Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/7cc6ea-774a-4876-84f9-304d2191a4f3/1/j0IWSfbYP13OJmoHZTjGFvChNuE.roa
File:                     j0IWSfbYP13OJmoHZTjGFvChNuE.roa (raw, json)
Hash identifier:          jt9I3VP2cPp8UGACV3NIGtGH41UwO07mMfCngUYARQA=
Subject key identifier:   8F:42:16:49:F6:D8:3F:5D:CE:26:6A:07:65:38:C6:16:F0:A1:36:E1
Certificate issuer:       /CN=656d33c5f16e3cdd960ae05c80d9f6f36fc553f2
Certificate serial:       018CC4937B4CF92AFC4404027D8A786F5766
Authority key identifier: 65:6D:33:C5:F1:6E:3C:DD:96:0A:E0:5C:80:D9:F6:F3:6F:C5:53:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZW0zxfFuPN2WCuBcgNn282_FU_I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/7cc6ea-774a-4876-84f9-304d2191a4f3/1/j0IWSfbYP13OJmoHZTjGFvChNuE.roa
Signing time:             Mon 01 Jan 2024 10:30:48 +0000
ROA not before:           Mon 01 Jan 2024 10:30:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        185.219.146.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/7cc6ea-774a-4876-84f9-304d2191a4f3/1/ZW0zxfFuPN2WCuBcgNn282_FU_I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/7cc6ea-774a-4876-84f9-304d2191a4f3/1/ZW0zxfFuPN2WCuBcgNn282_FU_I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZW0zxfFuPN2WCuBcgNn282_FU_I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 07:04:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:7b:4c:f9:2a:fc:44:04:02:7d:8a:78:6f:57:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=656d33c5f16e3cdd960ae05c80d9f6f36fc553f2
        Validity
            Not Before: Jan  1 10:30:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8f421649f6d83f5dce266a076538c616f0a136e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:09:38:bc:8f:40:36:73:17:72:b8:12:d9:4a:
                    17:af:83:32:d4:68:dd:30:72:06:46:84:8a:47:07:
                    d5:f2:ad:5e:30:58:54:5c:7d:b9:90:95:04:3b:43:
                    3b:97:d5:01:74:bd:a8:b9:03:90:50:20:42:d5:ba:
                    fc:b9:a9:03:10:ce:75:a2:20:bd:73:dc:7d:6a:0d:
                    e0:4d:8b:56:67:87:52:cf:44:b6:13:61:44:ab:9d:
                    bc:71:ab:00:62:a0:fc:78:13:06:79:9c:58:57:64:
                    14:45:58:df:d0:de:9d:05:5f:0b:bf:08:13:fe:6d:
                    ce:23:b1:e7:c4:1d:5b:89:16:09:31:98:78:6f:f3:
                    f4:0f:4f:1c:4b:35:d3:fd:4d:5d:c4:8e:4c:80:f8:
                    9d:be:67:8a:f1:6d:d8:31:6d:2b:7b:8c:66:11:58:
                    da:7b:35:bd:32:c3:99:9d:41:f3:20:d0:cc:dc:7f:
                    bd:81:ed:fb:b9:91:ff:d4:52:2d:52:ee:97:17:87:
                    bf:a9:90:32:7e:d1:fa:fe:20:d2:aa:ef:a0:36:7a:
                    0d:08:15:a6:07:84:5b:6e:8b:a0:6e:7c:84:5f:3f:
                    b5:f3:43:c6:e1:5f:38:26:02:3d:66:9e:b7:82:f7:
                    2e:f3:f2:c5:a9:8f:c3:5e:48:c2:9e:55:3a:a8:fe:
                    9e:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:42:16:49:F6:D8:3F:5D:CE:26:6A:07:65:38:C6:16:F0:A1:36:E1
            X509v3 Authority Key Identifier:
                keyid:65:6D:33:C5:F1:6E:3C:DD:96:0A:E0:5C:80:D9:F6:F3:6F:C5:53:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZW0zxfFuPN2WCuBcgNn282_FU_I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/7cc6ea-774a-4876-84f9-304d2191a4f3/1/j0IWSfbYP13OJmoHZTjGFvChNuE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/7cc6ea-774a-4876-84f9-304d2191a4f3/1/ZW0zxfFuPN2WCuBcgNn282_FU_I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.219.146.0/23

    Signature Algorithm: sha256WithRSAEncryption
         41:d7:df:46:f9:eb:4e:85:3b:5b:86:c7:cb:b6:76:e7:91:b3:
         c5:a5:15:4c:31:e3:f5:e8:1c:b6:62:e3:d6:d4:d2:c4:09:b1:
         eb:f2:a1:0a:d7:ca:62:53:84:dc:14:c9:91:41:54:50:43:cd:
         e2:a0:fc:f1:01:91:f2:e9:8b:cc:c4:d0:27:86:fd:14:b2:a9:
         2d:cd:0e:75:c4:fa:45:b2:f1:79:80:23:82:5a:1a:69:f4:88:
         c9:0a:51:1c:42:4a:dc:7f:98:78:f1:f3:b7:83:38:55:46:c7:
         a9:10:8b:50:15:3c:82:11:e0:5f:42:ee:16:58:fc:62:f6:95:
         4a:54:4e:81:cc:dd:ad:97:fb:48:c1:78:29:a2:c5:07:fa:2f:
         b7:ca:e7:7d:20:65:c7:37:ce:96:f1:d9:47:b6:93:cf:b1:7f:
         1e:39:00:fc:66:3e:2c:bd:ca:90:84:67:76:c3:08:f6:39:03:
         84:cc:78:fa:19:54:a0:46:33:01:01:44:d4:e3:2b:b7:a8:16:
         9c:30:da:a6:fa:a1:63:e9:47:67:3f:cd:0b:bd:0d:27:34:e3:
         5b:7b:77:d2:65:3e:9a:3d:33:55:7f:24:7a:63:8c:a2:df:b2:
         61:98:cf:af:fa:1a:ec:27:d0:e1:9a:82:e3:ef:82:87:ec:c6:
         18:2f:64:3b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk3tM+Sr8RAQCfYp4b1dmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1NmQzM2M1ZjE2ZTNjZGQ5NjBhZTA1YzgwZDlmNmYzNmZj
NTUzZjIwHhcNMjQwMTAxMTAzMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjQyMTY0OWY2ZDgzZjVkY2UyNjZhMDc2NTM4YzYxNmYwYTEzNmUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwwk4vI9ANnMXcrgS2UoXr4My1Gjd
MHIGRoSKRwfV8q1eMFhUXH25kJUEO0M7l9UBdL2ouQOQUCBC1br8uakDEM51oiC9
c9x9ag3gTYtWZ4dSz0S2E2FEq528casAYqD8eBMGeZxYV2QURVjf0N6dBV8LvwgT
/m3OI7HnxB1biRYJMZh4b/P0D08cSzXT/U1dxI5MgPidvmeK8W3YMW0re4xmEVja
ezW9MsOZnUHzINDM3H+9ge37uZH/1FItUu6XF4e/qZAyftH6/iDSqu+gNnoNCBWm
B4RbbougbnyEXz+180PG4V84JgI9Zp63gvcu8/LFqY/DXkjCnlU6qP6e9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI9CFkn22D9dziZqB2U4xhbwoTbhMB8GA1UdIwQY
MBaAFGVtM8XxbjzdlgrgXIDZ9vNvxVPyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWlcwenhmRnVQTjJXQ3VCY2dObjI4Ml9GVV9JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy83Y2M2ZWEtNzc0YS00ODc2LTg0Zjkt
MzA0ZDIxOTFhNGYzLzEvajBJV1NmYllQMTNPSm1vSFpUakdGdkNoTnVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy83Y2M2ZWEtNzc0YS00ODc2LTg0ZjktMzA0ZDIxOTFhNGYz
LzEvWlcwenhmRnVQTjJXQ3VCY2dObjI4Ml9GVV9JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuduSMA0G
CSqGSIb3DQEBCwUAA4IBAQBB199G+etOhTtbhsfLtnbnkbPFpRVMMeP16By2YuPW
1NLECbHr8qEK18piU4TcFMmRQVRQQ83ioPzxAZHy6YvMxNAnhv0UsqktzQ51xPpF
svF5gCOCWhpp9IjJClEcQkrcf5h48fO3gzhVRsepEItQFTyCEeBfQu4WWPxi9pVK
VE6BzN2tl/tIwXgposUH+i+3yud9IGXHN86W8dlHtpPPsX8eOQD8Zj4svcqQhGd2
wwj2OQOEzHj6GVSgRjMBAUTU4yu3qBacMNqm+qFj6UdnP80LvQ0nNONbe3fSZT6a
PTNVfyR6Y4yi37JhmM+v+hrsJ9DhmoLj74KH7MYYL2Q7
-----END CERTIFICATE-----