Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/e3c854-2262-4895-b92a-f2c65a7013ef/1/1-QVYSXCMeRe1mvLAfFdDFo3xYhs.roa
File:                     1-QVYSXCMeRe1mvLAfFdDFo3xYhs.roa (raw, json)
Hash identifier:          DOTcvUjFr15RwbcT6BuPnjc8ua6GfgqCObQtevk1vUo=
Subject key identifier:   F9:05:58:49:70:8C:79:17:B5:9A:F2:C0:7C:57:43:16:8D:F1:62:1B
Certificate issuer:       /CN=111f4b0a73ac1b633d24ed5a094fde3a2ef51b94
Certificate serial:       018CC3B6A288B5D34636CF6EA4E1883EC7A1
Authority key identifier: 11:1F:4B:0A:73:AC:1B:63:3D:24:ED:5A:09:4F:DE:3A:2E:F5:1B:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ER9LCnOsG2M9JO1aCU_eOi71G5Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/e3c854-2262-4895-b92a-f2c65a7013ef/1/1-QVYSXCMeRe1mvLAfFdDFo3xYhs.roa
Signing time:             Mon 01 Jan 2024 06:29:35 +0000
ROA not before:           Mon 01 Jan 2024 06:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24679
IP address blocks:        185.148.168.0/22 maxlen: 24
                          2a07:60c0::/29 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/e3c854-2262-4895-b92a-f2c65a7013ef/1/ER9LCnOsG2M9JO1aCU_eOi71G5Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/e3c854-2262-4895-b92a-f2c65a7013ef/1/ER9LCnOsG2M9JO1aCU_eOi71G5Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ER9LCnOsG2M9JO1aCU_eOi71G5Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 14:51:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:a2:88:b5:d3:46:36:cf:6e:a4:e1:88:3e:c7:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=111f4b0a73ac1b633d24ed5a094fde3a2ef51b94
        Validity
            Not Before: Jan  1 06:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f9055849708c7917b59af2c07c5743168df1621b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:78:86:ab:60:09:53:e0:e1:b8:36:7e:56:b5:
                    05:37:19:ec:e8:42:ba:36:0f:64:de:0d:fe:2f:6f:
                    fd:b4:42:82:a2:1d:34:a4:dc:36:b5:82:33:fb:5c:
                    1b:2f:5f:a1:88:24:94:74:d1:4c:bd:b4:91:bf:69:
                    61:bd:3b:db:f6:f4:32:75:07:01:ac:e2:0d:39:64:
                    64:59:bb:13:55:da:24:b0:cb:48:6f:9b:15:b5:03:
                    21:13:e7:02:59:88:64:68:a0:13:0b:ac:ae:b4:46:
                    ad:a2:fb:f4:8f:34:b2:09:4c:eb:df:9c:1d:5c:e7:
                    e8:47:ff:90:e5:8f:3a:9a:41:4f:db:9d:55:61:ae:
                    92:41:1f:f4:30:3e:6f:68:21:59:e5:9a:42:5a:5b:
                    ef:1a:dc:2b:16:a3:5c:7f:81:33:91:21:e3:a8:52:
                    53:d0:f1:c8:d6:8d:21:40:54:30:79:5c:b8:c8:ee:
                    74:e5:bf:08:96:7c:3c:3c:d0:a0:75:7e:58:79:1e:
                    1f:d2:b8:8d:89:e7:4c:eb:90:a8:0f:5c:e5:0d:cf:
                    4f:46:1d:3e:12:39:d6:2d:f1:6e:68:53:e9:4f:62:
                    5a:aa:00:de:9b:be:63:f3:e5:f4:31:4e:e0:aa:31:
                    7e:7e:ca:20:2b:6d:c6:7c:ad:6c:78:cf:81:4b:92:
                    75:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:05:58:49:70:8C:79:17:B5:9A:F2:C0:7C:57:43:16:8D:F1:62:1B
            X509v3 Authority Key Identifier:
                keyid:11:1F:4B:0A:73:AC:1B:63:3D:24:ED:5A:09:4F:DE:3A:2E:F5:1B:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ER9LCnOsG2M9JO1aCU_eOi71G5Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/e3c854-2262-4895-b92a-f2c65a7013ef/1/1-QVYSXCMeRe1mvLAfFdDFo3xYhs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/e3c854-2262-4895-b92a-f2c65a7013ef/1/ER9LCnOsG2M9JO1aCU_eOi71G5Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.148.168.0/22
                IPv6:
                  2a07:60c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         99:1c:64:e5:2c:5c:12:26:bf:b9:f0:66:73:30:f6:a8:14:42:
         a8:00:e6:24:3a:9c:6d:ff:b3:1b:65:45:9b:53:d0:5b:dc:31:
         63:bf:aa:ea:30:8d:c3:13:39:f2:7e:53:62:55:3f:e8:26:95:
         5e:0a:c2:97:20:95:ca:dd:77:32:6c:38:bc:b6:0f:4a:85:2c:
         ba:6a:b7:3e:3e:14:92:fc:83:a8:b2:0c:a8:5c:99:02:94:63:
         f8:58:29:70:ce:1f:c9:dc:37:d0:48:39:69:c4:e0:b5:4c:dc:
         7a:b7:d3:5f:28:04:47:0b:24:6f:74:2d:d7:6e:15:7b:54:41:
         34:b1:d5:41:62:11:d2:a9:36:8e:19:61:cc:50:da:44:ed:bb:
         3c:72:43:31:d3:3c:58:19:6f:e3:6c:ea:5b:63:fb:ad:a4:e2:
         8b:da:dc:34:5e:67:6c:45:5f:e4:9e:eb:7e:98:c4:d3:0b:44:
         6c:49:32:58:ee:0c:f9:19:0c:4b:95:02:71:8e:ff:85:a7:53:
         0e:60:47:c7:ee:8d:8a:77:4d:3e:47:57:4a:c3:d2:76:0b:d6:
         5b:4e:69:47:2d:29:82:74:64:82:a1:32:20:9c:9f:a6:37:ec:
         a7:d6:96:d2:83:5f:62:a0:8b:d3:65:41:67:42:b0:7d:20:39:
         37:c7:ce:3e
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzDtqKItdNGNs9upOGIPsehMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExMWY0YjBhNzNhYzFiNjMzZDI0ZWQ1YTA5NGZkZTNhMmVm
NTFiOTQwHhcNMjQwMTAxMDYyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTA1NTg0OTcwOGM3OTE3YjU5YWYyYzA3YzU3NDMxNjhkZjE2MjFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl3iGq2AJU+DhuDZ+VrUFNxns6EK6
Ng9k3g3+L2/9tEKCoh00pNw2tYIz+1wbL1+hiCSUdNFMvbSRv2lhvTvb9vQydQcB
rOINOWRkWbsTVdoksMtIb5sVtQMhE+cCWYhkaKATC6yutEatovv0jzSyCUzr35wd
XOfoR/+Q5Y86mkFP251VYa6SQR/0MD5vaCFZ5ZpCWlvvGtwrFqNcf4EzkSHjqFJT
0PHI1o0hQFQweVy4yO505b8Ilnw8PNCgdX5YeR4f0riNiedM65CoD1zlDc9PRh0+
EjnWLfFuaFPpT2JaqgDem75j8+X0MU7gqjF+fsogK23GfK1seM+BS5J1/QIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFPkFWElwjHkXtZrywHxXQxaN8WIbMB8GA1UdIwQY
MBaAFBEfSwpzrBtjPSTtWglP3jou9RuUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVI5TENuT3NHMk05Sk8xYUNVX2VPaTcxRzVRLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy9lM2M4NTQtMjI2Mi00ODk1LWI5MmEt
ZjJjNjVhNzAxM2VmLzEvMS1RVllTWENNZVJlMW12TEFmRmRERm8zeFlocy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZTMvZTNjODU0LTIyNjItNDg5NS1iOTJhLWYyYzY1YTcwMTNl
Zi8xL0VSOUxDbk9zRzJNOUpPMWFDVV9lT2k3MUc1US5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAuBggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEArmUqDAN
BAIAAjAHAwUDKgdgwDANBgkqhkiG9w0BAQsFAAOCAQEAmRxk5SxcEia/ufBmczD2
qBRCqADmJDqcbf+zG2VFm1PQW9wxY7+q6jCNwxM58n5TYlU/6CaVXgrClyCVyt13
Mmw4vLYPSoUsumq3Pj4UkvyDqLIMqFyZApRj+FgpcM4fydw30Eg5acTgtUzcerfT
XygERwskb3Qt124Ve1RBNLHVQWIR0qk2jhlhzFDaRO27PHJDMdM8WBlv42zqW2P7
raTii9rcNF5nbEVf5J7rfpjE0wtEbEkyWO4M+RkMS5UCcY7/hadTDmBHx+6NindN
PkdXSsPSdgvWW05pRy0pgnRkgqEyIJyfpjfsp9aW0oNfYqCL02VBZ0KwfSA5N8fO
Pg==
-----END CERTIFICATE-----