Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/0219c1-a551-4b91-9ca3-032b3b614dd8/1/7rIxwL9zvztZlT5A8M_SDkdKSB0.roa
File:                     7rIxwL9zvztZlT5A8M_SDkdKSB0.roa (raw, json)
Hash identifier:          O7ESRWi9x/d6Kr3RcdLNDC+oeR7P9co1vXJSgZQwptI=
Subject key identifier:   EE:B2:31:C0:BF:73:BF:3B:59:95:3E:40:F0:CF:D2:0E:47:4A:48:1D
Certificate issuer:       /CN=0f78ea46cc21d45ed61268d4a9f56732c85e2150
Certificate serial:       018CC56EF67CD39B820CA85198D0AC2D6482
Authority key identifier: 0F:78:EA:46:CC:21:D4:5E:D6:12:68:D4:A9:F5:67:32:C8:5E:21:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D3jqRswh1F7WEmjUqfVnMsheIVA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/0219c1-a551-4b91-9ca3-032b3b614dd8/1/7rIxwL9zvztZlT5A8M_SDkdKSB0.roa
Signing time:             Mon 01 Jan 2024 14:30:32 +0000
ROA not before:           Mon 01 Jan 2024 14:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201278
IP address blocks:        188.66.28.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/0219c1-a551-4b91-9ca3-032b3b614dd8/1/D3jqRswh1F7WEmjUqfVnMsheIVA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/0219c1-a551-4b91-9ca3-032b3b614dd8/1/D3jqRswh1F7WEmjUqfVnMsheIVA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D3jqRswh1F7WEmjUqfVnMsheIVA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 03:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:f6:7c:d3:9b:82:0c:a8:51:98:d0:ac:2d:64:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0f78ea46cc21d45ed61268d4a9f56732c85e2150
        Validity
            Not Before: Jan  1 14:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eeb231c0bf73bf3b59953e40f0cfd20e474a481d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:18:e3:31:94:78:f3:bd:8e:45:33:bb:4d:bd:
                    81:3c:20:20:50:a8:42:b2:fb:51:f9:75:6a:74:77:
                    76:87:dc:c4:df:07:a5:85:2c:42:b4:bc:51:1c:fb:
                    15:fc:ee:50:9a:37:f1:01:3b:1d:dc:e5:f9:84:94:
                    9d:d3:da:cc:39:84:5b:78:60:d7:57:1a:af:55:2c:
                    e5:8d:9d:8e:d6:b5:7a:08:85:b0:2f:e9:ee:a6:95:
                    36:d1:4d:0b:ff:62:64:34:89:3b:12:49:b3:83:fb:
                    4e:db:07:44:54:51:4b:4f:5c:6a:d8:5e:c2:56:59:
                    6e:87:17:99:cd:e3:c8:7a:1f:4d:a8:4b:f9:f9:04:
                    98:cb:77:1d:f6:4e:49:e6:93:50:4e:5a:00:fd:4d:
                    c6:f4:40:e3:7b:32:74:a9:8b:95:17:66:0b:b2:bd:
                    11:5a:e0:ad:6b:8c:68:b7:d3:0d:1c:0c:e9:af:8a:
                    e8:80:cd:aa:5e:27:70:68:19:d6:16:ee:3c:ed:78:
                    1f:27:87:47:9f:1c:c0:b5:d4:db:d9:74:bf:a9:da:
                    04:48:09:70:2c:29:11:9f:bc:28:1a:61:20:01:da:
                    e1:c4:e5:f9:c1:2d:b4:37:41:7f:0c:56:b3:b5:86:
                    44:ee:0b:2f:1b:9b:ee:47:92:19:e9:bb:c9:46:71:
                    24:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:B2:31:C0:BF:73:BF:3B:59:95:3E:40:F0:CF:D2:0E:47:4A:48:1D
            X509v3 Authority Key Identifier:
                keyid:0F:78:EA:46:CC:21:D4:5E:D6:12:68:D4:A9:F5:67:32:C8:5E:21:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D3jqRswh1F7WEmjUqfVnMsheIVA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/0219c1-a551-4b91-9ca3-032b3b614dd8/1/7rIxwL9zvztZlT5A8M_SDkdKSB0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/0219c1-a551-4b91-9ca3-032b3b614dd8/1/D3jqRswh1F7WEmjUqfVnMsheIVA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.66.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         99:22:a1:33:e0:9c:02:1f:c1:44:3c:c8:e6:2e:65:23:14:cb:
         9d:d5:c5:43:dd:21:5a:2c:66:a2:31:7f:8b:49:a0:d0:8f:23:
         30:59:18:99:d0:98:6d:d8:b6:d3:8b:b9:1e:35:49:f7:d7:cc:
         cb:62:cf:3b:e5:8e:69:bd:8a:e7:69:fb:6b:d2:c2:e7:ff:ce:
         69:d8:17:5d:94:39:e8:fe:fe:16:69:6f:7f:e6:7a:31:d2:7a:
         50:f6:e1:61:fe:e5:08:07:99:d3:09:40:77:a8:aa:28:9d:66:
         b5:da:f4:ea:fc:8e:53:10:dc:fe:5a:e6:42:5d:de:f4:0d:71:
         e9:8e:d9:d3:84:10:86:66:35:b1:8d:83:21:eb:e7:74:ea:4b:
         2f:25:b4:d2:1a:0a:16:a6:13:98:f2:cd:4e:1a:a9:29:0b:a6:
         90:8d:d9:c9:c6:fd:a7:bb:32:bd:76:ff:34:56:75:e1:79:18:
         0c:34:d1:65:94:a2:8b:38:e3:72:f1:32:53:4d:2f:9a:b3:c4:
         ec:6b:c9:09:14:68:a3:47:0a:85:e7:28:81:7d:0a:f6:ec:24:
         7c:ae:92:05:c2:b8:3a:63:e7:9c:74:58:14:22:be:9e:2b:3b:
         5b:70:86:7d:58:27:1e:91:d7:d4:d1:d6:83:94:ae:0f:75:c6:
         d9:9d:70:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbvZ805uCDKhRmNCsLWSCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmNzhlYTQ2Y2MyMWQ0NWVkNjEyNjhkNGE5ZjU2NzMyYzg1
ZTIxNTAwHhcNMjQwMTAxMTQzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZWIyMzFjMGJmNzNiZjNiNTk5NTNlNDBmMGNmZDIwZTQ3NGE0ODFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqxjjMZR4872ORTO7Tb2BPCAgUKhC
svtR+XVqdHd2h9zE3welhSxCtLxRHPsV/O5QmjfxATsd3OX5hJSd09rMOYRbeGDX
VxqvVSzljZ2O1rV6CIWwL+nuppU20U0L/2JkNIk7Ekmzg/tO2wdEVFFLT1xq2F7C
VlluhxeZzePIeh9NqEv5+QSYy3cd9k5J5pNQTloA/U3G9EDjezJ0qYuVF2YLsr0R
WuCta4xot9MNHAzpr4rogM2qXidwaBnWFu487XgfJ4dHnxzAtdTb2XS/qdoESAlw
LCkRn7woGmEgAdrhxOX5wS20N0F/DFaztYZE7gsvG5vuR5IZ6bvJRnEkOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO6yMcC/c787WZU+QPDP0g5HSkgdMB8GA1UdIwQY
MBaAFA946kbMIdRe1hJo1Kn1ZzLIXiFQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRDNqcVJzd2gxRjdXRW1qVXFmVm5Nc2hlSVZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi8wMjE5YzEtYTU1MS00YjkxLTljYTMt
MDMyYjNiNjE0ZGQ4LzEvN3JJeHdMOXp2enRabFQ1QThNX1NEa2RLU0IwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi8wMjE5YzEtYTU1MS00YjkxLTljYTMtMDMyYjNiNjE0ZGQ4
LzEvRDNqcVJzd2gxRjdXRW1qVXFmVm5Nc2hlSVZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCvEIcMA0G
CSqGSIb3DQEBCwUAA4IBAQCZIqEz4JwCH8FEPMjmLmUjFMud1cVD3SFaLGaiMX+L
SaDQjyMwWRiZ0Jht2LbTi7keNUn318zLYs875Y5pvYrnaftr0sLn/85p2BddlDno
/v4WaW9/5nox0npQ9uFh/uUIB5nTCUB3qKoonWa12vTq/I5TENz+WuZCXd70DXHp
jtnThBCGZjWxjYMh6+d06ksvJbTSGgoWphOY8s1OGqkpC6aQjdnJxv2nuzK9dv80
VnXheRgMNNFllKKLOONy8TJTTS+as8Tsa8kJFGijRwqF5yiBfQr27CR8rpIFwrg6
Y+ecdFgUIr6eKztbcIZ9WCcekdfU0daDlK4PdcbZnXDX
-----END CERTIFICATE-----