Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/ea27f3-db74-4963-a18c-035281289bb0/1/F7-O50vh57n17tNd2_dfM-kRzCY.roa
File:                     F7-O50vh57n17tNd2_dfM-kRzCY.roa (raw, json)
Hash identifier:          aViaES5Phe/yTUHDkTlBYzenXbS1B2CLQbsBUQUQm5g=
Subject key identifier:   17:BF:8E:E7:4B:E1:E7:B9:F5:EE:D3:5D:DB:F7:5F:33:E9:11:CC:26
Certificate issuer:       /CN=597487472d37cbd726181f9f3a20386f039b3ba8
Certificate serial:       018CC9BC94159941B674B5C25457F2296A09
Authority key identifier: 59:74:87:47:2D:37:CB:D7:26:18:1F:9F:3A:20:38:6F:03:9B:3B:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WXSHRy03y9cmGB-fOiA4bwObO6g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/ea27f3-db74-4963-a18c-035281289bb0/1/F7-O50vh57n17tNd2_dfM-kRzCY.roa
Signing time:             Tue 02 Jan 2024 10:33:48 +0000
ROA not before:           Tue 02 Jan 2024 10:33:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8220
IP address blocks:        194.76.4.0/22 maxlen: 22
                          194.76.2.0/23 maxlen: 23
                          2001:67c:424::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/ea27f3-db74-4963-a18c-035281289bb0/1/WXSHRy03y9cmGB-fOiA4bwObO6g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/ea27f3-db74-4963-a18c-035281289bb0/1/WXSHRy03y9cmGB-fOiA4bwObO6g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WXSHRy03y9cmGB-fOiA4bwObO6g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 14:36:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:94:15:99:41:b6:74:b5:c2:54:57:f2:29:6a:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=597487472d37cbd726181f9f3a20386f039b3ba8
        Validity
            Not Before: Jan  2 10:33:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=17bf8ee74be1e7b9f5eed35ddbf75f33e911cc26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:06:b3:5d:d0:a5:6b:e4:e2:06:74:1d:b1:c6:
                    57:e6:68:f4:d5:ad:df:96:ec:8f:45:e5:65:10:86:
                    a9:79:1d:3c:ec:d8:4b:ad:90:f1:77:cb:37:c4:7d:
                    c7:8d:77:8c:22:38:d6:7f:e9:2d:69:be:7c:fe:09:
                    2d:00:d9:46:bd:a2:d3:52:67:76:0a:c7:64:10:52:
                    92:51:35:ba:1d:d5:03:57:5b:29:88:28:7f:99:d0:
                    de:16:f7:28:48:5a:a2:16:25:49:65:dd:e8:df:a1:
                    8a:45:e9:10:93:7c:21:fa:61:72:a2:06:62:50:8f:
                    36:0b:12:9e:a4:c0:43:08:8a:93:dc:5c:f1:84:e7:
                    c6:c5:29:92:73:0b:ea:45:1b:0d:28:f1:ff:53:d0:
                    12:2c:0e:b3:8e:fb:7a:9c:f3:fe:52:e3:d5:10:9c:
                    70:3b:0e:79:5b:f1:ac:b8:ee:8c:9c:24:15:11:9f:
                    8e:1d:67:5d:1f:8e:43:48:23:0a:d9:01:9c:3d:e5:
                    2b:84:54:45:57:09:30:fe:2e:80:1c:b6:9e:62:ff:
                    45:26:61:7a:70:ef:3a:12:f4:10:2f:b4:02:4e:19:
                    2b:1e:f5:4b:d1:02:ab:39:cf:8a:3f:b3:f4:ec:55:
                    aa:86:75:b2:09:1a:c6:7e:f8:3c:4d:79:75:4e:87:
                    de:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:BF:8E:E7:4B:E1:E7:B9:F5:EE:D3:5D:DB:F7:5F:33:E9:11:CC:26
            X509v3 Authority Key Identifier:
                keyid:59:74:87:47:2D:37:CB:D7:26:18:1F:9F:3A:20:38:6F:03:9B:3B:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WXSHRy03y9cmGB-fOiA4bwObO6g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/ea27f3-db74-4963-a18c-035281289bb0/1/F7-O50vh57n17tNd2_dfM-kRzCY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/ea27f3-db74-4963-a18c-035281289bb0/1/WXSHRy03y9cmGB-fOiA4bwObO6g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.76.2.0-194.76.7.255
                IPv6:
                  2001:67c:424::/48

    Signature Algorithm: sha256WithRSAEncryption
         cb:a7:91:f3:74:ea:4c:2a:78:b0:0c:d7:a4:53:69:fe:ed:bb:
         87:72:88:ae:62:0d:55:b4:b3:f1:f9:15:fe:68:69:45:7f:7e:
         78:13:21:f3:07:24:9c:cb:fd:d0:c1:3b:ce:b4:ca:17:8e:d8:
         4a:e7:7e:b6:97:d7:bf:e9:a1:01:a5:0e:04:5d:8c:90:19:d4:
         31:b4:a9:28:48:16:15:03:69:75:8c:2a:2e:ad:9b:e4:b7:7e:
         11:79:d4:b3:26:c1:16:08:34:fa:a5:9f:1d:b9:cc:8e:31:9d:
         98:11:3e:c6:ba:84:3a:fc:7e:52:af:98:e4:28:82:84:d5:d1:
         8f:f9:86:e8:a6:69:0a:0d:b0:bb:e5:c0:23:84:22:61:2f:eb:
         74:3e:19:b7:af:6e:7f:af:d8:f9:93:e4:76:40:9f:fe:51:eb:
         54:a1:63:74:b0:9d:cc:39:65:58:0e:4b:16:a1:eb:07:d2:9b:
         4b:3d:fe:4a:4b:1d:c3:03:91:52:cc:44:3b:0e:33:dc:05:fb:
         89:78:dd:a1:15:78:b3:d7:86:cd:f8:c0:6e:8f:24:c3:9e:8a:
         94:77:84:e1:1d:96:3d:8c:3f:77:61:de:59:fa:e6:e0:52:50:
         54:82:be:8f:89:cd:ac:d0:a4:b7:25:3c:97:71:78:c2:4f:7b:
         48:2c:56:c2
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAYzJvJQVmUG2dLXCVFfyKWoJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5NzQ4NzQ3MmQzN2NiZDcyNjE4MWY5ZjNhMjAzODZmMDM5
YjNiYTgwHhcNMjQwMTAyMTAzMzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxN2JmOGVlNzRiZTFlN2I5ZjVlZWQzNWRkYmY3NWYzM2U5MTFjYzI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzwazXdCla+TiBnQdscZX5mj01a3f
luyPReVlEIapeR087NhLrZDxd8s3xH3HjXeMIjjWf+ktab58/gktANlGvaLTUmd2
CsdkEFKSUTW6HdUDV1spiCh/mdDeFvcoSFqiFiVJZd3o36GKRekQk3wh+mFyogZi
UI82CxKepMBDCIqT3FzxhOfGxSmScwvqRRsNKPH/U9ASLA6zjvt6nPP+UuPVEJxw
Ow55W/GsuO6MnCQVEZ+OHWddH45DSCMK2QGcPeUrhFRFVwkw/i6AHLaeYv9FJmF6
cO86EvQQL7QCThkrHvVL0QKrOc+KP7P07FWqhnWyCRrGfvg8TXl1TofepwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFBe/judL4ee59e7TXdv3XzPpEcwmMB8GA1UdIwQY
MBaAFFl0h0ctN8vXJhgfnzogOG8DmzuoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1hTSFJ5MDN5OWNtR0ItZk9pQTRid09iTzZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC9lYTI3ZjMtZGI3NC00OTYzLWExOGMt
MDM1MjgxMjg5YmIwLzEvRjctTzUwdmg1N24xN3ROZDJfZGZNLWtSekNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC9lYTI3ZjMtZGI3NC00OTYzLWExOGMtMDM1MjgxMjg5YmIw
LzEvV1hTSFJ5MDN5OWNtR0ItZk9pQTRid09iTzZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDgGCCsGAQUFBwEHAQH/BCkwJzAUBAIAATAOMAwDBAHCTAID
BAPCTAAwDwQCAAIwCQMHACABBnwEJDANBgkqhkiG9w0BAQsFAAOCAQEAy6eR83Tq
TCp4sAzXpFNp/u27h3KIrmINVbSz8fkV/mhpRX9+eBMh8wcknMv90ME7zrTKF47Y
Sud+tpfXv+mhAaUOBF2MkBnUMbSpKEgWFQNpdYwqLq2b5Ld+EXnUsybBFgg0+qWf
HbnMjjGdmBE+xrqEOvx+Uq+Y5CiChNXRj/mG6KZpCg2wu+XAI4QiYS/rdD4Zt69u
f6/Y+ZPkdkCf/lHrVKFjdLCdzDllWA5LFqHrB9KbSz3+SksdwwORUsxEOw4z3AX7
iXjdoRV4s9eGzfjAbo8kw56KlHeE4R2WPYw/d2HeWfrm4FJQVIK+j4nNrNCktyU8
l3F4wk97SCxWwg==
-----END CERTIFICATE-----