Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/2fb477-a8b7-450e-b533-11e6c0a3a808/1/1-Bb6O7BS-tA1avNqXM_vCx2AEhk.roa
File:                     1-Bb6O7BS-tA1avNqXM_vCx2AEhk.roa (raw, json)
Hash identifier:          QXOQ63Vt9fHLwTHdYDrc1zd26MXUkk/Wh+7i5egF7x8=
Subject key identifier:   F8:16:FA:3B:B0:52:FA:D0:35:6A:F3:6A:5C:CF:EF:0B:1D:80:12:19
Certificate issuer:       /CN=7da31ee9c989a6311a08ff232289978401415e91
Certificate serial:       018CC26D234BF6DF3C30FCA33419D1C04F60
Authority key identifier: 7D:A3:1E:E9:C9:89:A6:31:1A:08:FF:23:22:89:97:84:01:41:5E:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faMe6cmJpjEaCP8jIomXhAFBXpE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/2fb477-a8b7-450e-b533-11e6c0a3a808/1/1-Bb6O7BS-tA1avNqXM_vCx2AEhk.roa
Signing time:             Mon 01 Jan 2024 00:29:41 +0000
ROA not before:           Mon 01 Jan 2024 00:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57778
IP address blocks:        185.126.44.0/24 maxlen: 24
                          185.126.45.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/2fb477-a8b7-450e-b533-11e6c0a3a808/1/faMe6cmJpjEaCP8jIomXhAFBXpE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/2fb477-a8b7-450e-b533-11e6c0a3a808/1/faMe6cmJpjEaCP8jIomXhAFBXpE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faMe6cmJpjEaCP8jIomXhAFBXpE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:23:4b:f6:df:3c:30:fc:a3:34:19:d1:c0:4f:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da31ee9c989a6311a08ff232289978401415e91
        Validity
            Not Before: Jan  1 00:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f816fa3bb052fad0356af36a5ccfef0b1d801219
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:6d:02:11:a5:89:f4:d6:1a:a9:e6:66:46:ce:
                    1f:b4:ae:bc:23:5a:bb:85:9b:96:e4:9e:c4:4f:e0:
                    fc:24:4f:a3:32:a6:5a:60:ce:39:c2:be:bc:96:cc:
                    50:79:17:28:cb:e7:db:b2:eb:53:99:9e:12:92:d4:
                    8e:3f:01:41:6d:97:22:41:f6:71:cc:2d:9b:c6:a0:
                    a4:3d:1c:0a:45:69:df:ec:1b:5c:0f:b5:ac:13:1c:
                    e0:09:e1:21:7e:de:62:39:28:b1:a8:2b:06:d7:6c:
                    33:dd:f1:0c:ab:f4:cd:66:ce:7e:a2:6c:d9:a9:71:
                    26:36:89:1e:86:fc:0c:57:8e:f0:e8:ad:4d:fb:8d:
                    b7:27:60:1a:d3:67:c9:c8:b7:01:f4:00:1b:e1:37:
                    f1:53:a4:26:4c:93:77:d6:c5:05:ea:f2:83:74:76:
                    8b:b8:99:e7:a4:04:5a:de:70:48:5e:24:85:7f:c9:
                    0e:76:e1:40:9e:8b:0e:87:18:4c:22:cf:51:17:cc:
                    9f:80:ac:12:2d:2f:c9:c7:96:58:ee:79:45:77:4e:
                    20:2e:33:af:7a:3b:80:41:b9:4e:ac:2f:42:2e:6c:
                    7d:18:86:50:c4:ba:67:c3:3a:d3:c6:b6:44:2a:31:
                    93:bd:51:53:c9:1a:80:e7:21:af:a8:ee:fb:e4:93:
                    26:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:16:FA:3B:B0:52:FA:D0:35:6A:F3:6A:5C:CF:EF:0B:1D:80:12:19
            X509v3 Authority Key Identifier:
                keyid:7D:A3:1E:E9:C9:89:A6:31:1A:08:FF:23:22:89:97:84:01:41:5E:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faMe6cmJpjEaCP8jIomXhAFBXpE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/2fb477-a8b7-450e-b533-11e6c0a3a808/1/1-Bb6O7BS-tA1avNqXM_vCx2AEhk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/2fb477-a8b7-450e-b533-11e6c0a3a808/1/faMe6cmJpjEaCP8jIomXhAFBXpE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.126.44.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6b:1d:0a:72:cb:33:19:b2:68:7d:e9:ec:e4:b1:f5:ec:b2:3b:
         7e:54:6c:00:c2:0d:b4:a4:02:98:4f:c7:ba:b7:af:60:d2:ed:
         3b:5e:03:6c:e8:32:76:87:cf:75:4d:2f:77:b9:7a:3c:7b:99:
         d7:b9:83:d6:f7:26:98:98:10:af:5c:23:53:6a:28:f8:80:60:
         d4:99:de:8c:71:f2:86:cc:07:16:49:e0:82:25:32:fd:cc:76:
         e6:39:77:1f:fa:50:46:fa:bf:a0:13:ea:dd:e5:ff:94:29:eb:
         a6:b9:30:cf:1b:d3:34:72:d2:45:0f:62:ce:76:06:21:6c:fe:
         67:22:95:bd:c1:bb:0b:4e:62:84:e0:c5:2c:e3:52:bc:d0:b1:
         14:83:b7:30:2e:59:a2:12:8b:fb:35:1b:5d:6e:4c:d7:fa:0e:
         9e:be:89:56:0e:29:c7:1d:7f:6e:93:41:e9:a3:61:95:2c:3c:
         78:5d:38:97:d7:80:39:9c:37:51:b0:e9:39:19:8f:01:9d:b4:
         17:58:33:4e:f5:4f:97:c7:c3:b8:42:85:91:26:a3:89:f9:6a:
         4f:88:94:79:ec:df:a4:8c:d2:2a:12:6b:e5:8b:37:08:43:fe:
         d3:80:e8:4c:5d:16:b4:61:c6:63:69:50:50:96:4f:df:0d:99:
         31:25:5e:f7
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzCbSNL9t88MPyjNBnRwE9gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTMxZWU5Yzk4OWE2MzExYTA4ZmYyMzIyODk5Nzg0MDE0
MTVlOTEwHhcNMjQwMTAxMDAyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODE2ZmEzYmIwNTJmYWQwMzU2YWYzNmE1Y2NmZWYwYjFkODAxMjE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApm0CEaWJ9NYaqeZmRs4ftK68I1q7
hZuW5J7ET+D8JE+jMqZaYM45wr68lsxQeRcoy+fbsutTmZ4SktSOPwFBbZciQfZx
zC2bxqCkPRwKRWnf7BtcD7WsExzgCeEhft5iOSixqCsG12wz3fEMq/TNZs5+omzZ
qXEmNokehvwMV47w6K1N+423J2Aa02fJyLcB9AAb4TfxU6QmTJN31sUF6vKDdHaL
uJnnpARa3nBIXiSFf8kOduFAnosOhxhMIs9RF8yfgKwSLS/Jx5ZY7nlFd04gLjOv
ejuAQblOrC9CLmx9GIZQxLpnwzrTxrZEKjGTvVFTyRqA5yGvqO775JMmRQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPgW+juwUvrQNWrzalzP7wsdgBIZMB8GA1UdIwQY
MBaAFH2jHunJiaYxGgj/IyKJl4QBQV6RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFNZTZjbUpwakVhQ1A4aklvbVhoQUZCWHBFLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi8yZmI0NzctYThiNy00NTBlLWI1MzMt
MTFlNmMwYTNhODA4LzEvMS1CYjZPN0JTLXRBMWF2TnFYTV92Q3gyQUVoay5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvN2IvMmZiNDc3LWE4YjctNDUwZS1iNTMzLTExZTZjMGEzYTgw
OC8xL2ZhTWU2Y21KcGpFYUNQOGpJb21YaEFGQlhwRS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAbl+LDAN
BgkqhkiG9w0BAQsFAAOCAQEAax0KcsszGbJofens5LH17LI7flRsAMINtKQCmE/H
urevYNLtO14DbOgydofPdU0vd7l6PHuZ17mD1vcmmJgQr1wjU2oo+IBg1JnejHHy
hswHFknggiUy/cx25jl3H/pQRvq/oBPq3eX/lCnrprkwzxvTNHLSRQ9iznYGIWz+
ZyKVvcG7C05ihODFLONSvNCxFIO3MC5ZohKL+zUbXW5M1/oOnr6JVg4pxx1/bpNB
6aNhlSw8eF04l9eAOZw3UbDpORmPAZ20F1gzTvVPl8fDuEKFkSajiflqT4iUeezf
pIzSKhJr5Ys3CEP+04DoTF0WtGHGY2lQUJZP3w2ZMSVe9w==
-----END CERTIFICATE-----