Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/22c510-3480-4ce1-8dd8-19746947558d/1/F26USbpOPlhZSE8GQ3HRR8TOYbU.roa
File:                     F26USbpOPlhZSE8GQ3HRR8TOYbU.roa (raw, json)
Hash identifier:          MP1P05utywHNv/2RVQaMP0wmkPr6oyVSXFI5hK6Zenc=
Subject key identifier:   17:6E:94:49:BA:4E:3E:58:59:48:4F:06:43:71:D1:47:C4:CE:61:B5
Certificate issuer:       /CN=ffb2627672877d0f6de9bc4e7e186eedd1356110
Certificate serial:       0190EAB1469E3DEE243EFAACD004D7A98006
Authority key identifier: FF:B2:62:76:72:87:7D:0F:6D:E9:BC:4E:7E:18:6E:ED:D1:35:61:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_7JidnKHfQ9t6bxOfhhu7dE1YRA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/22c510-3480-4ce1-8dd8-19746947558d/1/F26USbpOPlhZSE8GQ3HRR8TOYbU.roa
Signing time:             Thu 25 Jul 2024 16:20:04 +0000
ROA not before:           Thu 25 Jul 2024 16:20:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49505
IP address blocks:        185.147.124.0/24 maxlen: 24
                          185.147.125.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/22c510-3480-4ce1-8dd8-19746947558d/1/_7JidnKHfQ9t6bxOfhhu7dE1YRA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/22c510-3480-4ce1-8dd8-19746947558d/1/_7JidnKHfQ9t6bxOfhhu7dE1YRA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_7JidnKHfQ9t6bxOfhhu7dE1YRA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 19:02:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:ea:b1:46:9e:3d:ee:24:3e:fa:ac:d0:04:d7:a9:80:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffb2627672877d0f6de9bc4e7e186eedd1356110
        Validity
            Not Before: Jul 25 16:20:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=176e9449ba4e3e5859484f064371d147c4ce61b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:7f:0c:05:52:c8:fe:d3:55:0d:d4:a3:3c:dd:
                    3a:74:f2:fb:e0:69:07:0c:65:4b:1a:f2:77:cc:24:
                    53:42:2c:30:06:c4:1d:df:8d:31:6b:83:22:77:65:
                    71:66:0d:1d:32:8c:5b:0e:fa:9e:9c:0c:8e:05:47:
                    72:82:b4:4a:42:90:fd:f7:a4:58:5a:3f:05:c3:0a:
                    53:6e:f0:d7:92:a3:28:bb:11:b2:92:fb:53:dc:54:
                    40:fe:b1:cb:d9:67:48:e6:58:b1:6c:9a:c3:db:f8:
                    e0:f9:59:40:78:dc:38:b0:3c:81:16:c3:d1:9c:fc:
                    a9:45:40:43:66:b7:2f:3c:20:5a:29:69:09:d8:cb:
                    94:bb:c5:15:78:aa:3c:9d:ce:d7:9b:c2:60:2d:a6:
                    c2:e7:da:89:ae:44:6c:ce:63:ac:02:3d:ad:a8:fb:
                    f5:f5:ac:08:c6:7a:0b:a1:47:31:7a:c6:f9:8c:da:
                    8a:34:78:53:9b:ae:f1:ca:ca:fa:c9:64:a8:26:61:
                    ff:27:48:27:77:bf:f8:39:2c:e3:24:b8:36:1d:d0:
                    92:de:17:89:0c:f3:a3:b5:28:00:05:83:07:a4:2e:
                    34:71:28:74:50:12:52:48:33:61:c8:7b:89:49:57:
                    f2:0f:4b:b4:c7:82:cb:9d:60:bd:72:c4:12:77:e9:
                    88:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:6E:94:49:BA:4E:3E:58:59:48:4F:06:43:71:D1:47:C4:CE:61:B5
            X509v3 Authority Key Identifier:
                keyid:FF:B2:62:76:72:87:7D:0F:6D:E9:BC:4E:7E:18:6E:ED:D1:35:61:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_7JidnKHfQ9t6bxOfhhu7dE1YRA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/22c510-3480-4ce1-8dd8-19746947558d/1/F26USbpOPlhZSE8GQ3HRR8TOYbU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/22c510-3480-4ce1-8dd8-19746947558d/1/_7JidnKHfQ9t6bxOfhhu7dE1YRA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.147.124.0/23

    Signature Algorithm: sha256WithRSAEncryption
         63:f1:51:59:e3:bf:d4:2f:c4:f3:2f:1c:15:b5:58:7c:ed:40:
         b1:e3:97:11:22:8d:c1:54:b3:07:ef:bb:dc:16:bb:42:0e:85:
         9c:be:84:64:5e:cb:5a:5c:ba:80:d8:fb:6e:10:23:54:0b:3d:
         a3:01:7b:aa:30:78:00:5d:1e:e6:33:52:40:4d:ef:c8:73:a3:
         02:42:0d:9d:40:00:df:6b:b8:54:de:ab:6c:16:90:fb:f5:62:
         c6:45:a5:9d:87:8d:44:76:e7:36:59:3a:1e:41:f4:09:42:14:
         9f:96:26:c1:4f:e1:ed:7a:72:eb:b6:31:52:95:79:d4:8f:2a:
         92:a0:33:eb:9e:48:07:78:6c:24:d3:92:41:6d:4b:98:b3:1b:
         76:95:5d:bc:a1:74:c4:46:40:62:92:96:bc:80:ca:09:29:96:
         36:86:55:96:98:e7:c2:93:77:1f:9f:36:fc:4f:e2:65:46:0c:
         6c:33:81:37:c3:59:2f:d5:24:84:d3:a1:d2:1e:7d:9b:21:84:
         04:07:56:b4:35:bd:42:ba:80:75:e6:66:4f:83:c3:a6:25:03:
         be:ec:d6:40:28:38:d1:9d:4b:22:4c:fc:55:1a:2c:53:e8:93:
         ec:3f:fd:ac:66:ca:2f:de:6d:19:39:4f:06:01:51:c7:55:e4:
         84:9d:0f:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDqsUaePe4kPvqs0ATXqYAGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYjI2Mjc2NzI4NzdkMGY2ZGU5YmM0ZTdlMTg2ZWVkZDEz
NTYxMTAwHhcNMjQwNzI1MTYyMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzZlOTQ0OWJhNGUzZTU4NTk0ODRmMDY0MzcxZDE0N2M0Y2U2MWI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsH8MBVLI/tNVDdSjPN06dPL74GkH
DGVLGvJ3zCRTQiwwBsQd340xa4Mid2VxZg0dMoxbDvqenAyOBUdygrRKQpD996RY
Wj8FwwpTbvDXkqMouxGykvtT3FRA/rHL2WdI5lixbJrD2/jg+VlAeNw4sDyBFsPR
nPypRUBDZrcvPCBaKWkJ2MuUu8UVeKo8nc7Xm8JgLabC59qJrkRszmOsAj2tqPv1
9awIxnoLoUcxesb5jNqKNHhTm67xysr6yWSoJmH/J0gnd7/4OSzjJLg2HdCS3heJ
DPOjtSgABYMHpC40cSh0UBJSSDNhyHuJSVfyD0u0x4LLnWC9csQSd+mIDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBdulEm6Tj5YWUhPBkNx0UfEzmG1MB8GA1UdIwQY
MBaAFP+yYnZyh30Pbem8Tn4Ybu3RNWEQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzdKaWRuS0hmUTl0NmJ4T2ZoaHU3ZEUxWVJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS8yMmM1MTAtMzQ4MC00Y2UxLThkZDgt
MTk3NDY5NDc1NThkLzEvRjI2VVNicE9QbGhaU0U4R1EzSFJSOFRPWWJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS8yMmM1MTAtMzQ4MC00Y2UxLThkZDgtMTk3NDY5NDc1NThk
LzEvXzdKaWRuS0hmUTl0NmJ4T2ZoaHU3ZEUxWVJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuZN8MA0G
CSqGSIb3DQEBCwUAA4IBAQBj8VFZ47/UL8TzLxwVtVh87UCx45cRIo3BVLMH77vc
FrtCDoWcvoRkXstaXLqA2PtuECNUCz2jAXuqMHgAXR7mM1JATe/Ic6MCQg2dQADf
a7hU3qtsFpD79WLGRaWdh41Educ2WToeQfQJQhSflibBT+HtenLrtjFSlXnUjyqS
oDPrnkgHeGwk05JBbUuYsxt2lV28oXTERkBikpa8gMoJKZY2hlWWmOfCk3cfnzb8
T+JlRgxsM4E3w1kv1SSE06HSHn2bIYQEB1a0Nb1CuoB15mZPg8OmJQO+7NZAKDjR
nUsiTPxVGixT6JPsP/2sZsov3m0ZOU8GAVHHVeSEnQ9Z
-----END CERTIFICATE-----