Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/36190d-1c6c-48c6-a414-2fbb208ad182/1/7VspCms8L1ACllsPYgL6wt0gx6s.roa
File:                     7VspCms8L1ACllsPYgL6wt0gx6s.roa (raw, json)
Hash identifier:          9E4UAeMSARnSkF25x8m2n0O3MLp7h0l5BsC171utTK8=
Subject key identifier:   ED:5B:29:0A:6B:3C:2F:50:02:96:5B:0F:62:02:FA:C2:DD:20:C7:AB
Certificate issuer:       /CN=f9c9e0305cfed5794448732a8b0bd8427450d813
Certificate serial:       018CC50113C8837A9D4F1A175EBD08C720B2
Authority key identifier: F9:C9:E0:30:5C:FE:D5:79:44:48:73:2A:8B:0B:D8:42:74:50:D8:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-cngMFz-1XlESHMqiwvYQnRQ2BM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/36190d-1c6c-48c6-a414-2fbb208ad182/1/7VspCms8L1ACllsPYgL6wt0gx6s.roa
Signing time:             Mon 01 Jan 2024 12:30:31 +0000
ROA not before:           Mon 01 Jan 2024 12:30:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396982
IP address blocks:        185.76.36.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/36190d-1c6c-48c6-a414-2fbb208ad182/1/1-cngMFz-1XlESHMqiwvYQnRQ2BM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/36190d-1c6c-48c6-a414-2fbb208ad182/1/1-cngMFz-1XlESHMqiwvYQnRQ2BM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-cngMFz-1XlESHMqiwvYQnRQ2BM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:13:c8:83:7a:9d:4f:1a:17:5e:bd:08:c7:20:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f9c9e0305cfed5794448732a8b0bd8427450d813
        Validity
            Not Before: Jan  1 12:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ed5b290a6b3c2f5002965b0f6202fac2dd20c7ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:88:7d:9f:0c:b1:bf:7f:f2:bf:a8:07:9b:1d:
                    05:44:c0:4d:80:9c:72:68:25:1a:d1:ce:34:62:3b:
                    28:b2:2f:0d:41:e5:55:2c:d8:98:3b:fe:6d:07:41:
                    74:25:e0:a0:e8:04:10:cf:67:8e:a8:fa:32:a1:ec:
                    78:2c:59:e9:f7:c3:0e:7d:73:87:33:70:06:53:22:
                    e8:79:3d:fe:df:e7:e4:26:9e:1a:ae:a0:f4:c8:b5:
                    06:4d:12:93:6a:8b:d6:4f:4c:a3:49:50:2f:4d:e1:
                    dd:4f:98:0d:07:80:7e:f1:31:c1:88:a9:9c:9f:8f:
                    34:30:80:de:9b:02:0a:66:5a:76:9e:16:2c:36:de:
                    d4:ad:b1:11:17:3e:0a:d2:c0:aa:1f:d8:6a:f9:d9:
                    91:ff:97:fe:03:17:04:95:a2:3c:da:70:eb:c8:53:
                    df:60:0d:0b:80:7c:bd:a4:2a:92:49:f1:fb:73:e6:
                    cf:84:b0:6e:05:95:bf:ab:5b:a6:c1:48:8e:f1:63:
                    1d:90:4a:84:82:f7:e4:5c:c5:9b:79:cd:27:2b:01:
                    0f:08:84:81:4f:65:b1:75:83:bd:84:47:7b:f6:97:
                    9d:4e:d5:38:65:7e:9e:11:be:9a:b9:44:22:50:c1:
                    eb:78:bc:51:43:83:43:93:a9:fc:ed:0e:d3:a2:f8:
                    66:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:5B:29:0A:6B:3C:2F:50:02:96:5B:0F:62:02:FA:C2:DD:20:C7:AB
            X509v3 Authority Key Identifier:
                keyid:F9:C9:E0:30:5C:FE:D5:79:44:48:73:2A:8B:0B:D8:42:74:50:D8:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-cngMFz-1XlESHMqiwvYQnRQ2BM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/36190d-1c6c-48c6-a414-2fbb208ad182/1/7VspCms8L1ACllsPYgL6wt0gx6s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/36190d-1c6c-48c6-a414-2fbb208ad182/1/1-cngMFz-1XlESHMqiwvYQnRQ2BM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.76.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:0a:a9:a3:9a:b9:e6:4d:27:a2:09:8b:ef:01:1b:ea:fc:1b:
         b4:54:c1:64:71:d4:2a:12:19:b6:cc:b8:cb:05:c8:50:c0:66:
         0a:2e:76:24:4d:ec:d9:79:d6:a4:5a:72:c4:d5:62:4b:05:a0:
         fb:84:83:17:e1:43:6e:80:9e:89:87:20:b2:50:8e:38:c2:9f:
         f0:38:f0:43:0c:98:ee:d6:2a:64:24:a2:40:2f:bc:12:f5:6f:
         78:ab:ac:1e:7f:75:5f:20:57:44:e3:64:f3:41:ab:b4:41:e9:
         98:27:7b:a1:cf:e0:ad:5b:2b:f6:eb:2d:8b:44:2b:d8:94:82:
         72:83:43:46:b6:df:7c:cb:06:e6:b6:48:7d:a8:7c:ee:20:37:
         52:63:01:6a:a3:e2:bc:da:19:86:0a:81:c3:e3:87:cf:81:2a:
         bd:77:85:43:6e:70:48:43:f1:b0:c8:67:1c:5e:04:78:97:f4:
         63:6e:6a:7c:79:40:96:38:9f:39:0d:d9:77:96:9b:28:70:6d:
         45:fa:12:b8:a9:69:85:20:03:b0:a0:a0:96:04:48:27:c8:de:
         da:11:0c:8c:88:f0:10:50:5b:f2:96:3e:10:d5:a4:a7:68:6e:
         1d:93:9a:34:0a:50:7d:b4:bf:f0:c5:51:17:ba:24:ec:16:53:
         30:17:15:aa
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzFARPIg3qdTxoXXr0IxyCyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY5YzllMDMwNWNmZWQ1Nzk0NDQ4NzMyYThiMGJkODQyNzQ1
MGQ4MTMwHhcNMjQwMTAxMTIzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDViMjkwYTZiM2MyZjUwMDI5NjViMGY2MjAyZmFjMmRkMjBjN2FiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Ih9nwyxv3/yv6gHmx0FRMBNgJxy
aCUa0c40Yjsosi8NQeVVLNiYO/5tB0F0JeCg6AQQz2eOqPoyoex4LFnp98MOfXOH
M3AGUyLoeT3+3+fkJp4arqD0yLUGTRKTaovWT0yjSVAvTeHdT5gNB4B+8THBiKmc
n480MIDemwIKZlp2nhYsNt7UrbERFz4K0sCqH9hq+dmR/5f+AxcElaI82nDryFPf
YA0LgHy9pCqSSfH7c+bPhLBuBZW/q1umwUiO8WMdkEqEgvfkXMWbec0nKwEPCISB
T2WxdYO9hEd79pedTtU4ZX6eEb6auUQiUMHreLxRQ4NDk6n87Q7TovhmawIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFO1bKQprPC9QApZbD2IC+sLdIMerMB8GA1UdIwQY
MBaAFPnJ4DBc/tV5REhzKosL2EJ0UNgTMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1jbmdNRnotMVhsRVNITXFpd3ZZUW5SUTJCTS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzcvMzYxOTBkLTFjNmMtNDhjNi1hNDE0
LTJmYmIyMDhhZDE4Mi8xLzdWc3BDbXM4TDFBQ2xsc1BZZ0w2d3QwZ3g2cy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMzcvMzYxOTBkLTFjNmMtNDhjNi1hNDE0LTJmYmIyMDhhZDE4
Mi8xLzEtY25nTUZ6LTFYbEVTSE1xaXd2WVFuUlEyQk0uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC5TCQw
DQYJKoZIhvcNAQELBQADggEBAHIKqaOaueZNJ6IJi+8BG+r8G7RUwWRx1CoSGbbM
uMsFyFDAZgoudiRN7Nl51qRacsTVYksFoPuEgxfhQ26AnomHILJQjjjCn/A48EMM
mO7WKmQkokAvvBL1b3irrB5/dV8gV0TjZPNBq7RB6Zgne6HP4K1bK/brLYtEK9iU
gnKDQ0a233zLBua2SH2ofO4gN1JjAWqj4rzaGYYKgcPjh8+BKr13hUNucEhD8bDI
ZxxeBHiX9GNuanx5QJY4nzkN2XeWmyhwbUX6EripaYUgA7CgoJYESCfI3toRDIyI
8BBQW/KWPhDVpKdobh2TmjQKUH20v/DFURe6JOwWUzAXFao=
-----END CERTIFICATE-----