Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/2b7dc2-c1de-4970-ab53-e5ada36fa1f3/1/cHHMv5BIz46FvPGMMMjUWqnPpMY.roa
File:                     cHHMv5BIz46FvPGMMMjUWqnPpMY.roa (raw, json)
Hash identifier:          aPFV2kTNi+hLzM09RgNReb2q2nYYTCgSO1CbGaIZWjg=
Subject key identifier:   70:71:CC:BF:90:48:CF:8E:85:BC:F1:8C:30:C8:D4:5A:A9:CF:A4:C6
Certificate issuer:       /CN=a19521c7352d1cac3f98c756fc7a6b4b3ae9753d
Certificate serial:       018CC94E66ABD43E81531D339489BD4B0E9E
Authority key identifier: A1:95:21:C7:35:2D:1C:AC:3F:98:C7:56:FC:7A:6B:4B:3A:E9:75:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oZUhxzUtHKw_mMdW_HprSzrpdT0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/2b7dc2-c1de-4970-ab53-e5ada36fa1f3/1/cHHMv5BIz46FvPGMMMjUWqnPpMY.roa
Signing time:             Tue 02 Jan 2024 08:33:27 +0000
ROA not before:           Tue 02 Jan 2024 08:33:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211597
IP address blocks:        188.74.96.0/19 maxlen: 24
                          2a10:bcc0::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/2b7dc2-c1de-4970-ab53-e5ada36fa1f3/1/oZUhxzUtHKw_mMdW_HprSzrpdT0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/2b7dc2-c1de-4970-ab53-e5ada36fa1f3/1/oZUhxzUtHKw_mMdW_HprSzrpdT0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oZUhxzUtHKw_mMdW_HprSzrpdT0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 22:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:66:ab:d4:3e:81:53:1d:33:94:89:bd:4b:0e:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a19521c7352d1cac3f98c756fc7a6b4b3ae9753d
        Validity
            Not Before: Jan  2 08:33:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7071ccbf9048cf8e85bcf18c30c8d45aa9cfa4c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:a8:68:39:75:09:44:51:58:54:8c:99:43:18:
                    aa:ac:78:d1:d8:b2:1c:23:fe:ae:da:11:65:94:0d:
                    98:87:8d:48:28:c1:e8:2d:12:9e:a5:0e:25:25:c7:
                    9d:0f:d5:3d:39:13:0a:e3:d8:a6:52:20:87:d7:b7:
                    be:27:7d:a2:ff:af:75:9f:81:91:81:95:1c:cf:bf:
                    47:e3:fe:7f:1f:32:93:b1:ab:5a:96:e6:5f:33:7b:
                    76:70:92:df:8e:d6:89:28:31:0f:73:ca:94:3f:3a:
                    01:1a:c0:4d:78:37:23:34:ce:ed:f7:0b:b9:ee:d0:
                    0e:7b:26:25:aa:6c:86:52:8e:55:78:90:21:c8:9c:
                    ec:c7:40:43:0b:7e:25:c6:9b:14:a6:7a:71:26:d1:
                    5c:fb:1c:58:8b:b3:8e:ef:3d:ff:9d:b7:e5:a1:87:
                    b6:43:ee:d0:a4:7a:c6:02:98:7e:da:a2:06:3c:79:
                    3d:95:10:1c:8d:59:82:7a:fc:fa:3b:7e:9c:f7:00:
                    d4:78:63:1b:9a:e8:95:5b:e2:e3:66:c8:e1:e6:4d:
                    c3:43:85:e9:a9:06:59:bb:94:fd:95:bb:b3:ce:d3:
                    c7:26:7d:af:41:1c:d6:46:4b:c9:84:49:80:42:99:
                    af:5c:79:65:a1:c0:ca:97:a7:64:ce:42:10:39:5a:
                    4d:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:71:CC:BF:90:48:CF:8E:85:BC:F1:8C:30:C8:D4:5A:A9:CF:A4:C6
            X509v3 Authority Key Identifier:
                keyid:A1:95:21:C7:35:2D:1C:AC:3F:98:C7:56:FC:7A:6B:4B:3A:E9:75:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oZUhxzUtHKw_mMdW_HprSzrpdT0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/2b7dc2-c1de-4970-ab53-e5ada36fa1f3/1/cHHMv5BIz46FvPGMMMjUWqnPpMY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/2b7dc2-c1de-4970-ab53-e5ada36fa1f3/1/oZUhxzUtHKw_mMdW_HprSzrpdT0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.74.96.0/19
                IPv6:
                  2a10:bcc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         91:4c:4e:d0:9a:8b:cb:d7:33:38:1b:27:d0:ee:05:c8:e3:1b:
         6e:c8:29:71:4e:00:22:9d:6c:19:09:bc:a8:f3:60:cc:41:bc:
         ec:e9:87:47:40:f4:ce:96:ad:46:3e:c5:92:81:c4:6c:8c:71:
         40:b2:bd:a4:f0:5d:18:5b:f2:8c:4b:29:ba:1a:36:f6:41:3b:
         a8:65:d0:9f:fe:6c:60:f0:1e:e8:97:56:4e:5d:71:39:71:18:
         4b:60:16:7d:87:a2:0b:d6:7f:86:ee:b0:c9:2d:7d:96:e6:06:
         10:72:d3:ff:83:79:41:cd:44:03:e5:1e:41:20:b5:eb:22:2a:
         04:3a:62:e7:53:b4:85:51:af:54:6e:13:35:f6:41:49:15:e9:
         c0:56:22:a9:f2:6b:fc:89:aa:18:4b:c2:21:31:3c:64:50:2b:
         11:33:d0:0a:38:13:96:53:e6:6a:48:bc:19:d7:0b:d8:e0:2d:
         b4:27:28:6b:4f:56:73:b8:cc:d0:6d:a5:f4:9c:f6:eb:10:e7:
         c1:eb:90:fb:37:9a:67:c1:2b:ec:92:79:98:76:e1:8a:2b:73:
         0f:36:a3:08:74:10:f0:48:55:1a:20:3f:8c:15:2f:c3:38:6c:
         60:e9:08:65:a9:c3:c5:61:dd:00:63:ac:09:31:03:ba:19:98:
         c6:f4:b4:ab
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJTmar1D6BUx0zlIm9Sw6eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExOTUyMWM3MzUyZDFjYWMzZjk4Yzc1NmZjN2E2YjRiM2Fl
OTc1M2QwHhcNMjQwMTAyMDgzMzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDcxY2NiZjkwNDhjZjhlODViY2YxOGMzMGM4ZDQ1YWE5Y2ZhNGM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjqhoOXUJRFFYVIyZQxiqrHjR2LIc
I/6u2hFllA2Yh41IKMHoLRKepQ4lJcedD9U9ORMK49imUiCH17e+J32i/691n4GR
gZUcz79H4/5/HzKTsataluZfM3t2cJLfjtaJKDEPc8qUPzoBGsBNeDcjNM7t9wu5
7tAOeyYlqmyGUo5VeJAhyJzsx0BDC34lxpsUpnpxJtFc+xxYi7OO7z3/nbfloYe2
Q+7QpHrGAph+2qIGPHk9lRAcjVmCevz6O36c9wDUeGMbmuiVW+LjZsjh5k3DQ4Xp
qQZZu5T9lbuzztPHJn2vQRzWRkvJhEmAQpmvXHllocDKl6dkzkIQOVpNmwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHBxzL+QSM+OhbzxjDDI1Fqpz6TGMB8GA1UdIwQY
MBaAFKGVIcc1LRysP5jHVvx6a0s66XU9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb1pVaHh6VXRIS3dfbU1kV19IcHJTenJwZFQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi8yYjdkYzItYzFkZS00OTcwLWFiNTMt
ZTVhZGEzNmZhMWYzLzEvY0hITXY1Qkl6NDZGdlBHTU1NalVXcW5QcE1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi8yYjdkYzItYzFkZS00OTcwLWFiNTMtZTVhZGEzNmZhMWYz
LzEvb1pVaHh6VXRIS3dfbU1kV19IcHJTenJwZFQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQFvEpgMA0E
AgACMAcDBQMqELzAMA0GCSqGSIb3DQEBCwUAA4IBAQCRTE7QmovL1zM4GyfQ7gXI
4xtuyClxTgAinWwZCbyo82DMQbzs6YdHQPTOlq1GPsWSgcRsjHFAsr2k8F0YW/KM
Sym6Gjb2QTuoZdCf/mxg8B7ol1ZOXXE5cRhLYBZ9h6IL1n+G7rDJLX2W5gYQctP/
g3lBzUQD5R5BILXrIioEOmLnU7SFUa9UbhM19kFJFenAViKp8mv8iaoYS8IhMTxk
UCsRM9AKOBOWU+ZqSLwZ1wvY4C20JyhrT1ZzuMzQbaX0nPbrEOfB65D7N5pnwSvs
knmYduGKK3MPNqMIdBDwSFUaID+MFS/DOGxg6QhlqcPFYd0AY6wJMQO6GZjG9LSr
-----END CERTIFICATE-----