Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/14a46d-2d92-4e75-88da-1f9d8e236e25/1/QhlBb_l6bOBUzoYcRNBoDz8ljMM.roa
File:                     QhlBb_l6bOBUzoYcRNBoDz8ljMM.roa (raw, json)
Hash identifier:          uwOBZ6GW+SAP9h9ZAylyeIG9t1I7HyJBnQfghXXSuGc=
Subject key identifier:   42:19:41:6F:F9:7A:6C:E0:54:CE:86:1C:44:D0:68:0F:3F:25:8C:C3
Certificate issuer:       /CN=3b308e9be3a85b0f4901f35e7cf1fb759b49fee7
Certificate serial:       018CC50150AFFE26FFD4B3735B398625C88F
Authority key identifier: 3B:30:8E:9B:E3:A8:5B:0F:49:01:F3:5E:7C:F1:FB:75:9B:49:FE:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OzCOm-OoWw9JAfNefPH7dZtJ_uc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/14a46d-2d92-4e75-88da-1f9d8e236e25/1/QhlBb_l6bOBUzoYcRNBoDz8ljMM.roa
Signing time:             Mon 01 Jan 2024 12:30:46 +0000
ROA not before:           Mon 01 Jan 2024 12:30:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197071
IP address blocks:        185.53.249.0/24 maxlen: 24
                          2a12:c8c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/14a46d-2d92-4e75-88da-1f9d8e236e25/1/OzCOm-OoWw9JAfNefPH7dZtJ_uc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/14a46d-2d92-4e75-88da-1f9d8e236e25/1/OzCOm-OoWw9JAfNefPH7dZtJ_uc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OzCOm-OoWw9JAfNefPH7dZtJ_uc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:50:af:fe:26:ff:d4:b3:73:5b:39:86:25:c8:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b308e9be3a85b0f4901f35e7cf1fb759b49fee7
        Validity
            Not Before: Jan  1 12:30:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4219416ff97a6ce054ce861c44d0680f3f258cc3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:c4:cb:11:22:3b:24:15:82:ed:6a:c8:92:91:
                    32:44:25:b9:0a:69:16:3d:a0:38:f4:90:fd:34:a3:
                    5c:a6:1f:f2:da:84:ae:45:4f:82:d4:3c:10:73:62:
                    f3:02:93:e2:c3:38:bb:28:d1:2d:d6:bf:b0:15:1d:
                    27:7c:59:2d:74:6a:1d:70:b4:ce:9b:1d:45:b5:5a:
                    16:40:8a:f7:7f:17:82:b2:17:41:d5:ee:ce:94:4f:
                    28:a7:d2:46:f2:ab:e1:40:8e:43:41:1c:cd:8c:e2:
                    fe:82:f6:42:88:88:be:ef:e1:04:a2:fb:6d:2d:a8:
                    f5:e6:40:01:e4:88:59:ec:37:74:8b:34:31:1d:3d:
                    8b:41:dc:e6:d1:41:8b:2b:96:57:50:15:35:95:3d:
                    5d:3f:ac:fb:45:60:75:1b:61:57:93:77:1f:fb:f8:
                    9e:d8:a3:34:13:51:7b:7a:3b:20:4c:a8:53:57:10:
                    de:94:10:c7:40:de:ce:a6:cc:20:be:a3:9f:39:c1:
                    2b:0f:e3:e2:49:99:d1:06:f7:ec:ed:37:ed:58:8a:
                    ac:ae:4d:13:49:2f:96:21:32:7b:1f:8b:20:38:53:
                    b6:74:81:a4:e1:be:72:db:9d:a1:e5:d5:b1:ed:a2:
                    64:b9:52:4d:b7:5d:9a:d8:c8:8e:39:45:f8:7e:99:
                    c7:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:19:41:6F:F9:7A:6C:E0:54:CE:86:1C:44:D0:68:0F:3F:25:8C:C3
            X509v3 Authority Key Identifier:
                keyid:3B:30:8E:9B:E3:A8:5B:0F:49:01:F3:5E:7C:F1:FB:75:9B:49:FE:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OzCOm-OoWw9JAfNefPH7dZtJ_uc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/14a46d-2d92-4e75-88da-1f9d8e236e25/1/QhlBb_l6bOBUzoYcRNBoDz8ljMM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/14a46d-2d92-4e75-88da-1f9d8e236e25/1/OzCOm-OoWw9JAfNefPH7dZtJ_uc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.53.249.0/24
                IPv6:
                  2a12:c8c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         94:4c:4e:b1:02:d5:c1:21:db:58:36:65:eb:d2:31:a3:3a:cd:
         0d:9e:c1:74:ca:94:09:89:ca:57:bf:70:00:1e:15:db:50:9b:
         0e:c5:26:a0:c5:c9:55:65:3a:dc:e4:95:51:58:d1:c6:59:66:
         a6:c0:96:bc:28:38:d5:f2:83:b8:38:d2:e4:73:ba:ea:c9:66:
         fc:e4:30:21:50:3b:d5:bc:a7:1f:a2:6d:85:6e:61:ec:74:77:
         29:66:ac:e9:96:47:22:53:dd:64:23:9e:53:42:97:80:b7:f4:
         e0:20:b5:a0:9b:96:0b:77:83:e6:88:62:a6:d4:2d:dd:2a:b6:
         92:93:22:d1:dc:61:7c:30:0f:aa:a6:da:31:31:6e:75:2c:3a:
         2c:44:1a:b4:ab:29:19:d3:46:aa:c0:d5:3b:93:15:3d:ab:69:
         16:28:91:7e:71:e0:a1:e4:92:32:6c:ce:4d:aa:6b:b5:d2:a7:
         d6:70:b4:9a:d9:92:c5:2c:30:66:03:f6:2f:97:93:a2:92:39:
         38:25:50:a7:50:15:b5:68:d1:25:ff:89:0d:2d:8c:5d:53:c0:
         fa:1b:92:72:74:8f:4c:68:0d:32:9e:ca:02:03:ba:e9:6e:c7:
         0c:c0:e2:d0:65:38:15:6e:b5:45:e8:0f:d8:59:2f:30:7b:4c:
         23:62:68:a6
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFAVCv/ib/1LNzWzmGJciPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiMzA4ZTliZTNhODViMGY0OTAxZjM1ZTdjZjFmYjc1OWI0
OWZlZTcwHhcNMjQwMTAxMTIzMDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjE5NDE2ZmY5N2E2Y2UwNTRjZTg2MWM0NGQwNjgwZjNmMjU4Y2MzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2MTLESI7JBWC7WrIkpEyRCW5CmkW
PaA49JD9NKNcph/y2oSuRU+C1DwQc2LzApPiwzi7KNEt1r+wFR0nfFktdGodcLTO
mx1FtVoWQIr3fxeCshdB1e7OlE8op9JG8qvhQI5DQRzNjOL+gvZCiIi+7+EEovtt
Laj15kAB5IhZ7Dd0izQxHT2LQdzm0UGLK5ZXUBU1lT1dP6z7RWB1G2FXk3cf+/ie
2KM0E1F7ejsgTKhTVxDelBDHQN7OpswgvqOfOcErD+PiSZnRBvfs7TftWIqsrk0T
SS+WITJ7H4sgOFO2dIGk4b5y252h5dWx7aJkuVJNt12a2MiOOUX4fpnH9QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEIZQW/5emzgVM6GHETQaA8/JYzDMB8GA1UdIwQY
MBaAFDswjpvjqFsPSQHzXnzx+3WbSf7nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3pDT20tT29XdzlKQWZOZWZQSDdkWnRKX3VjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi8xNGE0NmQtMmQ5Mi00ZTc1LTg4ZGEt
MWY5ZDhlMjM2ZTI1LzEvUWhsQmJfbDZiT0JVem9ZY1JOQm9Eejhsak1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi8xNGE0NmQtMmQ5Mi00ZTc1LTg4ZGEtMWY5ZDhlMjM2ZTI1
LzEvT3pDT20tT29XdzlKQWZOZWZQSDdkWnRKX3VjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuTX5MA0E
AgACMAcDBQMqEsjAMA0GCSqGSIb3DQEBCwUAA4IBAQCUTE6xAtXBIdtYNmXr0jGj
Os0NnsF0ypQJicpXv3AAHhXbUJsOxSagxclVZTrc5JVRWNHGWWamwJa8KDjV8oO4
ONLkc7rqyWb85DAhUDvVvKcfom2FbmHsdHcpZqzplkciU91kI55TQpeAt/TgILWg
m5YLd4PmiGKm1C3dKraSkyLR3GF8MA+qptoxMW51LDosRBq0qykZ00aqwNU7kxU9
q2kWKJF+ceCh5JIybM5Nqmu10qfWcLSa2ZLFLDBmA/Yvl5Oikjk4JVCnUBW1aNEl
/4kNLYxdU8D6G5JydI9MaA0ynsoCA7rpbscMwOLQZTgVbrVF6A/YWS8we0wjYmim
-----END CERTIFICATE-----