Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/56ae15-1ca5-4d69-9a3a-837b10c2c636/1/7vwEs2K4HN_LwUWqzjIICNGiknc.roa
File:                     7vwEs2K4HN_LwUWqzjIICNGiknc.roa (raw, json)
Hash identifier:          wTMMtevJNZjpsr8DvgOjhFZoAuNt0W+HiAbIshmL9sQ=
Subject key identifier:   EE:FC:04:B3:62:B8:1C:DF:CB:C1:45:AA:CE:32:08:08:D1:A2:92:77
Certificate issuer:       /CN=70f78b681b6617fed70ce867fb9a8c6f25cfda55
Certificate serial:       01942747D292E11BF0900A022F7AB1084E6E
Authority key identifier: 70:F7:8B:68:1B:66:17:FE:D7:0C:E8:67:FB:9A:8C:6F:25:CF:DA:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cPeLaBtmF_7XDOhn-5qMbyXP2lU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/56ae15-1ca5-4d69-9a3a-837b10c2c636/1/7vwEs2K4HN_LwUWqzjIICNGiknc.roa
Signing time:             Thu 02 Jan 2025 13:50:05 +0000
ROA not before:           Thu 02 Jan 2025 13:50:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49890
IP address blocks:        95.140.240.0/20 maxlen: 24
                          2a0c:aac0::/29 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/56ae15-1ca5-4d69-9a3a-837b10c2c636/1/cPeLaBtmF_7XDOhn-5qMbyXP2lU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/56ae15-1ca5-4d69-9a3a-837b10c2c636/1/cPeLaBtmF_7XDOhn-5qMbyXP2lU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cPeLaBtmF_7XDOhn-5qMbyXP2lU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:d2:92:e1:1b:f0:90:0a:02:2f:7a:b1:08:4e:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70f78b681b6617fed70ce867fb9a8c6f25cfda55
        Validity
            Not Before: Jan  2 13:50:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=eefc04b362b81cdfcbc145aace320808d1a29277
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:e8:e9:3d:44:c9:61:48:2c:70:5c:b9:62:bd:
                    e3:b5:c0:58:9d:85:81:0d:7f:5f:10:ac:b9:34:e1:
                    8e:3a:fd:db:78:00:fb:7b:ad:7b:30:73:a6:47:c7:
                    41:21:a9:ac:16:5e:e3:50:f6:5b:d1:02:4d:62:46:
                    ac:8a:3c:36:3a:d5:72:d1:5d:30:6e:72:33:61:51:
                    b5:90:b8:5f:aa:db:4f:0a:8d:a9:92:3b:13:8b:f3:
                    58:fe:65:3c:51:2c:73:a4:65:ea:23:36:cc:fb:61:
                    49:d9:1e:59:e2:b2:c1:75:f1:76:03:55:68:1b:e0:
                    28:e1:27:bf:41:50:d2:e5:52:a6:ca:f1:8d:34:c3:
                    af:ea:fc:49:bd:eb:29:06:66:c4:18:47:2c:c2:98:
                    19:bf:b3:12:03:82:4c:2a:c6:b3:d7:fb:70:d1:19:
                    dd:bc:64:0b:2e:de:7a:6d:fc:86:1f:38:f8:80:f3:
                    13:30:2e:27:05:d5:7e:c7:04:a4:40:bb:c8:c6:6d:
                    f1:81:d1:8d:62:13:ad:6c:2b:4c:74:9e:e0:9c:c4:
                    5a:83:17:ea:db:60:36:b7:74:6c:3c:85:9f:b4:a5:
                    05:cc:38:df:4b:b7:33:aa:7e:21:7f:dc:2c:ee:89:
                    5f:96:05:00:6c:bf:82:5a:d0:a3:a4:59:27:34:b8:
                    d1:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:FC:04:B3:62:B8:1C:DF:CB:C1:45:AA:CE:32:08:08:D1:A2:92:77
            X509v3 Authority Key Identifier:
                keyid:70:F7:8B:68:1B:66:17:FE:D7:0C:E8:67:FB:9A:8C:6F:25:CF:DA:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cPeLaBtmF_7XDOhn-5qMbyXP2lU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/56ae15-1ca5-4d69-9a3a-837b10c2c636/1/7vwEs2K4HN_LwUWqzjIICNGiknc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/56ae15-1ca5-4d69-9a3a-837b10c2c636/1/cPeLaBtmF_7XDOhn-5qMbyXP2lU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.140.240.0/20
                IPv6:
                  2a0c:aac0::/29

    Signature Algorithm: sha256WithRSAEncryption
         5d:ff:f0:e7:4d:1f:68:cd:5d:7f:77:6f:2b:cc:b8:38:18:9b:
         9a:52:a5:fa:4e:9a:51:73:ac:13:c8:79:bc:9d:b5:23:09:1b:
         a9:f9:ae:77:af:08:44:02:66:63:13:05:82:e3:56:14:be:21:
         05:25:92:59:44:7c:ab:9e:98:fe:1f:b3:0a:bc:de:55:1e:1f:
         6d:56:40:ec:9e:1e:06:77:da:0f:00:ad:8e:be:95:8a:96:be:
         27:cd:a4:13:9c:ed:f9:0a:e8:63:23:5a:3a:bd:dd:e6:36:37:
         fb:bb:1d:04:2c:e6:ff:ec:a4:d5:97:d9:71:a4:b6:73:5c:74:
         92:74:4f:20:00:94:56:05:a9:dc:01:e4:c7:e1:93:d5:0d:67:
         21:c7:6c:63:ab:7b:f4:d7:5a:c1:62:4c:11:c2:4f:97:d5:62:
         60:04:0e:15:1f:4a:df:b7:54:25:48:e3:87:96:41:69:95:84:
         3d:81:bc:23:34:c7:54:07:e5:61:e8:0c:55:47:e8:db:b9:a0:
         5c:91:4a:77:6a:40:be:57:59:11:9e:0b:6e:00:9f:3b:ae:fc:
         b1:6f:7a:1e:59:7c:60:2b:43:50:57:aa:b5:9f:84:5c:69:fc:
         07:38:3b:c2:f3:00:92:4a:35:9f:af:bc:f8:65:06:2c:34:09:
         c1:02:29:57
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQnR9KS4RvwkAoCL3qxCE5uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwZjc4YjY4MWI2NjE3ZmVkNzBjZTg2N2ZiOWE4YzZmMjVj
ZmRhNTUwHhcNMjUwMTAyMTM1MDA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZWZjMDRiMzYyYjgxY2RmY2JjMTQ1YWFjZTMyMDgwOGQxYTI5Mjc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmujpPUTJYUgscFy5Yr3jtcBYnYWB
DX9fEKy5NOGOOv3beAD7e617MHOmR8dBIamsFl7jUPZb0QJNYkasijw2OtVy0V0w
bnIzYVG1kLhfqttPCo2pkjsTi/NY/mU8USxzpGXqIzbM+2FJ2R5Z4rLBdfF2A1Vo
G+Ao4Se/QVDS5VKmyvGNNMOv6vxJvespBmbEGEcswpgZv7MSA4JMKsaz1/tw0Rnd
vGQLLt56bfyGHzj4gPMTMC4nBdV+xwSkQLvIxm3xgdGNYhOtbCtMdJ7gnMRagxfq
22A2t3RsPIWftKUFzDjfS7czqn4hf9ws7olflgUAbL+CWtCjpFknNLjR+wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFO78BLNiuBzfy8FFqs4yCAjRopJ3MB8GA1UdIwQY
MBaAFHD3i2gbZhf+1wzoZ/uajG8lz9pVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1BlTGFCdG1GXzdYRE9obi01cU1ieVhQMmxVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy81NmFlMTUtMWNhNS00ZDY5LTlhM2Et
ODM3YjEwYzJjNjM2LzEvN3Z3RXMySzRITl9Md1VXcXpqSUlDTkdpa25jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy81NmFlMTUtMWNhNS00ZDY5LTlhM2EtODM3YjEwYzJjNjM2
LzEvY1BlTGFCdG1GXzdYRE9obi01cU1ieVhQMmxVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQEX4zwMA0E
AgACMAcDBQMqDKrAMA0GCSqGSIb3DQEBCwUAA4IBAQBd//DnTR9ozV1/d28rzLg4
GJuaUqX6TppRc6wTyHm8nbUjCRup+a53rwhEAmZjEwWC41YUviEFJZJZRHyrnpj+
H7MKvN5VHh9tVkDsnh4Gd9oPAK2OvpWKlr4nzaQTnO35CuhjI1o6vd3mNjf7ux0E
LOb/7KTVl9lxpLZzXHSSdE8gAJRWBancAeTH4ZPVDWchx2xjq3v011rBYkwRwk+X
1WJgBA4VH0rft1QlSOOHlkFplYQ9gbwjNMdUB+Vh6AxVR+jbuaBckUp3akC+V1kR
ngtuAJ87rvyxb3oeWXxgK0NQV6q1n4RcafwHODvC8wCSSjWfr7z4ZQYsNAnBAilX
-----END CERTIFICATE-----