Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/d05a2e-c281-4dab-8373-a1779904b1c5/1/7QMuMfRcubM7Dw9mRD9Oeleudm0.roa
File:                     7QMuMfRcubM7Dw9mRD9Oeleudm0.roa (raw, json)
Hash identifier:          34yr97BhHkN5u8FjcTkMX2e6CbJy1pgn7SWZTkyU8GQ=
Subject key identifier:   ED:03:2E:31:F4:5C:B9:B3:3B:0F:0F:66:44:3F:4E:7A:57:AE:76:6D
Certificate issuer:       /CN=b252dda27226a275e3e79b374c8f263cd2d8ecd1
Certificate serial:       0194258E9A992A6979AC1CE923B4BEC65E12
Authority key identifier: B2:52:DD:A2:72:26:A2:75:E3:E7:9B:37:4C:8F:26:3C:D2:D8:EC:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/slLdonImonXj55s3TI8mPNLY7NE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/d05a2e-c281-4dab-8373-a1779904b1c5/1/7QMuMfRcubM7Dw9mRD9Oeleudm0.roa
Signing time:             Thu 02 Jan 2025 05:48:10 +0000
ROA not before:           Thu 02 Jan 2025 05:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34196
IP address blocks:        185.156.168.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/d05a2e-c281-4dab-8373-a1779904b1c5/1/slLdonImonXj55s3TI8mPNLY7NE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/d05a2e-c281-4dab-8373-a1779904b1c5/1/slLdonImonXj55s3TI8mPNLY7NE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/slLdonImonXj55s3TI8mPNLY7NE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 17:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:9a:99:2a:69:79:ac:1c:e9:23:b4:be:c6:5e:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b252dda27226a275e3e79b374c8f263cd2d8ecd1
        Validity
            Not Before: Jan  2 05:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ed032e31f45cb9b33b0f0f66443f4e7a57ae766d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:09:4d:ac:e3:e5:2d:29:ac:83:ea:0d:ec:78:
                    a7:56:96:3d:d4:f2:81:70:fe:93:5a:28:3c:ab:60:
                    87:12:64:92:a8:5e:ab:ff:de:39:63:ba:4d:e0:25:
                    1f:de:dd:ef:87:fd:8b:b8:c3:37:e2:71:7e:3d:34:
                    2e:a3:69:4c:5e:24:08:12:fa:a9:db:df:df:34:1e:
                    25:6d:97:42:33:6c:1f:5c:e8:ab:81:59:74:2e:d4:
                    81:51:22:dc:2d:fe:ea:bd:40:8b:33:d0:76:01:4f:
                    99:d3:eb:3b:b8:89:2a:d0:1f:61:a2:24:32:79:e5:
                    b6:10:d6:9a:5d:18:74:cc:e2:2d:be:4e:e1:67:90:
                    7f:c9:64:9c:f0:45:56:cd:98:0c:6c:bb:e5:26:f7:
                    c0:92:e1:77:c2:1f:e5:fa:b0:be:c3:11:6a:28:01:
                    17:9b:48:a8:86:06:6a:97:32:d5:57:e1:10:fe:c6:
                    12:e3:f5:39:32:5f:cd:72:bf:44:9e:e3:88:49:39:
                    62:2e:80:00:0b:91:d9:70:53:b0:f7:d8:39:c8:fb:
                    c6:d8:40:bd:41:fe:34:2a:9a:04:05:55:3c:aa:80:
                    fb:bb:4b:77:31:39:4c:62:8c:d2:b5:ab:a0:10:59:
                    da:d5:03:1f:12:6c:e9:5f:ed:3e:69:26:86:37:70:
                    66:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:03:2E:31:F4:5C:B9:B3:3B:0F:0F:66:44:3F:4E:7A:57:AE:76:6D
            X509v3 Authority Key Identifier:
                keyid:B2:52:DD:A2:72:26:A2:75:E3:E7:9B:37:4C:8F:26:3C:D2:D8:EC:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/slLdonImonXj55s3TI8mPNLY7NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/d05a2e-c281-4dab-8373-a1779904b1c5/1/7QMuMfRcubM7Dw9mRD9Oeleudm0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/d05a2e-c281-4dab-8373-a1779904b1c5/1/slLdonImonXj55s3TI8mPNLY7NE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.156.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         52:b3:6e:f8:ea:ce:e6:c2:f6:3e:f3:56:57:20:eb:13:fe:a7:
         a6:7e:51:50:96:92:03:9d:71:e7:11:02:f8:6b:e3:87:f1:de:
         d0:f5:7b:cd:7f:73:95:23:e0:f9:64:8b:62:60:a5:de:84:0e:
         59:f1:29:e7:1a:67:0b:fa:74:28:e3:18:74:5b:81:5d:c5:61:
         f4:fb:31:c9:34:6d:e8:84:2b:84:11:83:9c:1a:ae:9e:73:27:
         49:d1:d0:03:fc:48:3b:fb:c4:8f:f0:7f:4c:98:ae:c2:3e:67:
         8e:08:41:d1:02:7f:45:22:45:55:1f:60:8f:af:4a:ae:64:65:
         ff:c4:e3:4e:e5:10:4f:ff:1d:0d:e2:51:3d:be:bb:ed:e8:0b:
         ea:fa:21:93:3b:46:83:d0:4e:2f:b5:08:6d:ef:58:ad:af:15:
         2a:ae:3a:a8:ad:f8:d7:33:a5:ac:06:9b:e7:8b:a9:95:27:0d:
         ce:e2:94:31:85:75:5b:ef:0f:3c:e5:db:33:82:0c:8b:03:59:
         11:54:97:18:0a:7a:a0:2a:48:39:b8:fd:27:c7:fe:e8:d4:c5:
         f9:4f:39:92:83:31:67:cc:06:71:45:c1:85:c2:16:93:f0:9f:
         54:e5:54:66:cd:87:d2:f3:f7:bd:21:9e:c9:88:00:58:01:b3:
         06:7d:41:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQljpqZKml5rBzpI7S+xl4SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyNTJkZGEyNzIyNmEyNzVlM2U3OWIzNzRjOGYyNjNjZDJk
OGVjZDEwHhcNMjUwMTAyMDU0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDAzMmUzMWY0NWNiOWIzM2IwZjBmNjY0NDNmNGU3YTU3YWU3NjZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxglNrOPlLSmsg+oN7HinVpY91PKB
cP6TWig8q2CHEmSSqF6r/945Y7pN4CUf3t3vh/2LuMM34nF+PTQuo2lMXiQIEvqp
29/fNB4lbZdCM2wfXOirgVl0LtSBUSLcLf7qvUCLM9B2AU+Z0+s7uIkq0B9hoiQy
eeW2ENaaXRh0zOItvk7hZ5B/yWSc8EVWzZgMbLvlJvfAkuF3wh/l+rC+wxFqKAEX
m0iohgZqlzLVV+EQ/sYS4/U5Ml/Ncr9EnuOISTliLoAAC5HZcFOw99g5yPvG2EC9
Qf40KpoEBVU8qoD7u0t3MTlMYozStaugEFna1QMfEmzpX+0+aSaGN3Bm5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO0DLjH0XLmzOw8PZkQ/TnpXrnZtMB8GA1UdIwQY
MBaAFLJS3aJyJqJ14+ebN0yPJjzS2OzRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2xMZG9uSW1vblhqNTVzM1RJOG1QTkxZN05FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC9kMDVhMmUtYzI4MS00ZGFiLTgzNzMt
YTE3Nzk5MDRiMWM1LzEvN1FNdU1mUmN1Yk03RHc5bVJEOU9lbGV1ZG0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC9kMDVhMmUtYzI4MS00ZGFiLTgzNzMtYTE3Nzk5MDRiMWM1
LzEvc2xMZG9uSW1vblhqNTVzM1RJOG1QTkxZN05FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZyoMA0G
CSqGSIb3DQEBCwUAA4IBAQBSs2746s7mwvY+81ZXIOsT/qemflFQlpIDnXHnEQL4
a+OH8d7Q9XvNf3OVI+D5ZItiYKXehA5Z8SnnGmcL+nQo4xh0W4FdxWH0+zHJNG3o
hCuEEYOcGq6ecydJ0dAD/Eg7+8SP8H9MmK7CPmeOCEHRAn9FIkVVH2CPr0quZGX/
xONO5RBP/x0N4lE9vrvt6Avq+iGTO0aD0E4vtQht71itrxUqrjqorfjXM6WsBpvn
i6mVJw3O4pQxhXVb7w885dszggyLA1kRVJcYCnqgKkg5uP0nx/7o1MX5TzmSgzFn
zAZxRcGFwhaT8J9U5VRmzYfS8/e9IZ7JiABYAbMGfUGJ
-----END CERTIFICATE-----