Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/e3fb7d-dd4b-4d85-b08e-591caf536ecc/1/7-2b6LTg2NhO6Ud0OC9r99bqsIs.roa
File:                     7-2b6LTg2NhO6Ud0OC9r99bqsIs.roa (raw, json)
Hash identifier:          ANw7yDP1/hr55Egk9BlaEki4TrpUVmaeYi0AGo70fK0=
Subject key identifier:   EF:ED:9B:E8:B4:E0:D8:D8:4E:E9:47:74:38:2F:6B:F7:D6:EA:B0:8B
Certificate issuer:       /CN=22a5d84053e2b0c313af1e3ba5102466a5f79678
Certificate serial:       018CC871415891A563464EBAE6C087EFAE59
Authority key identifier: 22:A5:D8:40:53:E2:B0:C3:13:AF:1E:3B:A5:10:24:66:A5:F7:96:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IqXYQFPisMMTrx47pRAkZqX3lng.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/e3fb7d-dd4b-4d85-b08e-591caf536ecc/1/7-2b6LTg2NhO6Ud0OC9r99bqsIs.roa
Signing time:             Tue 02 Jan 2024 04:31:54 +0000
ROA not before:           Tue 02 Jan 2024 04:31:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     270119
IP address blocks:        155.204.136.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/e3fb7d-dd4b-4d85-b08e-591caf536ecc/1/IqXYQFPisMMTrx47pRAkZqX3lng.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/e3fb7d-dd4b-4d85-b08e-591caf536ecc/1/IqXYQFPisMMTrx47pRAkZqX3lng.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IqXYQFPisMMTrx47pRAkZqX3lng.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 31 May 2024 02:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:41:58:91:a5:63:46:4e:ba:e6:c0:87:ef:ae:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22a5d84053e2b0c313af1e3ba5102466a5f79678
        Validity
            Not Before: Jan  2 04:31:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=efed9be8b4e0d8d84ee94774382f6bf7d6eab08b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:a2:75:20:1d:1d:d7:25:76:9e:75:61:d8:e8:
                    1c:13:dd:a7:90:ab:80:d9:f7:94:30:e8:2b:5a:27:
                    b1:33:7f:27:c2:da:15:d7:66:ee:80:28:13:3a:ca:
                    05:43:8c:c1:93:dc:e5:17:53:55:d2:32:e5:bb:7c:
                    64:22:61:64:7a:b1:81:4a:01:47:56:fd:b5:c3:73:
                    ad:0a:de:4a:4b:08:7d:09:fe:cb:d3:35:fc:e6:3e:
                    0a:bc:5a:c8:2b:23:ca:e1:0c:43:a7:a3:12:42:ca:
                    70:88:65:d4:a5:34:2a:3b:88:c7:7b:74:f6:0c:72:
                    04:0a:5d:6d:be:1a:0c:51:99:39:2d:e9:a5:b6:38:
                    a8:64:3a:8f:73:7c:92:53:b0:f1:f8:7f:1d:36:63:
                    f9:70:23:ed:61:83:73:7a:1a:11:14:3e:a5:98:1b:
                    26:4a:e5:a5:3e:e3:48:05:66:5b:e9:1d:60:5e:e8:
                    d3:b9:d3:f0:95:f9:83:50:f6:e3:62:81:45:0e:c7:
                    a4:02:56:2e:b8:d4:ca:7a:ac:be:f3:e6:65:5e:8a:
                    fc:32:04:80:ef:f6:c0:52:7b:a5:86:d7:33:a3:6e:
                    8f:1b:19:5b:a0:16:f1:ad:84:55:e3:da:7f:61:11:
                    d1:57:82:0b:e7:4e:f4:2c:28:6c:37:34:69:9a:2a:
                    35:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:ED:9B:E8:B4:E0:D8:D8:4E:E9:47:74:38:2F:6B:F7:D6:EA:B0:8B
            X509v3 Authority Key Identifier:
                keyid:22:A5:D8:40:53:E2:B0:C3:13:AF:1E:3B:A5:10:24:66:A5:F7:96:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IqXYQFPisMMTrx47pRAkZqX3lng.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/e3fb7d-dd4b-4d85-b08e-591caf536ecc/1/7-2b6LTg2NhO6Ud0OC9r99bqsIs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/e3fb7d-dd4b-4d85-b08e-591caf536ecc/1/IqXYQFPisMMTrx47pRAkZqX3lng.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.204.136.0/21

    Signature Algorithm: sha256WithRSAEncryption
         17:b1:0b:e1:45:d6:c2:6a:fa:63:01:a2:49:5b:e3:9b:86:dd:
         62:99:99:6e:63:eb:52:76:22:7a:dd:82:96:d3:3a:af:29:75:
         c9:62:59:d6:95:b7:2e:b9:af:a1:18:1c:cf:d2:50:d3:43:e7:
         63:c8:63:a4:44:70:1c:b6:1e:10:c8:b8:c4:36:58:02:de:0a:
         57:25:da:f6:12:bd:7f:28:95:d8:05:44:54:34:79:a9:9d:22:
         55:3e:a8:25:9e:ce:8a:26:44:1d:11:f7:ca:83:84:8f:03:4c:
         99:81:df:47:9a:a3:8c:30:90:6c:ac:44:a3:b8:cb:3e:0c:3a:
         92:48:dc:41:8c:82:74:d8:65:c3:2d:6d:46:6f:de:35:7b:0a:
         47:c1:96:4a:54:57:51:f7:7d:74:4f:65:6b:65:eb:2d:80:8f:
         d0:28:5f:8c:1b:f6:9f:a0:1c:89:74:07:18:6f:62:12:7f:e0:
         43:b0:25:64:dc:1b:2d:c5:63:cb:8e:aa:33:56:48:ba:80:08:
         7e:a4:ec:53:4c:41:47:01:c3:d1:7c:14:4f:f6:bc:74:4d:60:
         a5:7b:31:ab:b1:ae:c8:a2:94:93:64:5e:42:e5:72:55:88:00:
         cf:73:57:69:bb:6f:a1:5f:c2:1e:a6:13:ea:74:2f:7f:59:0f:
         50:eb:f9:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcUFYkaVjRk665sCH765ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYTVkODQwNTNlMmIwYzMxM2FmMWUzYmE1MTAyNDY2YTVm
Nzk2NzgwHhcNMjQwMTAyMDQzMTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZmVkOWJlOGI0ZTBkOGQ4NGVlOTQ3NzQzODJmNmJmN2Q2ZWFiMDhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgqJ1IB0d1yV2nnVh2OgcE92nkKuA
2feUMOgrWiexM38nwtoV12bugCgTOsoFQ4zBk9zlF1NV0jLlu3xkImFkerGBSgFH
Vv21w3OtCt5KSwh9Cf7L0zX85j4KvFrIKyPK4QxDp6MSQspwiGXUpTQqO4jHe3T2
DHIECl1tvhoMUZk5LemltjioZDqPc3ySU7Dx+H8dNmP5cCPtYYNzehoRFD6lmBsm
SuWlPuNIBWZb6R1gXujTudPwlfmDUPbjYoFFDsekAlYuuNTKeqy+8+ZlXor8MgSA
7/bAUnulhtczo26PGxlboBbxrYRV49p/YRHRV4IL5070LChsNzRpmio1twIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO/tm+i04NjYTulHdDgva/fW6rCLMB8GA1UdIwQY
MBaAFCKl2EBT4rDDE68eO6UQJGal95Z4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXFYWVFGUGlzTU1Ucng0N3BSQWtacVgzbG5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi9lM2ZiN2QtZGQ0Yi00ZDg1LWIwOGUt
NTkxY2FmNTM2ZWNjLzEvNy0yYjZMVGcyTmhPNlVkME9DOXI5OWJxc0lzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi9lM2ZiN2QtZGQ0Yi00ZDg1LWIwOGUtNTkxY2FmNTM2ZWNj
LzEvSXFYWVFGUGlzTU1Ucng0N3BSQWtacVgzbG5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDm8yIMA0G
CSqGSIb3DQEBCwUAA4IBAQAXsQvhRdbCavpjAaJJW+Obht1imZluY+tSdiJ63YKW
0zqvKXXJYlnWlbcuua+hGBzP0lDTQ+djyGOkRHActh4QyLjENlgC3gpXJdr2Er1/
KJXYBURUNHmpnSJVPqglns6KJkQdEffKg4SPA0yZgd9HmqOMMJBsrESjuMs+DDqS
SNxBjIJ02GXDLW1Gb941ewpHwZZKVFdR9310T2VrZestgI/QKF+MG/afoByJdAcY
b2ISf+BDsCVk3BstxWPLjqozVki6gAh+pOxTTEFHAcPRfBRP9rx0TWClezGrsa7I
opSTZF5C5XJViADPc1dpu2+hX8IephPqdC9/WQ9Q6/ml
-----END CERTIFICATE-----