Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/163d77-4fea-4131-becb-0f22d89689a0/1/qL27UohQTzm4QCE38AYMY8jF020.roa
File:                     qL27UohQTzm4QCE38AYMY8jF020.roa (raw, json)
Hash identifier:          qbZEfi3sgrwfezgKn66BSvMt5Bkdpo+Y1aMmbtPIIsE=
Subject key identifier:   A8:BD:BB:52:88:50:4F:39:B8:40:21:37:F0:06:0C:63:C8:C5:D3:6D
Certificate issuer:       /CN=a42000c4f4ec4a03cd4d3657e01b70034ec23b97
Certificate serial:       018CC6B84D5B9F9FFCC942664A72CE1A5924
Authority key identifier: A4:20:00:C4:F4:EC:4A:03:CD:4D:36:57:E0:1B:70:03:4E:C2:3B:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pCAAxPTsSgPNTTZX4BtwA07CO5c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/163d77-4fea-4131-becb-0f22d89689a0/1/qL27UohQTzm4QCE38AYMY8jF020.roa
Signing time:             Mon 01 Jan 2024 20:30:16 +0000
ROA not before:           Mon 01 Jan 2024 20:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2856
IP address blocks:        178.218.240.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/163d77-4fea-4131-becb-0f22d89689a0/1/pCAAxPTsSgPNTTZX4BtwA07CO5c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/163d77-4fea-4131-becb-0f22d89689a0/1/pCAAxPTsSgPNTTZX4BtwA07CO5c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pCAAxPTsSgPNTTZX4BtwA07CO5c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 10:01:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:4d:5b:9f:9f:fc:c9:42:66:4a:72:ce:1a:59:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a42000c4f4ec4a03cd4d3657e01b70034ec23b97
        Validity
            Not Before: Jan  1 20:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a8bdbb5288504f39b8402137f0060c63c8c5d36d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:a5:3b:fe:0b:a9:93:0f:0a:37:ba:33:0d:f1:
                    90:03:72:cf:5b:15:52:8b:4b:ca:f8:0d:87:49:54:
                    b0:23:24:e2:2c:16:cc:0b:f1:fa:5e:aa:a9:b0:8f:
                    0c:82:2a:27:4d:6a:5b:7c:81:72:95:67:5e:96:5f:
                    0a:96:a3:ff:c9:fe:1c:83:60:d9:3e:26:3d:e9:1c:
                    05:b7:90:c0:ae:0a:96:7c:68:8b:fe:a0:e7:14:f1:
                    c2:d7:9c:ad:0c:94:d6:75:fa:0a:54:8a:5b:51:93:
                    04:a9:87:ad:02:cc:b6:9b:a5:49:c5:a1:34:1b:cc:
                    e4:2c:4d:1b:ad:a6:8e:d6:6a:db:a8:6a:52:ce:75:
                    65:0d:3b:38:7d:9d:c2:c4:31:e8:a6:34:48:ed:da:
                    b2:71:47:c1:a7:b4:e0:6e:95:df:59:3f:48:17:aa:
                    04:ef:15:fa:fd:72:16:bc:4e:19:8a:0e:95:18:91:
                    f2:79:81:38:c1:a9:fc:80:8c:ae:f7:a1:b4:80:15:
                    0c:96:0f:d9:c5:9a:b3:68:de:39:31:76:f0:96:35:
                    25:d8:2f:2c:23:1c:a7:b0:3d:d1:76:76:3d:9b:f3:
                    7b:4e:63:f1:6e:33:68:d6:0e:bd:54:bc:3c:5f:03:
                    8e:91:6b:59:77:52:fe:6a:c5:ca:b6:f7:7a:c2:19:
                    eb:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:BD:BB:52:88:50:4F:39:B8:40:21:37:F0:06:0C:63:C8:C5:D3:6D
            X509v3 Authority Key Identifier:
                keyid:A4:20:00:C4:F4:EC:4A:03:CD:4D:36:57:E0:1B:70:03:4E:C2:3B:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pCAAxPTsSgPNTTZX4BtwA07CO5c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/163d77-4fea-4131-becb-0f22d89689a0/1/qL27UohQTzm4QCE38AYMY8jF020.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/163d77-4fea-4131-becb-0f22d89689a0/1/pCAAxPTsSgPNTTZX4BtwA07CO5c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.218.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         42:92:77:eb:aa:a9:2d:ce:91:65:47:37:c4:8b:25:97:38:0e:
         3d:fc:71:84:d1:38:fb:8f:aa:76:78:65:7c:70:41:17:19:8d:
         db:57:75:aa:a5:2f:85:55:07:28:07:ba:3e:c6:6d:b1:de:ec:
         67:47:3d:75:8f:e7:ef:c9:a7:16:e2:2d:74:0e:7e:54:09:d2:
         c3:64:b2:aa:2c:58:b1:11:59:c0:a9:2d:6f:d5:bf:ef:9c:42:
         90:fe:07:78:67:f5:73:c4:5a:54:b2:87:2c:88:a9:aa:c4:da:
         82:10:7d:8c:77:71:5a:9d:3f:b7:ca:12:03:66:e4:f5:6b:7d:
         48:02:c6:55:3c:36:66:04:ae:c3:db:d9:ed:87:2b:e2:de:91:
         3a:d9:4c:c3:3d:17:e5:a0:e3:a9:28:dd:b7:6c:bd:1b:34:ce:
         28:85:a9:03:d7:34:2e:f1:a2:44:23:44:4b:c1:ab:ad:0a:12:
         6a:1f:7a:ae:3c:ee:a5:10:5f:a7:0d:1e:b7:c7:18:d6:ca:70:
         c5:7a:39:02:36:9e:b0:f6:1d:66:ad:25:a8:0d:90:e3:3f:de:
         88:59:30:d0:d7:ab:9d:86:ed:0f:a8:26:0a:c4:78:88:bd:46:
         bb:80:03:df:18:0b:56:12:54:96:65:8d:05:32:67:d8:e8:6e:
         fe:77:7f:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuE1bn5/8yUJmSnLOGlkkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0MjAwMGM0ZjRlYzRhMDNjZDRkMzY1N2UwMWI3MDAzNGVj
MjNiOTcwHhcNMjQwMTAxMjAzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGJkYmI1Mjg4NTA0ZjM5Yjg0MDIxMzdmMDA2MGM2M2M4YzVkMzZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1aU7/gupkw8KN7ozDfGQA3LPWxVS
i0vK+A2HSVSwIyTiLBbMC/H6XqqpsI8MgionTWpbfIFylWdell8KlqP/yf4cg2DZ
PiY96RwFt5DArgqWfGiL/qDnFPHC15ytDJTWdfoKVIpbUZMEqYetAsy2m6VJxaE0
G8zkLE0braaO1mrbqGpSznVlDTs4fZ3CxDHopjRI7dqycUfBp7TgbpXfWT9IF6oE
7xX6/XIWvE4Zig6VGJHyeYE4wan8gIyu96G0gBUMlg/ZxZqzaN45MXbwljUl2C8s
IxynsD3RdnY9m/N7TmPxbjNo1g69VLw8XwOOkWtZd1L+asXKtvd6whnr/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKi9u1KIUE85uEAhN/AGDGPIxdNtMB8GA1UdIwQY
MBaAFKQgAMT07EoDzU02V+AbcANOwjuXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcENBQXhQVHNTZ1BOVFRaWDRCdHdBMDdDTzVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8xNjNkNzctNGZlYS00MTMxLWJlY2It
MGYyMmQ4OTY4OWEwLzEvcUwyN1VvaFFUem00UUNFMzhBWU1ZOGpGMDIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8xNjNkNzctNGZlYS00MTMxLWJlY2ItMGYyMmQ4OTY4OWEw
LzEvcENBQXhQVHNTZ1BOVFRaWDRCdHdBMDdDTzVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCstrwMA0G
CSqGSIb3DQEBCwUAA4IBAQBCknfrqqktzpFlRzfEiyWXOA49/HGE0Tj7j6p2eGV8
cEEXGY3bV3WqpS+FVQcoB7o+xm2x3uxnRz11j+fvyacW4i10Dn5UCdLDZLKqLFix
EVnAqS1v1b/vnEKQ/gd4Z/VzxFpUsocsiKmqxNqCEH2Md3FanT+3yhIDZuT1a31I
AsZVPDZmBK7D29nthyvi3pE62UzDPRfloOOpKN23bL0bNM4ohakD1zQu8aJEI0RL
wautChJqH3quPO6lEF+nDR63xxjWynDFejkCNp6w9h1mrSWoDZDjP96IWTDQ16ud
hu0PqCYKxHiIvUa7gAPfGAtWElSWZY0FMmfY6G7+d3+k
-----END CERTIFICATE-----