Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/ca31df-7c9c-44ef-9ddc-776915488225/1/7IfWcJSratNnlfLMrnbIuQWgR8I.roa
File:                     7IfWcJSratNnlfLMrnbIuQWgR8I.roa (raw, json)
Hash identifier:          S2czlmmJLkq2AObWA1vCv3NtLmwVMJ2FnTs6ITj1XcQ=
Subject key identifier:   EC:87:D6:70:94:AB:6A:D3:67:95:F2:CC:AE:76:C8:B9:05:A0:47:C2
Certificate issuer:       /CN=bd1db5d728bd276b4c752e125a508ff8784ad285
Certificate serial:       019421442BE67AEACB653C5ED4D678B84310
Authority key identifier: BD:1D:B5:D7:28:BD:27:6B:4C:75:2E:12:5A:50:8F:F8:78:4A:D2:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vR211yi9J2tMdS4SWlCP-HhK0oU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/ca31df-7c9c-44ef-9ddc-776915488225/1/7IfWcJSratNnlfLMrnbIuQWgR8I.roa
Signing time:             Wed 01 Jan 2025 09:48:23 +0000
ROA not before:           Wed 01 Jan 2025 09:48:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41600
IP address blocks:        91.201.36.0/22 maxlen: 22
                          195.138.218.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/ca31df-7c9c-44ef-9ddc-776915488225/1/vR211yi9J2tMdS4SWlCP-HhK0oU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/ca31df-7c9c-44ef-9ddc-776915488225/1/vR211yi9J2tMdS4SWlCP-HhK0oU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vR211yi9J2tMdS4SWlCP-HhK0oU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:2b:e6:7a:ea:cb:65:3c:5e:d4:d6:78:b8:43:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd1db5d728bd276b4c752e125a508ff8784ad285
        Validity
            Not Before: Jan  1 09:48:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ec87d67094ab6ad36795f2ccae76c8b905a047c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:d7:48:93:e3:23:75:39:00:94:aa:64:1a:3b:
                    b9:be:ff:82:ca:15:91:2f:3d:e6:44:07:7a:c4:9f:
                    9d:f8:d4:b6:71:e8:53:03:e1:b9:5e:34:67:e4:5a:
                    e8:51:7b:46:61:85:b1:ff:c8:b6:2f:15:5a:1f:08:
                    13:5f:93:2c:8c:79:81:ca:56:7f:95:1a:8c:e7:7d:
                    38:1f:fd:9f:0a:44:c6:a7:d8:c4:5c:f0:2d:a5:33:
                    74:30:68:fe:ac:1f:24:a7:1e:7c:73:25:26:30:10:
                    8f:db:ba:1b:2a:e9:30:8a:aa:8c:b2:f9:35:06:46:
                    0b:93:69:25:1f:13:eb:f3:dd:4e:ef:8d:ee:ea:7e:
                    e8:26:57:83:b3:58:60:f1:d7:c0:54:d8:e2:0f:3e:
                    61:ef:c5:71:ee:3a:28:24:67:f0:3f:07:cb:de:52:
                    b4:20:5f:0b:0d:27:29:a6:7c:66:92:db:a7:76:3a:
                    9d:db:17:be:65:5f:01:a4:88:6f:0b:cd:10:e5:58:
                    45:25:12:33:22:a5:9c:c0:ab:7d:41:c5:24:6a:8b:
                    ec:ff:2c:3f:bc:3b:10:0a:bd:71:09:eb:92:36:65:
                    a2:19:a3:7e:b1:03:55:e3:fe:99:4a:31:d3:45:88:
                    65:1a:85:91:ab:69:ff:3a:27:96:81:c1:99:11:d4:
                    23:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:87:D6:70:94:AB:6A:D3:67:95:F2:CC:AE:76:C8:B9:05:A0:47:C2
            X509v3 Authority Key Identifier:
                keyid:BD:1D:B5:D7:28:BD:27:6B:4C:75:2E:12:5A:50:8F:F8:78:4A:D2:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vR211yi9J2tMdS4SWlCP-HhK0oU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/ca31df-7c9c-44ef-9ddc-776915488225/1/7IfWcJSratNnlfLMrnbIuQWgR8I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/ca31df-7c9c-44ef-9ddc-776915488225/1/vR211yi9J2tMdS4SWlCP-HhK0oU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.201.36.0/22
                  195.138.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:c7:89:87:42:ed:3e:1f:69:6b:3e:4b:f3:c9:8f:6a:9a:2e:
         39:a4:f0:ee:85:b5:f4:12:d9:c4:94:81:be:ee:5a:14:6f:61:
         de:63:d7:39:bc:bd:30:4c:9d:c6:b4:cb:a9:75:54:3b:c4:ed:
         fc:cf:a2:01:04:70:16:20:47:fb:d1:6b:26:97:bb:10:59:6b:
         5a:41:f7:49:f5:e1:29:4b:dd:96:e1:12:2f:65:cb:24:a0:0c:
         a6:d0:75:a8:f9:94:74:92:46:1a:a3:c1:a1:ed:90:c6:6f:c1:
         42:7b:51:85:f1:5b:a7:69:5f:a7:b5:dc:ec:3c:ce:3b:6f:3a:
         3e:de:e8:c3:ed:a9:85:26:30:a2:c4:4c:08:8a:5f:38:38:5b:
         4b:9d:76:9f:01:56:0a:32:21:38:90:4c:ef:99:7a:5d:c3:c5:
         bd:29:75:62:7e:fb:a1:ab:4d:39:3a:cc:9c:fe:64:57:46:8e:
         87:8a:0a:4d:89:c5:5e:f3:8c:2d:18:57:dc:27:85:d4:03:b8:
         f0:77:c3:55:13:bc:3e:d0:b6:ec:e0:59:bb:6c:5d:f5:f6:d0:
         4e:35:9e:ac:60:c9:bc:c2:a7:d2:19:25:ec:d0:a8:0e:4f:8f:
         36:0a:4a:15:bd:59:18:36:a7:fa:7a:4a:6c:8d:ab:84:6a:47:
         63:07:84:78
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQhRCvmeurLZTxe1NZ4uEMQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkMWRiNWQ3MjhiZDI3NmI0Yzc1MmUxMjVhNTA4ZmY4Nzg0
YWQyODUwHhcNMjUwMTAxMDk0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzg3ZDY3MDk0YWI2YWQzNjc5NWYyY2NhZTc2YzhiOTA1YTA0N2MyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsddIk+MjdTkAlKpkGju5vv+CyhWR
Lz3mRAd6xJ+d+NS2cehTA+G5XjRn5FroUXtGYYWx/8i2LxVaHwgTX5MsjHmBylZ/
lRqM5304H/2fCkTGp9jEXPAtpTN0MGj+rB8kpx58cyUmMBCP27obKukwiqqMsvk1
BkYLk2klHxPr891O743u6n7oJleDs1hg8dfAVNjiDz5h78Vx7jooJGfwPwfL3lK0
IF8LDScppnxmktundjqd2xe+ZV8BpIhvC80Q5VhFJRIzIqWcwKt9QcUkaovs/yw/
vDsQCr1xCeuSNmWiGaN+sQNV4/6ZSjHTRYhlGoWRq2n/OieWgcGZEdQjxwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOyH1nCUq2rTZ5XyzK52yLkFoEfCMB8GA1UdIwQY
MBaAFL0dtdcovSdrTHUuElpQj/h4StKFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlIyMTF5aTlKMnRNZFM0U1dsQ1AtSGhLMG9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC9jYTMxZGYtN2M5Yy00NGVmLTlkZGMt
Nzc2OTE1NDg4MjI1LzEvN0lmV2NKU3JhdE5ubGZMTXJuYkl1UVdnUjhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC9jYTMxZGYtN2M5Yy00NGVmLTlkZGMtNzc2OTE1NDg4MjI1
LzEvdlIyMTF5aTlKMnRNZFM0U1dsQ1AtSGhLMG9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCW8kkAwQA
w4raMA0GCSqGSIb3DQEBCwUAA4IBAQBlx4mHQu0+H2lrPkvzyY9qmi45pPDuhbX0
EtnElIG+7loUb2HeY9c5vL0wTJ3GtMupdVQ7xO38z6IBBHAWIEf70Wsml7sQWWta
QfdJ9eEpS92W4RIvZcskoAym0HWo+ZR0kkYao8Gh7ZDGb8FCe1GF8VunaV+ntdzs
PM47bzo+3ujD7amFJjCixEwIil84OFtLnXafAVYKMiE4kEzvmXpdw8W9KXVifvuh
q005Osyc/mRXRo6HigpNicVe84wtGFfcJ4XUA7jwd8NVE7w+0Lbs4Fm7bF319tBO
NZ6sYMm8wqfSGSXs0KgOT482CkoVvVkYNqf6ekpsjauEakdjB4R4
-----END CERTIFICATE-----