Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/045820-3546-407c-83a5-0a0f3e78a493/1/nrU7JcSwbPFoXvW4YdUedQ3XMZE.roa
File:                     nrU7JcSwbPFoXvW4YdUedQ3XMZE.roa (raw, json)
Hash identifier:          U5fVVEEDXRDvSyRVaarpbuLbFCPqd2tzZJpPWHnipuc=
Subject key identifier:   9E:B5:3B:25:C4:B0:6C:F1:68:5E:F5:B8:61:D5:1E:75:0D:D7:31:91
Certificate issuer:       /CN=297364f502534e8771a0c6259794c26e26d4bca4
Certificate serial:       018D441520363A26629F2C5FE266780048FD
Authority key identifier: 29:73:64:F5:02:53:4E:87:71:A0:C6:25:97:94:C2:6E:26:D4:BC:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KXNk9QJTTodxoMYll5TCbibUvKQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/045820-3546-407c-83a5-0a0f3e78a493/1/nrU7JcSwbPFoXvW4YdUedQ3XMZE.roa
Signing time:             Fri 26 Jan 2024 04:44:11 +0000
ROA not before:           Fri 26 Jan 2024 04:44:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208428
IP address blocks:        185.26.25.0/24 maxlen: 24
                          2a02:f404::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/045820-3546-407c-83a5-0a0f3e78a493/1/KXNk9QJTTodxoMYll5TCbibUvKQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/045820-3546-407c-83a5-0a0f3e78a493/1/KXNk9QJTTodxoMYll5TCbibUvKQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KXNk9QJTTodxoMYll5TCbibUvKQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:44:15:20:36:3a:26:62:9f:2c:5f:e2:66:78:00:48:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=297364f502534e8771a0c6259794c26e26d4bca4
        Validity
            Not Before: Jan 26 04:44:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9eb53b25c4b06cf1685ef5b861d51e750dd73191
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:7f:33:a6:a6:05:cf:ed:9c:98:14:8b:43:04:
                    b9:7e:d1:cf:e8:34:20:63:8d:b8:d9:2f:55:5c:53:
                    27:12:f9:f5:0f:ab:84:3f:6b:b9:7c:35:08:12:ec:
                    33:95:fa:3e:23:d6:50:30:8e:e4:ea:4c:2a:36:bf:
                    16:62:1e:3f:7f:ca:8f:cc:fa:f4:fc:d7:2e:f1:b4:
                    0a:33:23:ac:7c:a6:de:7e:30:c4:62:81:02:45:33:
                    05:2e:b4:7e:d8:d3:c0:9b:c9:42:ed:56:0f:4d:24:
                    d6:65:13:63:bc:3f:d0:87:9a:29:ab:be:03:dc:f6:
                    c3:7e:51:c6:55:a9:c3:c4:0a:0e:30:61:0d:ff:28:
                    f7:6e:40:30:27:51:76:82:22:10:bd:77:21:3e:e2:
                    8b:2b:1c:e0:f1:f4:9c:d5:18:71:3f:72:29:e3:38:
                    c2:36:35:3b:7c:5d:74:e1:3f:6a:98:68:51:84:4e:
                    f9:0d:54:72:b3:ab:b5:23:64:48:12:05:c5:19:bc:
                    cb:c5:ea:bc:c5:b9:6d:d4:22:33:be:30:12:0d:bb:
                    52:d7:f3:de:52:4a:86:63:1f:97:40:8c:ae:18:22:
                    5f:b2:d6:17:41:bf:c1:33:b1:39:8e:40:b8:6e:88:
                    7c:f8:8f:cf:67:f7:4e:39:55:39:ac:bd:1f:0f:fc:
                    52:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:B5:3B:25:C4:B0:6C:F1:68:5E:F5:B8:61:D5:1E:75:0D:D7:31:91
            X509v3 Authority Key Identifier:
                keyid:29:73:64:F5:02:53:4E:87:71:A0:C6:25:97:94:C2:6E:26:D4:BC:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KXNk9QJTTodxoMYll5TCbibUvKQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/045820-3546-407c-83a5-0a0f3e78a493/1/nrU7JcSwbPFoXvW4YdUedQ3XMZE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/045820-3546-407c-83a5-0a0f3e78a493/1/KXNk9QJTTodxoMYll5TCbibUvKQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.26.25.0/24
                IPv6:
                  2a02:f404::/32

    Signature Algorithm: sha256WithRSAEncryption
         6e:6e:54:f6:fa:4c:c3:dc:b3:44:9a:dd:41:a9:99:bf:7a:43:
         24:fb:24:1b:6e:bd:cb:bd:7c:5e:55:8f:79:7e:cf:8d:8e:b3:
         07:91:2e:d8:8f:5c:49:34:02:f3:cc:b0:5a:e7:61:66:4f:3d:
         67:71:ba:8b:d7:ab:e6:3c:81:cb:37:9b:90:b8:21:5b:cc:2e:
         5d:1b:d4:ec:08:d8:eb:ec:b7:98:14:5d:9f:f3:6a:e9:4a:75:
         39:b6:b5:ed:ff:b4:4b:fb:94:88:28:25:41:b8:62:41:15:cb:
         92:cf:b5:a8:96:9c:8f:5d:aa:3f:ce:da:08:98:e6:e4:41:a1:
         af:74:2a:6b:78:c0:97:bb:f7:67:7a:0a:b9:15:6d:59:57:b2:
         8c:df:ea:02:32:1b:4c:0f:cc:37:5c:c9:a8:12:b8:82:93:e1:
         16:d0:15:47:9e:2d:c8:8e:5b:ff:ef:0d:f9:3c:bd:57:3e:e0:
         b2:c8:d5:96:a7:b2:ab:c8:7d:75:eb:96:8d:fb:0f:24:81:60:
         1c:34:64:26:f2:8a:4c:5a:33:54:cb:83:44:bd:b6:bf:9c:3c:
         a9:16:15:66:97:b8:61:8a:ba:93:e6:75:2f:b2:cc:06:22:84:
         97:2a:87:23:2d:a3:b4:7d:95:55:7f:41:4b:c7:4a:b5:21:1b:
         63:01:6b:a5
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY1EFSA2OiZinyxf4mZ4AEj9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NzM2NGY1MDI1MzRlODc3MWEwYzYyNTk3OTRjMjZlMjZk
NGJjYTQwHhcNMjQwMTI2MDQ0NDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWI1M2IyNWM0YjA2Y2YxNjg1ZWY1Yjg2MWQ1MWU3NTBkZDczMTkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmH8zpqYFz+2cmBSLQwS5ftHP6DQg
Y4242S9VXFMnEvn1D6uEP2u5fDUIEuwzlfo+I9ZQMI7k6kwqNr8WYh4/f8qPzPr0
/Ncu8bQKMyOsfKbefjDEYoECRTMFLrR+2NPAm8lC7VYPTSTWZRNjvD/Qh5opq74D
3PbDflHGVanDxAoOMGEN/yj3bkAwJ1F2giIQvXchPuKLKxzg8fSc1RhxP3Ip4zjC
NjU7fF104T9qmGhRhE75DVRys6u1I2RIEgXFGbzLxeq8xblt1CIzvjASDbtS1/Pe
UkqGYx+XQIyuGCJfstYXQb/BM7E5jkC4boh8+I/PZ/dOOVU5rL0fD/xSEwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJ61OyXEsGzxaF71uGHVHnUN1zGRMB8GA1UdIwQY
MBaAFClzZPUCU06HcaDGJZeUwm4m1LykMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1hOazlRSlRUb2R4b01ZbGw1VENiaWJVdktRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi8wNDU4MjAtMzU0Ni00MDdjLTgzYTUt
MGEwZjNlNzhhNDkzLzEvbnJVN0pjU3diUEZvWHZXNFlkVWVkUTNYTVpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi8wNDU4MjAtMzU0Ni00MDdjLTgzYTUtMGEwZjNlNzhhNDkz
LzEvS1hOazlRSlRUb2R4b01ZbGw1VENiaWJVdktRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuRoZMA0E
AgACMAcDBQAqAvQEMA0GCSqGSIb3DQEBCwUAA4IBAQBublT2+kzD3LNEmt1BqZm/
ekMk+yQbbr3LvXxeVY95fs+NjrMHkS7Yj1xJNALzzLBa52FmTz1ncbqL16vmPIHL
N5uQuCFbzC5dG9TsCNjr7LeYFF2f82rpSnU5trXt/7RL+5SIKCVBuGJBFcuSz7Wo
lpyPXao/ztoImObkQaGvdCpreMCXu/dnegq5FW1ZV7KM3+oCMhtMD8w3XMmoEriC
k+EW0BVHni3Ijlv/7w35PL1XPuCyyNWWp7KryH1165aN+w8kgWAcNGQm8opMWjNU
y4NEvba/nDypFhVml7hhirqT5nUvsswGIoSXKocjLaO0fZVVf0FLx0q1IRtjAWul
-----END CERTIFICATE-----