Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/7zAOQpke0zigqtCYQZce1TW9iWU.roa
File:                     7zAOQpke0zigqtCYQZce1TW9iWU.roa (raw, json)
Hash identifier:          KkrhRPkcSQGEk1XGp8tQImgboN3bYnyvAvUAiWCO59o=
Subject key identifier:   EF:30:0E:42:99:1E:D3:38:A0:AA:D0:98:41:97:1E:D5:35:BD:89:65
Certificate issuer:       /CN=37518d180923a7f3c00653ec12bc702b95aab907
Certificate serial:       018CC348A773F4A9BA411EE53E84CC902902
Authority key identifier: 37:51:8D:18:09:23:A7:F3:C0:06:53:EC:12:BC:70:2B:95:AA:B9:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N1GNGAkjp_PABlPsErxwK5WquQc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/7zAOQpke0zigqtCYQZce1TW9iWU.roa
Signing time:             Mon 01 Jan 2024 04:29:27 +0000
ROA not before:           Mon 01 Jan 2024 04:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15843
IP address blocks:        194.27.192.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/N1GNGAkjp_PABlPsErxwK5WquQc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/N1GNGAkjp_PABlPsErxwK5WquQc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N1GNGAkjp_PABlPsErxwK5WquQc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:a7:73:f4:a9:ba:41:1e:e5:3e:84:cc:90:29:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=37518d180923a7f3c00653ec12bc702b95aab907
        Validity
            Not Before: Jan  1 04:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ef300e42991ed338a0aad09841971ed535bd8965
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:1a:9e:55:0e:bb:84:8f:e4:88:85:ca:45:12:
                    53:10:a9:f3:0b:96:c7:32:2b:eb:8e:76:c3:1c:9d:
                    84:07:5e:6c:9d:4f:42:9d:5b:ba:20:87:a7:04:05:
                    e5:37:fc:72:63:0b:96:01:c0:07:c1:81:cb:bf:da:
                    f4:26:b3:af:89:5c:7d:19:8f:d3:9c:39:5c:bc:52:
                    4c:a9:21:01:49:ca:3c:4e:1e:3b:27:93:43:4b:fe:
                    d7:95:5a:1c:cf:61:b5:44:b8:15:2c:17:40:90:21:
                    d5:66:ac:2b:ab:73:0d:c8:e4:f3:70:d0:42:83:77:
                    0a:54:fc:62:70:8b:ef:42:a8:c5:56:e3:e0:33:60:
                    83:11:01:63:e9:4b:d5:ed:7b:b3:7d:b5:af:b8:9b:
                    c7:5d:88:13:b9:0a:e3:4e:a6:99:84:d0:a3:75:05:
                    d7:80:f0:18:ab:26:a9:c1:80:0b:75:5b:e0:63:1b:
                    18:be:2b:01:7d:5c:7f:77:e5:f2:72:6e:30:d7:76:
                    a5:fc:17:03:e5:ea:c2:71:0f:cc:77:62:2f:51:f0:
                    7b:0c:48:c1:4e:55:11:9f:f3:30:bc:b8:be:cb:5c:
                    ad:a2:61:87:c0:5d:46:ad:5b:04:07:74:d3:e0:65:
                    49:80:87:f7:af:d9:1e:26:95:65:6f:3f:a9:11:79:
                    32:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:30:0E:42:99:1E:D3:38:A0:AA:D0:98:41:97:1E:D5:35:BD:89:65
            X509v3 Authority Key Identifier:
                keyid:37:51:8D:18:09:23:A7:F3:C0:06:53:EC:12:BC:70:2B:95:AA:B9:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N1GNGAkjp_PABlPsErxwK5WquQc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/7zAOQpke0zigqtCYQZce1TW9iWU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/N1GNGAkjp_PABlPsErxwK5WquQc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.27.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4f:19:46:eb:2c:00:d3:d4:03:74:7c:49:5d:a4:9b:98:94:6d:
         0f:44:b0:ba:84:be:bf:7b:5e:99:af:8e:09:3b:fd:3a:85:ab:
         25:42:33:08:ea:a5:45:8e:6a:8a:9e:3b:9b:d0:8d:91:de:42:
         7e:54:93:c2:34:2d:5a:c9:80:f4:36:00:c2:3b:b8:31:84:bf:
         d4:2d:4a:32:c9:da:32:f2:04:c8:74:d8:af:13:52:b7:56:48:
         af:cd:b7:ce:05:92:4c:58:af:69:f0:3d:19:e7:39:31:3e:1b:
         87:41:fc:c3:17:85:22:c1:83:51:61:a5:0c:e7:cc:de:61:a5:
         ce:a9:88:e5:4b:34:e0:3b:1a:7a:37:d7:8b:29:f4:5b:1c:d1:
         74:c9:65:7e:30:49:fe:7b:a7:43:d6:db:e9:04:31:ac:20:4b:
         34:90:7f:ca:13:fe:c0:df:1c:58:01:81:34:93:3f:71:26:f7:
         d8:e5:a6:46:d9:f6:81:d0:e7:61:01:6d:29:33:45:ef:81:f8:
         db:31:80:28:50:98:07:05:be:0f:bc:39:f7:78:5d:d0:b9:c3:
         c5:33:4d:b3:d8:95:04:07:7b:60:99:44:a5:b2:99:cf:ed:19:
         9d:56:1c:79:cc:54:87:a8:fb:46:fb:38:3e:73:13:6e:a1:36:
         ee:d2:d2:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSKdz9Km6QR7lPoTMkCkCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3NTE4ZDE4MDkyM2E3ZjNjMDA2NTNlYzEyYmM3MDJiOTVh
YWI5MDcwHhcNMjQwMTAxMDQyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjMwMGU0Mjk5MWVkMzM4YTBhYWQwOTg0MTk3MWVkNTM1YmQ4OTY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlxqeVQ67hI/kiIXKRRJTEKnzC5bH
MivrjnbDHJ2EB15snU9CnVu6IIenBAXlN/xyYwuWAcAHwYHLv9r0JrOviVx9GY/T
nDlcvFJMqSEBSco8Th47J5NDS/7XlVocz2G1RLgVLBdAkCHVZqwrq3MNyOTzcNBC
g3cKVPxicIvvQqjFVuPgM2CDEQFj6UvV7XuzfbWvuJvHXYgTuQrjTqaZhNCjdQXX
gPAYqyapwYALdVvgYxsYvisBfVx/d+Xycm4w13al/BcD5erCcQ/Md2IvUfB7DEjB
TlURn/MwvLi+y1ytomGHwF1GrVsEB3TT4GVJgIf3r9keJpVlbz+pEXkyswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO8wDkKZHtM4oKrQmEGXHtU1vYllMB8GA1UdIwQY
MBaAFDdRjRgJI6fzwAZT7BK8cCuVqrkHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjFHTkdBa2pwX1BBQmxQc0VyeHdLNVdxdVFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi9mODBlZjMtOWYwYi00YmQxLTgwMTgt
NTk2NzE5MjBmYjYwLzEvN3pBT1Fwa2UwemlncXRDWVFaY2UxVFc5aVdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi9mODBlZjMtOWYwYi00YmQxLTgwMTgtNTk2NzE5MjBmYjYw
LzEvTjFHTkdBa2pwX1BBQmxQc0VyeHdLNVdxdVFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwhvAMA0G
CSqGSIb3DQEBCwUAA4IBAQBPGUbrLADT1AN0fEldpJuYlG0PRLC6hL6/e16Zr44J
O/06haslQjMI6qVFjmqKnjub0I2R3kJ+VJPCNC1ayYD0NgDCO7gxhL/ULUoyydoy
8gTIdNivE1K3VkivzbfOBZJMWK9p8D0Z5zkxPhuHQfzDF4UiwYNRYaUM58zeYaXO
qYjlSzTgOxp6N9eLKfRbHNF0yWV+MEn+e6dD1tvpBDGsIEs0kH/KE/7A3xxYAYE0
kz9xJvfY5aZG2faB0OdhAW0pM0XvgfjbMYAoUJgHBb4PvDn3eF3QucPFM02z2JUE
B3tgmUSlspnP7RmdVhx5zFSHqPtG+zg+cxNuoTbu0tLI
-----END CERTIFICATE-----