Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/aacdcc-aa17-42f8-9ade-7c379a551c12/1/CtSoxerPwm3PFvpde5Gj--q7nbo.roa
File:                     CtSoxerPwm3PFvpde5Gj--q7nbo.roa (raw, json)
Hash identifier:          Sz2D5nElGAu4GW1vncrnEl2P2lx1eo3aiO01hQDR1rE=
Subject key identifier:   0A:D4:A8:C5:EA:CF:C2:6D:CF:16:FA:5D:7B:91:A3:FB:EA:BB:9D:BA
Certificate issuer:       /CN=7ddc36414c991bfa8d92f6027e5308370b22b6a6
Certificate serial:       018DF8DF6C9DF03A4277994BD91AA96F76E2
Authority key identifier: 7D:DC:36:41:4C:99:1B:FA:8D:92:F6:02:7E:53:08:37:0B:22:B6:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fdw2QUyZG_qNkvYCflMINwsitqY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/aacdcc-aa17-42f8-9ade-7c379a551c12/1/CtSoxerPwm3PFvpde5Gj--q7nbo.roa
Signing time:             Fri 01 Mar 2024 07:16:48 +0000
ROA not before:           Fri 01 Mar 2024 07:16:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203825
IP address blocks:        185.122.188.0/23 maxlen: 23
                          185.122.190.0/23 maxlen: 23
                          193.110.196.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/aacdcc-aa17-42f8-9ade-7c379a551c12/1/fdw2QUyZG_qNkvYCflMINwsitqY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/aacdcc-aa17-42f8-9ade-7c379a551c12/1/fdw2QUyZG_qNkvYCflMINwsitqY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fdw2QUyZG_qNkvYCflMINwsitqY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:f8:df:6c:9d:f0:3a:42:77:99:4b:d9:1a:a9:6f:76:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7ddc36414c991bfa8d92f6027e5308370b22b6a6
        Validity
            Not Before: Mar  1 07:16:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0ad4a8c5eacfc26dcf16fa5d7b91a3fbeabb9dba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:24:38:b2:b9:92:1b:83:56:11:da:1c:6d:27:
                    00:de:46:77:cf:74:eb:e4:a6:26:0a:2b:d3:4e:98:
                    a6:da:7f:3c:33:d0:4b:32:88:19:9e:9a:59:72:53:
                    d1:e4:f3:a5:61:ed:ab:a1:6e:a3:80:f5:6c:2b:a0:
                    78:5c:4a:3d:e7:fc:71:77:b0:5b:82:65:c2:a9:24:
                    92:cc:37:f7:f2:d0:99:20:18:5a:f9:99:81:3b:06:
                    6a:6d:41:a0:11:8a:bb:ad:04:f2:5f:fa:ff:f1:06:
                    5a:70:ad:4a:8d:1d:6f:74:5a:f0:73:fd:48:01:7b:
                    8f:d9:97:66:49:2c:0c:97:b0:85:69:7f:6b:13:c2:
                    2a:7f:25:aa:ff:13:d2:88:eb:ed:63:77:0e:38:4f:
                    d0:93:05:c3:11:5c:5a:40:5b:7b:d6:11:87:5a:64:
                    e2:98:1d:64:66:e8:24:37:81:8b:9b:13:61:51:89:
                    66:d2:c5:0c:c2:b5:f6:15:18:f8:5e:2d:61:2e:92:
                    52:53:04:fe:0d:b7:e5:6c:84:d1:27:17:15:69:22:
                    4e:a4:bb:fe:1e:75:75:92:e0:30:78:89:5b:2a:09:
                    13:40:8a:a9:92:ed:d5:1c:c7:7e:6e:f6:dc:40:06:
                    a2:05:7d:45:ab:84:0d:15:e5:c5:2d:a3:ed:f5:0e:
                    fd:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:D4:A8:C5:EA:CF:C2:6D:CF:16:FA:5D:7B:91:A3:FB:EA:BB:9D:BA
            X509v3 Authority Key Identifier:
                keyid:7D:DC:36:41:4C:99:1B:FA:8D:92:F6:02:7E:53:08:37:0B:22:B6:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fdw2QUyZG_qNkvYCflMINwsitqY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/aacdcc-aa17-42f8-9ade-7c379a551c12/1/CtSoxerPwm3PFvpde5Gj--q7nbo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/aacdcc-aa17-42f8-9ade-7c379a551c12/1/fdw2QUyZG_qNkvYCflMINwsitqY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.122.188.0/22
                  193.110.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2c:8c:32:d6:3a:d4:c3:36:68:d3:04:89:a2:2f:af:dc:38:2b:
         23:c6:d2:b0:b3:6b:80:54:98:21:e4:94:8d:f8:12:ad:ff:fa:
         cd:04:23:c4:98:04:6c:70:7b:d7:93:b6:47:af:15:da:41:5f:
         7f:c7:cf:6b:31:54:10:2a:41:2d:dc:71:1a:62:05:23:4b:e3:
         63:84:e6:8f:12:6a:ba:5d:ce:15:57:ed:6c:c2:44:8e:af:2f:
         11:06:e8:39:24:02:40:9e:af:43:eb:62:8c:91:2f:29:45:ae:
         12:1d:69:7c:d6:72:5f:39:39:72:f5:58:c8:6e:73:60:5c:67:
         9c:2e:b1:a9:58:8f:9c:59:60:db:aa:9b:ae:48:cd:c6:9d:00:
         d2:8b:f0:65:47:47:7b:27:03:9f:97:8b:3b:4a:82:e2:54:96:
         13:22:e8:82:02:4c:9d:5e:4e:d4:a6:bc:7d:ba:e5:a7:49:8a:
         f6:0d:b3:74:67:f3:6a:b2:1b:ea:68:14:21:9d:7d:bb:33:79:
         1f:1e:79:c6:33:df:fe:ba:a9:13:45:25:dd:3b:23:92:4b:4a:
         03:82:64:be:06:1e:a8:e1:bb:c5:bf:45:34:28:c6:68:1d:5b:
         cd:5c:4d:44:bb:88:ea:92:e6:70:9e:e3:f3:87:a2:af:47:72:
         83:95:e4:2e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY3432yd8DpCd5lL2Rqpb3biMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkZGMzNjQxNGM5OTFiZmE4ZDkyZjYwMjdlNTMwODM3MGIy
MmI2YTYwHhcNMjQwMzAxMDcxNjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWQ0YThjNWVhY2ZjMjZkY2YxNmZhNWQ3YjkxYTNmYmVhYmI5ZGJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjSQ4srmSG4NWEdocbScA3kZ3z3Tr
5KYmCivTTpim2n88M9BLMogZnppZclPR5POlYe2roW6jgPVsK6B4XEo95/xxd7Bb
gmXCqSSSzDf38tCZIBha+ZmBOwZqbUGgEYq7rQTyX/r/8QZacK1KjR1vdFrwc/1I
AXuP2ZdmSSwMl7CFaX9rE8IqfyWq/xPSiOvtY3cOOE/QkwXDEVxaQFt71hGHWmTi
mB1kZugkN4GLmxNhUYlm0sUMwrX2FRj4Xi1hLpJSUwT+DbflbITRJxcVaSJOpLv+
HnV1kuAweIlbKgkTQIqpku3VHMd+bvbcQAaiBX1Fq4QNFeXFLaPt9Q79tQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFArUqMXqz8Jtzxb6XXuRo/vqu526MB8GA1UdIwQY
MBaAFH3cNkFMmRv6jZL2An5TCDcLIramMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmR3MlFVeVpHX3FOa3ZZQ2ZsTUlOd3NpdHFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny9hYWNkY2MtYWExNy00MmY4LTlhZGUt
N2MzNzlhNTUxYzEyLzEvQ3RTb3hlclB3bTNQRnZwZGU1R2otLXE3bmJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny9hYWNkY2MtYWExNy00MmY4LTlhZGUtN2MzNzlhNTUxYzEy
LzEvZmR3MlFVeVpHX3FOa3ZZQ2ZsTUlOd3NpdHFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuXq8AwQC
wW7EMA0GCSqGSIb3DQEBCwUAA4IBAQAsjDLWOtTDNmjTBImiL6/cOCsjxtKws2uA
VJgh5JSN+BKt//rNBCPEmARscHvXk7ZHrxXaQV9/x89rMVQQKkEt3HEaYgUjS+Nj
hOaPEmq6Xc4VV+1swkSOry8RBug5JAJAnq9D62KMkS8pRa4SHWl81nJfOTly9VjI
bnNgXGecLrGpWI+cWWDbqpuuSM3GnQDSi/BlR0d7JwOfl4s7SoLiVJYTIuiCAkyd
Xk7Uprx9uuWnSYr2DbN0Z/NqshvqaBQhnX27M3kfHnnGM9/+uqkTRSXdOyOSS0oD
gmS+Bh6o4bvFv0U0KMZoHVvNXE1Eu4jqkuZwnuPzh6KvR3KDleQu
-----END CERTIFICATE-----