Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/61c0c5-5257-453c-8e74-933d92d0000c/1/7MwcF3gk0IGRrCINHZ0jyqOznwc.roa
File:                     7MwcF3gk0IGRrCINHZ0jyqOznwc.roa (raw, json)
Hash identifier:          GsUBo4FFRWmDNgXKCBHITDWnA2j+kmdyBg8aA968G2E=
Subject key identifier:   EC:CC:1C:17:78:24:D0:81:91:AC:22:0D:1D:9D:23:CA:A3:B3:9F:07
Certificate issuer:       /CN=39911375fcc4859612190ebecc7ae371a01a6a6d
Certificate serial:       018CC801CD245A5084A617D8668AA5F074B1
Authority key identifier: 39:91:13:75:FC:C4:85:96:12:19:0E:BE:CC:7A:E3:71:A0:1A:6A:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OZETdfzEhZYSGQ6-zHrjcaAaam0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/61c0c5-5257-453c-8e74-933d92d0000c/1/7MwcF3gk0IGRrCINHZ0jyqOznwc.roa
Signing time:             Tue 02 Jan 2024 02:30:10 +0000
ROA not before:           Tue 02 Jan 2024 02:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210111
IP address blocks:        185.88.72.0/22 maxlen: 22
                          2a0d:b0c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/61c0c5-5257-453c-8e74-933d92d0000c/1/OZETdfzEhZYSGQ6-zHrjcaAaam0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/61c0c5-5257-453c-8e74-933d92d0000c/1/OZETdfzEhZYSGQ6-zHrjcaAaam0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OZETdfzEhZYSGQ6-zHrjcaAaam0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 16:01:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:cd:24:5a:50:84:a6:17:d8:66:8a:a5:f0:74:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39911375fcc4859612190ebecc7ae371a01a6a6d
        Validity
            Not Before: Jan  2 02:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eccc1c177824d08191ac220d1d9d23caa3b39f07
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:ec:99:73:96:b2:80:75:39:6a:2c:71:83:9f:
                    46:f5:ca:5f:3c:4a:78:d3:14:7e:13:73:29:09:4e:
                    de:7f:7a:40:2d:f3:52:81:e3:ef:ba:e0:9c:1c:5e:
                    ba:72:60:c7:05:fd:ae:3a:43:4f:94:c4:f2:cd:f4:
                    95:bc:1b:a2:6f:29:8b:7d:08:62:8d:df:95:2f:97:
                    96:09:01:c5:3b:2e:09:d5:db:6b:95:0b:d2:11:92:
                    6e:73:4b:25:56:35:e6:a1:59:f1:58:35:6d:eb:eb:
                    07:be:b9:66:c5:8d:ce:fd:2f:d0:ab:5c:ad:b7:35:
                    12:18:b5:af:84:a7:c1:c6:b7:ea:08:f6:e7:43:b2:
                    67:c8:d2:b6:90:ce:f7:35:58:32:7e:8b:da:d3:e9:
                    ad:2f:48:da:3c:b0:99:35:c4:b0:f5:0e:cb:bc:11:
                    f9:6f:99:15:34:02:10:cb:72:5c:bf:f1:27:8d:eb:
                    c0:bc:3d:4e:ce:df:cc:32:59:1c:4f:ef:11:e6:32:
                    de:79:e7:a2:e8:5f:e2:6a:1a:42:06:3c:52:bb:b3:
                    2c:22:08:fa:a5:42:03:2b:0c:9b:d8:3a:7f:31:52:
                    48:97:a6:c8:9f:bd:02:84:3a:96:91:ea:9a:c1:db:
                    da:e6:09:30:6b:73:a1:70:c9:37:d5:38:75:02:16:
                    9d:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:CC:1C:17:78:24:D0:81:91:AC:22:0D:1D:9D:23:CA:A3:B3:9F:07
            X509v3 Authority Key Identifier:
                keyid:39:91:13:75:FC:C4:85:96:12:19:0E:BE:CC:7A:E3:71:A0:1A:6A:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OZETdfzEhZYSGQ6-zHrjcaAaam0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/61c0c5-5257-453c-8e74-933d92d0000c/1/7MwcF3gk0IGRrCINHZ0jyqOznwc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/61c0c5-5257-453c-8e74-933d92d0000c/1/OZETdfzEhZYSGQ6-zHrjcaAaam0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.88.72.0/22
                IPv6:
                  2a0d:b0c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         51:89:0f:36:ae:ed:bc:0b:a8:72:6e:76:4d:45:f1:ed:32:5c:
         25:41:13:4a:25:37:62:90:35:21:a1:16:a9:7c:32:a3:2f:ee:
         6d:c6:5b:28:97:81:44:82:0d:f4:1c:a5:8d:25:7e:4e:22:05:
         bd:88:b6:8a:90:cc:5c:5a:50:e2:58:91:b5:80:09:fb:82:38:
         20:e5:31:dc:86:82:64:ef:9b:f6:3d:dc:95:c1:58:55:8c:00:
         9f:19:4f:bf:5e:20:39:90:9f:1a:c6:67:53:01:2f:6a:97:6d:
         c8:12:14:35:ca:42:50:c2:dc:fd:98:15:8f:8c:0e:62:ba:2e:
         76:9a:02:e4:49:ca:fc:1d:c5:f4:ec:b6:3a:3a:48:4b:34:fa:
         89:dc:22:b8:b8:69:86:b6:31:e3:7b:e8:87:3e:e2:17:57:ad:
         6b:e8:44:89:74:09:96:58:fc:60:2a:8a:86:ac:b5:4b:6d:4a:
         33:c5:b9:cf:1f:1a:61:24:9c:d4:ef:c0:f2:31:3d:84:c4:24:
         e7:98:c5:ab:7f:67:07:7e:a3:d7:33:8c:0a:7a:bb:ac:3f:04:
         f9:a9:4f:c9:68:64:c5:4d:47:c0:c2:d2:28:77:11:ed:51:d5:
         b4:34:15:cf:3e:83:da:ce:55:09:e3:f6:56:a3:f9:52:20:1b:
         70:57:60:ee
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIAc0kWlCEphfYZoql8HSxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5OTExMzc1ZmNjNDg1OTYxMjE5MGViZWNjN2FlMzcxYTAx
YTZhNmQwHhcNMjQwMTAyMDIzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlY2NjMWMxNzc4MjRkMDgxOTFhYzIyMGQxZDlkMjNjYWEzYjM5ZjA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoeyZc5aygHU5aixxg59G9cpfPEp4
0xR+E3MpCU7ef3pALfNSgePvuuCcHF66cmDHBf2uOkNPlMTyzfSVvBuibymLfQhi
jd+VL5eWCQHFOy4J1dtrlQvSEZJuc0slVjXmoVnxWDVt6+sHvrlmxY3O/S/Qq1yt
tzUSGLWvhKfBxrfqCPbnQ7JnyNK2kM73NVgyfova0+mtL0jaPLCZNcSw9Q7LvBH5
b5kVNAIQy3Jcv/EnjevAvD1Ozt/MMlkcT+8R5jLeeeei6F/iahpCBjxSu7MsIgj6
pUIDKwyb2Dp/MVJIl6bIn70ChDqWkeqawdva5gkwa3OhcMk31Th1Ahad+QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOzMHBd4JNCBkawiDR2dI8qjs58HMB8GA1UdIwQY
MBaAFDmRE3X8xIWWEhkOvsx643GgGmptMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1pFVGRmekVoWllTR1E2LXpIcmpjYUFhYW0wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC82MWMwYzUtNTI1Ny00NTNjLThlNzQt
OTMzZDkyZDAwMDBjLzEvN013Y0YzZ2swSUdSckNJTkhaMGp5cU96bndjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC82MWMwYzUtNTI1Ny00NTNjLThlNzQtOTMzZDkyZDAwMDBj
LzEvT1pFVGRmekVoWllTR1E2LXpIcmpjYUFhYW0wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuVhIMA0E
AgACMAcDBQMqDbDAMA0GCSqGSIb3DQEBCwUAA4IBAQBRiQ82ru28C6hybnZNRfHt
MlwlQRNKJTdikDUhoRapfDKjL+5txlsol4FEgg30HKWNJX5OIgW9iLaKkMxcWlDi
WJG1gAn7gjgg5THchoJk75v2PdyVwVhVjACfGU+/XiA5kJ8axmdTAS9ql23IEhQ1
ykJQwtz9mBWPjA5iui52mgLkScr8HcX07LY6OkhLNPqJ3CK4uGmGtjHje+iHPuIX
V61r6ESJdAmWWPxgKoqGrLVLbUozxbnPHxphJJzU78DyMT2ExCTnmMWrf2cHfqPX
M4wKerusPwT5qU/JaGTFTUfAwtIodxHtUdW0NBXPPoPazlUJ4/ZWo/lSIBtwV2Du
-----END CERTIFICATE-----