Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/df3b30-1ba9-4c4b-aa0c-f927e582ebf9/1/QMoo5MhPB-IRN-grs7DsurCHxxo.roa
File:                     QMoo5MhPB-IRN-grs7DsurCHxxo.roa (raw, json)
Hash identifier:          9JdMsXD8FXCTc5K7E+/x+BhpYN+0N5DUdmtU/oYIyOE=
Subject key identifier:   40:CA:28:E4:C8:4F:07:E2:11:37:E8:2B:B3:B0:EC:BA:B0:87:C7:1A
Certificate issuer:       /CN=a0a22fcb54a091d6913ffe9fafb983c57a4ac22c
Certificate serial:       018CC871335E8B94349C8264E963E065DB55
Authority key identifier: A0:A2:2F:CB:54:A0:91:D6:91:3F:FE:9F:AF:B9:83:C5:7A:4A:C2:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oKIvy1SgkdaRP_6fr7mDxXpKwiw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/df3b30-1ba9-4c4b-aa0c-f927e582ebf9/1/QMoo5MhPB-IRN-grs7DsurCHxxo.roa
Signing time:             Tue 02 Jan 2024 04:31:51 +0000
ROA not before:           Tue 02 Jan 2024 04:31:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30870
IP address blocks:        193.27.86.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/df3b30-1ba9-4c4b-aa0c-f927e582ebf9/1/oKIvy1SgkdaRP_6fr7mDxXpKwiw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/df3b30-1ba9-4c4b-aa0c-f927e582ebf9/1/oKIvy1SgkdaRP_6fr7mDxXpKwiw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oKIvy1SgkdaRP_6fr7mDxXpKwiw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Jun 2024 07:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:33:5e:8b:94:34:9c:82:64:e9:63:e0:65:db:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a0a22fcb54a091d6913ffe9fafb983c57a4ac22c
        Validity
            Not Before: Jan  2 04:31:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=40ca28e4c84f07e21137e82bb3b0ecbab087c71a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:69:3c:b8:49:a1:cc:5f:ed:9a:04:7b:2e:1e:
                    78:8c:82:f9:cc:b7:13:da:67:42:8a:28:c7:43:44:
                    6e:27:3e:bd:85:21:01:4f:43:f6:a6:64:95:12:56:
                    60:dc:3d:d0:27:e6:a7:57:ca:f3:bd:f3:88:a7:95:
                    e4:d1:7d:5c:d4:b9:a3:83:0a:3b:5b:1d:37:be:db:
                    f9:55:8c:06:d6:8a:9a:da:dd:2e:f3:d2:dc:7e:1f:
                    a1:21:2d:1a:2f:ae:cd:1c:87:eb:64:ce:06:56:a9:
                    69:3a:40:3f:52:ff:d4:80:c5:74:b5:7b:6f:f1:76:
                    3a:b7:29:b1:44:c8:40:c1:24:5f:0c:e6:a4:5d:5b:
                    06:e6:d9:4f:12:5e:b7:7e:86:17:4e:72:a3:9a:f1:
                    e2:54:9c:e4:29:2e:2b:10:a2:3b:7a:06:6b:a1:72:
                    5c:ba:b1:de:41:fb:0a:ed:1e:81:fb:c7:b6:9d:ae:
                    29:bf:01:40:61:26:3a:f5:64:50:54:88:28:26:39:
                    8b:a7:93:a6:7a:4f:53:12:55:b7:08:bb:1f:9e:19:
                    f4:b3:a1:a6:b0:f1:9b:13:fa:e3:5d:55:e9:1b:8b:
                    a1:5c:33:c9:1b:e1:86:1b:5c:f5:d2:13:b4:b0:f5:
                    6b:92:04:d7:35:9e:f3:8a:a2:83:3c:fa:46:3e:83:
                    bd:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:CA:28:E4:C8:4F:07:E2:11:37:E8:2B:B3:B0:EC:BA:B0:87:C7:1A
            X509v3 Authority Key Identifier:
                keyid:A0:A2:2F:CB:54:A0:91:D6:91:3F:FE:9F:AF:B9:83:C5:7A:4A:C2:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oKIvy1SgkdaRP_6fr7mDxXpKwiw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/df3b30-1ba9-4c4b-aa0c-f927e582ebf9/1/QMoo5MhPB-IRN-grs7DsurCHxxo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/df3b30-1ba9-4c4b-aa0c-f927e582ebf9/1/oKIvy1SgkdaRP_6fr7mDxXpKwiw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.27.86.0/23

    Signature Algorithm: sha256WithRSAEncryption
         08:68:f4:a3:3f:6a:d3:4b:89:ec:b1:a9:7d:07:7b:89:cb:6a:
         7c:55:45:11:e4:1a:5b:84:b7:6c:75:b3:01:a1:f7:d6:09:18:
         98:88:e2:e8:a0:fe:4f:4e:36:3a:3a:8e:3a:ce:c6:df:ea:6d:
         bd:53:ca:d2:f9:13:96:c4:79:66:c2:97:25:02:ac:e6:35:82:
         1e:9b:c2:b0:aa:8a:6f:6e:39:91:5c:e6:e1:6a:14:a3:2c:fa:
         26:e6:28:18:9c:bd:07:22:3b:4d:02:df:8b:58:19:05:51:99:
         3c:a9:d3:7b:ae:31:43:28:05:76:1e:bf:22:0f:9e:6f:d2:18:
         7b:c0:d9:c4:31:2d:ff:93:ba:b9:3a:ba:af:18:9f:3c:34:de:
         88:1d:5c:83:a3:a6:0b:10:2e:7a:dd:c2:14:17:22:75:56:fd:
         0f:29:6b:8b:21:16:f8:fc:2c:f9:44:18:47:ae:fc:f8:4d:3e:
         8c:d8:d2:88:cd:d8:05:af:98:12:a0:2c:11:da:05:c1:7f:d0:
         69:ac:1f:10:11:a0:dc:5b:19:0b:cd:2b:c1:5a:34:90:c4:9f:
         f2:e8:81:fd:a6:61:2e:fc:c1:e8:36:e1:a3:2d:ea:15:8c:93:
         4a:1c:f0:b9:62:ca:ce:fb:0e:f6:12:9a:51:19:cc:06:2a:26:
         0c:80:3e:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcTNei5Q0nIJk6WPgZdtVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwYTIyZmNiNTRhMDkxZDY5MTNmZmU5ZmFmYjk4M2M1N2E0
YWMyMmMwHhcNMjQwMTAyMDQzMTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGNhMjhlNGM4NGYwN2UyMTEzN2U4MmJiM2IwZWNiYWIwODdjNzFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl2k8uEmhzF/tmgR7Lh54jIL5zLcT
2mdCiijHQ0RuJz69hSEBT0P2pmSVElZg3D3QJ+anV8rzvfOIp5Xk0X1c1Lmjgwo7
Wx03vtv5VYwG1oqa2t0u89Lcfh+hIS0aL67NHIfrZM4GVqlpOkA/Uv/UgMV0tXtv
8XY6tymxRMhAwSRfDOakXVsG5tlPEl63foYXTnKjmvHiVJzkKS4rEKI7egZroXJc
urHeQfsK7R6B+8e2na4pvwFAYSY69WRQVIgoJjmLp5Omek9TElW3CLsfnhn0s6Gm
sPGbE/rjXVXpG4uhXDPJG+GGG1z10hO0sPVrkgTXNZ7ziqKDPPpGPoO9MQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEDKKOTITwfiETfoK7Ow7Lqwh8caMB8GA1UdIwQY
MBaAFKCiL8tUoJHWkT/+n6+5g8V6SsIsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb0tJdnkxU2drZGFSUF82ZnI3bUR4WHBLd2l3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC9kZjNiMzAtMWJhOS00YzRiLWFhMGMt
ZjkyN2U1ODJlYmY5LzEvUU1vbzVNaFBCLUlSTi1ncnM3RHN1ckNIeHhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC9kZjNiMzAtMWJhOS00YzRiLWFhMGMtZjkyN2U1ODJlYmY5
LzEvb0tJdnkxU2drZGFSUF82ZnI3bUR4WHBLd2l3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwRtWMA0G
CSqGSIb3DQEBCwUAA4IBAQAIaPSjP2rTS4nssal9B3uJy2p8VUUR5BpbhLdsdbMB
offWCRiYiOLooP5PTjY6Oo46zsbf6m29U8rS+ROWxHlmwpclAqzmNYIem8Kwqopv
bjmRXObhahSjLPom5igYnL0HIjtNAt+LWBkFUZk8qdN7rjFDKAV2Hr8iD55v0hh7
wNnEMS3/k7q5OrqvGJ88NN6IHVyDo6YLEC563cIUFyJ1Vv0PKWuLIRb4/Cz5RBhH
rvz4TT6M2NKIzdgFr5gSoCwR2gXBf9BprB8QEaDcWxkLzSvBWjSQxJ/y6IH9pmEu
/MHoNuGjLeoVjJNKHPC5YsrO+w72EppRGcwGKiYMgD6N
-----END CERTIFICATE-----