89.213.154.0/24 maxlen: 24
                          109.176.20.0/24 maxlen: 24
                          109.176.23.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 24 May 2024 07:25:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:38:48:f6:b7:a5:02:fe:17:fe:5e:a6:42:3a:33:4e:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May  2 07:50:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aa4ca786b201859293a45e74705186fc9e6d6643
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:72:20:ac:89:dc:d4:25:e1:fe:94:58:a7:84:
                    dc:ea:c6:9b:c7:99:7c:0c:4f:2f:d4:d6:b7:c9:26:
                    a5:21:f9:35:8f:85:05:7e:77:26:c6:e9:d5:38:70:
                    0b:7f:0d:30:ed:57:56:6c:cc:fc:b1:bd:ca:73:90:
                    6b:30:21:3b:1f:3c:8d:1a:62:82:f9:7a:9d:75:8f:
                    00:58:fb:59:88:1b:17:1f:38:16:1d:dd:ad:cd:37:
                    e5:82:2c:4c:c6:7a:4c:de:2f:68:07:92:9c:5b:27:
                    a6:45:b8:61:0e:37:af:fc:d6:e3:ca:69:26:f1:24:
                    a0:34:e1:c3:df:a7:80:2e:82:c5:97:e9:c1:cb:76:
                    5b:af:3f:67:62:e1:d7:b2:5b:77:78:a6:df:b4:51:
                    20:1c:08:f3:9d:b3:0b:68:0b:e4:28:96:97:97:81:
                    72:4c:b4:32:c9:3e:12:4d:9e:49:20:36:96:ef:28:
                    0e:3a:b9:cb:d6:db:44:f1:a2:d4:9c:a5:01:bf:26:
                    df:75:b8:40:76:8a:36:85:db:86:f6:4f:36:0a:8e:
                    7b:ff:55:49:f1:41:da:c2:db:ae:fc:8a:ee:08:31:
                    f1:aa:09:70:d6:be:59:26:09:c2:76:4c:fa:47:9d:
                    7d:76:7c:dc:8d:ad:a3:73:6e:78:c5:92:a2:6f:9c:
                    70:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:4C:A7:86:B2:01:85:92:93:A4:5E:74:70:51:86:FC:9E:6D:66:43
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/qkynhrIBhZKTpF50cFGG_J5tZkM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.154.0/24
                  109.176.20.0/24
                  109.176.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:21:71:63:e0:ec:5b:f2:d7:7c:23:26:b5:66:81:96:b6:c3:
         4a:ef:8e:19:87:ac:f7:b9:af:b2:2b:40:a0:9b:3f:73:e0:46:
         0d:91:32:14:a0:75:d7:1d:c5:c4:29:a9:b1:80:5e:f5:73:10:
         71:76:85:70:44:88:66:56:35:de:c5:e3:d8:67:91:c5:cb:5a:
         2a:ab:3c:36:e3:08:30:e5:b3:c7:62:9f:61:c8:ac:60:ec:e6:
         47:ba:22:f3:19:e5:da:e7:11:0a:79:36:e0:ac:fe:61:e8:e2:
         68:ec:92:02:5b:84:20:77:d9:59:d7:3f:ea:0b:5e:e5:c1:1a:
         6e:4b:ae:70:02:25:26:3a:b7:34:d9:df:d5:7f:fe:d5:23:4f:
         82:4a:83:4d:5f:3e:4c:37:0d:00:c9:9d:2c:ed:5e:08:b6:28:
         ac:c4:c6:69:99:24:bd:e6:d8:f3:11:14:76:07:e6:5b:f4:1c:
         4d:db:88:ec:c5:b5:09:9e:2e:42:fd:b9:9c:13:13:a8:2a:9f:
         6e:3d:da:76:6d:d7:b5:b6:c7:ff:d3:4e:4c:07:e1:9e:f6:21:
         06:52:bf:47:6d:88:4b:1c:4a:f8:dd:31:05:ca:80:58:02:d0:
         ef:6b:5d:fd:5b:8c:d5:d7:68:ff:fd:ef:13:3f:c2:40:16:39:
         57:ce:90:8f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY84SPa3pQL+F/5epkI6M07WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNTAyMDc1MDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTRjYTc4NmIyMDE4NTkyOTNhNDVlNzQ3MDUxODZmYzllNmQ2NjQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxXIgrInc1CXh/pRYp4Tc6sabx5l8
DE8v1Na3ySalIfk1j4UFfncmxunVOHALfw0w7VdWbMz8sb3Kc5BrMCE7HzyNGmKC
+XqddY8AWPtZiBsXHzgWHd2tzTflgixMxnpM3i9oB5KcWyemRbhhDjev/Nbjymkm
8SSgNOHD36eALoLFl+nBy3Zbrz9nYuHXslt3eKbftFEgHAjznbMLaAvkKJaXl4Fy
TLQyyT4STZ5JIDaW7ygOOrnL1ttE8aLUnKUBvybfdbhAdoo2hduG9k82Co57/1VJ
8UHawtuu/IruCDHxqglw1r5ZJgnCdkz6R519dnzcja2jc254xZKib5xwFwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFKpMp4ayAYWSk6RedHBRhvyebWZDMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvcWt5bmhySUJoWktUcEY1MGNGR0dfSjV0WmtNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAWdWaAwQA
bbAUAwQAbbAXMA0GCSqGSIb3DQEBCwUAA4IBAQAnIXFj4Oxb8td8Iya1ZoGWtsNK
744Zh6z3ua+yK0Cgmz9z4EYNkTIUoHXXHcXEKamxgF71cxBxdoVwRIhmVjXexePY
Z5HFy1oqqzw24wgw5bPHYp9hyKxg7OZHuiLzGeXa5xEKeTbgrP5h6OJo7JICW4Qg
d9lZ1z/qC17lwRpuS65wAiUmOrc02d/Vf/7VI0+CSoNNXz5MNw0AyZ0s7V4Itiis
xMZpmSS95tjzERR2B+Zb9BxN24jsxbUJni5C/bmcExOoKp9uPdp2bde1tsf/005M
B+Ge9iEGUr9HbYhLHEr43TEFyoBYAtDva139W4zV12j//e8TP8JAFjlXzpCP
-----END CERTIFICATE-----