Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/7Gz7F6SbjnOu6GPRgEBfeNd7Bow.roa
File:                     7Gz7F6SbjnOu6GPRgEBfeNd7Bow.roa (raw, json)
Hash identifier:          bmIKpMupbrZARbJLk4eDVsqE2D47xdr4gwMqDJDsAeI=
Subject key identifier:   EC:6C:FB:17:A4:9B:8E:73:AE:E8:63:D1:80:40:5F:78:D7:7B:06:8C
Certificate issuer:       /CN=002647c801fb58fcfaac135bb48f5e61fea7e566
Certificate serial:       0190063943C93CE9FCF73EFBE9D2DBA6B842
Authority key identifier: 00:26:47:C8:01:FB:58:FC:FA:AC:13:5B:B4:8F:5E:61:FE:A7:E5:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ACZHyAH7WPz6rBNbtI9eYf6n5WY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/7Gz7F6SbjnOu6GPRgEBfeNd7Bow.roa
Signing time:             Tue 11 Jun 2024 07:35:34 +0000
ROA not before:           Tue 11 Jun 2024 07:35:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     142146
IP address blocks:        185.148.70.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/ACZHyAH7WPz6rBNbtI9eYf6n5WY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/ACZHyAH7WPz6rBNbtI9eYf6n5WY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ACZHyAH7WPz6rBNbtI9eYf6n5WY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 10 Nov 2024 11:00:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:06:39:43:c9:3c:e9:fc:f7:3e:fb:e9:d2:db:a6:b8:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=002647c801fb58fcfaac135bb48f5e61fea7e566
        Validity
            Not Before: Jun 11 07:35:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ec6cfb17a49b8e73aee863d180405f78d77b068c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:f3:35:10:70:65:02:70:04:44:53:95:b9:26:
                    26:b1:cc:e0:f0:0f:4f:0c:9e:30:de:9a:9b:2d:c7:
                    d2:be:73:b1:bb:8c:82:85:b1:47:10:08:fd:31:f0:
                    cd:7f:29:ac:05:e5:b0:b4:ae:12:ff:b0:69:d5:84:
                    8e:5b:a0:a8:b3:5a:0b:1a:3d:6f:61:56:9c:56:64:
                    f0:bb:8b:16:b0:4e:b7:ca:41:b0:ef:a2:89:8d:59:
                    3f:77:f4:65:57:5c:d4:c8:c9:49:2b:ef:5a:fd:be:
                    d8:45:c7:18:7e:05:b4:33:a6:29:ae:60:2f:80:11:
                    08:73:34:f8:86:44:5f:9a:09:3f:a9:ca:11:2d:43:
                    bc:76:ae:f3:30:05:a7:36:d9:be:a0:c4:a3:a9:22:
                    0c:d6:ed:4e:74:38:8c:ed:d2:22:78:7b:45:e5:bf:
                    d0:1c:4e:6e:9d:09:f0:38:fd:58:c6:b7:81:87:92:
                    24:fb:76:b7:17:f6:09:5e:a8:54:55:73:a8:9f:68:
                    24:b9:4a:96:8c:c2:63:ec:9d:d8:f0:0b:c2:77:64:
                    a2:a6:9a:3a:30:3d:3d:dc:21:45:47:5b:96:50:5b:
                    d1:36:21:8d:da:a8:78:37:79:d3:f2:1b:46:5e:71:
                    0c:d4:01:d9:d3:e0:6e:45:2f:23:b7:f1:71:ac:a7:
                    90:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:6C:FB:17:A4:9B:8E:73:AE:E8:63:D1:80:40:5F:78:D7:7B:06:8C
            X509v3 Authority Key Identifier:
                keyid:00:26:47:C8:01:FB:58:FC:FA:AC:13:5B:B4:8F:5E:61:FE:A7:E5:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ACZHyAH7WPz6rBNbtI9eYf6n5WY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/7Gz7F6SbjnOu6GPRgEBfeNd7Bow.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/ACZHyAH7WPz6rBNbtI9eYf6n5WY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.148.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:b4:a7:1c:16:dc:a5:0a:9c:10:0c:dc:ee:46:b9:26:fc:2e:
         b6:4c:b1:ab:12:2c:ac:45:e2:1a:2a:64:11:f5:95:b5:01:b3:
         4d:1f:85:19:d1:37:de:2d:44:d7:3b:61:4b:e5:84:d1:aa:42:
         ff:2e:2a:05:00:8d:06:38:13:ee:eb:88:57:40:61:16:d7:e9:
         16:96:92:7e:74:35:cd:8e:d3:da:34:4a:7f:53:92:f0:3f:cf:
         03:96:47:2c:6d:7c:57:09:c7:b3:1d:f0:f4:f4:1a:7a:c0:9f:
         d0:c0:65:df:0c:56:c4:df:c6:93:9d:bd:cc:67:66:98:a2:6b:
         b6:db:fc:b1:79:16:03:88:b6:6e:11:d9:1a:1c:ce:f9:da:1c:
         d3:a4:6d:52:86:8d:2f:1d:b6:e1:9d:68:e0:f4:9d:b1:92:42:
         52:a2:9d:ce:db:20:d8:dc:c6:25:98:81:6e:93:51:3e:84:16:
         2d:82:b7:fc:3c:de:bd:a6:27:e5:5e:2c:bf:f8:bf:50:ea:e7:
         2b:18:7d:6e:80:05:fd:df:cd:15:a6:3e:f6:68:26:47:b6:39:
         13:f7:42:7a:e4:bc:0d:57:5c:0c:c3:8c:a1:ed:a9:b3:92:a1:
         06:b3:86:0f:1d:59:21:cd:9b:59:42:65:ad:62:68:d5:af:ce:
         14:e8:b8:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZAGOUPJPOn89z776dLbprhCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwMjY0N2M4MDFmYjU4ZmNmYWFjMTM1YmI0OGY1ZTYxZmVh
N2U1NjYwHhcNMjQwNjExMDczNTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzZjZmIxN2E0OWI4ZTczYWVlODYzZDE4MDQwNWY3OGQ3N2IwNjhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw/M1EHBlAnAERFOVuSYmsczg8A9P
DJ4w3pqbLcfSvnOxu4yChbFHEAj9MfDNfymsBeWwtK4S/7Bp1YSOW6Cos1oLGj1v
YVacVmTwu4sWsE63ykGw76KJjVk/d/RlV1zUyMlJK+9a/b7YRccYfgW0M6YprmAv
gBEIczT4hkRfmgk/qcoRLUO8dq7zMAWnNtm+oMSjqSIM1u1OdDiM7dIieHtF5b/Q
HE5unQnwOP1YxreBh5Ik+3a3F/YJXqhUVXOon2gkuUqWjMJj7J3Y8AvCd2Sippo6
MD093CFFR1uWUFvRNiGN2qh4N3nT8htGXnEM1AHZ0+BuRS8jt/FxrKeQ7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOxs+xekm45zruhj0YBAX3jXewaMMB8GA1UdIwQY
MBaAFAAmR8gB+1j8+qwTW7SPXmH+p+VmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUNaSHlBSDdXUHo2ckJOYnRJOWVZZjZuNVdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC9jZmMwNmYtODJiZS00OWZiLWJjODIt
OTRlZmJmNWNlY2Q0LzEvN0d6N0Y2U2Jqbk91NkdQUmdFQmZlTmQ3Qm93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC9jZmMwNmYtODJiZS00OWZiLWJjODItOTRlZmJmNWNlY2Q0
LzEvQUNaSHlBSDdXUHo2ckJOYnRJOWVZZjZuNVdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZRGMA0G
CSqGSIb3DQEBCwUAA4IBAQBVtKccFtylCpwQDNzuRrkm/C62TLGrEiysReIaKmQR
9ZW1AbNNH4UZ0TfeLUTXO2FL5YTRqkL/LioFAI0GOBPu64hXQGEW1+kWlpJ+dDXN
jtPaNEp/U5LwP88DlkcsbXxXCcezHfD09Bp6wJ/QwGXfDFbE38aTnb3MZ2aYomu2
2/yxeRYDiLZuEdkaHM752hzTpG1Sho0vHbbhnWjg9J2xkkJSop3O2yDY3MYlmIFu
k1E+hBYtgrf8PN69piflXiy/+L9Q6ucrGH1ugAX9380Vpj72aCZHtjkT90J65LwN
V1wMw4yh7amzkqEGs4YPHVkhzZtZQmWtYmjVr84U6LjR
-----END CERTIFICATE-----