Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/c68ae4-9724-4975-8bd4-c8700a14761b/1/QXLmXdZeGQmGPOU8TMviUj71jB0.roa
File:                     QXLmXdZeGQmGPOU8TMviUj71jB0.roa (raw, json)
Hash identifier:          j78HDh8S09BtqEzO3KazOeibIuLnv65mqehuj4BWC9M=
Subject key identifier:   41:72:E6:5D:D6:5E:19:09:86:3C:E5:3C:4C:CB:E2:52:3E:F5:8C:1D
Certificate issuer:       /CN=fc07c6b56ef1f239b028ef42375a2a1765bc08b8
Certificate serial:       018F867856EA6BF15A89818F00F52F1DD1F3
Authority key identifier: FC:07:C6:B5:6E:F1:F2:39:B0:28:EF:42:37:5A:2A:17:65:BC:08:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_AfGtW7x8jmwKO9CN1oqF2W8CLg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/c68ae4-9724-4975-8bd4-c8700a14761b/1/QXLmXdZeGQmGPOU8TMviUj71jB0.roa
Signing time:             Fri 17 May 2024 12:13:04 +0000
ROA not before:           Fri 17 May 2024 12:13:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29189
IP address blocks:        217.64.208.0/23 maxlen: 24
                          217.64.208.0/24 maxlen: 24
                          217.64.209.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/c68ae4-9724-4975-8bd4-c8700a14761b/1/_AfGtW7x8jmwKO9CN1oqF2W8CLg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/c68ae4-9724-4975-8bd4-c8700a14761b/1/_AfGtW7x8jmwKO9CN1oqF2W8CLg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_AfGtW7x8jmwKO9CN1oqF2W8CLg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:86:78:56:ea:6b:f1:5a:89:81:8f:00:f5:2f:1d:d1:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fc07c6b56ef1f239b028ef42375a2a1765bc08b8
        Validity
            Not Before: May 17 12:13:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4172e65dd65e1909863ce53c4ccbe2523ef58c1d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:68:ac:c5:78:a1:1d:b9:41:60:91:f3:87:fc:
                    34:79:4f:5b:97:68:cf:fa:6a:ff:59:9a:cc:f6:3f:
                    97:20:d9:54:9d:a8:3a:04:c3:d9:9f:ab:ca:d6:09:
                    cb:61:e0:06:e3:c2:29:09:de:b2:df:4d:64:73:bf:
                    6e:4f:bc:64:ae:0f:48:9d:43:a6:41:fb:7f:55:03:
                    04:b4:41:71:14:b5:2b:d3:87:21:79:60:38:6c:aa:
                    6e:5c:2e:17:7a:42:d5:45:21:c3:4d:a8:52:ad:d2:
                    fe:d6:66:b9:55:50:4b:c2:6b:14:9a:cd:bb:28:fb:
                    a6:d1:e3:6e:89:5a:b2:b3:bc:6f:e4:53:0e:eb:f7:
                    a4:ba:41:80:31:6b:59:5d:bc:cd:83:00:23:14:ba:
                    a0:fe:a7:03:4e:06:a9:8f:3f:cf:25:3e:d8:2c:d0:
                    e5:42:01:b5:c6:01:30:c4:d2:23:7a:65:63:a7:f3:
                    6b:c8:b6:8f:50:4a:22:80:15:0c:df:ab:48:c9:c1:
                    0d:a4:51:8a:11:d3:50:9f:f8:38:8c:f6:eb:5a:91:
                    5d:23:16:c0:19:e6:52:a0:e0:50:82:20:84:f1:ae:
                    52:00:6a:27:8c:92:33:73:95:22:df:a7:c2:3e:e0:
                    d7:7d:43:50:06:7e:5f:75:c0:4e:0d:ba:6f:25:94:
                    96:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:72:E6:5D:D6:5E:19:09:86:3C:E5:3C:4C:CB:E2:52:3E:F5:8C:1D
            X509v3 Authority Key Identifier:
                keyid:FC:07:C6:B5:6E:F1:F2:39:B0:28:EF:42:37:5A:2A:17:65:BC:08:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_AfGtW7x8jmwKO9CN1oqF2W8CLg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/c68ae4-9724-4975-8bd4-c8700a14761b/1/QXLmXdZeGQmGPOU8TMviUj71jB0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/c68ae4-9724-4975-8bd4-c8700a14761b/1/_AfGtW7x8jmwKO9CN1oqF2W8CLg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.64.208.0/23

    Signature Algorithm: sha256WithRSAEncryption
         73:bc:50:de:59:f3:44:4a:33:dc:45:92:b2:a2:fb:df:ec:c3:
         a8:f2:43:70:3e:ad:69:5b:09:5a:f8:8b:12:ab:d2:1f:2a:04:
         c6:48:12:5e:5d:f0:be:6e:f9:d3:73:eb:59:82:54:65:0c:e2:
         9e:d0:37:4b:99:8d:90:22:d8:52:aa:95:80:a7:7b:fb:ae:5f:
         5c:27:3c:cf:dc:47:b9:23:cf:f9:fe:14:aa:07:4b:7f:7b:a0:
         00:a8:78:e6:ee:a6:dd:c5:c2:20:45:c6:a7:05:87:3f:87:a9:
         7d:f6:ff:0a:0d:1e:de:bb:23:a5:ee:85:49:cb:dc:06:37:46:
         c3:66:bb:3e:30:f3:33:66:76:41:6c:cf:23:64:96:6e:9e:41:
         85:25:52:6c:2f:24:5d:8a:e2:85:29:8d:f4:df:e2:51:db:f3:
         f8:13:5c:24:d8:ca:72:7f:5a:fd:aa:aa:c0:7f:fa:45:6a:f9:
         91:89:6f:37:8e:cf:c4:61:4d:bc:c6:46:f8:7c:e8:66:dd:6f:
         d6:78:11:e3:44:e5:37:fd:f2:04:8c:cf:0f:86:ca:42:0e:e6:
         f2:a5:06:bd:c8:8e:dc:51:13:05:ab:af:99:c5:4c:05:5a:d2:
         11:14:c6:22:a3:4a:6e:d8:b7:4b:a7:21:47:39:1f:e5:c3:0b:
         79:cd:0c:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+GeFbqa/FaiYGPAPUvHdHzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjMDdjNmI1NmVmMWYyMzliMDI4ZWY0MjM3NWEyYTE3NjVi
YzA4YjgwHhcNMjQwNTE3MTIxMzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTcyZTY1ZGQ2NWUxOTA5ODYzY2U1M2M0Y2NiZTI1MjNlZjU4YzFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw2isxXihHblBYJHzh/w0eU9bl2jP
+mr/WZrM9j+XINlUnag6BMPZn6vK1gnLYeAG48IpCd6y301kc79uT7xkrg9InUOm
Qft/VQMEtEFxFLUr04cheWA4bKpuXC4XekLVRSHDTahSrdL+1ma5VVBLwmsUms27
KPum0eNuiVqys7xv5FMO6/ekukGAMWtZXbzNgwAjFLqg/qcDTgapjz/PJT7YLNDl
QgG1xgEwxNIjemVjp/NryLaPUEoigBUM36tIycENpFGKEdNQn/g4jPbrWpFdIxbA
GeZSoOBQgiCE8a5SAGonjJIzc5Ui36fCPuDXfUNQBn5fdcBODbpvJZSWvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEFy5l3WXhkJhjzlPEzL4lI+9YwdMB8GA1UdIwQY
MBaAFPwHxrVu8fI5sCjvQjdaKhdlvAi4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0FmR3RXN3g4am13S085Q04xb3FGMlc4Q0xnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS9jNjhhZTQtOTcyNC00OTc1LThiZDQt
Yzg3MDBhMTQ3NjFiLzEvUVhMbVhkWmVHUW1HUE9VOFRNdmlVajcxakIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS9jNjhhZTQtOTcyNC00OTc1LThiZDQtYzg3MDBhMTQ3NjFi
LzEvX0FmR3RXN3g4am13S085Q04xb3FGMlc4Q0xnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB2UDQMA0G
CSqGSIb3DQEBCwUAA4IBAQBzvFDeWfNESjPcRZKyovvf7MOo8kNwPq1pWwla+IsS
q9IfKgTGSBJeXfC+bvnTc+tZglRlDOKe0DdLmY2QIthSqpWAp3v7rl9cJzzP3Ee5
I8/5/hSqB0t/e6AAqHjm7qbdxcIgRcanBYc/h6l99v8KDR7euyOl7oVJy9wGN0bD
Zrs+MPMzZnZBbM8jZJZunkGFJVJsLyRdiuKFKY303+JR2/P4E1wk2Mpyf1r9qqrA
f/pFavmRiW83js/EYU28xkb4fOhm3W/WeBHjROU3/fIEjM8PhspCDubypQa9yI7c
URMFq6+ZxUwFWtIRFMYio0pu2LdLpyFHOR/lwwt5zQxu
-----END CERTIFICATE-----