Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/7sIDSDY80FkfUc4etvbpcOsPI-s.roa
File:                     7sIDSDY80FkfUc4etvbpcOsPI-s.roa (raw, json)
Hash identifier:          F/h4roqqyp83guB6PHb7kobxTqhbczVKStuqOFrsLAA=
Subject key identifier:   EE:C2:03:48:36:3C:D0:59:1F:51:CE:1E:B6:F6:E9:70:EB:0F:23:EB
Certificate issuer:       /CN=9aee15c33de358938d6900a1b3c14480a389e85b
Certificate serial:       018CCA29D331A8297B385ED0BC453133FCEE
Authority key identifier: 9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/7sIDSDY80FkfUc4etvbpcOsPI-s.roa
Signing time:             Tue 02 Jan 2024 12:33:07 +0000
ROA not before:           Tue 02 Jan 2024 12:33:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49505
IP address blocks:        185.96.36.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:d3:31:a8:29:7b:38:5e:d0:bc:45:31:33:fc:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9aee15c33de358938d6900a1b3c14480a389e85b
        Validity
            Not Before: Jan  2 12:33:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eec20348363cd0591f51ce1eb6f6e970eb0f23eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:3e:a7:f7:dd:52:ee:3a:20:75:b7:87:cd:1d:
                    db:80:35:bc:b4:8f:bc:a8:cb:0e:3d:97:f1:8d:4d:
                    b7:54:29:ee:97:75:b9:fe:fe:ec:2d:09:d9:79:67:
                    57:9c:15:a4:8b:6f:a2:4b:2f:37:b7:38:38:66:09:
                    73:ed:bf:20:b4:aa:68:f6:16:69:f9:2e:97:99:fe:
                    d9:de:f1:49:cd:9f:97:b3:8c:45:9e:58:60:ff:f2:
                    cf:7e:db:7e:f8:4f:11:b1:9d:a3:9f:dd:b4:ec:79:
                    9f:fd:0e:ed:66:3c:de:eb:86:92:d5:6d:43:30:4d:
                    c5:cb:09:f5:1c:56:d6:6e:2b:9c:6a:5b:60:11:b2:
                    d0:ed:7f:29:f5:dd:09:52:a3:ab:80:88:e0:e6:91:
                    ab:2b:b3:06:4e:8f:00:40:38:b5:c4:a3:7f:c1:9b:
                    be:3e:86:15:d1:f2:c7:c4:c7:d8:e5:82:5f:46:0f:
                    24:d7:47:7e:3f:01:19:7c:c9:66:6f:de:24:e1:88:
                    dc:9b:d8:ea:21:fd:fc:9b:e2:12:0e:70:28:18:fe:
                    18:e4:fe:5c:41:dc:8c:fb:69:9b:a6:19:c4:1a:bd:
                    21:e8:09:50:25:f8:63:26:25:e1:98:69:92:0b:7b:
                    15:1b:63:b3:b4:7d:5c:ed:a8:88:d3:e9:13:c7:f6:
                    6d:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:C2:03:48:36:3C:D0:59:1F:51:CE:1E:B6:F6:E9:70:EB:0F:23:EB
            X509v3 Authority Key Identifier:
                keyid:9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/7sIDSDY80FkfUc4etvbpcOsPI-s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.96.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:da:22:c3:61:06:b1:0e:e1:c1:49:b0:8a:cc:b9:19:af:fd:
         fe:64:10:90:c1:2a:59:b7:a4:70:bc:3d:a1:f3:40:54:8d:08:
         fe:0a:c5:48:07:74:20:22:6e:72:87:ae:7b:32:1e:9e:d1:fa:
         e2:e8:8b:6b:c6:6a:88:91:d9:90:59:35:1f:17:2a:47:81:77:
         f2:94:3b:0c:55:99:13:12:53:92:df:30:51:d8:d2:81:2a:14:
         11:56:86:7d:19:81:62:02:6f:87:b2:07:24:76:6d:13:84:74:
         8d:ca:67:dc:15:ac:d5:63:5f:38:a7:24:40:82:f9:06:fb:8a:
         73:a0:97:f1:c2:eb:c3:8e:87:88:aa:2c:68:e8:b8:d3:3c:ed:
         26:8a:70:82:67:ea:e3:29:ab:d9:cc:87:2c:94:96:76:00:72:
         ad:28:ab:52:ae:29:a4:3d:45:58:89:92:a3:84:3a:85:c7:17:
         76:55:4c:43:a1:97:e7:69:4e:0b:34:32:48:82:bf:2b:b0:4e:
         51:d1:b1:36:17:2a:4a:6d:5e:cf:aa:4e:70:60:ab:4c:95:7a:
         f3:03:f0:ca:83:f7:20:86:2a:1f:9f:eb:a0:12:55:e8:55:96:
         fe:61:a6:22:2b:11:ab:10:90:b1:ad:2c:76:4c:d0:f9:47:ae:
         ec:ca:f7:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKdMxqCl7OF7QvEUxM/zuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhZWUxNWMzM2RlMzU4OTM4ZDY5MDBhMWIzYzE0NDgwYTM4
OWU4NWIwHhcNMjQwMTAyMTIzMzA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZWMyMDM0ODM2M2NkMDU5MWY1MWNlMWViNmY2ZTk3MGViMGYyM2ViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmD6n991S7jogdbeHzR3bgDW8tI+8
qMsOPZfxjU23VCnul3W5/v7sLQnZeWdXnBWki2+iSy83tzg4Zglz7b8gtKpo9hZp
+S6Xmf7Z3vFJzZ+Xs4xFnlhg//LPftt++E8RsZ2jn9207Hmf/Q7tZjze64aS1W1D
ME3Fywn1HFbWbiucaltgEbLQ7X8p9d0JUqOrgIjg5pGrK7MGTo8AQDi1xKN/wZu+
PoYV0fLHxMfY5YJfRg8k10d+PwEZfMlmb94k4Yjcm9jqIf38m+ISDnAoGP4Y5P5c
QdyM+2mbphnEGr0h6AlQJfhjJiXhmGmSC3sVG2OztH1c7aiI0+kTx/ZtFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO7CA0g2PNBZH1HOHrb26XDrDyPrMB8GA1UdIwQY
MBaAFJruFcM941iTjWkAobPBRICjiehbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjIt
NmVlNTM0ZDkyZTUyLzEvN3NJRFNEWTgwRmtmVWM0ZXR2YnBjT3NQSS1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjItNmVlNTM0ZDkyZTUy
LzEvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWAkMA0G
CSqGSIb3DQEBCwUAA4IBAQAr2iLDYQaxDuHBSbCKzLkZr/3+ZBCQwSpZt6RwvD2h
80BUjQj+CsVIB3QgIm5yh657Mh6e0fri6ItrxmqIkdmQWTUfFypHgXfylDsMVZkT
ElOS3zBR2NKBKhQRVoZ9GYFiAm+Hsgckdm0ThHSNymfcFazVY184pyRAgvkG+4pz
oJfxwuvDjoeIqixo6LjTPO0minCCZ+rjKavZzIcslJZ2AHKtKKtSrimkPUVYiZKj
hDqFxxd2VUxDoZfnaU4LNDJIgr8rsE5R0bE2FypKbV7Pqk5wYKtMlXrzA/DKg/cg
hiofn+ugElXoVZb+YaYiKxGrEJCxrSx2TND5R67syvek
-----END CERTIFICATE-----