Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/e2f615-6ca4-4bf5-9f53-87073f434b03/1/QUfbWXrFQRLXTsfeBGtfQ5vf4vY.roa
File:                     QUfbWXrFQRLXTsfeBGtfQ5vf4vY.roa (raw, json)
Hash identifier:          f6Ep5UMPIVSUlBwPQexjpuc7MSPN5ZTBvzRAPmNAPE4=
Subject key identifier:   41:47:DB:59:7A:C5:41:12:D7:4E:C7:DE:04:6B:5F:43:9B:DF:E2:F6
Certificate issuer:       /CN=4638bf68b6675e2a5a3a7922f6477d2afb357fac
Certificate serial:       019082289EB4F87AEE9CC7AC3841BB884435
Authority key identifier: 46:38:BF:68:B6:67:5E:2A:5A:3A:79:22:F6:47:7D:2A:FB:35:7F:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Rji_aLZnXipaOnki9kd9Kvs1f6w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/e2f615-6ca4-4bf5-9f53-87073f434b03/1/QUfbWXrFQRLXTsfeBGtfQ5vf4vY.roa
Signing time:             Fri 05 Jul 2024 09:10:18 +0000
ROA not before:           Fri 05 Jul 2024 09:10:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3303
IP address blocks:        185.156.8.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/e2f615-6ca4-4bf5-9f53-87073f434b03/1/Rji_aLZnXipaOnki9kd9Kvs1f6w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/e2f615-6ca4-4bf5-9f53-87073f434b03/1/Rji_aLZnXipaOnki9kd9Kvs1f6w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Rji_aLZnXipaOnki9kd9Kvs1f6w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 01:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:82:28:9e:b4:f8:7a:ee:9c:c7:ac:38:41:bb:88:44:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4638bf68b6675e2a5a3a7922f6477d2afb357fac
        Validity
            Not Before: Jul  5 09:10:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4147db597ac54112d74ec7de046b5f439bdfe2f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:76:6a:0f:58:83:26:db:c3:38:da:df:61:d3:
                    f4:d5:0b:e6:52:84:60:7a:0e:26:74:2b:20:9a:1a:
                    2c:b1:0d:00:d7:17:54:68:32:a4:c2:d4:33:4d:bc:
                    c9:6e:59:66:46:15:ad:7d:58:10:98:40:3f:03:8e:
                    0f:0a:fa:ca:78:a2:cd:ca:0f:c4:54:57:3c:3d:f6:
                    24:66:5a:45:5c:b1:93:13:a4:5c:b4:2d:1e:30:32:
                    4c:78:a9:47:97:6b:fc:09:ff:f6:22:09:87:89:50:
                    96:1b:06:3b:fd:22:a7:a2:08:ac:5d:c6:79:ae:00:
                    aa:af:b5:b7:0d:e8:e1:7f:7c:5a:8a:a3:52:79:95:
                    1b:d4:b4:d8:3a:71:73:f4:cb:6b:62:11:31:23:b6:
                    f2:f5:67:0b:fb:0d:33:5e:1c:5f:fe:77:92:d9:5c:
                    36:4b:10:cf:1b:62:36:54:bb:08:fb:d3:53:d6:da:
                    e7:d9:db:88:f4:ac:c1:fb:bd:1a:25:40:ba:29:c7:
                    99:c5:b9:8e:6e:7e:30:7e:a0:3f:ff:35:0e:2c:af:
                    0f:69:8c:d3:b8:6b:bd:d7:bd:30:52:ab:47:2b:37:
                    61:90:7e:b0:13:15:0c:01:23:45:c9:c2:f8:c6:e1:
                    93:6c:64:c2:57:45:91:ff:4e:7a:da:bf:dc:29:b8:
                    fd:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:47:DB:59:7A:C5:41:12:D7:4E:C7:DE:04:6B:5F:43:9B:DF:E2:F6
            X509v3 Authority Key Identifier:
                keyid:46:38:BF:68:B6:67:5E:2A:5A:3A:79:22:F6:47:7D:2A:FB:35:7F:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Rji_aLZnXipaOnki9kd9Kvs1f6w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/e2f615-6ca4-4bf5-9f53-87073f434b03/1/QUfbWXrFQRLXTsfeBGtfQ5vf4vY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/e2f615-6ca4-4bf5-9f53-87073f434b03/1/Rji_aLZnXipaOnki9kd9Kvs1f6w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.156.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b7:cb:c2:4e:d1:ad:b7:67:98:ae:93:7b:81:07:b1:b2:93:34:
         3a:4e:89:3d:df:93:09:17:72:0d:aa:f1:7a:43:27:13:2b:48:
         bf:ac:f0:f2:e0:21:e3:64:57:75:db:8a:0e:cb:11:7c:cb:54:
         27:49:72:03:c7:77:2f:fc:99:e4:ff:a4:1c:b0:c5:c4:34:a9:
         44:83:be:03:3a:91:58:ad:18:79:80:c1:c1:17:e2:70:23:8f:
         3e:f4:b5:e5:f9:93:2b:ea:c9:17:45:6c:ac:a8:41:f3:e1:f9:
         05:28:72:0d:ea:eb:76:02:0f:f8:82:8e:31:c7:28:63:f6:91:
         db:23:83:ad:57:aa:3d:b0:4c:e7:42:bf:99:f1:da:7b:d8:b5:
         24:25:a4:70:2e:36:bc:b9:3d:56:4c:0d:1f:bb:db:24:06:94:
         25:3a:a6:57:5e:14:f5:e4:6a:ab:1f:34:09:f8:ae:13:9c:a3:
         5a:aa:a7:f8:ff:bc:01:a0:e2:45:52:36:42:c1:fa:40:e1:97:
         6d:b6:05:26:3d:89:e7:ff:2b:b6:c0:8c:5e:40:80:a4:22:92:
         ef:7e:bf:05:a4:3b:92:07:5f:b5:be:82:5b:88:e7:9f:9f:54:
         e3:34:f2:7f:45:48:5c:b5:d9:c0:68:3e:ef:0c:f3:7d:15:85:
         59:86:22:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZCCKJ60+HrunMesOEG7iEQ1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2MzhiZjY4YjY2NzVlMmE1YTNhNzkyMmY2NDc3ZDJhZmIz
NTdmYWMwHhcNMjQwNzA1MDkxMDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTQ3ZGI1OTdhYzU0MTEyZDc0ZWM3ZGUwNDZiNWY0MzliZGZlMmY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx3ZqD1iDJtvDONrfYdP01QvmUoRg
eg4mdCsgmhossQ0A1xdUaDKkwtQzTbzJbllmRhWtfVgQmEA/A44PCvrKeKLNyg/E
VFc8PfYkZlpFXLGTE6RctC0eMDJMeKlHl2v8Cf/2IgmHiVCWGwY7/SKnogisXcZ5
rgCqr7W3Dejhf3xaiqNSeZUb1LTYOnFz9MtrYhExI7by9WcL+w0zXhxf/neS2Vw2
SxDPG2I2VLsI+9NT1trn2duI9KzB+70aJUC6KceZxbmObn4wfqA//zUOLK8PaYzT
uGu9170wUqtHKzdhkH6wExUMASNFycL4xuGTbGTCV0WR/0562r/cKbj9KwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEFH21l6xUES107H3gRrX0Ob3+L2MB8GA1UdIwQY
MBaAFEY4v2i2Z14qWjp5IvZHfSr7NX+sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmppX2FMWm5YaXBhT25raTlrZDlLdnMxZjZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC9lMmY2MTUtNmNhNC00YmY1LTlmNTMt
ODcwNzNmNDM0YjAzLzEvUVVmYldYckZRUkxYVHNmZUJHdGZRNXZmNHZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC9lMmY2MTUtNmNhNC00YmY1LTlmNTMtODcwNzNmNDM0YjAz
LzEvUmppX2FMWm5YaXBhT25raTlrZDlLdnMxZjZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZwIMA0G
CSqGSIb3DQEBCwUAA4IBAQC3y8JO0a23Z5iuk3uBB7GykzQ6Tok935MJF3INqvF6
QycTK0i/rPDy4CHjZFd124oOyxF8y1QnSXIDx3cv/Jnk/6QcsMXENKlEg74DOpFY
rRh5gMHBF+JwI48+9LXl+ZMr6skXRWysqEHz4fkFKHIN6ut2Ag/4go4xxyhj9pHb
I4OtV6o9sEznQr+Z8dp72LUkJaRwLja8uT1WTA0fu9skBpQlOqZXXhT15GqrHzQJ
+K4TnKNaqqf4/7wBoOJFUjZCwfpA4ZdttgUmPYnn/yu2wIxeQICkIpLvfr8FpDuS
B1+1voJbiOefn1TjNPJ/RUhctdnAaD7vDPN9FYVZhiIv
-----END CERTIFICATE-----