Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/06e422-eb15-49a4-b916-cd6766c369a1/1/QpKFVXzZQzdAIqEGxp8VWAhE_T0.roa
File:                     QpKFVXzZQzdAIqEGxp8VWAhE_T0.roa (raw, json)
Hash identifier:          jZhBZQ2nv0qnnytJN7mH6MGLH8rhqA+K/HMPVS6ynBU=
Subject key identifier:   42:92:85:55:7C:D9:43:37:40:22:A1:06:C6:9F:15:58:08:44:FD:3D
Certificate issuer:       /CN=532414492bb2cfa408ff573aa068fcf9a5e778ee
Certificate serial:       018CC42519BBA125221FEE53D00595179E6B
Authority key identifier: 53:24:14:49:2B:B2:CF:A4:08:FF:57:3A:A0:68:FC:F9:A5:E7:78:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UyQUSSuyz6QI_1c6oGj8-aXneO4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/06e422-eb15-49a4-b916-cd6766c369a1/1/QpKFVXzZQzdAIqEGxp8VWAhE_T0.roa
Signing time:             Mon 01 Jan 2024 08:30:14 +0000
ROA not before:           Mon 01 Jan 2024 08:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24971
IP address blocks:        37.140.220.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/06e422-eb15-49a4-b916-cd6766c369a1/1/UyQUSSuyz6QI_1c6oGj8-aXneO4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/06e422-eb15-49a4-b916-cd6766c369a1/1/UyQUSSuyz6QI_1c6oGj8-aXneO4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UyQUSSuyz6QI_1c6oGj8-aXneO4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 04 Dec 2024 09:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:19:bb:a1:25:22:1f:ee:53:d0:05:95:17:9e:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=532414492bb2cfa408ff573aa068fcf9a5e778ee
        Validity
            Not Before: Jan  1 08:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=429285557cd943374022a106c69f15580844fd3d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:f3:2c:22:7c:5a:1f:bc:fa:70:0b:d0:9c:dc:
                    dc:2f:38:17:92:d1:36:4a:4e:2b:05:66:74:62:28:
                    5a:16:c8:db:08:a4:86:ae:bd:f0:66:89:33:02:5f:
                    7b:7b:82:b2:af:bd:f3:43:8f:72:0d:dc:be:14:75:
                    13:d2:c5:32:23:a7:34:dd:2a:5c:35:57:86:70:b4:
                    ee:2d:e7:26:8a:37:d6:24:e1:07:34:06:7b:dd:f4:
                    c7:37:6e:94:bf:a6:d7:cb:e3:7d:eb:57:02:d7:3a:
                    73:a0:f6:b8:73:b1:38:a7:38:72:d5:19:68:f1:51:
                    60:97:63:d9:24:87:47:dd:d0:a9:85:77:0e:f5:37:
                    c1:c1:6f:c9:b3:f9:d0:4d:6a:c8:f6:c9:e3:e7:14:
                    56:3f:10:91:90:a7:be:73:90:46:a3:33:2c:8a:85:
                    ee:8c:ac:c2:06:7d:59:74:e0:fc:9d:7d:02:98:93:
                    7e:e4:b5:3a:6a:4f:62:43:e6:a2:14:d7:1a:ed:c4:
                    28:43:4e:92:92:cb:23:21:e2:3e:e2:ff:02:2e:db:
                    87:8e:54:ba:77:4c:67:61:fa:eb:ec:31:9f:ae:c8:
                    e3:c7:e4:8a:d7:b9:be:db:f6:a9:86:4f:b0:22:09:
                    4a:6b:a8:20:ff:18:0f:16:6f:24:9e:ba:29:6e:43:
                    70:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:92:85:55:7C:D9:43:37:40:22:A1:06:C6:9F:15:58:08:44:FD:3D
            X509v3 Authority Key Identifier:
                keyid:53:24:14:49:2B:B2:CF:A4:08:FF:57:3A:A0:68:FC:F9:A5:E7:78:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UyQUSSuyz6QI_1c6oGj8-aXneO4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/06e422-eb15-49a4-b916-cd6766c369a1/1/QpKFVXzZQzdAIqEGxp8VWAhE_T0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/06e422-eb15-49a4-b916-cd6766c369a1/1/UyQUSSuyz6QI_1c6oGj8-aXneO4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.140.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:d2:8e:10:cb:0d:28:c4:f5:b2:7c:50:4c:9b:b7:4b:f8:dc:
         7f:52:2c:03:da:3b:11:7d:66:cc:4e:9b:a8:b7:1c:f6:5d:4e:
         5c:b0:14:72:8d:a5:89:09:e2:c3:0d:85:d9:fa:f7:6e:b5:a1:
         81:84:a3:7e:1f:d0:b2:9b:ff:c2:b0:15:5e:3a:96:eb:ba:6f:
         a7:64:87:9d:1b:b4:54:22:08:44:5a:30:d7:04:e8:d2:e7:79:
         b8:1d:4a:c2:34:f2:56:11:a1:2b:b2:fe:72:ec:10:d7:81:69:
         d7:b5:c3:3f:c0:12:2d:b5:0b:4d:f9:19:b5:ac:11:b3:76:13:
         13:28:c0:70:94:ad:e1:c6:ad:84:8c:87:9f:b2:f9:d4:b5:bd:
         f7:80:a6:13:d1:f3:c6:82:fd:5c:39:30:0f:54:92:63:dc:44:
         29:8f:f8:6f:5c:c4:45:50:c3:32:08:5a:fb:a9:90:59:48:b9:
         4a:6e:eb:e5:bf:6f:9a:05:4a:06:b7:05:6f:0f:9f:1f:32:f1:
         52:7f:6c:4d:aa:2e:d3:28:70:27:55:bc:33:c9:8b:6c:b7:c5:
         04:88:cf:3e:42:d5:d1:57:3b:f2:8a:d8:28:8c:1a:f6:83:f9:
         05:3c:97:49:13:0d:48:02:44:e7:55:79:3b:fe:a2:16:76:fa:
         c0:41:f4:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJRm7oSUiH+5T0AWVF55rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzMjQxNDQ5MmJiMmNmYTQwOGZmNTczYWEwNjhmY2Y5YTVl
Nzc4ZWUwHhcNMjQwMTAxMDgzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjkyODU1NTdjZDk0MzM3NDAyMmExMDZjNjlmMTU1ODA4NDRmZDNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7fMsInxaH7z6cAvQnNzcLzgXktE2
Sk4rBWZ0YihaFsjbCKSGrr3wZokzAl97e4Kyr73zQ49yDdy+FHUT0sUyI6c03Spc
NVeGcLTuLecmijfWJOEHNAZ73fTHN26Uv6bXy+N961cC1zpzoPa4c7E4pzhy1Rlo
8VFgl2PZJIdH3dCphXcO9TfBwW/Js/nQTWrI9snj5xRWPxCRkKe+c5BGozMsioXu
jKzCBn1ZdOD8nX0CmJN+5LU6ak9iQ+aiFNca7cQoQ06SkssjIeI+4v8CLtuHjlS6
d0xnYfrr7DGfrsjjx+SK17m+2/aphk+wIglKa6gg/xgPFm8knropbkNw4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEKShVV82UM3QCKhBsafFVgIRP09MB8GA1UdIwQY
MBaAFFMkFEkrss+kCP9XOqBo/Pml53juMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXlRVVNTdXl6NlFJXzFjNm9HajgtYVhuZU80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS8wNmU0MjItZWIxNS00OWE0LWI5MTYt
Y2Q2NzY2YzM2OWExLzEvUXBLRlZYelpRemRBSXFFR3hwOFZXQWhFX1QwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS8wNmU0MjItZWIxNS00OWE0LWI5MTYtY2Q2NzY2YzM2OWEx
LzEvVXlRVVNTdXl6NlFJXzFjNm9HajgtYVhuZU80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJYzcMA0G
CSqGSIb3DQEBCwUAA4IBAQCR0o4Qyw0oxPWyfFBMm7dL+Nx/UiwD2jsRfWbMTpuo
txz2XU5csBRyjaWJCeLDDYXZ+vdutaGBhKN+H9Cym//CsBVeOpbrum+nZIedG7RU
IghEWjDXBOjS53m4HUrCNPJWEaErsv5y7BDXgWnXtcM/wBIttQtN+Rm1rBGzdhMT
KMBwlK3hxq2EjIefsvnUtb33gKYT0fPGgv1cOTAPVJJj3EQpj/hvXMRFUMMyCFr7
qZBZSLlKbuvlv2+aBUoGtwVvD58fMvFSf2xNqi7TKHAnVbwzyYtst8UEiM8+QtXR
VzvyitgojBr2g/kFPJdJEw1IAkTnVXk7/qIWdvrAQfT1
-----END CERTIFICATE-----