Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/md7lCwgk9LJmputWOklSB9z83hg.roa
File:                     md7lCwgk9LJmputWOklSB9z83hg.roa (raw, json)
Hash identifier:          Jb5j3kqdV51LDdKirCOVD1xlgB1FSCucCnzGZEOy8wA=
Subject key identifier:   99:DE:E5:0B:08:24:F4:B2:66:A6:EB:56:3A:49:52:07:DC:FC:DE:18
Certificate issuer:       /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial:       0194274729D234257ECAD463DD99F8642DFA
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/md7lCwgk9LJmputWOklSB9z83hg.roa
Signing time:             Thu 02 Jan 2025 13:49:22 +0000
ROA not before:           Thu 02 Jan 2025 13:49:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44547
IP address blocks:        185.88.175.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:29:d2:34:25:7e:ca:d4:63:dd:99:f8:64:2d:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
        Validity
            Not Before: Jan  2 13:49:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=99dee50b0824f4b266a6eb563a495207dcfcde18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:48:3e:88:d8:a8:44:cf:0d:4f:36:2e:13:a7:
                    37:e6:63:00:37:03:07:12:53:e7:58:b4:85:33:d2:
                    86:05:ba:eb:9c:d8:ee:87:4f:d0:85:11:a5:87:d9:
                    d8:e8:3f:64:78:f7:fc:2a:19:62:65:ad:0a:81:69:
                    b1:78:c1:10:fc:eb:7e:1e:ca:39:26:35:26:4e:28:
                    3c:3b:9e:28:cc:a8:1b:11:4b:30:42:52:9b:c9:00:
                    d2:32:3d:45:5f:aa:dc:07:09:11:f8:0a:1b:30:ea:
                    b4:86:7c:d4:bc:65:fc:7d:3f:53:8d:99:1a:fb:2a:
                    d6:a4:6c:f2:6f:d2:a6:2c:52:1e:f7:f1:db:ea:26:
                    bf:4c:a0:7f:b4:42:cc:4d:64:d3:db:54:20:a8:af:
                    14:8d:45:8b:13:70:55:97:52:86:4c:79:c7:fc:56:
                    69:d1:b4:fe:a3:ef:e3:f8:ff:08:eb:1d:c4:86:85:
                    ba:52:20:cb:b6:d1:84:7d:e3:7c:5f:a2:99:ee:22:
                    e6:d7:9f:b9:09:92:59:4d:0f:96:09:89:b3:3a:bc:
                    58:3d:ee:4a:2a:e2:9b:7d:66:8b:70:62:16:1f:a5:
                    69:6e:f1:e5:81:ae:2e:ec:77:38:4e:8a:6f:65:b3:
                    d1:dd:b7:ee:3e:1f:9a:9b:e8:f7:b9:fe:3c:2d:3d:
                    0d:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:DE:E5:0B:08:24:F4:B2:66:A6:EB:56:3A:49:52:07:DC:FC:DE:18
            X509v3 Authority Key Identifier:
                keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/md7lCwgk9LJmputWOklSB9z83hg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.88.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:78:7f:80:ea:d0:5c:89:2f:8a:5d:91:c1:c1:49:45:18:e8:
         5c:54:73:5b:90:b9:17:b9:94:58:26:f7:b0:fc:95:0a:bf:6e:
         ca:c3:18:e4:72:4f:44:9b:6b:c9:2b:43:11:93:18:72:f2:08:
         97:37:4f:5f:29:95:66:5e:fb:0f:2f:58:fd:63:d3:61:7c:b4:
         7e:49:85:8f:f8:0f:e2:fd:28:10:1f:98:6f:b4:c5:8b:5b:21:
         10:02:f7:73:d8:1d:b3:ba:77:eb:06:ed:a1:5b:36:8a:43:28:
         a8:8d:6b:64:a4:f9:0e:d2:72:89:af:22:17:68:dc:87:c5:d3:
         99:19:0a:1f:c7:27:c8:3a:19:aa:31:1f:10:ae:aa:b2:7c:f2:
         65:6b:40:d1:76:b9:dc:32:bb:2b:da:ad:cc:aa:d7:4c:87:0c:
         f2:84:da:74:39:77:cf:1f:e6:58:af:5f:11:0a:35:50:5b:92:
         e5:2b:63:0e:b1:48:43:af:eb:5f:ba:d4:34:2a:fb:d3:a7:01:
         d7:16:fb:fe:b0:60:ff:51:8c:e5:a3:fd:5a:bd:dd:40:a0:a4:
         bf:53:b1:36:97:70:2d:dd:8f:93:a5:8c:88:68:3d:ac:7e:88:
         40:11:d9:bd:38:3c:66:c2:44:18:7e:88:85:8d:56:a3:ac:65:
         f8:75:95:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnRynSNCV+ytRj3Zn4ZC36MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjUwMTAyMTM0OTIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OWRlZTUwYjA4MjRmNGIyNjZhNmViNTYzYTQ5NTIwN2RjZmNkZTE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Ug+iNioRM8NTzYuE6c35mMANwMH
ElPnWLSFM9KGBbrrnNjuh0/QhRGlh9nY6D9kePf8KhliZa0KgWmxeMEQ/Ot+Hso5
JjUmTig8O54ozKgbEUswQlKbyQDSMj1FX6rcBwkR+AobMOq0hnzUvGX8fT9TjZka
+yrWpGzyb9KmLFIe9/Hb6ia/TKB/tELMTWTT21QgqK8UjUWLE3BVl1KGTHnH/FZp
0bT+o+/j+P8I6x3EhoW6UiDLttGEfeN8X6KZ7iLm15+5CZJZTQ+WCYmzOrxYPe5K
KuKbfWaLcGIWH6VpbvHlga4u7Hc4TopvZbPR3bfuPh+am+j3uf48LT0NSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJne5QsIJPSyZqbrVjpJUgfc/N4YMB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvbWQ3bEN3Z2s5TEptcHV0V09rbFNCOXo4M2hnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVivMA0G
CSqGSIb3DQEBCwUAA4IBAQAseH+A6tBciS+KXZHBwUlFGOhcVHNbkLkXuZRYJvew
/JUKv27Kwxjkck9Em2vJK0MRkxhy8giXN09fKZVmXvsPL1j9Y9NhfLR+SYWP+A/i
/SgQH5hvtMWLWyEQAvdz2B2zunfrBu2hWzaKQyiojWtkpPkO0nKJryIXaNyHxdOZ
GQofxyfIOhmqMR8QrqqyfPJla0DRdrncMrsr2q3MqtdMhwzyhNp0OXfPH+ZYr18R
CjVQW5LlK2MOsUhDr+tfutQ0KvvTpwHXFvv+sGD/UYzlo/1avd1AoKS/U7E2l3At
3Y+TpYyIaD2sfohAEdm9ODxmwkQYfoiFjVajrGX4dZX/
-----END CERTIFICATE-----