Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/7DQjy6GjO_v-dxxYWRKiJnuE2J4.roa
File:                     7DQjy6GjO_v-dxxYWRKiJnuE2J4.roa (raw, json)
Hash identifier:          Dq5wE9pkxcXfYvzUSrs7uSHYcV8TPmnLrlj21DGnPk0=
Subject key identifier:   EC:34:23:CB:A1:A3:3B:FB:FE:77:1C:58:59:12:A2:26:7B:84:D8:9E
Certificate issuer:       /CN=f0dd81a833d9b043c7ffd635a5987f536971180d
Certificate serial:       018CC9BCA770261F55CD4F13F91EB1E62978
Authority key identifier: F0:DD:81:A8:33:D9:B0:43:C7:FF:D6:35:A5:98:7F:53:69:71:18:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/7DQjy6GjO_v-dxxYWRKiJnuE2J4.roa
Signing time:             Tue 02 Jan 2024 10:33:53 +0000
ROA not before:           Tue 02 Jan 2024 10:33:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16125
IP address blocks:        213.252.248.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:a7:70:26:1f:55:cd:4f:13:f9:1e:b1:e6:29:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f0dd81a833d9b043c7ffd635a5987f536971180d
        Validity
            Not Before: Jan  2 10:33:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ec3423cba1a33bfbfe771c585912a2267b84d89e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:2e:95:f5:52:7a:6f:30:8a:9d:0b:c2:1c:6d:
                    98:69:55:db:47:ff:b2:a7:a5:2f:e7:47:5f:60:a2:
                    90:8e:01:2d:fd:26:9e:77:ce:b6:f6:fd:39:5c:da:
                    19:91:41:53:7e:13:eb:e5:17:01:f3:45:7d:50:99:
                    66:26:fb:81:7a:99:f5:0c:19:7c:2e:f8:30:f1:61:
                    33:72:f0:19:6c:9f:98:ab:a0:7c:c4:73:a4:5d:91:
                    74:c6:bf:9e:20:3e:37:a4:27:4e:94:f3:53:31:8e:
                    14:75:ff:3f:65:64:8a:54:71:49:4b:fd:a6:4d:22:
                    90:15:e5:21:b1:b0:91:9b:ad:ed:44:f6:ac:53:07:
                    7f:8d:91:30:f5:2b:3f:91:87:b8:4b:0f:2d:80:f3:
                    f6:dd:93:d1:7c:b3:c8:7c:83:4e:d6:83:0d:4b:1d:
                    89:0f:ba:03:77:c0:39:dd:e4:25:4d:95:d6:4a:4d:
                    a8:46:7b:1e:1d:87:4c:3a:02:fd:53:84:18:7a:87:
                    7a:c3:11:77:eb:b3:93:0f:fb:3a:6a:54:7d:6c:97:
                    29:14:19:50:fd:44:0a:83:96:b2:5e:70:5b:1a:30:
                    38:90:69:30:ff:fc:ee:70:6c:1e:84:91:80:67:b7:
                    40:ef:66:44:c5:5f:8a:1d:2d:4e:47:0c:a3:2b:e3:
                    57:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:34:23:CB:A1:A3:3B:FB:FE:77:1C:58:59:12:A2:26:7B:84:D8:9E
            X509v3 Authority Key Identifier:
                keyid:F0:DD:81:A8:33:D9:B0:43:C7:FF:D6:35:A5:98:7F:53:69:71:18:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/7DQjy6GjO_v-dxxYWRKiJnuE2J4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.252.248.0/23

    Signature Algorithm: sha256WithRSAEncryption
         38:2f:d2:ee:b4:07:83:b8:85:81:62:83:55:ba:c4:4c:5a:5e:
         c2:73:12:93:3d:1d:0d:db:72:cf:c1:0d:5e:ac:ac:c8:95:0c:
         d3:b7:e2:9a:32:e9:59:1d:2c:e9:31:b7:ce:74:6e:1c:1b:e8:
         5b:a9:8a:a5:d8:17:86:b2:6e:57:4a:00:5e:8b:6d:8e:c0:6c:
         ee:6d:27:5f:43:ae:6a:94:ee:2e:0b:4f:a1:24:ba:1a:10:21:
         e8:9f:f1:54:2c:e9:82:98:ae:2e:1d:90:1c:77:b6:f1:48:e4:
         55:43:39:42:0c:77:80:93:1c:1d:76:e6:c1:af:b3:35:6e:ed:
         fc:fa:93:99:40:02:24:be:25:a0:5a:ba:a8:28:61:a0:09:02:
         ba:29:83:91:71:c5:45:aa:4d:75:14:29:bd:3d:06:cc:cd:0c:
         cf:01:19:f5:fc:7e:a2:a6:cb:da:cf:cd:39:c6:7f:e7:27:2a:
         a8:9c:af:76:9b:78:5f:f0:c3:a4:47:38:f2:68:24:f1:b2:18:
         94:f4:b3:66:dc:dd:17:ed:b3:dc:16:8f:59:3a:29:c1:58:51:
         12:d4:91:b7:36:2b:65:3b:7d:56:63:27:ca:f6:02:22:86:f4:
         b4:61:75:b5:37:fd:00:33:95:4f:b7:3a:4c:75:2a:11:6e:d2:
         58:c1:43:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvKdwJh9VzU8T+R6x5il4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwZGQ4MWE4MzNkOWIwNDNjN2ZmZDYzNWE1OTg3ZjUzNjk3
MTE4MGQwHhcNMjQwMTAyMTAzMzUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzM0MjNjYmExYTMzYmZiZmU3NzFjNTg1OTEyYTIyNjdiODRkODllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAji6V9VJ6bzCKnQvCHG2YaVXbR/+y
p6Uv50dfYKKQjgEt/Saed8629v05XNoZkUFTfhPr5RcB80V9UJlmJvuBepn1DBl8
Lvgw8WEzcvAZbJ+Yq6B8xHOkXZF0xr+eID43pCdOlPNTMY4Udf8/ZWSKVHFJS/2m
TSKQFeUhsbCRm63tRPasUwd/jZEw9Ss/kYe4Sw8tgPP23ZPRfLPIfINO1oMNSx2J
D7oDd8A53eQlTZXWSk2oRnseHYdMOgL9U4QYeod6wxF367OTD/s6alR9bJcpFBlQ
/UQKg5ayXnBbGjA4kGkw//zucGwehJGAZ7dA72ZExV+KHS1ORwyjK+NXoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOw0I8uhozv7/nccWFkSoiZ7hNieMB8GA1UdIwQY
MBaAFPDdgagz2bBDx//WNaWYf1NpcRgNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOE4yQnFEUFpzRVBIXzlZMXBaaF9VMmx4R0EwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9hOGViZTQtZDBiMy00ZTdkLWFmMjUt
MDQ2ODA0MjQ4NmRjLzEvN0RRank2R2pPX3YtZHh4WVdSS2lKbnVFMko0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9hOGViZTQtZDBiMy00ZTdkLWFmMjUtMDQ2ODA0MjQ4NmRj
LzEvOE4yQnFEUFpzRVBIXzlZMXBaaF9VMmx4R0EwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1fz4MA0G
CSqGSIb3DQEBCwUAA4IBAQA4L9LutAeDuIWBYoNVusRMWl7CcxKTPR0N23LPwQ1e
rKzIlQzTt+KaMulZHSzpMbfOdG4cG+hbqYql2BeGsm5XSgBei22OwGzubSdfQ65q
lO4uC0+hJLoaECHon/FULOmCmK4uHZAcd7bxSORVQzlCDHeAkxwddubBr7M1bu38
+pOZQAIkviWgWrqoKGGgCQK6KYORccVFqk11FCm9PQbMzQzPARn1/H6ipsvaz805
xn/nJyqonK92m3hf8MOkRzjyaCTxshiU9LNm3N0X7bPcFo9ZOinBWFES1JG3Nitl
O31WYyfK9gIihvS0YXW1N/0AM5VPtzpMdSoRbtJYwUOp
-----END CERTIFICATE-----