Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/4498aa-cc27-4316-ae87-d472d9afe134/1/rQqn1ZMfIExrMpFb9C8l2QKucFY.roa
File:                     rQqn1ZMfIExrMpFb9C8l2QKucFY.roa (raw, json)
Hash identifier:          ncEjWCraOYys81xPY2ZBZV73boNj0WS0NGYFwlfAs4I=
Subject key identifier:   AD:0A:A7:D5:93:1F:20:4C:6B:32:91:5B:F4:2F:25:D9:02:AE:70:56
Certificate issuer:       /CN=b915af59d24f59a60d97c1c88ab979a14c580ff4
Certificate serial:       018CC94E4B7D27DE2504B6FE394A5FB11FFC
Authority key identifier: B9:15:AF:59:D2:4F:59:A6:0D:97:C1:C8:8A:B9:79:A1:4C:58:0F:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uRWvWdJPWaYNl8HIirl5oUxYD_Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/4498aa-cc27-4316-ae87-d472d9afe134/1/rQqn1ZMfIExrMpFb9C8l2QKucFY.roa
Signing time:             Tue 02 Jan 2024 08:33:20 +0000
ROA not before:           Tue 02 Jan 2024 08:33:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47755
IP address blocks:        185.68.24.0/22 maxlen: 24
                          91.232.38.0/24 maxlen: 24
                          2a05:1540::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/4498aa-cc27-4316-ae87-d472d9afe134/1/uRWvWdJPWaYNl8HIirl5oUxYD_Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/4498aa-cc27-4316-ae87-d472d9afe134/1/uRWvWdJPWaYNl8HIirl5oUxYD_Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uRWvWdJPWaYNl8HIirl5oUxYD_Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 20:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:4b:7d:27:de:25:04:b6:fe:39:4a:5f:b1:1f:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b915af59d24f59a60d97c1c88ab979a14c580ff4
        Validity
            Not Before: Jan  2 08:33:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ad0aa7d5931f204c6b32915bf42f25d902ae7056
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:33:c1:81:c6:89:cd:c1:67:41:c0:82:23:98:
                    5e:c8:53:a0:19:8f:a5:ea:00:57:7a:f5:a1:e4:29:
                    ef:96:8f:05:76:2b:87:b9:c4:a3:86:2f:13:4c:dc:
                    3b:36:52:28:ea:18:77:5d:fa:37:83:45:e7:73:f8:
                    ab:4b:64:ee:3b:f4:b4:f5:cd:9b:a2:e1:df:45:64:
                    95:a9:9d:f8:c0:c8:a2:0d:ab:71:9f:1d:b0:f3:35:
                    cd:ed:cd:e6:f8:ed:3d:e3:07:34:01:6e:e7:3e:a1:
                    7b:23:17:07:d3:81:05:78:1a:a2:32:f4:49:d8:37:
                    5c:42:7b:1f:52:19:f6:62:fd:0e:a9:cc:43:e2:d2:
                    f6:57:e8:c9:d1:db:52:9f:2b:f8:f0:8f:d9:24:87:
                    1e:7a:32:34:5d:2f:f6:96:03:bc:18:72:54:d5:88:
                    c4:c5:0e:56:fa:9a:f2:3e:61:a5:2d:8b:de:14:ad:
                    bd:cf:ff:73:b7:f9:98:5b:58:05:29:96:a6:c8:e3:
                    d4:72:ed:13:27:bb:6b:b1:e5:2b:06:33:33:ff:70:
                    95:67:65:55:fa:9b:fb:25:da:4c:45:0c:7d:fe:66:
                    83:f9:ae:21:8f:ff:b8:fc:ad:f0:68:c2:8b:df:3b:
                    97:39:31:a1:38:c2:8a:d8:bb:77:d1:32:26:1e:7f:
                    15:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:0A:A7:D5:93:1F:20:4C:6B:32:91:5B:F4:2F:25:D9:02:AE:70:56
            X509v3 Authority Key Identifier:
                keyid:B9:15:AF:59:D2:4F:59:A6:0D:97:C1:C8:8A:B9:79:A1:4C:58:0F:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uRWvWdJPWaYNl8HIirl5oUxYD_Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/4498aa-cc27-4316-ae87-d472d9afe134/1/rQqn1ZMfIExrMpFb9C8l2QKucFY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/4498aa-cc27-4316-ae87-d472d9afe134/1/uRWvWdJPWaYNl8HIirl5oUxYD_Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.232.38.0/24
                  185.68.24.0/22
                IPv6:
                  2a05:1540::/29

    Signature Algorithm: sha256WithRSAEncryption
         14:09:a2:d8:dd:f9:7b:a2:d2:be:33:f3:e8:11:fd:e9:63:fc:
         c3:19:11:ce:b8:81:36:39:7c:20:65:38:c3:13:71:f7:81:a5:
         af:5a:bf:74:d9:ac:a8:a3:f8:42:6a:e1:26:78:6a:96:e4:b5:
         b8:ae:9c:d5:9f:1a:2e:1b:a0:44:c2:9f:66:7d:21:69:0c:28:
         fb:b5:de:ee:2d:c9:91:ed:4d:8f:b4:60:04:4a:c6:c3:39:f2:
         c3:7f:8e:1d:b3:77:dd:76:11:53:76:05:85:07:71:e6:cc:04:
         3c:fe:d5:56:99:6e:1a:71:de:36:f3:e5:e6:fc:f0:e5:48:f7:
         5a:12:78:bf:ec:fb:d7:d1:ce:eb:32:24:3d:49:ca:e2:9d:72:
         f1:41:39:79:cc:e5:0b:7b:34:33:00:75:25:e4:58:63:04:fa:
         76:eb:b4:bf:d3:c5:3e:03:61:7b:62:c8:96:04:0b:09:da:64:
         7e:93:d0:67:d5:b9:2b:a1:30:d0:6d:4c:4d:7b:d8:2e:c9:1c:
         a9:36:33:06:ab:11:29:cd:93:e1:cb:1a:bf:6e:91:2b:aa:a4:
         6a:f8:91:90:a1:9a:a3:ab:89:3b:d9:7e:5c:a9:38:28:c0:da:
         46:e3:f6:89:b3:2b:55:eb:1b:16:97:e5:b3:2d:c3:cf:53:c8:
         70:ce:bf:29
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzJTkt9J94lBLb+OUpfsR/8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5MTVhZjU5ZDI0ZjU5YTYwZDk3YzFjODhhYjk3OWExNGM1
ODBmZjQwHhcNMjQwMTAyMDgzMzIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDBhYTdkNTkzMWYyMDRjNmIzMjkxNWJmNDJmMjVkOTAyYWU3MDU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjDPBgcaJzcFnQcCCI5heyFOgGY+l
6gBXevWh5Cnvlo8FdiuHucSjhi8TTNw7NlIo6hh3Xfo3g0Xnc/irS2TuO/S09c2b
ouHfRWSVqZ34wMiiDatxnx2w8zXN7c3m+O094wc0AW7nPqF7IxcH04EFeBqiMvRJ
2DdcQnsfUhn2Yv0OqcxD4tL2V+jJ0dtSnyv48I/ZJIceejI0XS/2lgO8GHJU1YjE
xQ5W+pryPmGlLYveFK29z/9zt/mYW1gFKZamyOPUcu0TJ7trseUrBjMz/3CVZ2VV
+pv7JdpMRQx9/maD+a4hj/+4/K3waMKL3zuXOTGhOMKK2Lt30TImHn8VkQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFK0Kp9WTHyBMazKRW/QvJdkCrnBWMB8GA1UdIwQY
MBaAFLkVr1nST1mmDZfByIq5eaFMWA/0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVJXdldkSlBXYVlObDhISWlybDVvVXhZRF9RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC80NDk4YWEtY2MyNy00MzE2LWFlODct
ZDQ3MmQ5YWZlMTM0LzEvclFxbjFaTWZJRXhyTXBGYjlDOGwyUUt1Y0ZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC80NDk4YWEtY2MyNy00MzE2LWFlODctZDQ3MmQ5YWZlMTM0
LzEvdVJXdldkSlBXYVlObDhISWlybDVvVXhZRF9RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAW+gmAwQC
uUQYMA0EAgACMAcDBQMqBRVAMA0GCSqGSIb3DQEBCwUAA4IBAQAUCaLY3fl7otK+
M/PoEf3pY/zDGRHOuIE2OXwgZTjDE3H3gaWvWr902ayoo/hCauEmeGqW5LW4rpzV
nxouG6BEwp9mfSFpDCj7td7uLcmR7U2PtGAESsbDOfLDf44ds3fddhFTdgWFB3Hm
zAQ8/tVWmW4acd428+Xm/PDlSPdaEni/7PvX0c7rMiQ9ScrinXLxQTl5zOULezQz
AHUl5FhjBPp267S/08U+A2F7YsiWBAsJ2mR+k9Bn1bkroTDQbUxNe9guyRypNjMG
qxEpzZPhyxq/bpErqqRq+JGQoZqjq4k72X5cqTgowNpG4/aJsytV6xsWl+WzLcPP
U8hwzr8p
-----END CERTIFICATE-----