Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/TteCBq_FU6OzYxaEQHjFaGVPWHw.roa
File:                     TteCBq_FU6OzYxaEQHjFaGVPWHw.roa (raw, json)
Hash identifier:          hQMDD3EWk9pWkeFYORgR3VdYIvHSGnLWH1OKy8EHgxY=
Subject key identifier:   4E:D7:82:06:AF:C5:53:A3:B3:63:16:84:40:78:C5:68:65:4F:58:7C
Certificate issuer:       /CN=a7fd3f89335dcf828666b28fad8ae993bd448878
Certificate serial:       018CC3B744E014D60A5B4BD45591AE9EC233
Authority key identifier: A7:FD:3F:89:33:5D:CF:82:86:66:B2:8F:AD:8A:E9:93:BD:44:88:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p_0_iTNdz4KGZrKPrYrpk71EiHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/TteCBq_FU6OzYxaEQHjFaGVPWHw.roa
Signing time:             Mon 01 Jan 2024 06:30:16 +0000
ROA not before:           Mon 01 Jan 2024 06:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61317
IP address blocks:        194.32.146.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/p_0_iTNdz4KGZrKPrYrpk71EiHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/p_0_iTNdz4KGZrKPrYrpk71EiHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p_0_iTNdz4KGZrKPrYrpk71EiHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 02:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:44:e0:14:d6:0a:5b:4b:d4:55:91:ae:9e:c2:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a7fd3f89335dcf828666b28fad8ae993bd448878
        Validity
            Not Before: Jan  1 06:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4ed78206afc553a3b36316844078c568654f587c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:1c:77:05:7e:43:28:fc:02:81:8b:f6:53:cf:
                    6a:27:b3:56:6c:c5:3f:89:9e:b7:b3:b6:67:7a:bf:
                    99:44:f3:3b:9a:73:30:7d:cb:ae:48:b9:30:38:77:
                    d0:d7:83:e9:eb:cb:f1:30:ce:f4:0c:8c:bc:0c:ff:
                    d8:1c:7f:be:2d:4f:66:34:6e:b7:8d:a4:a5:1e:ca:
                    8c:69:c0:6d:ac:fc:24:a2:1c:17:19:e6:48:b5:89:
                    5f:17:8a:f7:94:39:fa:5f:ef:26:b0:b0:9b:5a:dd:
                    5f:09:ee:be:c3:fc:5a:c8:88:70:59:0c:4f:51:66:
                    0f:c7:b0:50:e8:ac:46:e4:fd:07:46:6d:b1:5e:b2:
                    ac:fd:d1:e6:8d:bf:c4:d5:b1:4f:00:44:69:b0:40:
                    8f:23:0f:a1:00:30:7b:26:17:4b:08:46:de:1f:27:
                    50:6f:2e:8d:d2:f6:3e:51:67:40:7d:e9:fe:5d:5f:
                    94:9a:43:5a:1f:66:4c:b8:7a:26:16:8a:41:bf:c8:
                    e9:71:5b:68:c2:28:a2:54:a1:b5:ad:65:a8:37:bd:
                    ae:82:6a:bf:84:19:31:df:9e:38:08:cf:86:5b:e6:
                    41:23:57:c1:c9:d4:d9:19:46:b0:0f:68:cf:d3:1b:
                    bf:83:7c:51:a1:c4:a0:19:db:da:b3:7a:fa:9b:2b:
                    5d:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:D7:82:06:AF:C5:53:A3:B3:63:16:84:40:78:C5:68:65:4F:58:7C
            X509v3 Authority Key Identifier:
                keyid:A7:FD:3F:89:33:5D:CF:82:86:66:B2:8F:AD:8A:E9:93:BD:44:88:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p_0_iTNdz4KGZrKPrYrpk71EiHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/TteCBq_FU6OzYxaEQHjFaGVPWHw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/p_0_iTNdz4KGZrKPrYrpk71EiHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.32.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:08:38:f6:07:4d:04:27:f3:45:76:a5:a5:00:94:54:28:7b:
         b8:72:74:d7:c9:8c:b0:0d:10:86:04:d5:36:27:07:e0:18:9a:
         bc:0a:2a:9a:d0:bf:b8:c4:cf:01:cd:7e:00:6a:8c:6c:bb:ff:
         7f:12:fe:10:b2:58:e5:f3:4e:53:8e:13:60:93:a6:bf:50:fc:
         3d:dc:53:b7:a5:96:f7:d3:2b:a4:39:65:7f:03:1e:cb:a3:8b:
         14:51:25:4e:22:63:6f:fa:5a:b5:89:13:6a:b8:56:f9:3c:d6:
         1e:4e:82:89:27:29:52:b1:6a:9b:8b:85:dd:77:72:13:1b:86:
         cc:9d:8d:71:3f:a5:47:90:bc:fc:36:60:80:2b:01:5f:34:e4:
         ec:61:a8:fb:bd:e7:49:3d:43:64:a1:e3:fb:ac:e6:8c:57:d4:
         d2:e2:b1:90:22:24:dd:21:45:b4:80:d9:4c:e9:16:a4:f1:b8:
         7e:6d:8f:c7:90:cf:fa:e6:b3:14:ca:02:39:22:ad:ec:eb:8a:
         15:6d:02:7c:2d:59:a0:63:0d:d5:2c:b8:4b:b1:b6:19:32:71:
         e6:bb:4d:07:66:9e:26:3a:3b:cb:05:6d:a2:b8:de:cf:06:9c:
         8c:8e:87:63:4d:4e:ef:fb:84:86:22:04:bb:ff:f6:ca:94:af:
         93:c9:2f:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDt0TgFNYKW0vUVZGunsIzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3ZmQzZjg5MzM1ZGNmODI4NjY2YjI4ZmFkOGFlOTkzYmQ0
NDg4NzgwHhcNMjQwMTAxMDYzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZWQ3ODIwNmFmYzU1M2EzYjM2MzE2ODQ0MDc4YzU2ODY1NGY1ODdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsBx3BX5DKPwCgYv2U89qJ7NWbMU/
iZ63s7Zner+ZRPM7mnMwfcuuSLkwOHfQ14Pp68vxMM70DIy8DP/YHH++LU9mNG63
jaSlHsqMacBtrPwkohwXGeZItYlfF4r3lDn6X+8msLCbWt1fCe6+w/xayIhwWQxP
UWYPx7BQ6KxG5P0HRm2xXrKs/dHmjb/E1bFPAERpsECPIw+hADB7JhdLCEbeHydQ
by6N0vY+UWdAfen+XV+UmkNaH2ZMuHomFopBv8jpcVtowiiiVKG1rWWoN72ugmq/
hBkx3544CM+GW+ZBI1fBydTZGUawD2jP0xu/g3xRocSgGdvas3r6mytdrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE7XggavxVOjs2MWhEB4xWhlT1h8MB8GA1UdIwQY
MBaAFKf9P4kzXc+Chmayj62K6ZO9RIh4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcF8wX2lUTmR6NEtHWnJLUHJZcnBrNzFFaUhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC8zODhmZDgtYzgxZi00ZTcxLWFmNTIt
YzBiMWFkNDM1Yjk1LzEvVHRlQ0JxX0ZVNk96WXhhRVFIakZhR1ZQV0h3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC8zODhmZDgtYzgxZi00ZTcxLWFmNTItYzBiMWFkNDM1Yjk1
LzEvcF8wX2lUTmR6NEtHWnJLUHJZcnBrNzFFaUhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiCSMA0G
CSqGSIb3DQEBCwUAA4IBAQAsCDj2B00EJ/NFdqWlAJRUKHu4cnTXyYywDRCGBNU2
JwfgGJq8Ciqa0L+4xM8BzX4Aaoxsu/9/Ev4Qsljl805TjhNgk6a/UPw93FO3pZb3
0yukOWV/Ax7Lo4sUUSVOImNv+lq1iRNquFb5PNYeToKJJylSsWqbi4Xdd3ITG4bM
nY1xP6VHkLz8NmCAKwFfNOTsYaj7vedJPUNkoeP7rOaMV9TS4rGQIiTdIUW0gNlM
6Rak8bh+bY/HkM/65rMUygI5Iq3s64oVbQJ8LVmgYw3VLLhLsbYZMnHmu00HZp4m
OjvLBW2iuN7PBpyMjodjTU7v+4SGIgS7//bKlK+TyS8u
-----END CERTIFICATE-----