Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/76e07c-8a32-489d-91d1-b184e3f4b50e/1/7TRbsGhzrO0599svAEtwSgPzAhc.roa
File:                     7TRbsGhzrO0599svAEtwSgPzAhc.roa (raw, json)
Hash identifier:          W3VT9OquRIsAh2qTrbG0g8QkGqxQgHgPGhS6fP34/Qo=
Subject key identifier:   ED:34:5B:B0:68:73:AC:ED:39:F7:DB:2F:00:4B:70:4A:03:F3:02:17
Certificate issuer:       /CN=3c4d3fb044eb1c0a11be0602aceef88e5f5d2ddf
Certificate serial:       01941FFA1019785ABBBB7410234E46992A16
Authority key identifier: 3C:4D:3F:B0:44:EB:1C:0A:11:BE:06:02:AC:EE:F8:8E:5F:5D:2D:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PE0_sETrHAoRvgYCrO74jl9dLd8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/76e07c-8a32-489d-91d1-b184e3f4b50e/1/7TRbsGhzrO0599svAEtwSgPzAhc.roa
Signing time:             Wed 01 Jan 2025 03:47:49 +0000
ROA not before:           Wed 01 Jan 2025 03:47:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     4755
IP address blocks:        86.36.20.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/76e07c-8a32-489d-91d1-b184e3f4b50e/1/PE0_sETrHAoRvgYCrO74jl9dLd8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/76e07c-8a32-489d-91d1-b184e3f4b50e/1/PE0_sETrHAoRvgYCrO74jl9dLd8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PE0_sETrHAoRvgYCrO74jl9dLd8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:10:19:78:5a:bb:bb:74:10:23:4e:46:99:2a:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3c4d3fb044eb1c0a11be0602aceef88e5f5d2ddf
        Validity
            Not Before: Jan  1 03:47:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ed345bb06873aced39f7db2f004b704a03f30217
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:0a:bb:01:10:9c:36:21:5b:31:dc:b4:2f:43:
                    fa:30:dc:53:96:45:19:f3:38:7a:dc:33:5e:80:dc:
                    9f:8f:bb:cc:e2:be:73:ac:8a:96:4e:60:b8:f2:44:
                    2d:a6:85:b0:34:6e:f0:e5:7b:3f:aa:04:56:6d:21:
                    38:bf:f4:c6:56:3e:54:f2:8f:e4:d4:d4:67:74:bd:
                    3f:ab:6d:7f:b2:22:42:f8:30:5a:f7:ec:5b:c7:2d:
                    57:ba:3c:27:43:42:b1:7c:c8:12:84:3c:ff:06:ec:
                    0e:2e:73:b6:b9:f0:9f:f2:c5:05:9b:43:a0:f9:fb:
                    41:d4:e6:8f:f9:47:2e:80:37:99:72:a6:22:e1:09:
                    ce:0c:f9:d7:b3:ee:47:26:3c:10:15:0b:d6:51:df:
                    50:3e:0c:a5:7f:48:01:71:2c:24:fb:33:c0:65:40:
                    7d:08:90:54:41:44:25:f3:4d:da:a7:07:bc:d4:a1:
                    24:65:c8:d3:71:8b:30:36:bf:9c:95:6f:49:85:7b:
                    60:a8:8b:91:85:10:c1:97:db:6b:33:dc:f4:e9:2b:
                    54:e4:00:53:a8:2a:f0:f5:76:fa:12:e3:1c:1d:65:
                    ab:c1:89:6d:98:0b:46:b1:76:c7:b5:dc:b7:56:a4:
                    1b:27:88:24:33:47:67:50:e4:c2:bd:ed:59:90:49:
                    20:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:34:5B:B0:68:73:AC:ED:39:F7:DB:2F:00:4B:70:4A:03:F3:02:17
            X509v3 Authority Key Identifier:
                keyid:3C:4D:3F:B0:44:EB:1C:0A:11:BE:06:02:AC:EE:F8:8E:5F:5D:2D:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PE0_sETrHAoRvgYCrO74jl9dLd8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/76e07c-8a32-489d-91d1-b184e3f4b50e/1/7TRbsGhzrO0599svAEtwSgPzAhc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/76e07c-8a32-489d-91d1-b184e3f4b50e/1/PE0_sETrHAoRvgYCrO74jl9dLd8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.36.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7e:db:d0:c2:a4:b3:f1:8a:65:f0:17:65:d1:f6:94:cf:e3:cd:
         c5:5c:d6:cb:33:7b:7c:55:2b:b0:b2:b2:f3:fc:58:95:2e:cc:
         a9:1f:0a:c5:21:22:66:cc:21:fd:81:49:81:60:14:f3:97:1f:
         87:99:5c:ee:65:e3:d1:17:84:ab:93:8c:2b:dc:3a:4c:84:bf:
         a0:01:61:a6:fc:7f:10:75:e6:bb:b5:ee:07:ea:64:c9:07:81:
         2b:99:b2:86:67:ad:f4:36:ed:4d:d6:19:65:f1:3c:43:63:dc:
         ec:2b:9f:67:a9:b5:0e:93:c7:4a:0c:38:32:0b:e6:7b:f3:aa:
         8a:43:99:a1:72:2b:6c:d9:d8:64:bd:88:97:17:0b:eb:51:be:
         7e:4a:a7:6e:56:72:ec:d4:ca:0b:82:06:91:a2:6d:c7:79:cf:
         75:46:f6:f7:d5:fb:d1:33:76:ab:7d:00:91:e9:d1:67:ea:56:
         e3:c9:81:41:1a:b0:69:4a:03:50:f2:ff:07:78:9f:75:79:eb:
         c1:7e:0d:88:bf:94:14:11:09:9f:3d:fd:0a:82:f2:6c:d8:1d:
         dd:46:f3:79:80:06:30:63:82:75:cb:76:2f:28:20:ff:f3:79:
         78:86:b5:c7:71:3e:49:96:a8:24:66:db:5f:a6:0b:0b:1e:0f:
         3f:43:2b:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+hAZeFq7u3QQI05GmSoWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjNGQzZmIwNDRlYjFjMGExMWJlMDYwMmFjZWVmODhlNWY1
ZDJkZGYwHhcNMjUwMTAxMDM0NzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDM0NWJiMDY4NzNhY2VkMzlmN2RiMmYwMDRiNzA0YTAzZjMwMjE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtgq7ARCcNiFbMdy0L0P6MNxTlkUZ
8zh63DNegNyfj7vM4r5zrIqWTmC48kQtpoWwNG7w5Xs/qgRWbSE4v/TGVj5U8o/k
1NRndL0/q21/siJC+DBa9+xbxy1XujwnQ0KxfMgShDz/BuwOLnO2ufCf8sUFm0Og
+ftB1OaP+UcugDeZcqYi4QnODPnXs+5HJjwQFQvWUd9QPgylf0gBcSwk+zPAZUB9
CJBUQUQl803apwe81KEkZcjTcYswNr+clW9JhXtgqIuRhRDBl9trM9z06StU5ABT
qCrw9Xb6EuMcHWWrwYltmAtGsXbHtdy3VqQbJ4gkM0dnUOTCve1ZkEkgRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO00W7Boc6ztOffbLwBLcEoD8wIXMB8GA1UdIwQY
MBaAFDxNP7BE6xwKEb4GAqzu+I5fXS3fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUEUwX3NFVHJIQW9SdmdZQ3JPNzRqbDlkTGQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS83NmUwN2MtOGEzMi00ODlkLTkxZDEt
YjE4NGUzZjRiNTBlLzEvN1RSYnNHaHpyTzA1OTlzdkFFdHdTZ1B6QWhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS83NmUwN2MtOGEzMi00ODlkLTkxZDEtYjE4NGUzZjRiNTBl
LzEvUEUwX3NFVHJIQW9SdmdZQ3JPNzRqbDlkTGQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCViQUMA0G
CSqGSIb3DQEBCwUAA4IBAQB+29DCpLPximXwF2XR9pTP483FXNbLM3t8VSuwsrLz
/FiVLsypHwrFISJmzCH9gUmBYBTzlx+HmVzuZePRF4Srk4wr3DpMhL+gAWGm/H8Q
dea7te4H6mTJB4ErmbKGZ630Nu1N1hll8TxDY9zsK59nqbUOk8dKDDgyC+Z786qK
Q5mhcits2dhkvYiXFwvrUb5+SqduVnLs1MoLggaRom3Hec91Rvb31fvRM3arfQCR
6dFn6lbjyYFBGrBpSgNQ8v8HeJ91eevBfg2Iv5QUEQmfPf0KgvJs2B3dRvN5gAYw
Y4J1y3YvKCD/83l4hrXHcT5JlqgkZttfpgsLHg8/Qysg
-----END CERTIFICATE-----