Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/64e1ef-9ba8-4307-bfad-6587f76fd810/1/IQtsxMSbRVrkDUeRXGSxGUrepb0.roa
File:                     IQtsxMSbRVrkDUeRXGSxGUrepb0.roa (raw, json)
Hash identifier:          pOScZ0l3m0C5gsC5CmYVsgp9ubgQ+CZtPxkTuV90fds=
Subject key identifier:   21:0B:6C:C4:C4:9B:45:5A:E4:0D:47:91:5C:64:B1:19:4A:DE:A5:BD
Certificate issuer:       /CN=fe1d18d9a222736dbac231110b88deac8db0336d
Certificate serial:       018CC64B14DD1287B8E4C9C47FEDA34C5379
Authority key identifier: FE:1D:18:D9:A2:22:73:6D:BA:C2:31:11:0B:88:DE:AC:8D:B0:33:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_h0Y2aIic226wjERC4jerI2wM20.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/64e1ef-9ba8-4307-bfad-6587f76fd810/1/IQtsxMSbRVrkDUeRXGSxGUrepb0.roa
Signing time:             Mon 01 Jan 2024 18:30:58 +0000
ROA not before:           Mon 01 Jan 2024 18:30:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210221
IP address blocks:        194.38.130.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/64e1ef-9ba8-4307-bfad-6587f76fd810/1/_h0Y2aIic226wjERC4jerI2wM20.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/64e1ef-9ba8-4307-bfad-6587f76fd810/1/_h0Y2aIic226wjERC4jerI2wM20.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_h0Y2aIic226wjERC4jerI2wM20.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:14:dd:12:87:b8:e4:c9:c4:7f:ed:a3:4c:53:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe1d18d9a222736dbac231110b88deac8db0336d
        Validity
            Not Before: Jan  1 18:30:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=210b6cc4c49b455ae40d47915c64b1194adea5bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:92:f0:0a:49:4a:52:d7:47:86:08:6b:fb:e7:
                    a6:c3:06:b6:f9:cf:81:28:ae:48:54:9b:44:5e:c0:
                    d1:ab:5a:40:02:48:ba:b8:41:4c:7b:aa:12:1d:bd:
                    68:17:8f:52:84:60:32:44:b8:c0:83:93:be:44:9b:
                    44:a7:b2:84:3f:31:8d:8f:63:06:9d:df:ff:50:ef:
                    90:1c:1b:c8:9f:62:d3:5d:ee:78:51:6b:82:5b:e3:
                    8b:52:00:a8:9c:a0:fb:29:e7:51:18:aa:8a:de:46:
                    eb:6e:f2:2f:d9:15:87:f7:b4:bc:8d:4f:c2:14:23:
                    56:4a:a8:27:cd:42:7a:70:b9:20:f0:c7:28:82:b6:
                    82:ec:1b:76:7e:0b:20:15:e6:b9:35:82:d2:30:ad:
                    5c:ca:11:a4:79:9c:e5:c2:4b:64:c9:c6:1e:9d:4d:
                    76:20:0b:38:aa:73:85:f3:23:f5:4a:3a:86:e1:07:
                    51:f9:84:ef:34:6c:9d:dc:e8:a8:53:04:fc:5c:6f:
                    e2:6d:01:90:17:01:b8:0e:8d:b8:f6:9c:07:4b:89:
                    2b:ab:d9:82:af:c2:58:0f:5e:a9:cd:38:47:ca:36:
                    87:53:11:56:e9:17:f7:ef:6d:40:c0:ae:fb:e0:43:
                    78:b6:71:20:27:46:ef:ad:54:ca:db:f9:69:19:2d:
                    19:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:0B:6C:C4:C4:9B:45:5A:E4:0D:47:91:5C:64:B1:19:4A:DE:A5:BD
            X509v3 Authority Key Identifier:
                keyid:FE:1D:18:D9:A2:22:73:6D:BA:C2:31:11:0B:88:DE:AC:8D:B0:33:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_h0Y2aIic226wjERC4jerI2wM20.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/64e1ef-9ba8-4307-bfad-6587f76fd810/1/IQtsxMSbRVrkDUeRXGSxGUrepb0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/64e1ef-9ba8-4307-bfad-6587f76fd810/1/_h0Y2aIic226wjERC4jerI2wM20.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.38.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:ac:f9:9a:04:ca:88:17:6e:74:3a:db:5e:61:fb:f5:d5:5c:
         17:1a:eb:36:06:ce:21:59:1c:64:ea:e5:10:bc:6f:8f:92:60:
         34:e0:75:16:79:46:63:19:e1:a7:a8:03:d1:23:95:95:76:b1:
         f4:1b:e0:fc:8d:7b:8c:62:8e:77:90:ab:07:d3:76:3f:1c:d9:
         b5:04:c0:5e:45:fd:8e:34:ee:31:b5:61:8c:f0:f6:78:08:f5:
         67:ed:6b:23:48:72:a2:1c:51:26:bb:14:41:51:84:54:b2:b6:
         a2:62:f4:ec:a0:0f:ab:d5:8f:d0:f0:9d:6f:c4:70:ab:20:c8:
         88:c4:f9:65:32:02:0d:ee:43:b6:5e:3f:41:5d:80:02:b4:c0:
         68:f6:02:03:ef:a4:09:83:f7:d7:dc:d7:a0:8f:4d:24:8f:0d:
         c4:d1:0d:49:0c:e8:9d:25:b9:62:04:4e:3e:43:b6:73:75:dc:
         11:31:30:cb:b1:e3:9e:8d:33:9c:7d:5b:00:34:ed:53:03:1b:
         70:e5:2a:53:1e:dc:d0:bc:8e:f5:43:ca:8b:b9:e7:70:8f:cc:
         87:ed:77:64:21:22:eb:33:03:f5:49:a8:78:35:48:ea:67:54:
         75:0e:2d:44:c2:47:33:f2:fb:c6:17:d8:b3:f7:55:34:a7:8d:
         50:2d:4c:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSxTdEoe45MnEf+2jTFN5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlMWQxOGQ5YTIyMjczNmRiYWMyMzExMTBiODhkZWFjOGRi
MDMzNmQwHhcNMjQwMTAxMTgzMDU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTBiNmNjNGM0OWI0NTVhZTQwZDQ3OTE1YzY0YjExOTRhZGVhNWJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqpLwCklKUtdHhghr++emwwa2+c+B
KK5IVJtEXsDRq1pAAki6uEFMe6oSHb1oF49ShGAyRLjAg5O+RJtEp7KEPzGNj2MG
nd//UO+QHBvIn2LTXe54UWuCW+OLUgConKD7KedRGKqK3kbrbvIv2RWH97S8jU/C
FCNWSqgnzUJ6cLkg8McograC7Bt2fgsgFea5NYLSMK1cyhGkeZzlwktkycYenU12
IAs4qnOF8yP1SjqG4QdR+YTvNGyd3OioUwT8XG/ibQGQFwG4Do249pwHS4krq9mC
r8JYD16pzThHyjaHUxFW6Rf3721AwK774EN4tnEgJ0bvrVTK2/lpGS0ZlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCELbMTEm0Va5A1HkVxksRlK3qW9MB8GA1UdIwQY
MBaAFP4dGNmiInNtusIxEQuI3qyNsDNtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2gwWTJhSWljMjI2d2pFUkM0amVySTJ3TTIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC82NGUxZWYtOWJhOC00MzA3LWJmYWQt
NjU4N2Y3NmZkODEwLzEvSVF0c3hNU2JSVnJrRFVlUlhHU3hHVXJlcGIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC82NGUxZWYtOWJhOC00MzA3LWJmYWQtNjU4N2Y3NmZkODEw
LzEvX2gwWTJhSWljMjI2d2pFUkM0amVySTJ3TTIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiaCMA0G
CSqGSIb3DQEBCwUAA4IBAQASrPmaBMqIF250OtteYfv11VwXGus2Bs4hWRxk6uUQ
vG+PkmA04HUWeUZjGeGnqAPRI5WVdrH0G+D8jXuMYo53kKsH03Y/HNm1BMBeRf2O
NO4xtWGM8PZ4CPVn7WsjSHKiHFEmuxRBUYRUsraiYvTsoA+r1Y/Q8J1vxHCrIMiI
xPllMgIN7kO2Xj9BXYACtMBo9gID76QJg/fX3Negj00kjw3E0Q1JDOidJbliBE4+
Q7ZzddwRMTDLseOejTOcfVsANO1TAxtw5SpTHtzQvI71Q8qLuedwj8yH7XdkISLr
MwP1Sah4NUjqZ1R1Di1Ewkcz8vvGF9iz91U0p41QLUzB
-----END CERTIFICATE-----