Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/b7NLI8Iwhax8WvLCjAzC1zD5tic.roa
File:                     b7NLI8Iwhax8WvLCjAzC1zD5tic.roa (raw, json)
Hash identifier:          eWpr8lcFL4vuto6u43xHrGG7xd2l6DwPVdwf1BHmX90=
Subject key identifier:   6F:B3:4B:23:C2:30:85:AC:7C:5A:F2:C2:8C:0C:C2:D7:30:F9:B6:27
Certificate issuer:       /CN=e7cf3884b78007a25dbe2e2cef0cc73b69921f88
Certificate serial:       01922CABCA22B9D1B73A3844FE50B2AEF470
Authority key identifier: E7:CF:38:84:B7:80:07:A2:5D:BE:2E:2C:EF:0C:C7:3B:69:92:1F:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5884hLeAB6Jdvi4s7wzHO2mSH4g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/b7NLI8Iwhax8WvLCjAzC1zD5tic.roa
Signing time:             Thu 26 Sep 2024 04:51:48 +0000
ROA not before:           Thu 26 Sep 2024 04:51:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60446
IP address blocks:        94.154.33.0/24 maxlen: 24
                          94.154.37.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/5884hLeAB6Jdvi4s7wzHO2mSH4g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/5884hLeAB6Jdvi4s7wzHO2mSH4g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5884hLeAB6Jdvi4s7wzHO2mSH4g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:2c:ab:ca:22:b9:d1:b7:3a:38:44:fe:50:b2:ae:f4:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7cf3884b78007a25dbe2e2cef0cc73b69921f88
        Validity
            Not Before: Sep 26 04:51:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6fb34b23c23085ac7c5af2c28c0cc2d730f9b627
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:0c:dc:bb:ed:5d:33:37:1c:89:7b:22:72:5a:
                    30:4e:f9:ff:3c:73:86:30:47:c1:30:74:be:8c:11:
                    73:06:6c:8f:47:99:5a:3b:84:2c:94:ea:5f:43:56:
                    38:df:77:b5:41:5d:f0:f2:5f:2a:95:2f:cb:d5:e5:
                    03:3d:28:31:d7:06:f8:d2:2c:91:b3:da:c6:84:b4:
                    4b:d0:54:b2:d7:de:71:2f:80:2f:c1:73:c0:ba:38:
                    a1:81:24:2f:72:8c:01:5c:04:40:52:3a:69:67:6e:
                    18:6c:68:e8:d5:2f:e4:59:02:5e:43:d5:b6:79:10:
                    16:7e:44:5b:29:21:45:d3:cf:a7:61:f9:10:47:77:
                    34:9a:cc:08:6a:df:16:bc:11:74:40:2b:65:5f:64:
                    4f:30:d6:ac:21:e6:0a:2a:d1:d8:9d:de:59:42:cb:
                    7c:be:b6:f7:59:66:0a:c5:d3:25:57:4b:d9:11:56:
                    a5:6b:d3:4f:2b:2b:36:4a:91:12:24:c5:77:08:7f:
                    7a:99:3b:88:bf:bd:21:ca:ac:f1:d3:08:cc:17:0a:
                    61:83:66:4d:43:e8:b2:2b:45:1b:3b:9e:d3:b1:14:
                    64:2b:aa:f0:75:b0:ed:39:28:9e:2f:c7:86:b7:c1:
                    c9:3d:51:ff:2b:14:aa:12:5c:30:49:d5:bf:12:9b:
                    ad:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:B3:4B:23:C2:30:85:AC:7C:5A:F2:C2:8C:0C:C2:D7:30:F9:B6:27
            X509v3 Authority Key Identifier:
                keyid:E7:CF:38:84:B7:80:07:A2:5D:BE:2E:2C:EF:0C:C7:3B:69:92:1F:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5884hLeAB6Jdvi4s7wzHO2mSH4g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/b7NLI8Iwhax8WvLCjAzC1zD5tic.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/5884hLeAB6Jdvi4s7wzHO2mSH4g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.154.33.0/24
                  94.154.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:85:03:ba:35:12:58:79:ae:57:41:16:7f:5b:9a:28:15:ec:
         13:66:26:dd:5d:80:52:10:e4:2d:33:64:6a:21:98:f5:14:1f:
         09:01:75:8e:ab:5e:00:dc:72:ab:79:9b:ad:43:55:56:53:d8:
         4b:11:6c:4c:b3:34:b2:36:04:7c:7f:9b:a9:c6:9c:7f:53:13:
         9e:69:83:4f:ab:2f:8c:07:3b:cf:10:a5:5e:cd:40:3d:e1:7a:
         03:1b:45:a5:83:fa:b9:29:14:1e:c8:ac:82:8c:b1:95:12:b3:
         3f:d3:d8:c1:fa:99:31:73:d5:22:92:8e:5c:b5:40:02:68:0e:
         c4:c8:35:50:79:7e:8f:62:ba:06:85:0c:0e:17:32:db:e1:56:
         5b:a6:25:ef:26:1b:80:5e:0d:cb:ee:5b:22:fe:fb:bc:5f:3b:
         b6:65:f2:69:18:af:29:31:9f:85:06:c8:3f:1f:2b:cc:1a:04:
         d9:00:23:5b:a6:1e:f2:2c:0c:94:3b:8c:f0:1b:cd:25:aa:db:
         48:e3:98:88:61:ac:fa:57:43:1f:07:20:12:a3:27:e0:54:44:
         ac:91:71:18:21:4d:0c:36:c5:9c:c5:33:18:c5:a6:24:cb:97:
         35:d6:d0:28:48:16:78:37:91:66:ca:5f:56:56:e1:4a:ca:d8:
         ed:b4:e6:24
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZIsq8oiudG3OjhE/lCyrvRwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3Y2YzODg0Yjc4MDA3YTI1ZGJlMmUyY2VmMGNjNzNiNjk5
MjFmODgwHhcNMjQwOTI2MDQ1MTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmIzNGIyM2MyMzA4NWFjN2M1YWYyYzI4YzBjYzJkNzMwZjliNjI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmwzcu+1dMzcciXsiclowTvn/PHOG
MEfBMHS+jBFzBmyPR5laO4QslOpfQ1Y433e1QV3w8l8qlS/L1eUDPSgx1wb40iyR
s9rGhLRL0FSy195xL4AvwXPAujihgSQvcowBXARAUjppZ24YbGjo1S/kWQJeQ9W2
eRAWfkRbKSFF08+nYfkQR3c0mswIat8WvBF0QCtlX2RPMNasIeYKKtHYnd5ZQst8
vrb3WWYKxdMlV0vZEVala9NPKys2SpESJMV3CH96mTuIv70hyqzx0wjMFwphg2ZN
Q+iyK0UbO57TsRRkK6rwdbDtOSieL8eGt8HJPVH/KxSqElwwSdW/EputBQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFG+zSyPCMIWsfFrywowMwtcw+bYnMB8GA1UdIwQY
MBaAFOfPOIS3gAeiXb4uLO8Mxztpkh+IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTg4NGhMZUFCNkpkdmk0czd3ekhPMm1TSDRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC80ZTdiYzctMjYwZS00N2U2LTgzODgt
YTE4NGYzNTU2ZTQzLzEvYjdOTEk4SXdoYXg4V3ZMQ2pBekMxekQ1dGljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC80ZTdiYzctMjYwZS00N2U2LTgzODgtYTE4NGYzNTU2ZTQz
LzEvNTg4NGhMZUFCNkpkdmk0czd3ekhPMm1TSDRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXpohAwQA
XpolMA0GCSqGSIb3DQEBCwUAA4IBAQAYhQO6NRJYea5XQRZ/W5ooFewTZibdXYBS
EOQtM2RqIZj1FB8JAXWOq14A3HKreZutQ1VWU9hLEWxMszSyNgR8f5upxpx/UxOe
aYNPqy+MBzvPEKVezUA94XoDG0Wlg/q5KRQeyKyCjLGVErM/09jB+pkxc9Uiko5c
tUACaA7EyDVQeX6PYroGhQwOFzLb4VZbpiXvJhuAXg3L7lsi/vu8Xzu2ZfJpGK8p
MZ+FBsg/HyvMGgTZACNbph7yLAyUO4zwG80lqttI45iIYaz6V0MfByASoyfgVESs
kXEYIU0MNsWcxTMYxaYky5c11tAoSBZ4N5Fmyl9WVuFKytjttOYk
-----END CERTIFICATE-----