Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/0f9b50-4689-4cd8-ae6d-100c3e1be3a2/1/CqVgDGZmgsEBbW-wqmP5QberYcc.roa
File:                     CqVgDGZmgsEBbW-wqmP5QberYcc.roa (raw, json)
Hash identifier:          7DY9XMenscZEGzseyQ6PgKTmM7Y7DSQsZWjhM0KzQ1Q=
Subject key identifier:   0A:A5:60:0C:66:66:82:C1:01:6D:6F:B0:AA:63:F9:41:B7:AB:61:C7
Certificate issuer:       /CN=c625afb9ce335eed3e53128b4a9eb25fc495d6e0
Certificate serial:       018CC7948DB6451F3B137EAD3539B8652D57
Authority key identifier: C6:25:AF:B9:CE:33:5E:ED:3E:53:12:8B:4A:9E:B2:5F:C4:95:D6:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xiWvuc4zXu0-UxKLSp6yX8SV1uA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/0f9b50-4689-4cd8-ae6d-100c3e1be3a2/1/CqVgDGZmgsEBbW-wqmP5QberYcc.roa
Signing time:             Tue 02 Jan 2024 00:30:50 +0000
ROA not before:           Tue 02 Jan 2024 00:30:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15576
IP address blocks:        193.138.212.0/22 maxlen: 22
                          2001:67c:18c4::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/0f9b50-4689-4cd8-ae6d-100c3e1be3a2/1/xiWvuc4zXu0-UxKLSp6yX8SV1uA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/0f9b50-4689-4cd8-ae6d-100c3e1be3a2/1/xiWvuc4zXu0-UxKLSp6yX8SV1uA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xiWvuc4zXu0-UxKLSp6yX8SV1uA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:8d:b6:45:1f:3b:13:7e:ad:35:39:b8:65:2d:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c625afb9ce335eed3e53128b4a9eb25fc495d6e0
        Validity
            Not Before: Jan  2 00:30:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0aa5600c666682c1016d6fb0aa63f941b7ab61c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:7d:41:03:8a:b2:31:88:b5:30:74:d3:be:64:
                    89:83:13:26:20:38:77:72:5e:58:ba:85:b5:7c:02:
                    f5:bb:05:c3:b4:90:91:1b:fd:24:2f:21:73:54:19:
                    f7:ce:16:e6:fe:04:d4:f7:31:dc:03:60:88:3a:51:
                    09:94:8f:7f:17:f4:cb:7b:8a:fb:cb:8e:96:b0:c1:
                    e3:97:28:a0:3f:08:61:5d:b5:1f:07:4e:c5:c8:e5:
                    79:72:25:88:d8:15:f0:2c:84:4b:b3:c1:72:5d:47:
                    95:5c:49:d9:1b:af:74:40:7a:fc:d9:6f:99:66:9f:
                    58:ef:59:7e:f9:57:26:96:77:90:3f:0b:c2:3f:f5:
                    8c:7e:95:55:84:7e:84:7a:4d:e8:20:a8:e1:8a:ec:
                    27:20:8e:ab:6f:03:46:61:05:bc:8b:97:50:da:d9:
                    ff:8d:76:eb:15:87:20:76:7e:ef:67:24:03:73:44:
                    3e:93:dc:a7:85:44:e2:00:71:7a:a5:c4:01:fc:77:
                    69:3f:5b:e2:45:b4:de:30:1a:4e:dc:29:15:de:13:
                    30:08:a2:c8:74:81:16:07:48:1c:fe:ca:83:97:85:
                    17:c2:e5:d8:41:80:38:eb:a9:ce:38:1d:4e:c2:99:
                    c8:43:0b:a1:9a:ae:01:22:83:58:6e:91:bb:11:b5:
                    7c:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:A5:60:0C:66:66:82:C1:01:6D:6F:B0:AA:63:F9:41:B7:AB:61:C7
            X509v3 Authority Key Identifier:
                keyid:C6:25:AF:B9:CE:33:5E:ED:3E:53:12:8B:4A:9E:B2:5F:C4:95:D6:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xiWvuc4zXu0-UxKLSp6yX8SV1uA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/0f9b50-4689-4cd8-ae6d-100c3e1be3a2/1/CqVgDGZmgsEBbW-wqmP5QberYcc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/0f9b50-4689-4cd8-ae6d-100c3e1be3a2/1/xiWvuc4zXu0-UxKLSp6yX8SV1uA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.138.212.0/22
                IPv6:
                  2001:67c:18c4::/48

    Signature Algorithm: sha256WithRSAEncryption
         2c:32:42:92:41:c4:34:c5:e1:b2:44:74:db:28:de:dd:05:3f:
         34:28:c6:66:b0:b7:d3:9b:16:90:bb:29:dd:ac:31:55:1d:bf:
         c5:14:74:de:50:62:ef:b7:05:81:84:38:d7:23:cf:0d:ba:fd:
         cb:4e:a4:d9:19:82:11:61:87:6f:1d:ec:88:25:ac:f1:c4:9e:
         c6:77:05:cb:9d:bf:5b:83:db:a6:01:1f:92:38:9c:b7:a7:60:
         73:38:40:ac:76:b3:29:80:a9:18:0e:ef:0c:f7:f4:91:01:d0:
         4e:0e:07:6f:c8:66:89:89:c1:87:74:0c:46:9a:39:48:b7:cd:
         96:e0:61:b2:6f:ef:38:8e:24:ae:c9:2a:c3:94:fe:22:fb:11:
         35:0c:06:45:de:a1:b6:fa:7a:91:c6:eb:e9:a7:e6:2b:a0:87:
         f5:8f:5a:c3:ba:8b:c6:16:50:4e:32:cc:76:88:28:af:b4:c6:
         b2:75:00:b9:45:fe:be:b3:28:60:66:e2:18:b9:de:69:32:b5:
         17:90:86:fc:19:2e:19:81:a5:31:a5:47:88:40:51:33:f7:90:
         16:91:93:cd:d7:5b:1d:cc:b7:b0:8f:5b:13:bd:7c:68:94:3c:
         f6:3c:af:7f:49:08:c6:4c:68:15:fa:a5:cb:7a:68:9a:1c:e9:
         b2:f0:14:78
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzHlI22RR87E36tNTm4ZS1XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MjVhZmI5Y2UzMzVlZWQzZTUzMTI4YjRhOWViMjVmYzQ5
NWQ2ZTAwHhcNMjQwMTAyMDAzMDUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWE1NjAwYzY2NjY4MmMxMDE2ZDZmYjBhYTYzZjk0MWI3YWI2MWM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm31BA4qyMYi1MHTTvmSJgxMmIDh3
cl5YuoW1fAL1uwXDtJCRG/0kLyFzVBn3zhbm/gTU9zHcA2CIOlEJlI9/F/TLe4r7
y46WsMHjlyigPwhhXbUfB07FyOV5ciWI2BXwLIRLs8FyXUeVXEnZG690QHr82W+Z
Zp9Y71l++VcmlneQPwvCP/WMfpVVhH6Eek3oIKjhiuwnII6rbwNGYQW8i5dQ2tn/
jXbrFYcgdn7vZyQDc0Q+k9ynhUTiAHF6pcQB/HdpP1viRbTeMBpO3CkV3hMwCKLI
dIEWB0gc/sqDl4UXwuXYQYA466nOOB1OwpnIQwuhmq4BIoNYbpG7EbV8dQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAqlYAxmZoLBAW1vsKpj+UG3q2HHMB8GA1UdIwQY
MBaAFMYlr7nOM17tPlMSi0qesl/EldbgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGlXdnVjNHpYdTAtVXhLTFNwNnlYOFNWMXVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy8wZjliNTAtNDY4OS00Y2Q4LWFlNmQt
MTAwYzNlMWJlM2EyLzEvQ3FWZ0RHWm1nc0VCYlctd3FtUDVRYmVyWWNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy8wZjliNTAtNDY4OS00Y2Q4LWFlNmQtMTAwYzNlMWJlM2Ey
LzEveGlXdnVjNHpYdTAtVXhLTFNwNnlYOFNWMXVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCwYrUMA8E
AgACMAkDBwAgAQZ8GMQwDQYJKoZIhvcNAQELBQADggEBACwyQpJBxDTF4bJEdNso
3t0FPzQoxmawt9ObFpC7Kd2sMVUdv8UUdN5QYu+3BYGEONcjzw26/ctOpNkZghFh
h28d7IglrPHEnsZ3Bcudv1uD26YBH5I4nLenYHM4QKx2symAqRgO7wz39JEB0E4O
B2/IZomJwYd0DEaaOUi3zZbgYbJv7ziOJK7JKsOU/iL7ETUMBkXeobb6epHG6+mn
5iugh/WPWsO6i8YWUE4yzHaIKK+0xrJ1ALlF/r6zKGBm4hi53mkytReQhvwZLhmB
pTGlR4hAUTP3kBaRk83XWx3Mt7CPWxO9fGiUPPY8r39JCMZMaBX6pct6aJoc6bLw
FHg=
-----END CERTIFICATE-----