Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/bd4de8-861c-45b6-84c1-579b3a878182/1/KQKH0iFGbZM_R2XcELsI7KmdhOg.roa
File:                     KQKH0iFGbZM_R2XcELsI7KmdhOg.roa (raw, json)
Hash identifier:          zqS19I/YtqB+TocqDlfuFTYhoBaDYcMb8OKdAtyH93c=
Subject key identifier:   29:02:87:D2:21:46:6D:93:3F:47:65:DC:10:BB:08:EC:A9:9D:84:E8
Certificate issuer:       /CN=7b1bdecba944f7ee10e90691311fc0f843436ba1
Certificate serial:       018D8B678C3F16AA8350B1C240D744B97B22
Authority key identifier: 7B:1B:DE:CB:A9:44:F7:EE:10:E9:06:91:31:1F:C0:F8:43:43:6B:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/exvey6lE9-4Q6QaRMR_A-ENDa6E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/bd4de8-861c-45b6-84c1-579b3a878182/1/KQKH0iFGbZM_R2XcELsI7KmdhOg.roa
Signing time:             Fri 09 Feb 2024 01:07:15 +0000
ROA not before:           Fri 09 Feb 2024 01:07:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        185.115.88.0/24 maxlen: 24
                          185.115.89.0/24 maxlen: 24
                          185.115.90.0/24 maxlen: 24
                          185.115.91.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/bd4de8-861c-45b6-84c1-579b3a878182/1/exvey6lE9-4Q6QaRMR_A-ENDa6E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/bd4de8-861c-45b6-84c1-579b3a878182/1/exvey6lE9-4Q6QaRMR_A-ENDa6E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/exvey6lE9-4Q6QaRMR_A-ENDa6E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:02:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:8b:67:8c:3f:16:aa:83:50:b1:c2:40:d7:44:b9:7b:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b1bdecba944f7ee10e90691311fc0f843436ba1
        Validity
            Not Before: Feb  9 01:07:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=290287d221466d933f4765dc10bb08eca99d84e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:6c:cf:e6:b5:a9:79:82:54:96:44:3f:af:84:
                    4f:14:2b:78:55:c3:5f:73:ba:f1:0a:5c:aa:4d:44:
                    df:e7:7e:8c:59:96:2f:d3:52:c7:53:83:db:b2:62:
                    c5:cb:a9:d5:19:35:98:35:96:da:bc:09:48:9b:3f:
                    71:de:c7:c6:cf:1e:36:d6:2e:34:6c:cf:c8:e5:a7:
                    14:f7:e3:37:e7:db:50:2d:7d:92:f0:c9:e9:33:ef:
                    7b:b4:41:5c:c2:24:12:9a:94:05:67:24:29:ad:dd:
                    b3:84:ed:57:ef:67:c3:d7:ad:8f:49:7b:8b:33:d8:
                    75:70:cb:db:2d:c3:91:e8:bf:3c:78:63:b7:4c:6f:
                    87:ce:d1:21:60:79:28:1b:d5:77:b5:a1:e8:14:a7:
                    74:e5:15:d5:37:70:98:2c:89:33:62:40:24:2c:c3:
                    37:92:11:0c:58:8b:5d:35:4c:bb:b4:3a:11:fb:62:
                    27:2c:99:a3:36:e8:b9:4e:c3:2c:24:cf:ec:24:52:
                    49:4b:2f:9f:6c:15:91:6c:54:00:17:c0:9e:43:b5:
                    9a:c0:7a:8c:18:c6:7f:84:8c:b4:d0:8a:05:bc:7d:
                    c6:ce:84:7e:d0:d3:ec:68:9e:a8:6b:6a:92:e8:33:
                    f4:80:b6:07:33:bd:0f:05:c6:f8:37:86:5b:c1:42:
                    5f:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:02:87:D2:21:46:6D:93:3F:47:65:DC:10:BB:08:EC:A9:9D:84:E8
            X509v3 Authority Key Identifier:
                keyid:7B:1B:DE:CB:A9:44:F7:EE:10:E9:06:91:31:1F:C0:F8:43:43:6B:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/exvey6lE9-4Q6QaRMR_A-ENDa6E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/bd4de8-861c-45b6-84c1-579b3a878182/1/KQKH0iFGbZM_R2XcELsI7KmdhOg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/bd4de8-861c-45b6-84c1-579b3a878182/1/exvey6lE9-4Q6QaRMR_A-ENDa6E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.115.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         c1:08:33:0c:d5:ca:25:34:44:e2:9b:46:22:cd:e7:24:4f:bf:
         7a:30:e3:c4:da:37:b7:fd:f4:ca:70:77:84:34:2d:02:fc:29:
         d9:91:00:16:2e:34:45:aa:ec:e3:ae:65:af:7c:71:a5:3b:72:
         d5:a7:da:66:2e:77:50:df:56:8c:ab:ed:c7:f2:85:90:a1:a4:
         85:79:ed:0f:03:b5:a2:6b:11:ad:dc:41:8d:95:40:70:72:17:
         62:d2:37:b1:85:78:60:2e:ea:84:54:8a:18:be:ed:59:96:17:
         15:77:69:1a:0d:c3:6d:36:df:53:fd:d4:c5:82:51:5c:db:d0:
         0a:fe:fe:78:64:5c:e8:5b:69:24:e7:88:b7:33:20:79:93:e3:
         07:c4:1a:6d:c7:05:59:1d:80:8d:e3:18:e4:14:13:13:0a:71:
         af:13:bd:02:18:10:01:cd:8b:45:9e:28:80:17:75:82:46:8b:
         9e:85:4e:53:6a:75:81:e4:00:a3:7a:9f:0f:21:fd:e6:7d:0d:
         d6:3f:c0:20:7c:ce:a3:c5:ae:73:c3:e7:32:17:fa:90:eb:9a:
         3f:2a:e3:94:92:2f:d2:8b:f1:db:36:0c:ca:e2:b4:32:64:09:
         29:0f:82:3f:68:7a:8e:ef:32:9e:4a:ce:59:76:51:3c:df:bb:
         64:48:62:46
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2LZ4w/FqqDULHCQNdEuXsiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiMWJkZWNiYTk0NGY3ZWUxMGU5MDY5MTMxMWZjMGY4NDM0
MzZiYTEwHhcNMjQwMjA5MDEwNzE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTAyODdkMjIxNDY2ZDkzM2Y0NzY1ZGMxMGJiMDhlY2E5OWQ4NGU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlmzP5rWpeYJUlkQ/r4RPFCt4VcNf
c7rxClyqTUTf536MWZYv01LHU4PbsmLFy6nVGTWYNZbavAlImz9x3sfGzx421i40
bM/I5acU9+M359tQLX2S8MnpM+97tEFcwiQSmpQFZyQprd2zhO1X72fD162PSXuL
M9h1cMvbLcOR6L88eGO3TG+HztEhYHkoG9V3taHoFKd05RXVN3CYLIkzYkAkLMM3
khEMWItdNUy7tDoR+2InLJmjNui5TsMsJM/sJFJJSy+fbBWRbFQAF8CeQ7WawHqM
GMZ/hIy00IoFvH3GzoR+0NPsaJ6oa2qS6DP0gLYHM70PBcb4N4ZbwUJf1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCkCh9IhRm2TP0dl3BC7COypnYToMB8GA1UdIwQY
MBaAFHsb3supRPfuEOkGkTEfwPhDQ2uhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXh2ZXk2bEU5LTRRNlFhUk1SX0EtRU5EYTZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS9iZDRkZTgtODYxYy00NWI2LTg0YzEt
NTc5YjNhODc4MTgyLzEvS1FLSDBpRkdiWk1fUjJYY0VMc0k3S21kaE9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS9iZDRkZTgtODYxYy00NWI2LTg0YzEtNTc5YjNhODc4MTgy
LzEvZXh2ZXk2bEU5LTRRNlFhUk1SX0EtRU5EYTZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuXNYMA0G
CSqGSIb3DQEBCwUAA4IBAQDBCDMM1colNETim0YizeckT796MOPE2je3/fTKcHeE
NC0C/CnZkQAWLjRFquzjrmWvfHGlO3LVp9pmLndQ31aMq+3H8oWQoaSFee0PA7Wi
axGt3EGNlUBwchdi0jexhXhgLuqEVIoYvu1ZlhcVd2kaDcNtNt9T/dTFglFc29AK
/v54ZFzoW2kk54i3MyB5k+MHxBptxwVZHYCN4xjkFBMTCnGvE70CGBABzYtFniiA
F3WCRouehU5TanWB5ACjep8PIf3mfQ3WP8AgfM6jxa5zw+cyF/qQ65o/KuOUki/S
i/HbNgzK4rQyZAkpD4I/aHqO7zKeSs5ZdlE837tkSGJG
-----END CERTIFICATE-----