Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/0e4976-e750-4568-8583-de6ef7c95526/1/AsbDcpcfCr6aI4OoPM0DofM2eE8.roa
File:                     AsbDcpcfCr6aI4OoPM0DofM2eE8.roa (raw, json)
Hash identifier:          hR3lFZpL/TaNsSm44D2BW2O8ASIh3fXXk5cNr+qdWsE=
Subject key identifier:   02:C6:C3:72:97:1F:0A:BE:9A:23:83:A8:3C:CD:03:A1:F3:36:78:4F
Certificate issuer:       /CN=c7a2e4eb9fd3ccd1ba44a362f76f989b7b44d5f2
Certificate serial:       018CC64B6134C50E3B857E09A59D5E6F49A1
Authority key identifier: C7:A2:E4:EB:9F:D3:CC:D1:BA:44:A3:62:F7:6F:98:9B:7B:44:D5:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x6Lk65_TzNG6RKNi92-Ym3tE1fI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/0e4976-e750-4568-8583-de6ef7c95526/1/AsbDcpcfCr6aI4OoPM0DofM2eE8.roa
Signing time:             Mon 01 Jan 2024 18:31:17 +0000
ROA not before:           Mon 01 Jan 2024 18:31:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     55002
IP address blocks:        194.33.70.0/23 maxlen: 23
                          194.33.68.0/24 maxlen: 24
                          2001:67c:2994::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/0e4976-e750-4568-8583-de6ef7c95526/1/x6Lk65_TzNG6RKNi92-Ym3tE1fI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/0e4976-e750-4568-8583-de6ef7c95526/1/x6Lk65_TzNG6RKNi92-Ym3tE1fI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x6Lk65_TzNG6RKNi92-Ym3tE1fI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 07:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:61:34:c5:0e:3b:85:7e:09:a5:9d:5e:6f:49:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c7a2e4eb9fd3ccd1ba44a362f76f989b7b44d5f2
        Validity
            Not Before: Jan  1 18:31:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=02c6c372971f0abe9a2383a83ccd03a1f336784f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:c9:92:79:ce:68:a1:66:1b:49:2b:7f:f6:c6:
                    64:36:78:bf:29:cb:a3:39:36:cd:48:36:29:96:81:
                    99:0b:87:5c:63:1a:3f:e3:dc:d4:64:5a:8a:a7:cf:
                    ce:ca:7d:60:60:56:5b:6d:69:4c:c8:3c:43:6e:4f:
                    dc:29:32:10:48:8d:e5:77:79:72:13:76:5b:1b:99:
                    db:8e:3a:fb:59:f9:49:d9:64:3f:de:3a:38:7f:32:
                    72:29:cc:39:47:1e:97:2a:ab:26:09:50:a1:77:97:
                    a1:db:15:57:50:18:fb:e4:21:61:b5:a4:78:0e:58:
                    29:74:98:b6:80:20:93:db:84:99:a1:6d:29:4d:2e:
                    58:26:5e:a0:01:7c:b1:f1:1f:67:42:3f:84:10:f6:
                    76:c1:cc:47:78:e2:0b:45:39:3f:7b:d0:86:0b:34:
                    00:75:79:21:c4:2b:55:e3:5c:da:33:33:dd:13:3b:
                    19:8f:47:c9:06:27:4f:01:ef:0f:e8:ef:ca:e1:d2:
                    2e:5f:35:d1:aa:ec:19:31:4a:f7:18:d8:8b:f9:80:
                    46:2a:5c:fb:0b:02:35:92:cd:44:fe:0e:38:8e:94:
                    ea:88:54:82:82:c6:61:c4:bc:66:56:72:dc:1d:67:
                    e6:38:ef:29:e4:69:3d:23:26:a3:da:c6:fe:6c:90:
                    50:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:C6:C3:72:97:1F:0A:BE:9A:23:83:A8:3C:CD:03:A1:F3:36:78:4F
            X509v3 Authority Key Identifier:
                keyid:C7:A2:E4:EB:9F:D3:CC:D1:BA:44:A3:62:F7:6F:98:9B:7B:44:D5:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x6Lk65_TzNG6RKNi92-Ym3tE1fI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/0e4976-e750-4568-8583-de6ef7c95526/1/AsbDcpcfCr6aI4OoPM0DofM2eE8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/0e4976-e750-4568-8583-de6ef7c95526/1/x6Lk65_TzNG6RKNi92-Ym3tE1fI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.33.68.0/24
                  194.33.70.0/23
                IPv6:
                  2001:67c:2994::/48

    Signature Algorithm: sha256WithRSAEncryption
         7a:c8:37:ba:0e:0e:77:76:f4:e7:5e:ef:66:ca:f4:3d:64:b4:
         56:3f:6c:e0:5f:1a:e3:02:78:7d:3d:ae:8b:3e:f0:3e:90:55:
         b2:9b:5c:f2:ff:d9:90:dc:54:99:45:a2:f7:b2:33:10:3d:a2:
         0d:79:93:0c:89:54:05:de:37:d1:21:a0:a0:6b:a7:db:f8:4d:
         ad:ea:b9:c9:90:a6:54:07:5c:fd:0a:7a:50:10:12:ad:3e:4d:
         df:ba:16:fa:9c:79:1d:db:03:a9:d6:de:61:3e:3b:7f:ff:f6:
         9b:c9:f6:9f:28:2c:72:91:3c:fd:1d:15:56:ee:1f:a8:15:94:
         72:aa:bd:03:46:27:1e:fd:cc:bb:e3:71:ec:78:fa:dc:bb:e1:
         3c:b7:26:6e:78:f9:e7:e3:45:70:c9:a0:c9:f2:ad:2d:d3:fa:
         67:41:f8:90:00:be:f9:1b:4f:ee:4a:90:f8:c0:e5:22:f8:8c:
         2f:fd:b7:38:45:a9:be:b1:dc:fd:6f:27:58:a1:f7:a2:9d:0f:
         ba:19:54:c4:a8:9c:a8:95:96:c7:f1:4f:4f:b1:69:6b:60:e7:
         0a:99:90:9d:91:58:48:f0:16:d3:6e:39:e9:78:99:e7:c4:4a:
         f8:d9:65:76:24:ea:9c:25:f3:cc:2e:72:5a:f6:f4:52:d2:89:
         0f:57:84:be
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYzGS2E0xQ47hX4JpZ1eb0mhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3YTJlNGViOWZkM2NjZDFiYTQ0YTM2MmY3NmY5ODliN2I0
NGQ1ZjIwHhcNMjQwMTAxMTgzMTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMmM2YzM3Mjk3MWYwYWJlOWEyMzgzYTgzY2NkMDNhMWYzMzY3ODRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgsmSec5ooWYbSSt/9sZkNni/Kcuj
OTbNSDYploGZC4dcYxo/49zUZFqKp8/Oyn1gYFZbbWlMyDxDbk/cKTIQSI3ld3ly
E3ZbG5nbjjr7WflJ2WQ/3jo4fzJyKcw5Rx6XKqsmCVChd5eh2xVXUBj75CFhtaR4
DlgpdJi2gCCT24SZoW0pTS5YJl6gAXyx8R9nQj+EEPZ2wcxHeOILRTk/e9CGCzQA
dXkhxCtV41zaMzPdEzsZj0fJBidPAe8P6O/K4dIuXzXRquwZMUr3GNiL+YBGKlz7
CwI1ks1E/g44jpTqiFSCgsZhxLxmVnLcHWfmOO8p5Gk9Iyaj2sb+bJBQXwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFALGw3KXHwq+miODqDzNA6HzNnhPMB8GA1UdIwQY
MBaAFMei5Ouf08zRukSjYvdvmJt7RNXyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDZMazY1X1R6Tkc2UktOaTkyLVltM3RFMWZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy8wZTQ5NzYtZTc1MC00NTY4LTg1ODMt
ZGU2ZWY3Yzk1NTI2LzEvQXNiRGNwY2ZDcjZhSTRPb1BNMERvZk0yZUU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy8wZTQ5NzYtZTc1MC00NTY4LTg1ODMtZGU2ZWY3Yzk1NTI2
LzEveDZMazY1X1R6Tkc2UktOaTkyLVltM3RFMWZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAwiFEAwQB
wiFGMA8EAgACMAkDBwAgAQZ8KZQwDQYJKoZIhvcNAQELBQADggEBAHrIN7oODnd2
9Ode72bK9D1ktFY/bOBfGuMCeH09ros+8D6QVbKbXPL/2ZDcVJlFoveyMxA9og15
kwyJVAXeN9EhoKBrp9v4Ta3qucmQplQHXP0KelAQEq0+Td+6FvqceR3bA6nW3mE+
O3//9pvJ9p8oLHKRPP0dFVbuH6gVlHKqvQNGJx79zLvjcex4+ty74Ty3Jm54+efj
RXDJoMnyrS3T+mdB+JAAvvkbT+5KkPjA5SL4jC/9tzhFqb6x3P1vJ1ih96KdD7oZ
VMSonKiVlsfxT0+xaWtg5wqZkJ2RWEjwFtNuOel4mefESvjZZXYk6pwl88wuclr2
9FLSiQ9XhL4=
-----END CERTIFICATE-----