Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/285ab6-0109-44e1-bb2b-7534fe0f1b83/1/1q_nnAgndZaIqez5io_HHZB7TIg.roa
File:                     1q_nnAgndZaIqez5io_HHZB7TIg.roa (raw, json)
Hash identifier:          fcE6bMGj83Q0hVMFOv0EAXM92bWkreUUh6T69N1a/Yo=
Subject key identifier:   D6:AF:E7:9C:08:27:75:96:88:A9:EC:F9:8A:8F:C7:1D:90:7B:4C:88
Certificate issuer:       /CN=40b9cac935311e78034b4073830a81a3cf7b45d9
Certificate serial:       01941F8C6D3A007DEA1A7EA1CFEFE37482BD
Authority key identifier: 40:B9:CA:C9:35:31:1E:78:03:4B:40:73:83:0A:81:A3:CF:7B:45:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QLnKyTUxHngDS0BzgwqBo897Rdk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/285ab6-0109-44e1-bb2b-7534fe0f1b83/1/1q_nnAgndZaIqez5io_HHZB7TIg.roa
Signing time:             Wed 01 Jan 2025 01:48:04 +0000
ROA not before:           Wed 01 Jan 2025 01:48:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60723
IP address blocks:        185.23.168.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/285ab6-0109-44e1-bb2b-7534fe0f1b83/1/QLnKyTUxHngDS0BzgwqBo897Rdk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/285ab6-0109-44e1-bb2b-7534fe0f1b83/1/QLnKyTUxHngDS0BzgwqBo897Rdk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QLnKyTUxHngDS0BzgwqBo897Rdk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:6d:3a:00:7d:ea:1a:7e:a1:cf:ef:e3:74:82:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=40b9cac935311e78034b4073830a81a3cf7b45d9
        Validity
            Not Before: Jan  1 01:48:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d6afe79c0827759688a9ecf98a8fc71d907b4c88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:c7:75:ae:d3:06:82:e5:db:13:92:2f:16:3a:
                    ef:9c:2e:3e:9c:71:31:7e:9c:7e:c2:e7:13:a3:ff:
                    b5:1d:13:74:2f:9d:fe:25:31:7b:74:56:fe:53:b7:
                    69:0f:1d:43:3b:db:ed:65:73:c8:a7:45:d0:9a:39:
                    ba:1f:b2:11:28:c4:9e:54:c7:2f:90:60:4b:a7:2b:
                    00:82:e3:52:a8:bb:1b:b6:b1:75:72:6d:76:11:c2:
                    b1:de:09:d3:78:a0:c5:7e:36:1e:e3:68:c6:c1:ec:
                    86:0c:2f:3d:00:ab:8f:21:b0:c5:5c:63:78:ce:95:
                    24:86:cf:c0:e7:29:f5:4c:12:9b:ee:c1:a4:88:db:
                    e0:a6:d8:ca:bc:18:15:e5:7b:1b:5e:c3:ac:f9:0f:
                    03:25:ed:ad:32:d8:2a:ee:89:6e:37:33:4f:bb:0d:
                    9f:84:09:f8:f0:6c:c3:4d:68:20:0f:85:d9:fa:66:
                    3f:46:99:01:80:e4:45:2c:b0:88:5f:dc:d7:8c:8a:
                    d4:08:ae:eb:c0:62:50:07:cf:9e:b1:34:8f:95:36:
                    6e:03:0b:ac:5e:f6:85:2f:79:89:5d:db:c7:4c:5d:
                    e6:87:3b:dc:54:f9:32:85:76:8a:c6:05:3d:72:52:
                    75:63:a2:e8:64:c1:e1:54:da:51:ec:50:ea:3d:4e:
                    5b:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:AF:E7:9C:08:27:75:96:88:A9:EC:F9:8A:8F:C7:1D:90:7B:4C:88
            X509v3 Authority Key Identifier:
                keyid:40:B9:CA:C9:35:31:1E:78:03:4B:40:73:83:0A:81:A3:CF:7B:45:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QLnKyTUxHngDS0BzgwqBo897Rdk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/285ab6-0109-44e1-bb2b-7534fe0f1b83/1/1q_nnAgndZaIqez5io_HHZB7TIg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/285ab6-0109-44e1-bb2b-7534fe0f1b83/1/QLnKyTUxHngDS0BzgwqBo897Rdk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.23.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6a:42:a3:06:02:7c:df:39:56:7d:98:54:7b:38:91:db:37:df:
         a5:90:8c:88:33:82:87:7c:b0:03:d7:a4:c9:79:f1:35:82:76:
         ef:38:97:46:39:5b:ed:b1:fb:82:73:39:0f:f8:6a:47:05:15:
         76:aa:7b:44:84:05:53:9b:74:95:f2:e4:6a:97:44:4f:ed:bd:
         82:aa:ef:ee:b2:a8:ec:a2:6c:3a:2d:fd:1d:f9:54:8f:15:26:
         5c:f9:0f:ed:d1:dc:f9:4c:d7:99:fd:1c:f1:c9:71:09:94:c7:
         2c:ce:87:7c:17:e9:18:4c:c4:a6:93:a0:c6:fe:cf:d8:e3:91:
         e8:0f:57:de:5c:e2:6d:f6:93:0f:7d:43:47:4a:d7:aa:48:f8:
         36:6c:0d:32:47:03:62:ef:11:0f:42:19:f4:f6:24:8a:da:59:
         4b:aa:55:ba:69:38:b4:66:f2:8b:52:96:b1:11:06:cd:d2:5c:
         0e:63:a2:97:59:44:f7:63:4d:5f:06:9b:cf:ef:db:b2:10:c7:
         9d:12:29:59:13:6d:52:d7:17:ae:be:c2:6f:ae:47:cd:ba:69:
         25:27:53:0a:c1:8f:5c:ad:10:34:a8:dd:f3:55:0f:d4:d6:f2:
         01:5b:94:0a:e2:75:33:ea:5b:99:10:cb:3b:a7:39:6a:b1:9f:
         02:73:51:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjG06AH3qGn6hz+/jdIK9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwYjljYWM5MzUzMTFlNzgwMzRiNDA3MzgzMGE4MWEzY2Y3
YjQ1ZDkwHhcNMjUwMTAxMDE0ODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNmFmZTc5YzA4Mjc3NTk2ODhhOWVjZjk4YThmYzcxZDkwN2I0Yzg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxsd1rtMGguXbE5IvFjrvnC4+nHEx
fpx+wucTo/+1HRN0L53+JTF7dFb+U7dpDx1DO9vtZXPIp0XQmjm6H7IRKMSeVMcv
kGBLpysAguNSqLsbtrF1cm12EcKx3gnTeKDFfjYe42jGweyGDC89AKuPIbDFXGN4
zpUkhs/A5yn1TBKb7sGkiNvgptjKvBgV5XsbXsOs+Q8DJe2tMtgq7oluNzNPuw2f
hAn48GzDTWggD4XZ+mY/RpkBgORFLLCIX9zXjIrUCK7rwGJQB8+esTSPlTZuAwus
XvaFL3mJXdvHTF3mhzvcVPkyhXaKxgU9clJ1Y6LoZMHhVNpR7FDqPU5bPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNav55wIJ3WWiKns+YqPxx2Qe0yIMB8GA1UdIwQY
MBaAFEC5ysk1MR54A0tAc4MKgaPPe0XZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUxuS3lUVXhIbmdEUzBCemd3cUJvODk3UmRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi8yODVhYjYtMDEwOS00NGUxLWJiMmIt
NzUzNGZlMGYxYjgzLzEvMXFfbm5BZ25kWmFJcWV6NWlvX0hIWkI3VElnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi8yODVhYjYtMDEwOS00NGUxLWJiMmItNzUzNGZlMGYxYjgz
LzEvUUxuS3lUVXhIbmdEUzBCemd3cUJvODk3UmRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuReoMA0G
CSqGSIb3DQEBCwUAA4IBAQBqQqMGAnzfOVZ9mFR7OJHbN9+lkIyIM4KHfLAD16TJ
efE1gnbvOJdGOVvtsfuCczkP+GpHBRV2qntEhAVTm3SV8uRql0RP7b2Cqu/usqjs
omw6Lf0d+VSPFSZc+Q/t0dz5TNeZ/RzxyXEJlMcszod8F+kYTMSmk6DG/s/Y45Ho
D1feXOJt9pMPfUNHSteqSPg2bA0yRwNi7xEPQhn09iSK2llLqlW6aTi0ZvKLUpax
EQbN0lwOY6KXWUT3Y01fBpvP79uyEMedEilZE21S1xeuvsJvrkfNumklJ1MKwY9c
rRA0qN3zVQ/U1vIBW5QK4nUz6luZEMs7pzlqsZ8Cc1G7
-----END CERTIFICATE-----