Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/ce1c99-0abe-4277-aca2-fe1cf308a008/1/sk8RYmYZuzmW19v3aPXsnHCozTY.roa
File:                     sk8RYmYZuzmW19v3aPXsnHCozTY.roa (raw, json)
Hash identifier:          7Agm8LHN/3qivdGloVnUsIMjwkLsD1cJ1bZFLV7MAFQ=
Subject key identifier:   B2:4F:11:62:66:19:BB:39:96:D7:DB:F7:68:F5:EC:9C:70:A8:CD:36
Certificate issuer:       /CN=7913f8c13ba8290f60da63ba89e935b275893adb
Certificate serial:       0190CD572566357A2D06623357EB9F3A04F2
Authority key identifier: 79:13:F8:C1:3B:A8:29:0F:60:DA:63:BA:89:E9:35:B2:75:89:3A:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eRP4wTuoKQ9g2mO6iek1snWJOts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/ce1c99-0abe-4277-aca2-fe1cf308a008/1/sk8RYmYZuzmW19v3aPXsnHCozTY.roa
Signing time:             Fri 19 Jul 2024 23:32:38 +0000
ROA not before:           Fri 19 Jul 2024 23:32:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        185.78.200.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/ce1c99-0abe-4277-aca2-fe1cf308a008/1/eRP4wTuoKQ9g2mO6iek1snWJOts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/ce1c99-0abe-4277-aca2-fe1cf308a008/1/eRP4wTuoKQ9g2mO6iek1snWJOts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eRP4wTuoKQ9g2mO6iek1snWJOts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:cd:57:25:66:35:7a:2d:06:62:33:57:eb:9f:3a:04:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7913f8c13ba8290f60da63ba89e935b275893adb
        Validity
            Not Before: Jul 19 23:32:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b24f11626619bb3996d7dbf768f5ec9c70a8cd36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:f6:07:f0:28:68:b2:46:9d:49:e0:b9:13:69:
                    12:11:f3:a1:ac:8c:c3:85:be:24:45:75:60:fa:26:
                    23:c7:cc:f4:c9:08:56:a7:d5:b0:90:f0:42:57:c3:
                    11:6d:1e:f1:c4:16:d4:43:75:a8:96:95:e8:a6:1c:
                    1f:24:41:9c:fb:6b:f8:6b:77:6c:4e:8b:6e:66:d6:
                    87:24:f2:fb:41:f3:bb:1e:ac:e2:c1:62:98:55:18:
                    30:44:8d:f6:38:93:98:58:03:84:65:ff:08:57:ac:
                    32:38:39:fc:7a:97:2b:8d:e7:30:28:88:62:7f:c5:
                    ea:96:c7:60:a9:c2:ea:ed:0d:5f:57:d1:7e:31:ad:
                    07:bf:6b:e3:1e:f1:a2:73:04:a4:73:05:ea:bc:ef:
                    da:f4:0d:d8:94:4f:61:56:da:8c:f3:24:09:0c:be:
                    c7:ff:fe:78:00:96:bb:f6:a2:0a:2c:05:f6:7b:58:
                    16:e9:c3:3c:00:b4:43:14:36:88:cd:4a:81:ca:88:
                    c8:cf:e2:ea:dc:ff:d4:19:d4:6e:92:61:27:ec:5e:
                    a3:00:89:f8:d0:cb:2c:15:f0:dd:57:11:9b:f7:a6:
                    39:bf:9d:4b:95:f2:ff:26:13:15:a7:4f:10:da:4f:
                    88:14:4e:ea:7d:0b:6d:b6:57:06:75:e6:e8:41:74:
                    62:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:4F:11:62:66:19:BB:39:96:D7:DB:F7:68:F5:EC:9C:70:A8:CD:36
            X509v3 Authority Key Identifier:
                keyid:79:13:F8:C1:3B:A8:29:0F:60:DA:63:BA:89:E9:35:B2:75:89:3A:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eRP4wTuoKQ9g2mO6iek1snWJOts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/ce1c99-0abe-4277-aca2-fe1cf308a008/1/sk8RYmYZuzmW19v3aPXsnHCozTY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/ce1c99-0abe-4277-aca2-fe1cf308a008/1/eRP4wTuoKQ9g2mO6iek1snWJOts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.78.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2e:8d:b5:53:98:1f:d5:a4:6a:cf:e0:8f:75:20:c3:93:a8:e5:
         ee:bd:68:8a:0c:33:d8:9a:15:00:c2:9f:e5:1c:dc:9b:d0:70:
         1b:94:77:c4:3e:2f:c1:ca:a8:07:2f:af:90:a8:a3:96:e0:f3:
         0d:27:89:f2:a9:ef:db:c6:46:3b:6b:9c:4d:8a:84:dc:92:59:
         b5:af:85:fe:66:5d:22:dd:9c:9d:87:1d:50:8c:1e:bd:ba:3b:
         02:ef:15:5a:27:03:fa:5d:b8:eb:a7:9a:45:c2:3e:67:90:ce:
         27:ae:50:98:91:95:31:21:7d:0f:a0:85:27:2f:f3:78:ff:57:
         5c:1e:5f:81:1e:e6:8b:95:2f:96:93:77:1c:0a:68:c8:4c:0e:
         cc:fd:cb:1b:4d:3d:ff:0c:79:e1:d1:7f:94:51:c2:7a:2e:45:
         d7:37:b7:75:1f:bb:4c:c7:77:5c:9e:bf:ab:54:a3:3a:c7:b8:
         b7:2b:27:0a:52:0d:e5:71:2c:e2:fc:65:fa:e7:c0:e7:7f:02:
         91:1c:82:de:c9:f1:64:c8:58:1c:41:59:5b:97:ad:34:bc:82:
         86:33:b2:f7:e3:ed:5a:db:7d:7f:c5:c0:fd:ce:ea:04:75:48:
         3b:5c:51:9a:ff:33:c7:e6:b5:d2:a1:b4:33:a9:8e:35:90:bf:
         4a:04:04:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDNVyVmNXotBmIzV+ufOgTyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5MTNmOGMxM2JhODI5MGY2MGRhNjNiYTg5ZTkzNWIyNzU4
OTNhZGIwHhcNMjQwNzE5MjMzMjM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjRmMTE2MjY2MTliYjM5OTZkN2RiZjc2OGY1ZWM5YzcwYThjZDM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs/YH8ChoskadSeC5E2kSEfOhrIzD
hb4kRXVg+iYjx8z0yQhWp9WwkPBCV8MRbR7xxBbUQ3WolpXophwfJEGc+2v4a3ds
TotuZtaHJPL7QfO7HqziwWKYVRgwRI32OJOYWAOEZf8IV6wyODn8epcrjecwKIhi
f8XqlsdgqcLq7Q1fV9F+Ma0Hv2vjHvGicwSkcwXqvO/a9A3YlE9hVtqM8yQJDL7H
//54AJa79qIKLAX2e1gW6cM8ALRDFDaIzUqByojIz+Lq3P/UGdRukmEn7F6jAIn4
0MssFfDdVxGb96Y5v51LlfL/JhMVp08Q2k+IFE7qfQtttlcGdeboQXRiaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLJPEWJmGbs5ltfb92j17JxwqM02MB8GA1UdIwQY
MBaAFHkT+ME7qCkPYNpjuonpNbJ1iTrbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVJQNHdUdW9LUTlnMm1PNmllazFzbldKT3RzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS9jZTFjOTktMGFiZS00Mjc3LWFjYTIt
ZmUxY2YzMDhhMDA4LzEvc2s4UlltWVp1em1XMTl2M2FQWHNuSENvelRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS9jZTFjOTktMGFiZS00Mjc3LWFjYTItZmUxY2YzMDhhMDA4
LzEvZVJQNHdUdW9LUTlnMm1PNmllazFzbldKT3RzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuU7IMA0G
CSqGSIb3DQEBCwUAA4IBAQAujbVTmB/VpGrP4I91IMOTqOXuvWiKDDPYmhUAwp/l
HNyb0HAblHfEPi/ByqgHL6+QqKOW4PMNJ4nyqe/bxkY7a5xNioTcklm1r4X+Zl0i
3Zydhx1QjB69ujsC7xVaJwP6Xbjrp5pFwj5nkM4nrlCYkZUxIX0PoIUnL/N4/1dc
Hl+BHuaLlS+Wk3ccCmjITA7M/csbTT3/DHnh0X+UUcJ6LkXXN7d1H7tMx3dcnr+r
VKM6x7i3KycKUg3lcSzi/GX658DnfwKRHILeyfFkyFgcQVlbl600vIKGM7L34+1a
231/xcD9zuoEdUg7XFGa/zPH5rXSobQzqY41kL9KBATs
-----END CERTIFICATE-----