Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/07cc25-8597-430b-bc52-448b9b95b09e/1/cChfPDptNzofN1E4iRkTKdK8OBE.roa
File:                     cChfPDptNzofN1E4iRkTKdK8OBE.roa (raw, json)
Hash identifier:          nK1tdIlf/7RX3LJe2ABcu++XCwANrpLFYC4ADhoObCE=
Subject key identifier:   70:28:5F:3C:3A:6D:37:3A:1F:37:51:38:89:19:13:29:D2:BC:38:11
Certificate issuer:       /CN=26d38293f669db48b6d0bd1036adfdef6bd3d375
Certificate serial:       019425FC0604C5BA2EBF1CFAA6D15B98C19B
Authority key identifier: 26:D3:82:93:F6:69:DB:48:B6:D0:BD:10:36:AD:FD:EF:6B:D3:D3:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JtOCk_Zp20i20L0QNq3972vT03U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/07cc25-8597-430b-bc52-448b9b95b09e/1/cChfPDptNzofN1E4iRkTKdK8OBE.roa
Signing time:             Thu 02 Jan 2025 07:47:40 +0000
ROA not before:           Thu 02 Jan 2025 07:47:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56788
IP address blocks:        185.166.8.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/07cc25-8597-430b-bc52-448b9b95b09e/1/JtOCk_Zp20i20L0QNq3972vT03U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/07cc25-8597-430b-bc52-448b9b95b09e/1/JtOCk_Zp20i20L0QNq3972vT03U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JtOCk_Zp20i20L0QNq3972vT03U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:06:04:c5:ba:2e:bf:1c:fa:a6:d1:5b:98:c1:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=26d38293f669db48b6d0bd1036adfdef6bd3d375
        Validity
            Not Before: Jan  2 07:47:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=70285f3c3a6d373a1f37513889191329d2bc3811
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:f5:12:76:3c:bf:8e:4a:2c:4e:0f:72:99:b5:
                    a2:12:7b:43:15:8d:83:9a:bd:77:b6:86:fb:9f:8c:
                    59:4a:53:69:51:3b:15:8e:5c:99:ce:d5:6c:f6:a5:
                    88:d8:4c:1e:50:51:aa:4f:9e:c8:9f:c3:d9:17:19:
                    b0:30:4e:b5:2a:e9:b6:c1:4c:8d:49:08:19:68:51:
                    46:43:37:e8:f7:71:a6:f5:5a:ed:3b:7b:10:fe:b6:
                    f8:74:aa:4c:07:b3:22:aa:ac:20:41:fb:cb:64:45:
                    e5:ab:bf:47:3f:02:c8:e4:71:5d:18:db:00:12:6c:
                    23:f4:b8:5c:90:db:56:1e:ae:e9:7a:fd:ef:7e:ed:
                    ef:8b:e2:e7:e0:08:2e:3d:30:87:f5:89:2e:2c:da:
                    5b:93:77:f8:42:a4:47:e8:25:96:c4:69:ae:a4:5f:
                    13:3f:d4:8c:38:cc:3b:95:a4:a3:9c:6d:7b:71:0b:
                    b1:a4:6e:ae:a9:db:23:56:ce:7e:b2:f4:b8:25:d0:
                    5d:4e:9d:6f:9f:d1:bb:6b:81:34:a4:7f:74:10:ef:
                    cd:c9:95:0e:6d:2a:a0:c8:2f:43:7c:72:10:1c:59:
                    e2:07:c0:ab:7d:39:89:3e:58:ce:7e:76:4a:44:cf:
                    de:ff:d0:98:d6:66:de:ed:ba:1e:51:70:e1:f3:fe:
                    77:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:28:5F:3C:3A:6D:37:3A:1F:37:51:38:89:19:13:29:D2:BC:38:11
            X509v3 Authority Key Identifier:
                keyid:26:D3:82:93:F6:69:DB:48:B6:D0:BD:10:36:AD:FD:EF:6B:D3:D3:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JtOCk_Zp20i20L0QNq3972vT03U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/07cc25-8597-430b-bc52-448b9b95b09e/1/cChfPDptNzofN1E4iRkTKdK8OBE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/07cc25-8597-430b-bc52-448b9b95b09e/1/JtOCk_Zp20i20L0QNq3972vT03U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.166.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:57:7b:5d:f9:58:ea:58:d6:d3:30:c0:b5:d3:67:eb:e0:1e:
         40:66:5f:83:45:8b:aa:48:be:c0:1f:01:84:a0:67:f9:e6:13:
         27:ff:46:b8:e0:96:a6:0a:66:7a:6b:5d:14:a7:c5:7b:c6:64:
         6e:e6:fd:d6:54:49:46:4f:a2:18:d9:e9:05:84:0b:49:04:38:
         bb:7e:90:a7:2f:dd:f4:34:60:a5:c4:86:11:cf:c7:c9:8f:54:
         a5:49:e8:d9:8c:98:23:84:72:95:c8:e8:68:c6:3f:f8:d5:ba:
         55:18:cc:c2:7b:3d:90:7f:78:de:bb:03:0f:df:f3:77:2c:d0:
         00:45:8f:f9:34:00:45:03:60:43:99:1e:a0:2a:9c:76:21:6b:
         ae:bb:70:ec:5c:54:ed:a4:0f:03:42:a7:5b:94:aa:10:ff:fc:
         d4:5f:c7:a4:75:40:50:f0:68:2b:be:0e:27:4b:b8:20:ed:66:
         d3:08:e6:98:80:9c:cc:ca:a4:42:64:70:ed:cd:4b:ea:32:63:
         39:a5:49:86:53:a1:77:eb:dc:14:72:24:36:5e:4f:0a:36:76:
         72:90:7e:e2:d9:3b:cc:23:bd:94:a2:32:ce:e4:8a:59:6a:e1:
         18:4c:cb:92:41:8b:7b:88:01:7c:6f:7b:c8:13:67:4a:80:da:
         f2:ce:6e:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/AYExbouvxz6ptFbmMGbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2ZDM4MjkzZjY2OWRiNDhiNmQwYmQxMDM2YWRmZGVmNmJk
M2QzNzUwHhcNMjUwMTAyMDc0NzQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDI4NWYzYzNhNmQzNzNhMWYzNzUxMzg4OTE5MTMyOWQyYmMzODExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuvUSdjy/jkosTg9ymbWiEntDFY2D
mr13tob7n4xZSlNpUTsVjlyZztVs9qWI2EweUFGqT57In8PZFxmwME61Kum2wUyN
SQgZaFFGQzfo93Gm9VrtO3sQ/rb4dKpMB7MiqqwgQfvLZEXlq79HPwLI5HFdGNsA
Emwj9LhckNtWHq7pev3vfu3vi+Ln4AguPTCH9YkuLNpbk3f4QqRH6CWWxGmupF8T
P9SMOMw7laSjnG17cQuxpG6uqdsjVs5+svS4JdBdTp1vn9G7a4E0pH90EO/NyZUO
bSqgyC9DfHIQHFniB8CrfTmJPljOfnZKRM/e/9CY1mbe7boeUXDh8/53lwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHAoXzw6bTc6HzdROIkZEynSvDgRMB8GA1UdIwQY
MBaAFCbTgpP2adtIttC9EDat/e9r09N1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSnRPQ2tfWnAyMGkyMEwwUU5xMzk3MnZUMDNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi8wN2NjMjUtODU5Ny00MzBiLWJjNTIt
NDQ4YjliOTViMDllLzEvY0NoZlBEcHROem9mTjFFNGlSa1RLZEs4T0JFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi8wN2NjMjUtODU5Ny00MzBiLWJjNTItNDQ4YjliOTViMDll
LzEvSnRPQ2tfWnAyMGkyMEwwUU5xMzk3MnZUMDNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaYIMA0G
CSqGSIb3DQEBCwUAA4IBAQAXV3td+VjqWNbTMMC102fr4B5AZl+DRYuqSL7AHwGE
oGf55hMn/0a44JamCmZ6a10Up8V7xmRu5v3WVElGT6IY2ekFhAtJBDi7fpCnL930
NGClxIYRz8fJj1SlSejZjJgjhHKVyOhoxj/41bpVGMzCez2Qf3jeuwMP3/N3LNAA
RY/5NABFA2BDmR6gKpx2IWuuu3DsXFTtpA8DQqdblKoQ//zUX8ekdUBQ8Ggrvg4n
S7gg7WbTCOaYgJzMyqRCZHDtzUvqMmM5pUmGU6F369wUciQ2Xk8KNnZykH7i2TvM
I72UojLO5IpZauEYTMuSQYt7iAF8b3vIE2dKgNryzm6I
-----END CERTIFICATE-----