Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/df94e2-7cc9-41a1-952f-f3797cfd65ae/1/7NSq62DxzveRiKh-QbHyvq2QHB4.roa
File:                     7NSq62DxzveRiKh-QbHyvq2QHB4.roa (raw, json)
Hash identifier:          BTKpzLQjbzbghhlp4Nw52SzW+yrw12odGM/6g4X3MSI=
Subject key identifier:   EC:D4:AA:EB:60:F1:CE:F7:91:88:A8:7E:41:B1:F2:BE:AD:90:1C:1E
Certificate issuer:       /CN=d7faf3a3f2140cb7c6ff0cd6a7f5614a05e4e467
Certificate serial:       018CC5000BB9DBDC19524242B863E108CA84
Authority key identifier: D7:FA:F3:A3:F2:14:0C:B7:C6:FF:0C:D6:A7:F5:61:4A:05:E4:E4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1_rzo_IUDLfG_wzWp_VhSgXk5Gc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/df94e2-7cc9-41a1-952f-f3797cfd65ae/1/7NSq62DxzveRiKh-QbHyvq2QHB4.roa
Signing time:             Mon 01 Jan 2024 12:29:23 +0000
ROA not before:           Mon 01 Jan 2024 12:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210103
IP address blocks:        146.19.11.0/24 maxlen: 24
                          2a12:1d00::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/df94e2-7cc9-41a1-952f-f3797cfd65ae/1/1_rzo_IUDLfG_wzWp_VhSgXk5Gc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/df94e2-7cc9-41a1-952f-f3797cfd65ae/1/1_rzo_IUDLfG_wzWp_VhSgXk5Gc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1_rzo_IUDLfG_wzWp_VhSgXk5Gc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:0b:b9:db:dc:19:52:42:42:b8:63:e1:08:ca:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d7faf3a3f2140cb7c6ff0cd6a7f5614a05e4e467
        Validity
            Not Before: Jan  1 12:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ecd4aaeb60f1cef79188a87e41b1f2bead901c1e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:4b:46:b6:e0:06:81:5e:a6:bf:e2:5d:68:f3:
                    1e:a4:04:e1:53:47:36:ff:88:16:a6:a8:6a:5c:e1:
                    ef:06:7b:61:36:5a:ef:78:31:02:67:dc:69:51:03:
                    a0:80:d0:57:e9:44:f2:fd:f2:20:c3:0b:ea:fc:f2:
                    c8:d4:3a:42:6e:c0:e0:05:80:92:c5:18:3b:2a:cd:
                    fc:fb:a6:ba:ea:ad:21:34:a6:5e:48:3f:33:f2:b9:
                    16:6d:d8:83:87:44:5d:05:0d:02:d3:0e:45:c6:a8:
                    bb:ce:a4:48:f7:71:ed:95:56:da:14:47:5a:bb:26:
                    e1:8d:0a:34:95:af:1f:ad:20:d4:5c:0a:d5:5a:35:
                    a3:63:31:28:ab:22:23:74:88:06:02:e0:67:00:44:
                    15:08:57:a3:ca:b0:58:93:da:64:cb:63:42:a5:3b:
                    a2:bd:a2:56:fd:8f:a2:1e:92:d6:40:61:7b:93:06:
                    92:1a:37:ff:24:6d:4c:57:85:fa:8f:28:01:02:31:
                    0d:63:88:12:19:cb:f5:19:01:69:f5:57:ce:cb:90:
                    ba:69:83:94:77:37:3c:f3:c7:95:aa:97:85:6d:0f:
                    fe:d9:bd:ae:1d:f1:b2:db:d9:bd:c5:48:17:13:a5:
                    84:90:f8:1e:2b:59:ee:7d:a6:92:39:51:0c:55:d6:
                    c7:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:D4:AA:EB:60:F1:CE:F7:91:88:A8:7E:41:B1:F2:BE:AD:90:1C:1E
            X509v3 Authority Key Identifier:
                keyid:D7:FA:F3:A3:F2:14:0C:B7:C6:FF:0C:D6:A7:F5:61:4A:05:E4:E4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1_rzo_IUDLfG_wzWp_VhSgXk5Gc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/df94e2-7cc9-41a1-952f-f3797cfd65ae/1/7NSq62DxzveRiKh-QbHyvq2QHB4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/df94e2-7cc9-41a1-952f-f3797cfd65ae/1/1_rzo_IUDLfG_wzWp_VhSgXk5Gc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.11.0/24
                IPv6:
                  2a12:1d00::/29

    Signature Algorithm: sha256WithRSAEncryption
         8d:61:13:75:0b:47:ec:0f:56:a4:ac:3f:e7:6e:1c:5f:de:d2:
         19:d8:de:42:6b:7d:b4:76:ba:4f:e2:cb:a2:9b:7d:2e:3e:71:
         6f:ec:f7:d7:63:24:a9:0e:ee:6e:a8:56:3f:23:2c:51:5f:ba:
         f5:d9:4b:a9:04:59:dd:2f:bb:91:2b:37:45:9d:11:b1:9c:62:
         4f:56:b2:fa:62:3c:72:d0:66:e0:4f:6f:db:6e:ca:7e:e1:e8:
         03:46:ae:e2:ee:99:d6:e9:e9:72:69:32:7f:05:22:62:b9:5f:
         33:e6:60:53:c5:9d:81:ce:55:6e:16:5f:5a:14:f1:d1:1e:13:
         d3:ea:2f:98:6d:38:e0:29:7f:db:94:34:42:76:e9:e4:31:20:
         16:6d:0f:75:41:87:65:3c:a9:ae:0d:44:14:0d:b1:7a:1d:72:
         d5:1d:70:fa:5e:20:72:87:f9:94:90:79:0e:b2:ef:52:52:3a:
         e1:a4:7c:d5:9b:05:a2:e6:fa:ac:7d:c4:3a:72:ec:6e:af:03:
         5d:d5:8f:0b:de:00:25:d5:90:2a:33:7d:f3:22:6e:23:ab:09:
         2b:d4:c6:5c:ef:37:67:18:37:f9:4e:bd:bf:a4:20:22:e6:2a:
         7f:14:6c:61:c8:69:05:91:65:93:b9:e7:4d:a5:f9:86:01:9f:
         3f:23:a9:fd
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFAAu529wZUkJCuGPhCMqEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3ZmFmM2EzZjIxNDBjYjdjNmZmMGNkNmE3ZjU2MTRhMDVl
NGU0NjcwHhcNMjQwMTAxMTIyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlY2Q0YWFlYjYwZjFjZWY3OTE4OGE4N2U0MWIxZjJiZWFkOTAxYzFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzUtGtuAGgV6mv+JdaPMepAThU0c2
/4gWpqhqXOHvBnthNlrveDECZ9xpUQOggNBX6UTy/fIgwwvq/PLI1DpCbsDgBYCS
xRg7Ks38+6a66q0hNKZeSD8z8rkWbdiDh0RdBQ0C0w5Fxqi7zqRI93HtlVbaFEda
uybhjQo0la8frSDUXArVWjWjYzEoqyIjdIgGAuBnAEQVCFejyrBYk9pky2NCpTui
vaJW/Y+iHpLWQGF7kwaSGjf/JG1MV4X6jygBAjENY4gSGcv1GQFp9VfOy5C6aYOU
dzc888eVqpeFbQ/+2b2uHfGy29m9xUgXE6WEkPgeK1nufaaSOVEMVdbH4QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOzUqutg8c73kYiofkGx8r6tkBweMB8GA1UdIwQY
MBaAFNf686PyFAy3xv8M1qf1YUoF5ORnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMV9yem9fSVVETGZHX3d6V3BfVmhTZ1hrNUdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9kZjk0ZTItN2NjOS00MWExLTk1MmYt
ZjM3OTdjZmQ2NWFlLzEvN05TcTYyRHh6dmVSaUtoLVFiSHl2cTJRSEI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9kZjk0ZTItN2NjOS00MWExLTk1MmYtZjM3OTdjZmQ2NWFl
LzEvMV9yem9fSVVETGZHX3d6V3BfVmhTZ1hrNUdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAkhMLMA0E
AgACMAcDBQMqEh0AMA0GCSqGSIb3DQEBCwUAA4IBAQCNYRN1C0fsD1akrD/nbhxf
3tIZ2N5Ca320drpP4suim30uPnFv7PfXYySpDu5uqFY/IyxRX7r12UupBFndL7uR
KzdFnRGxnGJPVrL6Yjxy0GbgT2/bbsp+4egDRq7i7pnW6elyaTJ/BSJiuV8z5mBT
xZ2BzlVuFl9aFPHRHhPT6i+YbTjgKX/blDRCdunkMSAWbQ91QYdlPKmuDUQUDbF6
HXLVHXD6XiByh/mUkHkOsu9SUjrhpHzVmwWi5vqsfcQ6cuxurwNd1Y8L3gAl1ZAq
M33zIm4jqwkr1MZc7zdnGDf5Tr2/pCAi5ip/FGxhyGkFkWWTuedNpfmGAZ8/I6n9
-----END CERTIFICATE-----