Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/7677e2-c971-4ae7-a7b3-c8d119ee2053/1/7moaA1JDSpolpcKJyvMGVncB-KI.roa
File:                     7moaA1JDSpolpcKJyvMGVncB-KI.roa (raw, json)
Hash identifier:          SH+c2YN9XWZEG6gVRyjjW+2TRKVOu/P/HHY4uB8tzGg=
Subject key identifier:   EE:6A:1A:03:52:43:4A:9A:25:A5:C2:89:CA:F3:06:56:77:01:F8:A2
Certificate issuer:       /CN=7dbc2eca324777d74bf2e73c15b0cc7ff3ee75a2
Certificate serial:       018CC2DB5B63D225C1FD4CB58286C7F66F8B
Authority key identifier: 7D:BC:2E:CA:32:47:77:D7:4B:F2:E7:3C:15:B0:CC:7F:F3:EE:75:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fbwuyjJHd9dL8uc8FbDMf_PudaI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/7677e2-c971-4ae7-a7b3-c8d119ee2053/1/7moaA1JDSpolpcKJyvMGVncB-KI.roa
Signing time:             Mon 01 Jan 2024 02:30:04 +0000
ROA not before:           Mon 01 Jan 2024 02:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49036
IP address blocks:        185.113.168.0/24 maxlen: 24
                          185.113.169.0/24 maxlen: 24
                          185.113.170.0/24 maxlen: 24
                          185.113.171.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/7677e2-c971-4ae7-a7b3-c8d119ee2053/1/fbwuyjJHd9dL8uc8FbDMf_PudaI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/7677e2-c971-4ae7-a7b3-c8d119ee2053/1/fbwuyjJHd9dL8uc8FbDMf_PudaI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fbwuyjJHd9dL8uc8FbDMf_PudaI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:5b:63:d2:25:c1:fd:4c:b5:82:86:c7:f6:6f:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7dbc2eca324777d74bf2e73c15b0cc7ff3ee75a2
        Validity
            Not Before: Jan  1 02:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ee6a1a0352434a9a25a5c289caf306567701f8a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:b1:b5:e1:7d:1d:86:e0:fc:32:04:c6:79:cb:
                    db:27:85:e4:5f:c7:45:8a:55:8d:56:8d:0b:ca:95:
                    5d:1e:68:f4:99:1a:00:18:e0:55:94:dd:d4:a8:5d:
                    c4:ea:70:28:92:fc:d6:45:00:3b:70:dc:62:39:c2:
                    1c:e0:07:fb:05:f0:25:18:f4:d5:06:10:f0:b0:9a:
                    38:e4:9c:6a:74:2a:2f:5d:9f:2d:37:7f:06:97:9e:
                    cd:c5:60:22:71:31:15:84:06:54:49:36:a4:77:a0:
                    cf:63:47:b3:df:ae:06:e1:9e:de:86:1e:c1:96:a8:
                    b8:97:70:94:bc:18:d7:73:64:77:72:b9:79:d7:3a:
                    3e:ba:8e:be:2d:4f:59:66:c5:95:85:f6:19:27:ab:
                    c6:e7:a0:08:9f:a3:8d:fd:c5:71:47:ce:dd:17:fc:
                    a2:59:ef:16:99:6b:51:ac:73:86:98:5c:82:81:b3:
                    66:88:00:30:2a:dd:5c:69:00:23:8a:37:b5:c3:fc:
                    5d:86:45:bc:89:17:19:a9:7c:99:42:e8:f1:52:0a:
                    2a:51:fd:45:1c:30:79:5f:ec:e4:95:62:6a:38:40:
                    ca:ce:03:1a:81:d8:ba:df:c5:ae:f1:f4:48:d1:20:
                    2b:de:fd:9d:52:0f:0d:84:01:70:a8:57:63:9f:1f:
                    ef:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:6A:1A:03:52:43:4A:9A:25:A5:C2:89:CA:F3:06:56:77:01:F8:A2
            X509v3 Authority Key Identifier:
                keyid:7D:BC:2E:CA:32:47:77:D7:4B:F2:E7:3C:15:B0:CC:7F:F3:EE:75:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fbwuyjJHd9dL8uc8FbDMf_PudaI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/7677e2-c971-4ae7-a7b3-c8d119ee2053/1/7moaA1JDSpolpcKJyvMGVncB-KI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/7677e2-c971-4ae7-a7b3-c8d119ee2053/1/fbwuyjJHd9dL8uc8FbDMf_PudaI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.113.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         69:24:a5:c4:21:e8:cb:61:f9:09:8f:ad:34:9e:4f:db:52:38:
         46:92:77:4c:e5:fc:00:ee:14:57:dd:37:12:65:a6:c8:fe:42:
         ff:23:7c:68:37:c7:7d:3f:d2:35:8d:1a:02:9e:df:b1:cd:46:
         c6:5c:9f:e0:85:5f:fa:f4:c4:77:76:d9:91:19:d0:48:c0:3d:
         b8:78:49:ec:b4:3d:a9:0e:57:81:5f:8e:89:fc:a6:aa:df:ba:
         b5:21:90:19:43:7c:3d:81:46:fa:70:09:51:6e:24:ae:87:ea:
         a2:ec:5b:80:84:5b:10:66:d9:17:a8:d6:ec:5e:e8:37:8b:a1:
         82:65:3d:74:96:37:4f:b4:4f:ee:fa:ef:87:d5:4c:00:45:4b:
         7f:95:69:72:c5:72:ab:88:98:b2:65:ad:20:0c:b7:a9:f1:5c:
         ec:6c:51:80:5d:cd:60:dc:36:ff:1f:e8:0a:72:e1:65:d3:4d:
         dc:e6:e9:aa:48:ec:cd:bb:e1:94:24:0a:e3:a0:6a:e5:b4:2c:
         ff:e9:3b:6e:13:0d:2c:ce:6a:e1:36:37:2d:01:59:0d:b8:3f:
         32:88:f6:fd:c2:c1:f5:dc:b5:d6:e5:7f:7b:31:0e:09:4f:81:
         59:44:a4:a8:d4:36:d3:30:40:0e:a1:2e:95:33:0e:ea:6b:1f:
         ae:29:95:46
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC21tj0iXB/Uy1gobH9m+LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYmMyZWNhMzI0Nzc3ZDc0YmYyZTczYzE1YjBjYzdmZjNl
ZTc1YTIwHhcNMjQwMTAxMDIzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTZhMWEwMzUyNDM0YTlhMjVhNWMyODljYWYzMDY1Njc3MDFmOGEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkLG14X0dhuD8MgTGecvbJ4XkX8dF
ilWNVo0LypVdHmj0mRoAGOBVlN3UqF3E6nAokvzWRQA7cNxiOcIc4Af7BfAlGPTV
BhDwsJo45JxqdCovXZ8tN38Gl57NxWAicTEVhAZUSTakd6DPY0ez364G4Z7ehh7B
lqi4l3CUvBjXc2R3crl51zo+uo6+LU9ZZsWVhfYZJ6vG56AIn6ON/cVxR87dF/yi
We8WmWtRrHOGmFyCgbNmiAAwKt1caQAjije1w/xdhkW8iRcZqXyZQujxUgoqUf1F
HDB5X+zklWJqOEDKzgMagdi638Wu8fRI0SAr3v2dUg8NhAFwqFdjnx/vGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO5qGgNSQ0qaJaXCicrzBlZ3AfiiMB8GA1UdIwQY
MBaAFH28LsoyR3fXS/LnPBWwzH/z7nWiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmJ3dXlqSkhkOWRMOHVjOEZiRE1mX1B1ZGFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS83Njc3ZTItYzk3MS00YWU3LWE3YjMt
YzhkMTE5ZWUyMDUzLzEvN21vYUExSkRTcG9scGNLSnl2TUdWbmNCLUtJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS83Njc3ZTItYzk3MS00YWU3LWE3YjMtYzhkMTE5ZWUyMDUz
LzEvZmJ3dXlqSkhkOWRMOHVjOEZiRE1mX1B1ZGFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuXGoMA0G
CSqGSIb3DQEBCwUAA4IBAQBpJKXEIejLYfkJj600nk/bUjhGkndM5fwA7hRX3TcS
ZabI/kL/I3xoN8d9P9I1jRoCnt+xzUbGXJ/ghV/69MR3dtmRGdBIwD24eEnstD2p
DleBX46J/Kaq37q1IZAZQ3w9gUb6cAlRbiSuh+qi7FuAhFsQZtkXqNbsXug3i6GC
ZT10ljdPtE/u+u+H1UwARUt/lWlyxXKriJiyZa0gDLep8VzsbFGAXc1g3Db/H+gK
cuFl003c5umqSOzNu+GUJArjoGrltCz/6TtuEw0szmrhNjctAVkNuD8yiPb9wsH1
3LXW5X97MQ4JT4FZRKSo1DbTMEAOoS6VMw7qax+uKZVG
-----END CERTIFICATE-----