Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/fb8ca2-9fc9-4898-b048-52a368cac403/1/7bPKhXsGBS37j0edM7zhsP2uf5Y.roa
File:                     7bPKhXsGBS37j0edM7zhsP2uf5Y.roa (raw, json)
Hash identifier:          a8JhEnBpC8dFzPGjHqRtJfMHDon2SxFOxBndl8iBZwQ=
Subject key identifier:   ED:B3:CA:85:7B:06:05:2D:FB:8F:47:9D:33:BC:E1:B0:FD:AE:7F:96
Certificate issuer:       /CN=12f1bb611f2b7a37800f49c6c125c5ee98b719c5
Certificate serial:       018CC2DB39C618B84638850572224E7ED351
Authority key identifier: 12:F1:BB:61:1F:2B:7A:37:80:0F:49:C6:C1:25:C5:EE:98:B7:19:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EvG7YR8rejeAD0nGwSXF7pi3GcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/fb8ca2-9fc9-4898-b048-52a368cac403/1/7bPKhXsGBS37j0edM7zhsP2uf5Y.roa
Signing time:             Mon 01 Jan 2024 02:29:56 +0000
ROA not before:           Mon 01 Jan 2024 02:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        176.119.194.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/fb8ca2-9fc9-4898-b048-52a368cac403/1/EvG7YR8rejeAD0nGwSXF7pi3GcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/fb8ca2-9fc9-4898-b048-52a368cac403/1/EvG7YR8rejeAD0nGwSXF7pi3GcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EvG7YR8rejeAD0nGwSXF7pi3GcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 07:01:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:39:c6:18:b8:46:38:85:05:72:22:4e:7e:d3:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12f1bb611f2b7a37800f49c6c125c5ee98b719c5
        Validity
            Not Before: Jan  1 02:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=edb3ca857b06052dfb8f479d33bce1b0fdae7f96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:22:bc:a4:36:84:9e:5c:e0:ad:df:61:64:63:
                    d5:8b:89:b6:95:60:1d:61:07:34:18:92:00:d0:05:
                    7b:85:e0:a0:4d:3b:6c:c1:db:c4:f3:6e:ad:d5:77:
                    d9:3e:07:55:e5:1b:bc:a5:81:40:70:0a:63:b1:bd:
                    e2:6d:70:c3:b7:7b:85:27:6f:00:23:27:4b:43:cc:
                    fd:e5:77:e6:33:6b:a3:a6:cf:f3:b5:53:cb:4a:a3:
                    bf:97:4d:f2:f9:e3:c5:e6:aa:70:c5:f9:2f:32:3a:
                    30:c7:84:49:46:a7:2e:d0:2d:79:79:53:bf:54:70:
                    5a:35:cc:43:5b:ca:79:1e:e1:e2:33:49:9b:49:bd:
                    51:cb:81:dc:85:cb:2c:1b:a4:6f:23:30:f4:83:f3:
                    3d:a7:26:05:e2:a9:75:02:d6:07:f7:0d:33:80:46:
                    2b:01:c2:2f:be:01:54:00:c2:2b:d0:da:44:57:c2:
                    ba:00:87:39:fc:cb:23:08:8e:26:32:00:59:01:6e:
                    6b:80:30:56:7a:1f:e9:f9:70:91:3f:a4:ce:42:5b:
                    c5:6a:00:07:36:98:5b:f2:cb:eb:46:05:41:19:fa:
                    0e:be:d9:20:2c:88:e5:a5:0b:6f:ed:e3:eb:4c:82:
                    7d:e8:1e:33:61:e9:e8:e7:0a:03:6f:84:86:02:85:
                    e4:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:B3:CA:85:7B:06:05:2D:FB:8F:47:9D:33:BC:E1:B0:FD:AE:7F:96
            X509v3 Authority Key Identifier:
                keyid:12:F1:BB:61:1F:2B:7A:37:80:0F:49:C6:C1:25:C5:EE:98:B7:19:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EvG7YR8rejeAD0nGwSXF7pi3GcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/fb8ca2-9fc9-4898-b048-52a368cac403/1/7bPKhXsGBS37j0edM7zhsP2uf5Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/fb8ca2-9fc9-4898-b048-52a368cac403/1/EvG7YR8rejeAD0nGwSXF7pi3GcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.119.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:5d:1a:71:5e:15:97:49:f1:f9:80:12:09:4f:fe:ba:1a:5b:
         e4:2e:77:90:35:45:eb:bf:9c:b6:53:21:8c:0d:da:ff:83:47:
         dc:08:40:f4:02:61:68:8f:ac:26:f0:f2:2f:fb:b2:0e:ff:e8:
         35:a0:a1:73:bc:86:01:9a:17:1f:e4:af:d9:3c:a7:70:b2:c5:
         db:3e:98:62:12:a8:1b:51:de:a1:a5:02:82:90:95:df:c6:e5:
         99:f3:76:30:00:e5:0b:b8:2a:21:df:6e:6a:09:48:80:39:ca:
         68:9b:e8:8a:62:b2:2b:af:a9:90:0a:5a:fe:bf:1f:e2:7b:b6:
         89:9f:88:a3:5b:3b:a3:4a:30:82:77:80:bb:fd:f3:03:03:7e:
         72:fb:e3:e3:c7:3e:43:43:b4:ee:9d:e0:43:e5:ec:9c:05:69:
         b7:a4:bc:ab:20:2a:e7:9b:27:24:5a:31:94:d2:ce:25:33:b3:
         64:38:89:1e:33:53:b9:da:54:11:3d:b2:da:a2:e1:2b:7a:af:
         e0:cd:e0:1f:86:c2:d7:88:00:55:4b:48:53:03:cd:fe:c9:f5:
         c4:94:f7:a4:3c:64:e6:82:cf:88:f8:2e:f6:d6:22:fa:0b:da:
         7d:43:0b:f7:d8:7d:65:b9:b5:b9:ab:15:cb:ce:a8:f7:fc:81:
         06:fe:52:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2znGGLhGOIUFciJOftNRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyZjFiYjYxMWYyYjdhMzc4MDBmNDljNmMxMjVjNWVlOThi
NzE5YzUwHhcNMjQwMTAxMDIyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZGIzY2E4NTdiMDYwNTJkZmI4ZjQ3OWQzM2JjZTFiMGZkYWU3Zjk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnCK8pDaEnlzgrd9hZGPVi4m2lWAd
YQc0GJIA0AV7heCgTTtswdvE826t1XfZPgdV5Ru8pYFAcApjsb3ibXDDt3uFJ28A
IydLQ8z95XfmM2ujps/ztVPLSqO/l03y+ePF5qpwxfkvMjowx4RJRqcu0C15eVO/
VHBaNcxDW8p5HuHiM0mbSb1Ry4HchcssG6RvIzD0g/M9pyYF4ql1AtYH9w0zgEYr
AcIvvgFUAMIr0NpEV8K6AIc5/MsjCI4mMgBZAW5rgDBWeh/p+XCRP6TOQlvFagAH
Nphb8svrRgVBGfoOvtkgLIjlpQtv7ePrTIJ96B4zYeno5woDb4SGAoXkuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO2zyoV7BgUt+49HnTO84bD9rn+WMB8GA1UdIwQY
MBaAFBLxu2EfK3o3gA9JxsElxe6YtxnFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXZHN1lSOHJlamVBRDBuR3dTWEY3cGkzR2NVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi9mYjhjYTItOWZjOS00ODk4LWIwNDgt
NTJhMzY4Y2FjNDAzLzEvN2JQS2hYc0dCUzM3ajBlZE03emhzUDJ1ZjVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi9mYjhjYTItOWZjOS00ODk4LWIwNDgtNTJhMzY4Y2FjNDAz
LzEvRXZHN1lSOHJlamVBRDBuR3dTWEY3cGkzR2NVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHfCMA0G
CSqGSIb3DQEBCwUAA4IBAQAaXRpxXhWXSfH5gBIJT/66GlvkLneQNUXrv5y2UyGM
Ddr/g0fcCED0AmFoj6wm8PIv+7IO/+g1oKFzvIYBmhcf5K/ZPKdwssXbPphiEqgb
Ud6hpQKCkJXfxuWZ83YwAOULuCoh325qCUiAOcpom+iKYrIrr6mQClr+vx/ie7aJ
n4ijWzujSjCCd4C7/fMDA35y++Pjxz5DQ7TuneBD5eycBWm3pLyrICrnmyckWjGU
0s4lM7NkOIkeM1O52lQRPbLaouEreq/gzeAfhsLXiABVS0hTA83+yfXElPekPGTm
gs+I+C721iL6C9p9Qwv32H1lubW5qxXLzqj3/IEG/lJX
-----END CERTIFICATE-----