Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/88c454-cbaa-43fd-b3c1-13b9110ce20c/1/q1wMoJ2g0_1WJiNmPwN5DeBnSYE.roa
File:                     q1wMoJ2g0_1WJiNmPwN5DeBnSYE.roa (raw, json)
Hash identifier:          KFw9DTMHTd+Fm4Oyn0Oz9hTs9sstZVeIbO9dj5pUtlc=
Subject key identifier:   AB:5C:0C:A0:9D:A0:D3:FD:56:26:23:66:3F:03:79:0D:E0:67:49:81
Certificate issuer:       /CN=166afc51c922fd842fec5b0cbbd26ebdbd1a161e
Certificate serial:       018EAD5F19719F5A86AF2760D937CE71649B
Authority key identifier: 16:6A:FC:51:C9:22:FD:84:2F:EC:5B:0C:BB:D2:6E:BD:BD:1A:16:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Fmr8Ucki_YQv7FsMu9Juvb0aFh4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/88c454-cbaa-43fd-b3c1-13b9110ce20c/1/q1wMoJ2g0_1WJiNmPwN5DeBnSYE.roa
Signing time:             Fri 05 Apr 2024 08:27:54 +0000
ROA not before:           Fri 05 Apr 2024 08:27:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198510
IP address blocks:        62.112.204.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/88c454-cbaa-43fd-b3c1-13b9110ce20c/1/Fmr8Ucki_YQv7FsMu9Juvb0aFh4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/88c454-cbaa-43fd-b3c1-13b9110ce20c/1/Fmr8Ucki_YQv7FsMu9Juvb0aFh4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Fmr8Ucki_YQv7FsMu9Juvb0aFh4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 13:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:ad:5f:19:71:9f:5a:86:af:27:60:d9:37:ce:71:64:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=166afc51c922fd842fec5b0cbbd26ebdbd1a161e
        Validity
            Not Before: Apr  5 08:27:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ab5c0ca09da0d3fd562623663f03790de0674981
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:c6:fc:7d:bf:c1:78:27:cd:8b:26:ba:c8:5c:
                    53:4b:ef:df:a0:ef:25:3b:d8:51:64:c2:33:3b:f2:
                    4b:95:73:17:06:78:90:43:10:44:12:bd:f3:0f:1e:
                    f6:93:3f:eb:e1:80:eb:5d:e8:7a:4e:fd:79:a7:0b:
                    89:90:28:46:9f:ad:a3:d2:ba:5a:ab:71:d4:a0:aa:
                    d7:b7:94:ac:04:30:ea:44:27:ab:fb:bd:e1:2d:b3:
                    d4:b9:b4:7e:f2:24:ac:ff:7f:2f:02:2b:1b:f7:80:
                    11:fd:fc:db:08:6d:60:10:4c:94:1a:38:98:4e:e1:
                    0d:cd:74:e9:ba:60:23:07:9e:20:72:0b:5a:c0:90:
                    2e:00:44:a9:a5:3d:f6:59:b2:dd:25:f8:81:af:85:
                    a0:6b:e4:c0:98:3c:59:6d:b7:1b:bb:5d:df:d6:4b:
                    ba:73:26:60:4b:9e:e0:7f:00:55:e8:3c:d5:3f:96:
                    05:22:bc:c9:02:8b:80:a8:f8:6a:85:f3:bc:ae:a3:
                    7e:07:7b:6b:fb:ec:8b:37:fe:bd:71:70:df:1e:95:
                    95:7b:fd:23:07:35:79:1f:0c:21:1f:e3:ef:a9:51:
                    a6:14:a6:a8:15:62:de:63:72:ce:9e:3a:4e:d1:6d:
                    8d:4a:e9:16:a8:df:d3:14:62:05:59:28:e1:ec:3e:
                    b0:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:5C:0C:A0:9D:A0:D3:FD:56:26:23:66:3F:03:79:0D:E0:67:49:81
            X509v3 Authority Key Identifier:
                keyid:16:6A:FC:51:C9:22:FD:84:2F:EC:5B:0C:BB:D2:6E:BD:BD:1A:16:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Fmr8Ucki_YQv7FsMu9Juvb0aFh4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/88c454-cbaa-43fd-b3c1-13b9110ce20c/1/q1wMoJ2g0_1WJiNmPwN5DeBnSYE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/88c454-cbaa-43fd-b3c1-13b9110ce20c/1/Fmr8Ucki_YQv7FsMu9Juvb0aFh4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.112.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:ad:d2:3f:ed:4f:0e:ac:5f:e1:d7:4b:05:11:28:8e:fa:82:
         97:a1:ec:d3:73:b8:06:e9:9a:97:7e:ee:d3:b2:7b:72:d5:da:
         58:fd:88:02:ca:30:32:26:64:69:e5:b7:d6:34:71:d8:bb:9d:
         8c:0e:2c:0d:ef:e9:44:d0:09:1a:40:4b:9c:96:99:35:97:ba:
         ad:4a:86:45:72:90:3c:c6:45:84:e3:89:63:96:c0:b3:70:0c:
         56:93:52:76:6a:24:63:d9:0f:07:e3:d4:15:dc:9f:c2:4a:e4:
         92:1d:fc:ad:3c:67:a3:ba:0f:a0:33:fd:21:e8:84:be:b8:94:
         11:fd:4a:8d:d6:38:c5:88:7b:ab:6e:cb:26:c0:ff:d1:77:ca:
         67:df:0f:46:54:f5:21:5f:fe:23:2f:e5:d8:ab:74:9e:8b:b5:
         9e:93:01:72:a7:4c:10:68:d6:e8:10:46:1a:e4:20:9e:8f:14:
         8c:f4:f3:81:ff:81:e7:4b:79:da:18:1d:3f:0c:fa:37:58:e0:
         d5:90:46:94:4e:df:fe:11:70:c2:a6:12:8b:d6:de:34:35:13:
         c6:7a:b5:79:18:4b:59:29:70:b0:c5:9b:46:09:93:05:8e:55:
         17:24:78:38:23:c4:f1:de:a7:aa:b1:5c:e0:eb:73:a1:1a:1c:
         c4:5a:9f:5e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6tXxlxn1qGrydg2TfOcWSbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2NmFmYzUxYzkyMmZkODQyZmVjNWIwY2JiZDI2ZWJkYmQx
YTE2MWUwHhcNMjQwNDA1MDgyNzU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjVjMGNhMDlkYTBkM2ZkNTYyNjIzNjYzZjAzNzkwZGUwNjc0OTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiMb8fb/BeCfNiya6yFxTS+/foO8l
O9hRZMIzO/JLlXMXBniQQxBEEr3zDx72kz/r4YDrXeh6Tv15pwuJkChGn62j0rpa
q3HUoKrXt5SsBDDqRCer+73hLbPUubR+8iSs/38vAisb94AR/fzbCG1gEEyUGjiY
TuENzXTpumAjB54gcgtawJAuAESppT32WbLdJfiBr4Wga+TAmDxZbbcbu13f1ku6
cyZgS57gfwBV6DzVP5YFIrzJAouAqPhqhfO8rqN+B3tr++yLN/69cXDfHpWVe/0j
BzV5HwwhH+PvqVGmFKaoFWLeY3LOnjpO0W2NSukWqN/TFGIFWSjh7D6wowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKtcDKCdoNP9ViYjZj8DeQ3gZ0mBMB8GA1UdIwQY
MBaAFBZq/FHJIv2EL+xbDLvSbr29GhYeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRm1yOFVja2lfWVF2N0ZzTXU5SnV2YjBhRmg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy84OGM0NTQtY2JhYS00M2ZkLWIzYzEt
MTNiOTExMGNlMjBjLzEvcTF3TW9KMmcwXzFXSmlObVB3TjVEZUJuU1lFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy84OGM0NTQtY2JhYS00M2ZkLWIzYzEtMTNiOTExMGNlMjBj
LzEvRm1yOFVja2lfWVF2N0ZzTXU5SnV2YjBhRmg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPnDMMA0G
CSqGSIb3DQEBCwUAA4IBAQBrrdI/7U8OrF/h10sFESiO+oKXoezTc7gG6ZqXfu7T
snty1dpY/YgCyjAyJmRp5bfWNHHYu52MDiwN7+lE0AkaQEuclpk1l7qtSoZFcpA8
xkWE44ljlsCzcAxWk1J2aiRj2Q8H49QV3J/CSuSSHfytPGejug+gM/0h6IS+uJQR
/UqN1jjFiHurbssmwP/Rd8pn3w9GVPUhX/4jL+XYq3Sei7WekwFyp0wQaNboEEYa
5CCejxSM9POB/4HnS3naGB0/DPo3WODVkEaUTt/+EXDCphKL1t40NRPGerV5GEtZ
KXCwxZtGCZMFjlUXJHg4I8Tx3qeqsVzg63OhGhzEWp9e
-----END CERTIFICATE-----