Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/9c4fb0-c475-4204-9987-0a91cadbee66/1/jXxZZoV40HMpWKgqtNur5h3GeQU.roa
File:                     jXxZZoV40HMpWKgqtNur5h3GeQU.roa (raw, json)
Hash identifier:          vYXtS9Bmp7xv8r9AEfrnH+eBfypPiDQhhlRlsEwCOds=
Subject key identifier:   8D:7C:59:66:85:78:D0:73:29:58:A8:2A:B4:DB:AB:E6:1D:C6:79:05
Certificate issuer:       /CN=4f6a9444adaa523c5768e9f6be14065183ac20a8
Certificate serial:       018CC6B79531365D2E18E6CEBB11A384D888
Authority key identifier: 4F:6A:94:44:AD:AA:52:3C:57:68:E9:F6:BE:14:06:51:83:AC:20:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T2qURK2qUjxXaOn2vhQGUYOsIKg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/9c4fb0-c475-4204-9987-0a91cadbee66/1/jXxZZoV40HMpWKgqtNur5h3GeQU.roa
Signing time:             Mon 01 Jan 2024 20:29:29 +0000
ROA not before:           Mon 01 Jan 2024 20:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42910
IP address blocks:        185.7.179.0/24 maxlen: 24
                          185.7.178.0/24 maxlen: 24
                          185.7.177.0/24 maxlen: 24
                          185.7.176.0/22 maxlen: 22
                          185.7.176.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/9c4fb0-c475-4204-9987-0a91cadbee66/1/T2qURK2qUjxXaOn2vhQGUYOsIKg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/9c4fb0-c475-4204-9987-0a91cadbee66/1/T2qURK2qUjxXaOn2vhQGUYOsIKg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T2qURK2qUjxXaOn2vhQGUYOsIKg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:95:31:36:5d:2e:18:e6:ce:bb:11:a3:84:d8:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f6a9444adaa523c5768e9f6be14065183ac20a8
        Validity
            Not Before: Jan  1 20:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8d7c59668578d0732958a82ab4dbabe61dc67905
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:f1:53:a7:14:68:78:a7:57:b7:06:17:a8:cd:
                    de:33:21:57:fd:32:42:c6:30:d4:d8:86:4c:32:16:
                    84:58:ed:ba:43:dd:1e:cc:87:9d:57:b5:ac:0a:f5:
                    37:37:99:37:1e:37:b9:11:c3:f2:8b:70:bf:7a:7d:
                    c1:d7:4d:c8:27:2d:03:e5:71:41:a8:0c:b9:40:e2:
                    37:c6:63:2b:3f:d9:54:00:e5:0c:14:5d:8f:11:f7:
                    1e:2a:2b:b6:c8:71:30:c1:b0:e5:62:98:de:84:df:
                    67:4d:ca:e9:8b:eb:d2:6f:07:66:33:a2:c4:4e:68:
                    a8:f2:9e:e8:54:02:ea:e0:36:c2:90:a5:d3:30:06:
                    61:62:e1:db:ae:93:0c:af:8f:f0:27:b5:22:d5:c8:
                    6b:72:a1:ff:8b:86:7c:36:5b:d5:42:a7:bf:0f:b0:
                    15:66:84:3e:65:2e:8e:a2:1b:6c:25:37:97:db:27:
                    a6:cb:0d:76:3e:65:b3:81:1b:35:01:02:c1:ab:29:
                    3b:6d:88:d0:03:11:af:9f:7b:12:61:25:f6:13:b6:
                    b5:49:d4:cb:05:d4:9e:1e:e2:ae:73:c1:94:8c:ae:
                    0e:20:1d:8b:ff:15:f4:58:6d:7b:5b:a8:db:6f:16:
                    1f:47:02:68:7f:16:25:2d:4c:fa:2f:fe:33:db:6e:
                    16:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:7C:59:66:85:78:D0:73:29:58:A8:2A:B4:DB:AB:E6:1D:C6:79:05
            X509v3 Authority Key Identifier:
                keyid:4F:6A:94:44:AD:AA:52:3C:57:68:E9:F6:BE:14:06:51:83:AC:20:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T2qURK2qUjxXaOn2vhQGUYOsIKg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9c4fb0-c475-4204-9987-0a91cadbee66/1/jXxZZoV40HMpWKgqtNur5h3GeQU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9c4fb0-c475-4204-9987-0a91cadbee66/1/T2qURK2qUjxXaOn2vhQGUYOsIKg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.7.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8e:71:39:dc:cf:c7:be:3e:39:18:37:24:38:ce:8f:61:ad:db:
         4e:a8:d1:3e:82:c0:3d:9e:7d:ed:3e:a1:85:02:6d:aa:53:f3:
         0e:20:7c:af:1e:59:69:30:25:7c:b2:2f:8d:ed:08:11:7f:f8:
         29:61:fc:53:c0:28:0e:25:38:83:ab:59:a7:cb:4e:5a:84:3e:
         5c:ed:d9:44:9c:e3:c9:de:36:97:14:92:88:91:a3:33:99:ab:
         61:82:d5:05:4c:d8:0d:0c:04:90:2d:e9:4f:c7:fc:12:71:65:
         00:7e:c5:72:83:80:01:41:55:1f:85:44:c2:12:63:7c:34:e1:
         df:2c:40:69:8c:94:15:1f:25:99:c8:4f:3c:ea:24:d3:5f:f5:
         08:c8:d7:24:72:f2:96:e9:f4:1f:aa:c4:5d:f9:f0:c9:70:23:
         d2:69:db:61:f4:b5:0e:e4:a3:a6:6c:ec:2d:e6:67:ad:f6:15:
         74:51:0c:60:1d:02:34:da:0a:0d:d4:5a:3f:f3:e3:e0:e8:61:
         95:72:b9:00:70:f1:e7:c4:1c:26:1c:b1:fc:08:97:f0:d6:db:
         25:a4:8f:9c:af:26:f1:b0:40:00:5a:fc:60:81:a3:fb:ef:17:
         f9:db:f8:ea:f0:7a:09:fc:0e:18:bc:9a:a9:1a:22:1b:7a:a0:
         e1:fb:3a:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt5UxNl0uGObOuxGjhNiIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmNmE5NDQ0YWRhYTUyM2M1NzY4ZTlmNmJlMTQwNjUxODNh
YzIwYTgwHhcNMjQwMTAxMjAyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDdjNTk2Njg1NzhkMDczMjk1OGE4MmFiNGRiYWJlNjFkYzY3OTA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAovFTpxRoeKdXtwYXqM3eMyFX/TJC
xjDU2IZMMhaEWO26Q90ezIedV7WsCvU3N5k3Hje5EcPyi3C/en3B103IJy0D5XFB
qAy5QOI3xmMrP9lUAOUMFF2PEfceKiu2yHEwwbDlYpjehN9nTcrpi+vSbwdmM6LE
Tmio8p7oVALq4DbCkKXTMAZhYuHbrpMMr4/wJ7Ui1chrcqH/i4Z8NlvVQqe/D7AV
ZoQ+ZS6OohtsJTeX2yemyw12PmWzgRs1AQLBqyk7bYjQAxGvn3sSYSX2E7a1SdTL
BdSeHuKuc8GUjK4OIB2L/xX0WG17W6jbbxYfRwJofxYlLUz6L/4z224WOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI18WWaFeNBzKVioKrTbq+YdxnkFMB8GA1UdIwQY
MBaAFE9qlEStqlI8V2jp9r4UBlGDrCCoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDJxVVJLMnFVanhYYU9uMnZoUUdVWU9zSUtnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC85YzRmYjAtYzQ3NS00MjA0LTk5ODct
MGE5MWNhZGJlZTY2LzEvalh4WlpvVjQwSE1wV0tncXROdXI1aDNHZVFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC85YzRmYjAtYzQ3NS00MjA0LTk5ODctMGE5MWNhZGJlZTY2
LzEvVDJxVVJLMnFVanhYYU9uMnZoUUdVWU9zSUtnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuQewMA0G
CSqGSIb3DQEBCwUAA4IBAQCOcTncz8e+PjkYNyQ4zo9hrdtOqNE+gsA9nn3tPqGF
Am2qU/MOIHyvHllpMCV8si+N7QgRf/gpYfxTwCgOJTiDq1mny05ahD5c7dlEnOPJ
3jaXFJKIkaMzmathgtUFTNgNDASQLelPx/wScWUAfsVyg4ABQVUfhUTCEmN8NOHf
LEBpjJQVHyWZyE886iTTX/UIyNckcvKW6fQfqsRd+fDJcCPSadth9LUO5KOmbOwt
5met9hV0UQxgHQI02goN1Fo/8+Pg6GGVcrkAcPHnxBwmHLH8CJfw1tslpI+crybx
sEAAWvxggaP77xf52/jq8HoJ/A4YvJqpGiIbeqDh+zoa
-----END CERTIFICATE-----