Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/fcea85-8be1-4877-878a-ad9e1a0510b9/1/p7jNn_Uf-3XwR8Q2Akiivi8ITFU.roa
File:                     p7jNn_Uf-3XwR8Q2Akiivi8ITFU.roa (raw, json)
Hash identifier:          wrcQQUeqFZxqfyvero2Q0yfEYxFX2rTh3U2AWRfKLcg=
Subject key identifier:   A7:B8:CD:9F:F5:1F:FB:75:F0:47:C4:36:02:48:A2:BE:2F:08:4C:55
Certificate issuer:       /CN=65eb8ef44183f8e3a9c887a7be26b3f0713c13bd
Certificate serial:       018CC86F0C4002136DE21AAEAC366EAC82CD
Authority key identifier: 65:EB:8E:F4:41:83:F8:E3:A9:C8:87:A7:BE:26:B3:F0:71:3C:13:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZeuO9EGD-OOpyIenviaz8HE8E70.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/fcea85-8be1-4877-878a-ad9e1a0510b9/1/p7jNn_Uf-3XwR8Q2Akiivi8ITFU.roa
Signing time:             Tue 02 Jan 2024 04:29:29 +0000
ROA not before:           Tue 02 Jan 2024 04:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34711
IP address blocks:        195.64.178.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/fcea85-8be1-4877-878a-ad9e1a0510b9/1/ZeuO9EGD-OOpyIenviaz8HE8E70.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/fcea85-8be1-4877-878a-ad9e1a0510b9/1/ZeuO9EGD-OOpyIenviaz8HE8E70.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZeuO9EGD-OOpyIenviaz8HE8E70.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 04:02:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:0c:40:02:13:6d:e2:1a:ae:ac:36:6e:ac:82:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65eb8ef44183f8e3a9c887a7be26b3f0713c13bd
        Validity
            Not Before: Jan  2 04:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a7b8cd9ff51ffb75f047c4360248a2be2f084c55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:e5:e0:bb:bc:2a:df:fc:6d:ce:d5:fa:07:fa:
                    37:aa:3c:80:96:34:50:a0:cb:3b:06:b7:2a:08:d1:
                    ed:90:7c:bf:d4:3e:17:1b:2a:7e:e0:1f:88:01:b4:
                    99:4e:f9:d1:87:71:df:5c:32:6a:47:7c:4b:e6:d4:
                    77:f8:f2:9e:6d:e1:e7:bf:61:ae:5e:c4:fa:27:44:
                    d8:a5:ba:06:51:a3:66:9c:3f:8c:48:eb:95:86:b4:
                    12:aa:7b:31:08:1c:30:ea:2b:63:4e:ba:d2:4a:1e:
                    03:18:c6:a5:16:91:11:af:59:d0:d3:bb:bf:26:cf:
                    06:9c:af:52:97:22:0a:f5:31:51:f0:74:4d:b6:8d:
                    bc:03:05:1d:04:26:6c:9d:7f:aa:15:e2:e4:fa:83:
                    12:2f:da:b3:bb:af:cf:5a:02:2d:3a:47:f6:8a:68:
                    a0:b6:4b:79:4f:d9:16:80:5b:2e:9e:31:5c:e4:8b:
                    2d:6a:c2:1f:b0:05:13:8c:23:cb:d8:6b:aa:65:3f:
                    07:da:80:9f:60:dd:96:55:52:2c:ac:05:cf:ce:76:
                    94:18:38:07:b4:0f:ef:8c:45:53:66:6a:e8:e7:ae:
                    92:3a:43:0a:f4:b3:5a:91:39:bd:78:1f:db:43:28:
                    2b:a5:00:bb:42:d3:07:69:ca:66:03:ce:39:a5:d7:
                    e4:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:B8:CD:9F:F5:1F:FB:75:F0:47:C4:36:02:48:A2:BE:2F:08:4C:55
            X509v3 Authority Key Identifier:
                keyid:65:EB:8E:F4:41:83:F8:E3:A9:C8:87:A7:BE:26:B3:F0:71:3C:13:BD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZeuO9EGD-OOpyIenviaz8HE8E70.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/fcea85-8be1-4877-878a-ad9e1a0510b9/1/p7jNn_Uf-3XwR8Q2Akiivi8ITFU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/fcea85-8be1-4877-878a-ad9e1a0510b9/1/ZeuO9EGD-OOpyIenviaz8HE8E70.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.64.178.0/23

    Signature Algorithm: sha256WithRSAEncryption
         27:b8:88:c0:e4:f5:c5:6e:b9:c9:d5:47:35:90:43:a0:d5:5a:
         db:22:28:99:ed:33:d2:8d:64:18:6f:67:c2:74:c5:b5:e4:84:
         d5:d1:53:30:d1:c3:f7:fb:56:fe:45:b5:14:4d:f4:be:66:a0:
         b9:04:83:91:94:58:26:95:24:3f:31:29:f6:6c:2d:14:5f:59:
         62:2a:c5:ec:3c:fb:85:58:84:51:06:2d:8f:4c:37:d5:59:ea:
         56:62:b1:8f:73:2a:f4:5a:37:dc:72:53:64:c2:54:1b:ed:6b:
         bc:e2:ef:0c:1e:10:53:88:14:5c:67:01:d8:74:52:6d:7f:76:
         89:a5:4a:f3:59:20:ba:ec:15:51:04:e2:cf:a7:cf:57:3a:6f:
         35:a4:9e:a1:c9:bf:99:8a:a5:1c:4e:30:7f:c9:7d:54:1f:cb:
         3c:8a:31:7f:83:4e:95:1f:9b:ae:4f:70:99:45:19:97:c5:6d:
         d0:5d:74:09:1c:3f:04:eb:94:d8:f0:11:2a:c6:31:fa:b1:dd:
         c7:36:a6:3d:e4:e4:d8:67:e9:7d:dd:2a:ef:ba:b5:5e:2d:4e:
         9c:23:ec:cb:e6:44:cd:f9:c9:8e:3c:0f:1c:76:7a:49:3f:b9:
         34:01:aa:c0:d4:c2:51:ce:56:a2:b3:f4:a7:7c:90:71:d4:05:
         20:60:71:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbwxAAhNt4hqurDZurILNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1ZWI4ZWY0NDE4M2Y4ZTNhOWM4ODdhN2JlMjZiM2YwNzEz
YzEzYmQwHhcNMjQwMTAyMDQyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhN2I4Y2Q5ZmY1MWZmYjc1ZjA0N2M0MzYwMjQ4YTJiZTJmMDg0YzU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhOXgu7wq3/xtztX6B/o3qjyAljRQ
oMs7BrcqCNHtkHy/1D4XGyp+4B+IAbSZTvnRh3HfXDJqR3xL5tR3+PKebeHnv2Gu
XsT6J0TYpboGUaNmnD+MSOuVhrQSqnsxCBww6itjTrrSSh4DGMalFpERr1nQ07u/
Js8GnK9SlyIK9TFR8HRNto28AwUdBCZsnX+qFeLk+oMSL9qzu6/PWgItOkf2imig
tkt5T9kWgFsunjFc5IstasIfsAUTjCPL2GuqZT8H2oCfYN2WVVIsrAXPznaUGDgH
tA/vjEVTZmro566SOkMK9LNakTm9eB/bQygrpQC7QtMHacpmA845pdfkiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKe4zZ/1H/t18EfENgJIor4vCExVMB8GA1UdIwQY
MBaAFGXrjvRBg/jjqciHp74ms/BxPBO9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmV1TzlFR0QtT09weUllbnZpYXo4SEU4RTcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9mY2VhODUtOGJlMS00ODc3LTg3OGEt
YWQ5ZTFhMDUxMGI5LzEvcDdqTm5fVWYtM1h3UjhRMkFraWl2aThJVEZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9mY2VhODUtOGJlMS00ODc3LTg3OGEtYWQ5ZTFhMDUxMGI5
LzEvWmV1TzlFR0QtT09weUllbnZpYXo4SEU4RTcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw0CyMA0G
CSqGSIb3DQEBCwUAA4IBAQAnuIjA5PXFbrnJ1Uc1kEOg1VrbIiiZ7TPSjWQYb2fC
dMW15ITV0VMw0cP3+1b+RbUUTfS+ZqC5BIORlFgmlSQ/MSn2bC0UX1liKsXsPPuF
WIRRBi2PTDfVWepWYrGPcyr0WjfcclNkwlQb7Wu84u8MHhBTiBRcZwHYdFJtf3aJ
pUrzWSC67BVRBOLPp89XOm81pJ6hyb+ZiqUcTjB/yX1UH8s8ijF/g06VH5uuT3CZ
RRmXxW3QXXQJHD8E65TY8BEqxjH6sd3HNqY95OTYZ+l93SrvurVeLU6cI+zL5kTN
+cmOPA8cdnpJP7k0AarA1MJRzlais/SnfJBx1AUgYHGY
-----END CERTIFICATE-----