Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/85fa84-5d99-4aa8-8753-5d8ca63681ad/1/eNA9fHcxBVU3GmdkGqIC-7BFGpw.roa
File:                     eNA9fHcxBVU3GmdkGqIC-7BFGpw.roa (raw, json)
Hash identifier:          JGHmRK914JnyPTz8POCgJPQ0GaykO6Q37VyQ8ft9QwQ=
Subject key identifier:   78:D0:3D:7C:77:31:05:55:37:1A:67:64:1A:A2:02:FB:B0:45:1A:9C
Certificate issuer:       /CN=7c2380d764a9611dfe2fbc0ce0cc40496ec1e83e
Certificate serial:       018CC8DEBE16E1D200B54860373BE106BB69
Authority key identifier: 7C:23:80:D7:64:A9:61:1D:FE:2F:BC:0C:E0:CC:40:49:6E:C1:E8:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fCOA12SpYR3-L7wM4MxASW7B6D4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/85fa84-5d99-4aa8-8753-5d8ca63681ad/1/eNA9fHcxBVU3GmdkGqIC-7BFGpw.roa
Signing time:             Tue 02 Jan 2024 06:31:30 +0000
ROA not before:           Tue 02 Jan 2024 06:31:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35478
IP address blocks:        185.26.223.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/85fa84-5d99-4aa8-8753-5d8ca63681ad/1/fCOA12SpYR3-L7wM4MxASW7B6D4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/85fa84-5d99-4aa8-8753-5d8ca63681ad/1/fCOA12SpYR3-L7wM4MxASW7B6D4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fCOA12SpYR3-L7wM4MxASW7B6D4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:be:16:e1:d2:00:b5:48:60:37:3b:e1:06:bb:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c2380d764a9611dfe2fbc0ce0cc40496ec1e83e
        Validity
            Not Before: Jan  2 06:31:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=78d03d7c77310555371a67641aa202fbb0451a9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:bd:93:28:96:12:0a:8c:a1:d2:be:b2:a4:b7:
                    7e:f7:d3:b6:78:2f:c4:4e:a8:07:c1:cc:5a:ec:09:
                    46:f6:a0:1b:26:7e:ec:dc:92:9e:a1:88:5f:12:d9:
                    16:02:64:63:b8:8d:7c:f3:ae:bc:c9:e3:fe:e7:86:
                    98:2a:6a:eb:3f:16:23:c6:fd:f9:9d:46:45:81:da:
                    bf:6d:ad:59:20:e8:ae:97:2d:fd:c5:94:bb:38:e1:
                    33:7d:d3:dd:c1:00:e4:ed:5e:ae:b8:81:b8:01:b4:
                    bf:9c:df:f3:86:f4:71:80:66:96:b9:da:bb:1e:02:
                    ce:42:34:95:a8:f8:00:cc:8d:a4:be:ef:64:f2:f8:
                    f7:cf:c5:12:4e:08:0b:e0:94:c9:87:5b:58:7f:8a:
                    6e:24:b5:fa:94:be:95:51:e3:57:7d:5a:45:8f:e1:
                    9c:f0:a6:64:80:08:59:eb:4b:39:00:6c:e6:f3:83:
                    db:1f:bc:56:25:61:8a:b3:5b:99:34:55:5f:ff:1d:
                    9f:a7:49:92:ae:6e:89:a8:8b:a3:88:e2:5a:c8:62:
                    ef:51:1a:1d:57:fe:75:8d:74:b0:84:a8:61:c9:35:
                    6e:6b:01:ae:99:c5:ff:f5:c6:2f:c3:3b:dd:28:91:
                    20:e8:04:42:86:8d:05:a4:6c:a3:04:1c:5c:a1:86:
                    ae:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:D0:3D:7C:77:31:05:55:37:1A:67:64:1A:A2:02:FB:B0:45:1A:9C
            X509v3 Authority Key Identifier:
                keyid:7C:23:80:D7:64:A9:61:1D:FE:2F:BC:0C:E0:CC:40:49:6E:C1:E8:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fCOA12SpYR3-L7wM4MxASW7B6D4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/85fa84-5d99-4aa8-8753-5d8ca63681ad/1/eNA9fHcxBVU3GmdkGqIC-7BFGpw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/85fa84-5d99-4aa8-8753-5d8ca63681ad/1/fCOA12SpYR3-L7wM4MxASW7B6D4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.26.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:f2:d4:c4:64:fa:82:0c:65:e9:c9:74:2c:19:41:0c:78:a8:
         1f:80:a2:f3:43:25:15:85:77:22:eb:95:2d:3c:7b:2c:85:c4:
         50:94:9b:62:dd:b2:8d:39:a1:58:92:32:cb:5d:b3:da:da:49:
         45:96:0d:75:c0:8d:81:3e:88:17:63:3e:8c:9a:22:b8:38:3c:
         14:8f:03:be:85:b7:34:40:13:e5:9d:5f:c2:77:2c:ed:21:9f:
         a2:fb:95:b4:c4:d5:ab:03:14:eb:2f:3c:96:f8:70:46:7c:0b:
         2f:2a:74:f5:2b:79:6e:73:d4:8d:72:b6:b9:f0:3b:06:8e:a2:
         2e:b2:fd:11:79:a1:11:5f:fe:d5:54:a3:ee:7a:76:59:73:86:
         68:2a:c3:8d:02:a1:6f:f5:2d:8a:3b:bc:d8:e9:10:2f:c3:48:
         d7:2c:02:6d:13:66:1c:90:3d:07:a8:90:03:db:10:ec:8e:d2:
         55:41:f2:a1:98:ea:4f:9f:b2:a6:83:46:17:d4:1e:b5:44:b5:
         47:19:76:8b:88:c2:53:c7:5a:80:78:90:99:1e:c4:e5:a7:ab:
         e0:12:ff:77:d2:ec:8a:9e:d0:05:a3:1d:b4:69:21:07:cd:2f:
         9c:4b:ed:68:47:81:79:f4:dc:81:e9:bd:23:8f:89:9e:2d:fe:
         18:b6:b7:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3r4W4dIAtUhgNzvhBrtpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjMjM4MGQ3NjRhOTYxMWRmZTJmYmMwY2UwY2M0MDQ5NmVj
MWU4M2UwHhcNMjQwMTAyMDYzMTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OGQwM2Q3Yzc3MzEwNTU1MzcxYTY3NjQxYWEyMDJmYmIwNDUxYTljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmr2TKJYSCoyh0r6ypLd+99O2eC/E
TqgHwcxa7AlG9qAbJn7s3JKeoYhfEtkWAmRjuI188668yeP+54aYKmrrPxYjxv35
nUZFgdq/ba1ZIOiuly39xZS7OOEzfdPdwQDk7V6uuIG4AbS/nN/zhvRxgGaWudq7
HgLOQjSVqPgAzI2kvu9k8vj3z8USTggL4JTJh1tYf4puJLX6lL6VUeNXfVpFj+Gc
8KZkgAhZ60s5AGzm84PbH7xWJWGKs1uZNFVf/x2fp0mSrm6JqIujiOJayGLvURod
V/51jXSwhKhhyTVuawGumcX/9cYvwzvdKJEg6ARCho0FpGyjBBxcoYau0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHjQPXx3MQVVNxpnZBqiAvuwRRqcMB8GA1UdIwQY
MBaAFHwjgNdkqWEd/i+8DODMQEluweg+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkNPQTEyU3BZUjMtTDd3TTRNeEFTVzdCNkQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy84NWZhODQtNWQ5OS00YWE4LTg3NTMt
NWQ4Y2E2MzY4MWFkLzEvZU5BOWZIY3hCVlUzR21ka0dxSUMtN0JGR3B3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy84NWZhODQtNWQ5OS00YWE4LTg3NTMtNWQ4Y2E2MzY4MWFk
LzEvZkNPQTEyU3BZUjMtTDd3TTRNeEFTVzdCNkQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRrfMA0G
CSqGSIb3DQEBCwUAA4IBAQA98tTEZPqCDGXpyXQsGUEMeKgfgKLzQyUVhXci65Ut
PHsshcRQlJti3bKNOaFYkjLLXbPa2klFlg11wI2BPogXYz6MmiK4ODwUjwO+hbc0
QBPlnV/CdyztIZ+i+5W0xNWrAxTrLzyW+HBGfAsvKnT1K3luc9SNcra58DsGjqIu
sv0ReaERX/7VVKPuenZZc4ZoKsONAqFv9S2KO7zY6RAvw0jXLAJtE2YckD0HqJAD
2xDsjtJVQfKhmOpPn7Kmg0YX1B61RLVHGXaLiMJTx1qAeJCZHsTlp6vgEv930uyK
ntAFox20aSEHzS+cS+1oR4F59NyB6b0jj4meLf4Ytrf0
-----END CERTIFICATE-----