Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/QD50oA6RP_BVOObceO0oiFLiDB8.roa
File:                     QD50oA6RP_BVOObceO0oiFLiDB8.roa (raw, json)
Hash identifier:          lJjBmyNLuGzVM9wb6fphLebKPplXRktqR4AzJsfUZ28=
Subject key identifier:   40:3E:74:A0:0E:91:3F:F0:55:38:E6:DC:78:ED:28:88:52:E2:0C:1F
Certificate issuer:       /CN=1c06a82bb115d7393e39fd58b73bbf20f6cd0b1f
Certificate serial:       01941FFA0AF10A6AF8927CEA0494A81E194D
Authority key identifier: 1C:06:A8:2B:B1:15:D7:39:3E:39:FD:58:B7:3B:BF:20:F6:CD:0B:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/QD50oA6RP_BVOObceO0oiFLiDB8.roa
Signing time:             Wed 01 Jan 2025 03:47:47 +0000
ROA not before:           Wed 01 Jan 2025 03:47:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     400040
IP address blocks:        185.138.232.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:0a:f1:0a:6a:f8:92:7c:ea:04:94:a8:1e:19:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c06a82bb115d7393e39fd58b73bbf20f6cd0b1f
        Validity
            Not Before: Jan  1 03:47:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=403e74a00e913ff05538e6dc78ed288852e20c1f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:1f:6c:e3:99:cc:d1:76:9f:68:96:31:75:f5:
                    aa:17:4e:83:56:64:f0:a9:1a:13:6d:f7:1b:18:87:
                    d1:d2:cf:a0:68:3b:d0:f3:30:f9:d7:e9:b7:a3:99:
                    50:48:ba:85:3d:1c:ec:67:ca:bb:69:80:78:b5:4b:
                    8a:81:2a:c4:5e:c9:96:6d:ea:63:16:45:0b:c4:c0:
                    d6:fc:26:b6:4c:59:1d:c2:88:7f:85:28:5a:2f:59:
                    a3:a8:a4:04:b2:09:a7:3f:d6:15:ba:03:88:58:61:
                    7b:ca:85:bf:78:ae:f3:24:84:1f:7c:04:4a:78:ac:
                    48:db:18:6a:24:d9:8b:98:cf:56:e8:20:57:65:bc:
                    ca:e8:a3:2f:44:4e:97:ba:fc:9c:fa:0f:7b:94:0e:
                    5d:b3:95:8e:ad:2a:da:67:7a:86:54:58:11:20:50:
                    85:77:ae:38:27:65:3b:3c:71:f6:97:f6:c4:46:47:
                    e0:8a:85:5d:97:7e:4b:f0:a6:54:31:e7:0a:5c:79:
                    8c:74:b8:b8:7c:53:ca:77:17:6b:78:c8:26:d6:26:
                    98:c4:2c:f3:80:98:bf:77:8e:bd:05:ae:09:27:3e:
                    7f:ee:97:9a:fd:e1:14:c6:3b:49:35:28:12:39:56:
                    9c:23:ef:6e:01:83:7e:8b:15:65:97:91:36:e3:5c:
                    ef:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:3E:74:A0:0E:91:3F:F0:55:38:E6:DC:78:ED:28:88:52:E2:0C:1F
            X509v3 Authority Key Identifier:
                keyid:1C:06:A8:2B:B1:15:D7:39:3E:39:FD:58:B7:3B:BF:20:F6:CD:0B:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/QD50oA6RP_BVOObceO0oiFLiDB8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.138.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:3b:f5:b2:64:2d:19:a1:86:53:39:c0:14:84:49:4e:90:a4:
         5c:da:4c:47:59:8b:e2:c5:07:b8:63:d4:f5:f4:5f:52:e0:cd:
         94:d0:c5:55:62:27:c4:d2:65:3d:d8:ed:96:51:c3:cb:54:8f:
         a8:1b:2a:76:a1:bb:38:51:2a:8c:ab:80:fe:3e:02:a8:a3:82:
         48:d4:1e:f0:4f:fa:8b:c6:11:f0:a5:d0:f0:e9:04:7d:d0:14:
         53:28:fd:f6:d8:5d:68:85:bc:ec:7a:95:23:52:cf:c2:84:b5:
         a0:04:f2:3c:d0:dc:ec:c3:66:b1:d6:00:4f:b4:c0:a8:a3:fd:
         bf:4c:e6:5c:87:b6:6a:c3:58:c9:23:8a:e7:4c:11:06:1d:50:
         e6:41:3b:d6:06:01:3d:de:c0:a1:4f:34:65:b4:50:75:24:a6:
         e6:e9:44:d9:a9:91:8e:5b:ea:d1:ee:8e:ac:b5:13:68:88:c6:
         3f:b9:28:7d:cf:02:56:23:c6:b4:42:e6:8e:da:9f:cc:10:68:
         9d:8a:c5:5d:f1:e2:62:ff:38:06:d6:30:39:95:25:32:c5:22:
         ed:a3:3a:9b:e6:44:74:aa:0c:3c:10:77:46:d8:5c:03:27:05:
         5d:32:9a:a6:63:5e:3d:71:64:a6:79:56:a4:93:5e:d3:8b:c2:
         5a:52:5e:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+grxCmr4knzqBJSoHhlNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjMDZhODJiYjExNWQ3MzkzZTM5ZmQ1OGI3M2JiZjIwZjZj
ZDBiMWYwHhcNMjUwMTAxMDM0NzQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDNlNzRhMDBlOTEzZmYwNTUzOGU2ZGM3OGVkMjg4ODUyZTIwYzFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwx9s45nM0XafaJYxdfWqF06DVmTw
qRoTbfcbGIfR0s+gaDvQ8zD51+m3o5lQSLqFPRzsZ8q7aYB4tUuKgSrEXsmWbepj
FkULxMDW/Ca2TFkdwoh/hShaL1mjqKQEsgmnP9YVugOIWGF7yoW/eK7zJIQffARK
eKxI2xhqJNmLmM9W6CBXZbzK6KMvRE6Xuvyc+g97lA5ds5WOrSraZ3qGVFgRIFCF
d644J2U7PHH2l/bERkfgioVdl35L8KZUMecKXHmMdLi4fFPKdxdreMgm1iaYxCzz
gJi/d469Ba4JJz5/7pea/eEUxjtJNSgSOVacI+9uAYN+ixVll5E241zv2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEA+dKAOkT/wVTjm3HjtKIhS4gwfMB8GA1UdIwQY
MBaAFBwGqCuxFdc5Pjn9WLc7vyD2zQsfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEFhb0s3RVYxemstT2YxWXR6dV9JUGJOQ3g4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy8xMmVhYWQtOGE0NS00Nzg5LWJhYjUt
NzI2MDU3YTFmMmE0LzEvUUQ1MG9BNlJQX0JWT09iY2VPMG9pRkxpREI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy8xMmVhYWQtOGE0NS00Nzg5LWJhYjUtNzI2MDU3YTFmMmE0
LzEvSEFhb0s3RVYxemstT2YxWXR6dV9JUGJOQ3g4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYroMA0G
CSqGSIb3DQEBCwUAA4IBAQAjO/WyZC0ZoYZTOcAUhElOkKRc2kxHWYvixQe4Y9T1
9F9S4M2U0MVVYifE0mU92O2WUcPLVI+oGyp2obs4USqMq4D+PgKoo4JI1B7wT/qL
xhHwpdDw6QR90BRTKP322F1ohbzsepUjUs/ChLWgBPI80Nzsw2ax1gBPtMCoo/2/
TOZch7Zqw1jJI4rnTBEGHVDmQTvWBgE93sChTzRltFB1JKbm6UTZqZGOW+rR7o6s
tRNoiMY/uSh9zwJWI8a0QuaO2p/MEGidisVd8eJi/zgG1jA5lSUyxSLtozqb5kR0
qgw8EHdG2FwDJwVdMpqmY149cWSmeVakk17Ti8JaUl5B
-----END CERTIFICATE-----