Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/c0d463-a174-4f5d-b4ee-96967fcd42e9/1/Tj7GhbKoCEe1DPScUwh--bvFMNk.roa
File:                     Tj7GhbKoCEe1DPScUwh--bvFMNk.roa (raw, json)
Hash identifier:          pWcYrrSqy+Ax+JVJ8FYoirNK74gX+1wdMuv5EnlSWb0=
Subject key identifier:   4E:3E:C6:85:B2:A8:08:47:B5:0C:F4:9C:53:08:7E:F9:BB:C5:30:D9
Certificate issuer:       /CN=e6fc17bea555b6d38321f94028e515fba4fa74dc
Certificate serial:       019363067E415D103BAAC196CAEE052F67C2
Authority key identifier: E6:FC:17:BE:A5:55:B6:D3:83:21:F9:40:28:E5:15:FB:A4:FA:74:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5vwXvqVVttODIflAKOUV-6T6dNw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/c0d463-a174-4f5d-b4ee-96967fcd42e9/1/Tj7GhbKoCEe1DPScUwh--bvFMNk.roa
Signing time:             Mon 25 Nov 2024 11:13:10 +0000
ROA not before:           Mon 25 Nov 2024 11:13:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203409
IP address blocks:        185.135.68.0/24 maxlen: 24
                          185.135.69.0/24 maxlen: 24
                          185.135.70.0/24 maxlen: 24
                          185.135.71.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/c0d463-a174-4f5d-b4ee-96967fcd42e9/1/5vwXvqVVttODIflAKOUV-6T6dNw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/c0d463-a174-4f5d-b4ee-96967fcd42e9/1/5vwXvqVVttODIflAKOUV-6T6dNw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5vwXvqVVttODIflAKOUV-6T6dNw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 17:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:63:06:7e:41:5d:10:3b:aa:c1:96:ca:ee:05:2f:67:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e6fc17bea555b6d38321f94028e515fba4fa74dc
        Validity
            Not Before: Nov 25 11:13:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4e3ec685b2a80847b50cf49c53087ef9bbc530d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:d2:88:a3:0a:9f:a2:93:a6:6e:cf:05:1b:98:
                    6f:f5:d7:47:03:eb:52:17:29:28:30:a9:a2:74:34:
                    84:12:31:b2:ef:0e:1c:98:97:57:05:5d:36:b5:9c:
                    0c:ad:8e:3c:f6:cc:95:0d:22:92:66:5f:9b:bd:ea:
                    b8:76:52:24:06:ea:5e:16:02:83:ab:60:47:97:79:
                    e8:3d:af:a2:7a:f1:9e:b3:e3:21:fa:c8:4c:56:b8:
                    be:24:1d:8e:c6:db:0c:89:ff:f2:7b:c7:d5:46:c1:
                    28:6a:d7:a9:6a:ea:93:4d:36:77:14:bc:e1:27:62:
                    dc:11:88:10:ee:e8:89:4c:4b:fe:81:9b:e3:48:13:
                    c8:39:c5:96:bf:38:17:4c:5b:9e:82:bf:05:d8:f1:
                    cd:ca:f1:72:03:0f:fc:db:f0:f6:86:ca:b3:83:a0:
                    99:fe:44:9a:7c:58:0e:9e:a7:dc:58:b5:ee:e8:52:
                    52:96:a2:95:4b:e7:a1:16:27:d9:37:d1:2c:5b:bc:
                    11:67:51:dc:37:11:1a:6d:33:72:5f:11:a2:42:ff:
                    76:02:6d:cd:da:9f:81:d3:91:2e:4f:34:fa:e0:98:
                    af:71:d7:c5:d9:2d:ab:b0:8a:b7:d3:8d:5a:36:0d:
                    70:f0:e3:59:ec:7c:4d:1e:96:87:63:d7:da:56:fa:
                    e3:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:3E:C6:85:B2:A8:08:47:B5:0C:F4:9C:53:08:7E:F9:BB:C5:30:D9
            X509v3 Authority Key Identifier:
                keyid:E6:FC:17:BE:A5:55:B6:D3:83:21:F9:40:28:E5:15:FB:A4:FA:74:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5vwXvqVVttODIflAKOUV-6T6dNw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/c0d463-a174-4f5d-b4ee-96967fcd42e9/1/Tj7GhbKoCEe1DPScUwh--bvFMNk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/c0d463-a174-4f5d-b4ee-96967fcd42e9/1/5vwXvqVVttODIflAKOUV-6T6dNw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.135.68.0/22

    Signature Algorithm: sha256WithRSAEncryption
         67:ba:c9:02:fb:95:b5:46:06:69:72:ee:c0:54:a5:ec:5b:fe:
         62:ff:24:53:29:49:70:b4:d3:ec:d0:b8:75:f1:36:cb:ae:9d:
         7a:cf:84:a0:4f:18:11:a2:73:1c:43:6a:2d:f6:bd:d3:9c:09:
         aa:99:24:22:ae:76:08:12:9f:ee:4d:8d:60:4a:91:8f:04:31:
         b2:f7:e6:c1:0d:29:a1:72:4b:d5:4d:9c:48:eb:fa:33:9c:06:
         d6:83:9e:44:ee:9d:4e:16:7b:fc:b2:94:e6:7d:76:bb:f8:46:
         ed:28:e0:0a:c3:9e:d5:39:64:48:ea:0c:e5:ad:e6:8b:c9:84:
         1a:e8:9d:0c:8d:74:b6:cd:31:32:51:d3:54:bb:9d:b7:3f:24:
         1c:76:fc:fb:42:a5:fd:6d:e9:62:f9:7a:2e:3a:68:23:bb:5c:
         c3:f3:d4:7f:d4:f7:42:ff:a7:99:2b:ba:68:12:b2:13:41:3c:
         1e:e1:ee:1d:1b:17:80:cb:63:2d:71:fd:aa:3a:68:ed:59:f0:
         59:b9:97:51:be:31:cb:88:81:55:ea:23:49:93:69:50:7b:31:
         2d:ea:de:71:13:26:16:49:50:81:8a:cb:a1:17:f9:5f:14:b5:
         1b:e0:0d:81:8d:60:a2:2f:26:b1:50:1a:4f:3d:c8:64:82:05:
         33:7f:99:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNjBn5BXRA7qsGWyu4FL2fCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2ZmMxN2JlYTU1NWI2ZDM4MzIxZjk0MDI4ZTUxNWZiYTRm
YTc0ZGMwHhcNMjQxMTI1MTExMzEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTNlYzY4NWIyYTgwODQ3YjUwY2Y0OWM1MzA4N2VmOWJiYzUzMGQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzdKIowqfopOmbs8FG5hv9ddHA+tS
FykoMKmidDSEEjGy7w4cmJdXBV02tZwMrY489syVDSKSZl+bveq4dlIkBupeFgKD
q2BHl3noPa+ievGes+Mh+shMVri+JB2OxtsMif/ye8fVRsEoatepauqTTTZ3FLzh
J2LcEYgQ7uiJTEv+gZvjSBPIOcWWvzgXTFuegr8F2PHNyvFyAw/82/D2hsqzg6CZ
/kSafFgOnqfcWLXu6FJSlqKVS+ehFifZN9EsW7wRZ1HcNxEabTNyXxGiQv92Am3N
2p+B05EuTzT64JivcdfF2S2rsIq3041aNg1w8ONZ7HxNHpaHY9faVvrjaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE4+xoWyqAhHtQz0nFMIfvm7xTDZMB8GA1UdIwQY
MBaAFOb8F76lVbbTgyH5QCjlFfuk+nTcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNXZ3WHZxVlZ0dE9ESWZsQUtPVVYtNlQ2ZE53LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9jMGQ0NjMtYTE3NC00ZjVkLWI0ZWUt
OTY5NjdmY2Q0MmU5LzEvVGo3R2hiS29DRWUxRFBTY1V3aC0tYnZGTU5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9jMGQ0NjMtYTE3NC00ZjVkLWI0ZWUtOTY5NjdmY2Q0MmU5
LzEvNXZ3WHZxVlZ0dE9ESWZsQUtPVVYtNlQ2ZE53LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYdEMA0G
CSqGSIb3DQEBCwUAA4IBAQBnuskC+5W1RgZpcu7AVKXsW/5i/yRTKUlwtNPs0Lh1
8TbLrp16z4SgTxgRonMcQ2ot9r3TnAmqmSQirnYIEp/uTY1gSpGPBDGy9+bBDSmh
ckvVTZxI6/oznAbWg55E7p1OFnv8spTmfXa7+EbtKOAKw57VOWRI6gzlreaLyYQa
6J0MjXS2zTEyUdNUu523PyQcdvz7QqX9beli+XouOmgju1zD89R/1PdC/6eZK7po
ErITQTwe4e4dGxeAy2Mtcf2qOmjtWfBZuZdRvjHLiIFV6iNJk2lQezEt6t5xEyYW
SVCBisuhF/lfFLUb4A2BjWCiLyaxUBpPPchkggUzf5ki
-----END CERTIFICATE-----