Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/q-KNKWRFtL2pyoTDfaz-PW8Echc.roa
File:                     q-KNKWRFtL2pyoTDfaz-PW8Echc.roa (raw, json)
Hash identifier:          SUKwsSzIyljogQCpCBNS4HpOYp5XPo9F4yY7nQh6rXo=
Subject key identifier:   AB:E2:8D:29:64:45:B4:BD:A9:CA:84:C3:7D:AC:FE:3D:6F:04:72:17
Certificate issuer:       /CN=5dd6f6d299bcdec73d13f2d842fc1df4bc1ee2d3
Certificate serial:       01927A2E5F9B841B589AD560F9EE5179E82F
Authority key identifier: 5D:D6:F6:D2:99:BC:DE:C7:3D:13:F2:D8:42:FC:1D:F4:BC:1E:E2:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xdb20pm83sc9E_LYQvwd9Lwe4tM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/q-KNKWRFtL2pyoTDfaz-PW8Echc.roa
Signing time:             Fri 11 Oct 2024 06:05:12 +0000
ROA not before:           Fri 11 Oct 2024 06:05:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7018
IP address blocks:        91.200.253.0/24 maxlen: 24
                          110.172.188.0/24 maxlen: 24
                          114.69.246.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/Xdb20pm83sc9E_LYQvwd9Lwe4tM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/Xdb20pm83sc9E_LYQvwd9Lwe4tM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xdb20pm83sc9E_LYQvwd9Lwe4tM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:7a:2e:5f:9b:84:1b:58:9a:d5:60:f9:ee:51:79:e8:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5dd6f6d299bcdec73d13f2d842fc1df4bc1ee2d3
        Validity
            Not Before: Oct 11 06:05:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=abe28d296445b4bda9ca84c37dacfe3d6f047217
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:4f:03:e5:03:88:c4:43:2f:21:71:59:00:de:
                    d3:4e:cb:cd:8e:66:30:49:52:60:ab:f3:08:ea:76:
                    0a:08:e0:f7:2a:33:e6:e0:4a:0e:56:7a:c1:12:43:
                    88:cf:54:cc:2c:b3:e0:1e:2c:87:02:b8:da:ac:62:
                    a4:71:a7:d7:5b:9b:41:14:32:86:50:df:f2:93:32:
                    b0:a3:38:3f:cb:35:55:9f:eb:d7:99:2f:23:e9:da:
                    60:74:13:b4:f0:8e:fd:da:61:42:f0:e5:83:40:2e:
                    b5:25:9a:e7:3c:c9:fd:e5:a2:73:c5:4d:e0:1b:ef:
                    9a:f6:bd:34:1a:7e:de:67:f4:80:63:f5:6b:9c:29:
                    c2:ef:d0:6e:26:04:a5:e5:cb:0c:08:89:07:e8:a8:
                    89:d2:9e:23:56:cc:e7:62:ed:af:09:38:c6:ed:7a:
                    6a:c6:3c:c1:7c:43:9b:37:c0:0d:08:4d:8c:d0:7b:
                    fe:c9:e8:08:d6:bf:d2:62:6d:8d:b0:54:5e:51:e3:
                    0d:ac:7c:83:54:b9:fc:34:0c:2b:55:96:e8:6f:75:
                    98:c0:5e:64:00:dc:93:8e:42:f5:43:fb:cb:f9:49:
                    a4:52:8b:50:1b:3e:1f:79:1e:77:5a:53:9e:a8:0f:
                    b3:b8:20:2a:f3:30:5f:9b:cc:2a:59:ac:94:00:00:
                    83:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:E2:8D:29:64:45:B4:BD:A9:CA:84:C3:7D:AC:FE:3D:6F:04:72:17
            X509v3 Authority Key Identifier:
                keyid:5D:D6:F6:D2:99:BC:DE:C7:3D:13:F2:D8:42:FC:1D:F4:BC:1E:E2:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xdb20pm83sc9E_LYQvwd9Lwe4tM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/q-KNKWRFtL2pyoTDfaz-PW8Echc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/Xdb20pm83sc9E_LYQvwd9Lwe4tM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.200.253.0/24
                  110.172.188.0/24
                  114.69.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:8b:cd:a0:36:e2:f5:74:e2:6c:3c:1c:52:5b:55:f8:2d:62:
         f5:26:41:97:3b:5c:0f:b5:f8:1d:13:27:c9:35:2a:bc:d6:66:
         a4:bb:a8:f0:cd:9d:62:ea:a1:61:9e:ed:25:f7:77:e3:ae:ba:
         da:7c:5f:f2:9f:2d:e5:fe:a5:39:69:1e:d1:a7:46:55:9d:9d:
         85:d7:6d:95:e0:c6:d9:22:eb:77:b9:6f:d0:38:af:e9:d3:d5:
         ee:b9:ee:65:18:cc:ad:02:68:55:3f:44:0f:ce:3d:d7:0b:a5:
         1f:35:c4:60:0d:9e:ef:04:bc:1b:2a:0a:80:aa:0e:f7:d1:8f:
         a2:1d:46:d0:5e:2a:b7:66:ee:30:d9:74:b4:36:6b:af:d1:14:
         0a:c2:50:48:b6:59:d3:1e:59:45:05:cf:c2:39:b9:78:cd:49:
         29:70:d3:75:5c:0d:03:8f:61:be:7a:65:21:ee:46:8b:89:4e:
         45:d4:12:e5:ec:2a:08:b3:31:cc:22:ea:06:c1:22:78:3c:48:
         db:1e:be:19:25:c7:28:17:44:4d:1d:1b:51:4f:6a:f9:c4:34:
         46:dc:bc:3a:d8:46:af:ef:ed:b9:dd:4c:c8:48:83:95:c6:09:
         08:7f:de:6a:16:62:27:28:57:fc:d6:5b:17:1d:4b:48:36:22:
         6e:7c:21:99
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZJ6Ll+bhBtYmtVg+e5ReegvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkZDZmNmQyOTliY2RlYzczZDEzZjJkODQyZmMxZGY0YmMx
ZWUyZDMwHhcNMjQxMDExMDYwNTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmUyOGQyOTY0NDViNGJkYTljYTg0YzM3ZGFjZmUzZDZmMDQ3MjE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA108D5QOIxEMvIXFZAN7TTsvNjmYw
SVJgq/MI6nYKCOD3KjPm4EoOVnrBEkOIz1TMLLPgHiyHArjarGKkcafXW5tBFDKG
UN/ykzKwozg/yzVVn+vXmS8j6dpgdBO08I792mFC8OWDQC61JZrnPMn95aJzxU3g
G++a9r00Gn7eZ/SAY/VrnCnC79BuJgSl5csMCIkH6KiJ0p4jVsznYu2vCTjG7Xpq
xjzBfEObN8ANCE2M0Hv+yegI1r/SYm2NsFReUeMNrHyDVLn8NAwrVZbob3WYwF5k
ANyTjkL1Q/vL+UmkUotQGz4feR53WlOeqA+zuCAq8zBfm8wqWayUAACDIwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFKvijSlkRbS9qcqEw32s/j1vBHIXMB8GA1UdIwQY
MBaAFF3W9tKZvN7HPRPy2EL8HfS8HuLTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGRiMjBwbTgzc2M5RV9MWVF2d2Q5THdlNHRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC9hNGI0NDYtYmI3Mi00NWJlLWJjNDYt
NTFmNWZmODFjMTE3LzEvcS1LTktXUkZ0TDJweW9URGZhei1QVzhFY2hjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC9hNGI0NDYtYmI3Mi00NWJlLWJjNDYtNTFmNWZmODFjMTE3
LzEvWGRiMjBwbTgzc2M5RV9MWVF2d2Q5THdlNHRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAW8j9AwQA
bqy8AwQAckX2MA0GCSqGSIb3DQEBCwUAA4IBAQAzi82gNuL1dOJsPBxSW1X4LWL1
JkGXO1wPtfgdEyfJNSq81maku6jwzZ1i6qFhnu0l93fjrrrafF/yny3l/qU5aR7R
p0ZVnZ2F122V4MbZIut3uW/QOK/p09Xuue5lGMytAmhVP0QPzj3XC6UfNcRgDZ7v
BLwbKgqAqg730Y+iHUbQXiq3Zu4w2XS0Nmuv0RQKwlBItlnTHllFBc/CObl4zUkp
cNN1XA0Dj2G+emUh7kaLiU5F1BLl7CoIszHMIuoGwSJ4PEjbHr4ZJccoF0RNHRtR
T2r5xDRG3Lw62Eav7+253UzISIOVxgkIf95qFmInKFf81lsXHUtINiJufCGZ
-----END CERTIFICATE-----