Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/t7P93M3lTdMXjdRJWQv8SEVjXII.roa
File:                     t7P93M3lTdMXjdRJWQv8SEVjXII.roa (raw, json)
Hash identifier:          MkYd+Qu3bi3qfA/P2nnXZABsQ4ad4VxtsOK0AfZhRKY=
Subject key identifier:   B7:B3:FD:DC:CD:E5:4D:D3:17:8D:D4:49:59:0B:FC:48:45:63:5C:82
Certificate issuer:       /CN=b9954499977278a75570b3403f4d3aa00b1b36e8
Certificate serial:       018CC64B82A13D136170AE50C672A8F8A632
Authority key identifier: B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/t7P93M3lTdMXjdRJWQv8SEVjXII.roa
Signing time:             Mon 01 Jan 2024 18:31:26 +0000
ROA not before:           Mon 01 Jan 2024 18:31:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31608
IP address blocks:        188.114.70.0/23 maxlen: 24
                          188.114.72.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:82:a1:3d:13:61:70:ae:50:c6:72:a8:f8:a6:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9954499977278a75570b3403f4d3aa00b1b36e8
        Validity
            Not Before: Jan  1 18:31:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b7b3fddccde54dd3178dd449590bfc4845635c82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:c2:50:7f:de:5c:e2:a1:19:31:3c:b8:e9:2d:
                    6f:f5:15:0b:e0:82:1b:f0:f9:72:e3:4e:0e:97:df:
                    03:82:6a:5b:95:fe:13:0b:a5:7d:2b:6f:11:33:cc:
                    20:7c:bf:68:d5:0e:3a:c1:a9:71:8b:46:f0:37:58:
                    f2:57:bc:b2:43:10:dd:fd:3d:4e:d1:0d:a0:98:cc:
                    bb:d8:4e:3e:0d:8a:98:7d:ee:8b:a4:5e:0f:00:88:
                    7e:66:ba:45:49:65:d3:79:f1:b7:bd:12:58:9d:62:
                    f8:d6:ee:b5:53:f3:97:d7:96:a0:cf:8f:90:2a:ee:
                    52:23:d3:e5:60:ad:5b:62:0e:6a:01:95:a5:dd:61:
                    e4:72:04:82:bb:0d:29:6d:b4:f3:33:d3:17:4b:ef:
                    d8:4d:ed:c0:63:b2:66:c0:41:01:e5:a7:17:80:a5:
                    9e:b0:cc:25:87:ef:92:7c:1f:f0:ab:d0:6a:f6:2d:
                    7c:f5:25:3e:16:14:30:fb:a0:4a:4c:e8:b8:b3:1e:
                    78:80:2d:2a:d4:c3:ac:26:97:7d:4f:09:33:7c:6f:
                    60:a6:9f:be:d2:ac:d0:ca:f3:b5:f7:8d:a7:27:2a:
                    1c:25:ce:f5:82:61:82:90:4c:45:69:b0:69:7d:4e:
                    ed:2d:ce:ae:40:ba:d8:4d:58:ee:53:bd:aa:9e:a9:
                    28:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:B3:FD:DC:CD:E5:4D:D3:17:8D:D4:49:59:0B:FC:48:45:63:5C:82
            X509v3 Authority Key Identifier:
                keyid:B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/t7P93M3lTdMXjdRJWQv8SEVjXII.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.114.70.0-188.114.75.255

    Signature Algorithm: sha256WithRSAEncryption
         14:5c:86:b4:35:62:72:3f:e6:ed:85:0c:89:2f:fe:fa:80:92:
         29:1a:86:29:13:e4:4b:2b:46:2b:27:96:70:9e:8e:b9:1f:b7:
         b5:da:d4:03:98:ae:d4:24:01:f9:f6:e3:69:34:84:cd:ec:f2:
         6b:5f:fa:2c:0e:16:02:91:ff:0f:cc:6c:2f:95:bc:30:d5:57:
         44:b0:66:75:ac:69:cc:5b:10:5c:f4:98:b2:fc:3d:91:24:aa:
         6d:12:7b:3e:0e:ae:17:c8:9e:13:6c:e5:6b:2e:b4:a4:d7:a3:
         da:2b:d6:b5:6a:a3:0b:57:21:39:da:64:fd:49:d6:b2:38:30:
         9f:10:79:2e:74:a0:0d:6a:c5:7a:a6:27:5c:07:05:55:d9:be:
         1f:af:fc:0e:e2:63:7d:97:bd:b0:57:24:c8:07:6a:ea:8f:f5:
         19:08:bc:34:84:87:0c:a7:6a:6e:19:f3:e2:32:70:82:10:42:
         84:8a:08:17:43:c6:79:8d:4d:59:6a:21:8f:cd:73:49:cb:e0:
         a9:c5:1f:17:7e:fe:3e:bd:02:16:7d:1a:5d:94:fd:ad:58:59:
         af:73:24:30:94:fb:64:a4:e8:92:e1:b1:53:76:af:0a:c5:b1:
         a4:01:80:f4:03:58:45:d5:27:8c:1e:dd:bd:77:21:70:a5:e8:
         db:31:3c:f3
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzGS4KhPRNhcK5QxnKo+KYyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5OTU0NDk5OTc3Mjc4YTc1NTcwYjM0MDNmNGQzYWEwMGIx
YjM2ZTgwHhcNMjQwMTAxMTgzMTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiN2IzZmRkY2NkZTU0ZGQzMTc4ZGQ0NDk1OTBiZmM0ODQ1NjM1YzgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqcJQf95c4qEZMTy46S1v9RUL4IIb
8Ply404Ol98Dgmpblf4TC6V9K28RM8wgfL9o1Q46walxi0bwN1jyV7yyQxDd/T1O
0Q2gmMy72E4+DYqYfe6LpF4PAIh+ZrpFSWXTefG3vRJYnWL41u61U/OX15agz4+Q
Ku5SI9PlYK1bYg5qAZWl3WHkcgSCuw0pbbTzM9MXS+/YTe3AY7JmwEEB5acXgKWe
sMwlh++SfB/wq9Bq9i189SU+FhQw+6BKTOi4sx54gC0q1MOsJpd9TwkzfG9gpp++
0qzQyvO1942nJyocJc71gmGCkExFabBpfU7tLc6uQLrYTVjuU72qnqko7wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFLez/dzN5U3TF43USVkL/EhFY1yCMB8GA1UdIwQY
MBaAFLmVRJmXcninVXCzQD9NOqALGzboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAt
MDI0YjE2NTVjMjQ3LzEvdDdQOTNNM2xUZE1YamRSSldRdjhTRVZqWElJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAtMDI0YjE2NTVjMjQ3
LzEvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAG8ckYD
BAK8ckgwDQYJKoZIhvcNAQELBQADggEBABRchrQ1YnI/5u2FDIkv/vqAkikahikT
5EsrRisnlnCejrkft7Xa1AOYrtQkAfn242k0hM3s8mtf+iwOFgKR/w/MbC+VvDDV
V0SwZnWsacxbEFz0mLL8PZEkqm0Sez4OrhfInhNs5WsutKTXo9or1rVqowtXITna
ZP1J1rI4MJ8QeS50oA1qxXqmJ1wHBVXZvh+v/A7iY32XvbBXJMgHauqP9RkIvDSE
hwynam4Z8+IycIIQQoSKCBdDxnmNTVlqIY/Nc0nL4KnFHxd+/j69AhZ9Gl2U/a1Y
Wa9zJDCU+2Sk6JLhsVN2rwrFsaQBgPQDWEXVJ4we3b13IXCl6NsxPPM=
-----END CERTIFICATE-----