Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/3f7e56-0916-47ac-8586-a9388f31b47e/1/v7A-yy-0BrPcxKuAIpjWBW-abVI.roa
File:                     v7A-yy-0BrPcxKuAIpjWBW-abVI.roa (raw, json)
Hash identifier:          dj1VH+yfvThr778BAUIr1UsS/zPthITub6MOAcRxCaA=
Subject key identifier:   BF:B0:3E:CB:2F:B4:06:B3:DC:C4:AB:80:22:98:D6:05:6F:9A:6D:52
Certificate issuer:       /CN=3cd37ec23719b2f142f46e6f3317664034adf598
Certificate serial:       018CC6B92F67CDD9AF8D40A81DE4EE69D672
Authority key identifier: 3C:D3:7E:C2:37:19:B2:F1:42:F4:6E:6F:33:17:66:40:34:AD:F5:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PNN-wjcZsvFC9G5vMxdmQDSt9Zg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/3f7e56-0916-47ac-8586-a9388f31b47e/1/v7A-yy-0BrPcxKuAIpjWBW-abVI.roa
Signing time:             Mon 01 Jan 2024 20:31:13 +0000
ROA not before:           Mon 01 Jan 2024 20:31:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58192
IP address blocks:        185.83.182.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/3f7e56-0916-47ac-8586-a9388f31b47e/1/PNN-wjcZsvFC9G5vMxdmQDSt9Zg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/3f7e56-0916-47ac-8586-a9388f31b47e/1/PNN-wjcZsvFC9G5vMxdmQDSt9Zg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PNN-wjcZsvFC9G5vMxdmQDSt9Zg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Jun 2024 13:57:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:2f:67:cd:d9:af:8d:40:a8:1d:e4:ee:69:d6:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3cd37ec23719b2f142f46e6f3317664034adf598
        Validity
            Not Before: Jan  1 20:31:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bfb03ecb2fb406b3dcc4ab802298d6056f9a6d52
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:74:24:19:86:d4:b6:29:13:dc:8f:b0:04:e8:
                    07:c9:0b:f0:f7:d9:1f:1f:1b:60:44:7f:17:8b:1e:
                    65:8d:dc:32:c9:1c:6d:52:a7:e0:32:6a:6a:69:32:
                    a9:1a:f4:89:a0:d0:c4:02:fa:07:c7:47:4c:bd:98:
                    88:f1:11:66:5b:d6:ba:b1:c6:f9:de:92:aa:67:86:
                    88:a9:2b:a8:62:68:de:d0:90:e8:19:4b:ba:4a:43:
                    59:e5:51:0f:f8:63:03:b3:ea:04:16:bb:90:69:ab:
                    a5:23:38:eb:20:7a:92:6b:22:09:e8:90:bf:cc:c8:
                    6f:bf:cc:6c:50:af:57:3e:79:87:ae:dd:9f:2b:ec:
                    db:87:03:17:30:9c:eb:00:53:c8:f6:6c:7d:7e:12:
                    18:75:89:a8:0d:67:1c:14:cd:f5:47:30:e1:ca:08:
                    f0:fc:7b:1d:cc:21:9e:34:12:1e:e2:21:21:56:5a:
                    71:39:35:48:a6:af:bb:e9:8c:28:c7:2b:2c:e5:79:
                    df:71:3d:6f:0e:c1:a3:8a:11:16:86:88:d6:a3:72:
                    1d:f8:65:e2:f7:c9:3f:db:60:d0:f7:da:e6:70:df:
                    57:d7:c1:77:7f:cc:db:41:3d:93:c7:9d:0b:28:8c:
                    8b:b7:57:94:7b:fc:9f:d8:83:de:b1:de:b5:fb:11:
                    e7:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:B0:3E:CB:2F:B4:06:B3:DC:C4:AB:80:22:98:D6:05:6F:9A:6D:52
            X509v3 Authority Key Identifier:
                keyid:3C:D3:7E:C2:37:19:B2:F1:42:F4:6E:6F:33:17:66:40:34:AD:F5:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PNN-wjcZsvFC9G5vMxdmQDSt9Zg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/3f7e56-0916-47ac-8586-a9388f31b47e/1/v7A-yy-0BrPcxKuAIpjWBW-abVI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/3f7e56-0916-47ac-8586-a9388f31b47e/1/PNN-wjcZsvFC9G5vMxdmQDSt9Zg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.83.182.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:da:bc:64:00:88:c7:7c:97:38:4c:6c:5a:dc:d7:c7:96:c6:
         d3:14:f0:6f:43:34:4d:c6:ad:f9:00:a9:0b:1b:d4:53:46:d8:
         1c:6f:5e:d8:09:c5:ac:bc:92:2c:34:27:1b:68:aa:48:b1:48:
         64:eb:66:7b:56:66:fe:52:18:f3:40:05:72:9b:c8:d4:43:a7:
         9d:0b:d6:5e:17:e7:4b:c5:a7:9e:bf:5e:99:c7:96:8c:fe:8a:
         56:c5:88:d4:b3:9a:91:bd:6e:31:19:4f:bc:1b:0e:77:d0:d1:
         4b:66:20:54:3d:4c:d8:d8:c4:75:e9:5c:3b:8e:53:cd:44:d6:
         73:f5:18:c5:34:8e:e8:86:c4:c6:8b:9b:d6:07:a2:55:c0:a3:
         7a:ef:e2:2f:bb:78:a3:e9:d9:21:c0:d3:27:6c:f6:2e:c6:9b:
         74:2f:b8:9f:79:2a:5a:0d:7b:f0:a2:98:29:16:d3:05:f6:83:
         5d:30:a1:0d:c9:3d:f3:76:26:51:c6:f9:5e:01:d7:85:c7:18:
         ea:f5:98:9e:e7:25:e1:80:69:1b:93:f1:f0:86:04:95:ce:6b:
         ed:19:24:1c:1f:8c:d9:c3:db:30:f2:8a:a5:60:50:e6:6d:a7:
         f6:7e:f2:cd:45:d1:a8:84:ae:7f:3c:31:f0:eb:8c:e7:aa:ba:
         01:14:e1:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuS9nzdmvjUCoHeTuadZyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjZDM3ZWMyMzcxOWIyZjE0MmY0NmU2ZjMzMTc2NjQwMzRh
ZGY1OTgwHhcNMjQwMTAxMjAzMTEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZmIwM2VjYjJmYjQwNmIzZGNjNGFiODAyMjk4ZDYwNTZmOWE2ZDUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhHQkGYbUtikT3I+wBOgHyQvw99kf
HxtgRH8Xix5ljdwyyRxtUqfgMmpqaTKpGvSJoNDEAvoHx0dMvZiI8RFmW9a6scb5
3pKqZ4aIqSuoYmje0JDoGUu6SkNZ5VEP+GMDs+oEFruQaaulIzjrIHqSayIJ6JC/
zMhvv8xsUK9XPnmHrt2fK+zbhwMXMJzrAFPI9mx9fhIYdYmoDWccFM31RzDhygjw
/HsdzCGeNBIe4iEhVlpxOTVIpq+76Ywoxyss5XnfcT1vDsGjihEWhojWo3Id+GXi
98k/22DQ99rmcN9X18F3f8zbQT2Tx50LKIyLt1eUe/yf2IPesd61+xHnSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL+wPssvtAaz3MSrgCKY1gVvmm1SMB8GA1UdIwQY
MBaAFDzTfsI3GbLxQvRubzMXZkA0rfWYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUE5OLXdqY1pzdkZDOUc1dk14ZG1RRFN0OVpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS8zZjdlNTYtMDkxNi00N2FjLTg1ODYt
YTkzODhmMzFiNDdlLzEvdjdBLXl5LTBCclBjeEt1QUlwaldCVy1hYlZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS8zZjdlNTYtMDkxNi00N2FjLTg1ODYtYTkzODhmMzFiNDdl
LzEvUE5OLXdqY1pzdkZDOUc1dk14ZG1RRFN0OVpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVO2MA0G
CSqGSIb3DQEBCwUAA4IBAQBT2rxkAIjHfJc4TGxa3NfHlsbTFPBvQzRNxq35AKkL
G9RTRtgcb17YCcWsvJIsNCcbaKpIsUhk62Z7Vmb+UhjzQAVym8jUQ6edC9ZeF+dL
xaeev16Zx5aM/opWxYjUs5qRvW4xGU+8Gw530NFLZiBUPUzY2MR16Vw7jlPNRNZz
9RjFNI7ohsTGi5vWB6JVwKN67+Ivu3ij6dkhwNMnbPYuxpt0L7ifeSpaDXvwopgp
FtMF9oNdMKENyT3zdiZRxvleAdeFxxjq9Zie5yXhgGkbk/HwhgSVzmvtGSQcH4zZ
w9sw8oqlYFDmbaf2fvLNRdGohK5/PDHw64znqroBFOHh
-----END CERTIFICATE-----