Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/95/7170e0-a043-4b78-aab1-b6488aec533b/1/JfS3d6eW5V-eSDuNw08EnUFQ28k.roa
File:                     JfS3d6eW5V-eSDuNw08EnUFQ28k.roa (raw, json)
Hash identifier:          Y3lfHEGWTFDB1xG08U3Jc93aPIVV7G/ikOxm8G1/DlI=
Subject key identifier:   25:F4:B7:77:A7:96:E5:5F:9E:48:3B:8D:C3:4F:04:9D:41:50:DB:C9
Certificate issuer:       /CN=0b2ed24703d334b11cd22ee489fc3c64bdc06f4b
Certificate serial:       018CC94CB8EAA4D7E5679DE4CF44E946A890
Authority key identifier: 0B:2E:D2:47:03:D3:34:B1:1C:D2:2E:E4:89:FC:3C:64:BD:C0:6F:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Cy7SRwPTNLEc0i7kifw8ZL3Ab0s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/95/7170e0-a043-4b78-aab1-b6488aec533b/1/JfS3d6eW5V-eSDuNw08EnUFQ28k.roa
Signing time:             Tue 02 Jan 2024 08:31:37 +0000
ROA not before:           Tue 02 Jan 2024 08:31:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24940
IP address blocks:        178.212.75.0/24 maxlen: 24
                          2a11:e980::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/95/7170e0-a043-4b78-aab1-b6488aec533b/1/Cy7SRwPTNLEc0i7kifw8ZL3Ab0s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/95/7170e0-a043-4b78-aab1-b6488aec533b/1/Cy7SRwPTNLEc0i7kifw8ZL3Ab0s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Cy7SRwPTNLEc0i7kifw8ZL3Ab0s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:b8:ea:a4:d7:e5:67:9d:e4:cf:44:e9:46:a8:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b2ed24703d334b11cd22ee489fc3c64bdc06f4b
        Validity
            Not Before: Jan  2 08:31:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=25f4b777a796e55f9e483b8dc34f049d4150dbc9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:b5:0e:dc:47:0b:ca:5c:9d:b9:cb:2b:ff:b5:
                    78:41:02:d1:c2:44:65:4c:de:a3:a4:0d:5e:11:1f:
                    6e:54:52:e4:7b:b8:a9:2f:5b:41:7e:fc:15:fe:c5:
                    d1:5b:41:97:28:ba:08:f9:a9:e0:41:64:c1:c3:f2:
                    ca:54:8f:66:73:f8:89:11:3c:8d:2b:4a:52:a4:07:
                    27:09:68:b9:1d:db:23:97:84:4e:d2:d2:59:e8:0d:
                    d1:e2:98:5d:46:eb:03:28:b4:dc:af:08:df:c0:f7:
                    bb:bc:1e:06:fb:73:6a:2e:9d:4f:57:f3:2b:3b:31:
                    6a:a1:66:58:ef:67:38:58:1a:24:c5:29:58:df:82:
                    10:22:52:b8:71:84:f6:a3:2d:a2:e5:83:11:5b:b6:
                    9f:52:c1:8e:81:fb:8a:e7:91:01:1d:29:92:5c:31:
                    dd:a1:26:59:df:e3:27:43:f0:8a:46:23:ff:8f:3f:
                    27:2f:c1:43:4a:4d:14:ee:99:d4:2c:04:d8:06:c2:
                    0f:c7:08:9e:36:3d:2f:7c:a9:d7:48:8a:e3:03:5b:
                    69:81:12:74:69:7c:02:66:b4:d3:99:73:ac:76:33:
                    9a:68:c5:60:0b:9c:50:29:54:f8:06:cd:21:a4:2b:
                    9f:dd:9e:4f:53:94:0d:98:33:f9:b9:43:b0:27:d0:
                    13:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:F4:B7:77:A7:96:E5:5F:9E:48:3B:8D:C3:4F:04:9D:41:50:DB:C9
            X509v3 Authority Key Identifier:
                keyid:0B:2E:D2:47:03:D3:34:B1:1C:D2:2E:E4:89:FC:3C:64:BD:C0:6F:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Cy7SRwPTNLEc0i7kifw8ZL3Ab0s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/7170e0-a043-4b78-aab1-b6488aec533b/1/JfS3d6eW5V-eSDuNw08EnUFQ28k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/95/7170e0-a043-4b78-aab1-b6488aec533b/1/Cy7SRwPTNLEc0i7kifw8ZL3Ab0s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.212.75.0/24
                IPv6:
                  2a11:e980::/29

    Signature Algorithm: sha256WithRSAEncryption
         7b:fb:5b:d5:53:6b:83:e3:41:3b:2f:a1:dd:f5:96:c6:d3:b4:
         62:03:2c:d4:71:a7:fa:e7:03:52:a0:25:3d:a5:8f:21:e5:58:
         9a:12:ff:86:9e:23:6e:72:dd:6b:be:95:80:30:05:25:b6:41:
         c3:4e:fc:5c:fe:25:3c:3a:d3:d3:53:f1:a9:e1:a5:7b:e2:3f:
         98:7c:64:7e:09:62:d3:fd:c3:6c:0a:ab:cd:c6:c6:c3:57:5e:
         e4:e8:a7:50:d9:ce:29:8c:3b:e7:24:ec:88:e4:bf:90:d5:90:
         96:88:6f:a9:b0:54:6e:16:56:47:f9:01:ca:13:2f:2b:ac:b8:
         bb:18:03:ff:88:96:91:f0:20:e7:f1:48:85:4a:80:41:18:bf:
         6c:60:43:bb:0d:c9:57:e6:74:12:cd:ea:7f:05:34:8d:6e:52:
         7e:c4:94:01:8e:fb:bc:b9:9c:f2:fd:03:69:5c:8a:cf:ca:78:
         19:fa:d8:2a:8e:23:8f:7d:09:ee:6d:2f:00:9f:1a:03:0c:60:
         bd:ea:4c:e0:40:89:28:99:47:5a:fe:67:2a:d1:c5:e5:0d:ce:
         9f:a4:52:f9:79:6b:63:1a:97:9c:65:73:b2:82:e3:3c:9e:46:
         2a:ef:17:2a:10:b1:f1:65:5d:a5:a0:f5:cd:97:07:17:e0:5a:
         f6:29:ae:8c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJTLjqpNflZ53kz0TpRqiQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiMmVkMjQ3MDNkMzM0YjExY2QyMmVlNDg5ZmMzYzY0YmRj
MDZmNGIwHhcNMjQwMTAyMDgzMTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWY0Yjc3N2E3OTZlNTVmOWU0ODNiOGRjMzRmMDQ5ZDQxNTBkYmM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArbUO3EcLylyducsr/7V4QQLRwkRl
TN6jpA1eER9uVFLke7ipL1tBfvwV/sXRW0GXKLoI+angQWTBw/LKVI9mc/iJETyN
K0pSpAcnCWi5Hdsjl4RO0tJZ6A3R4phdRusDKLTcrwjfwPe7vB4G+3NqLp1PV/Mr
OzFqoWZY72c4WBokxSlY34IQIlK4cYT2oy2i5YMRW7afUsGOgfuK55EBHSmSXDHd
oSZZ3+MnQ/CKRiP/jz8nL8FDSk0U7pnULATYBsIPxwieNj0vfKnXSIrjA1tpgRJ0
aXwCZrTTmXOsdjOaaMVgC5xQKVT4Bs0hpCuf3Z5PU5QNmDP5uUOwJ9ATBQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCX0t3enluVfnkg7jcNPBJ1BUNvJMB8GA1UdIwQY
MBaAFAsu0kcD0zSxHNIu5In8PGS9wG9LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ3k3U1J3UFROTEVjMGk3a2lmdzhaTDNBYjBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NS83MTcwZTAtYTA0My00Yjc4LWFhYjEt
YjY0ODhhZWM1MzNiLzEvSmZTM2Q2ZVc1Vi1lU0R1TncwOEVuVUZRMjhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NS83MTcwZTAtYTA0My00Yjc4LWFhYjEtYjY0ODhhZWM1MzNi
LzEvQ3k3U1J3UFROTEVjMGk3a2lmdzhaTDNBYjBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAstRLMA0E
AgACMAcDBQMqEemAMA0GCSqGSIb3DQEBCwUAA4IBAQB7+1vVU2uD40E7L6Hd9ZbG
07RiAyzUcaf65wNSoCU9pY8h5ViaEv+GniNuct1rvpWAMAUltkHDTvxc/iU8OtPT
U/Gp4aV74j+YfGR+CWLT/cNsCqvNxsbDV17k6KdQ2c4pjDvnJOyI5L+Q1ZCWiG+p
sFRuFlZH+QHKEy8rrLi7GAP/iJaR8CDn8UiFSoBBGL9sYEO7DclX5nQSzep/BTSN
blJ+xJQBjvu8uZzy/QNpXIrPyngZ+tgqjiOPfQnubS8AnxoDDGC96kzgQIkomUda
/mcq0cXlDc6fpFL5eWtjGpecZXOyguM8nkYq7xcqELHxZV2loPXNlwcX4Fr2Ka6M
-----END CERTIFICATE-----