Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/6094af-72c5-4eb5-98ea-0e2ea6a02182/1/7-6AcILp-kyF0RUhfOrfuN9UTZ8.roa
File:                     7-6AcILp-kyF0RUhfOrfuN9UTZ8.roa (raw, json)
Hash identifier:          XFdrowdt2/egNrtK01/uj5bLmFB8vpFN4q5SkdTDobI=
Subject key identifier:   EF:EE:80:70:82:E9:FA:4C:85:D1:15:21:7C:EA:DF:B8:DF:54:4D:9F
Certificate issuer:       /CN=4c3393b2a1bd7919859807838ab1e3b0037b8b4f
Certificate serial:       018CC9BBC8F92378F587EB3ACF2D72928625
Authority key identifier: 4C:33:93:B2:A1:BD:79:19:85:98:07:83:8A:B1:E3:B0:03:7B:8B:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TDOTsqG9eRmFmAeDirHjsAN7i08.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/6094af-72c5-4eb5-98ea-0e2ea6a02182/1/7-6AcILp-kyF0RUhfOrfuN9UTZ8.roa
Signing time:             Tue 02 Jan 2024 10:32:56 +0000
ROA not before:           Tue 02 Jan 2024 10:32:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208138
IP address blocks:        185.251.40.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/6094af-72c5-4eb5-98ea-0e2ea6a02182/1/TDOTsqG9eRmFmAeDirHjsAN7i08.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/6094af-72c5-4eb5-98ea-0e2ea6a02182/1/TDOTsqG9eRmFmAeDirHjsAN7i08.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TDOTsqG9eRmFmAeDirHjsAN7i08.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:c8:f9:23:78:f5:87:eb:3a:cf:2d:72:92:86:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c3393b2a1bd7919859807838ab1e3b0037b8b4f
        Validity
            Not Before: Jan  2 10:32:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=efee807082e9fa4c85d115217ceadfb8df544d9f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:31:d0:c0:c4:b7:23:29:14:5e:c2:a3:4f:12:
                    c7:a8:c1:14:2b:b1:d0:e4:21:c0:a4:51:4d:8f:4b:
                    e4:33:93:43:19:24:c4:b3:9f:ba:60:07:37:12:30:
                    11:ac:1d:8b:bb:de:54:3f:e6:92:d7:da:4e:77:37:
                    c2:cb:66:f8:cd:b8:70:3f:78:0c:a9:81:4a:83:54:
                    fd:bf:1f:a2:3d:22:dc:a1:e3:17:e2:4f:2d:c5:9e:
                    39:c1:6c:40:81:5f:be:2d:41:2b:81:44:5b:89:7c:
                    48:45:7b:87:7e:3c:9f:56:4c:6d:9d:e8:65:54:08:
                    1c:b1:db:b5:cd:f9:f6:d9:0f:cd:ba:58:10:b5:db:
                    f0:b7:04:0e:71:e0:97:98:a1:1a:2c:0c:3a:50:23:
                    cf:71:64:7c:b9:84:9c:d3:10:11:60:08:63:d9:c2:
                    70:ab:2d:b6:b4:7a:04:cd:5e:40:76:1f:0d:6b:86:
                    a1:98:6c:29:51:47:26:7b:5b:5a:21:6d:05:b9:93:
                    4b:f6:2f:d0:19:66:92:84:f1:2f:70:04:ef:af:cb:
                    0c:e7:bc:ff:96:5e:36:d3:9c:90:ab:61:4b:09:98:
                    90:34:5f:0d:f2:f5:58:a0:b8:77:0f:ad:73:45:b3:
                    d8:37:e5:1b:ed:0b:db:6e:d3:f1:ba:38:2c:9d:0d:
                    bf:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:EE:80:70:82:E9:FA:4C:85:D1:15:21:7C:EA:DF:B8:DF:54:4D:9F
            X509v3 Authority Key Identifier:
                keyid:4C:33:93:B2:A1:BD:79:19:85:98:07:83:8A:B1:E3:B0:03:7B:8B:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TDOTsqG9eRmFmAeDirHjsAN7i08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/6094af-72c5-4eb5-98ea-0e2ea6a02182/1/7-6AcILp-kyF0RUhfOrfuN9UTZ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/6094af-72c5-4eb5-98ea-0e2ea6a02182/1/TDOTsqG9eRmFmAeDirHjsAN7i08.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.251.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3e:81:22:6a:42:cb:af:a0:4b:36:28:4e:3c:ad:fc:a1:b1:f9:
         ad:37:c7:a5:71:e3:b9:cd:3b:00:59:a7:2d:b2:84:7e:af:86:
         e8:6d:e4:38:fe:d3:20:8d:b6:39:de:bb:a9:8a:24:4a:aa:3b:
         30:14:f6:ff:52:1d:67:9c:e8:cd:8c:45:82:f0:da:a7:1d:46:
         cc:1d:99:98:39:70:53:bf:bc:49:ea:13:d1:a8:d9:b4:8f:e8:
         00:e8:4c:c1:17:bb:b9:05:e5:70:eb:8e:f2:86:f5:a3:f2:41:
         4d:0d:8c:e6:20:92:28:46:05:c0:12:fb:4c:4d:a6:b4:f9:15:
         66:7a:66:b9:48:42:9b:ab:56:14:5b:c3:0f:4b:89:d3:06:55:
         68:47:c8:ba:8b:c7:71:d4:e9:88:65:19:ab:5c:41:f5:ae:10:
         59:5b:48:0f:bb:8d:de:8f:20:ec:df:93:ed:e4:3d:cb:06:4a:
         12:9c:0b:a9:0f:5b:d7:7d:38:67:c9:0a:44:84:a5:91:1d:6f:
         37:40:87:2d:11:2c:6b:07:ca:0e:fa:98:28:ff:9e:38:a7:1c:
         85:c4:40:c3:d7:cf:34:d0:30:fb:c3:99:12:1b:24:70:db:a4:
         b2:c7:2e:a2:4d:39:c5:38:86:9c:4e:75:f4:38:58:82:fa:49:
         7d:f5:21:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJu8j5I3j1h+s6zy1ykoYlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjMzM5M2IyYTFiZDc5MTk4NTk4MDc4MzhhYjFlM2IwMDM3
YjhiNGYwHhcNMjQwMTAyMTAzMjU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZmVlODA3MDgyZTlmYTRjODVkMTE1MjE3Y2VhZGZiOGRmNTQ0ZDlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqTHQwMS3IykUXsKjTxLHqMEUK7HQ
5CHApFFNj0vkM5NDGSTEs5+6YAc3EjARrB2Lu95UP+aS19pOdzfCy2b4zbhwP3gM
qYFKg1T9vx+iPSLcoeMX4k8txZ45wWxAgV++LUErgURbiXxIRXuHfjyfVkxtnehl
VAgcsdu1zfn22Q/NulgQtdvwtwQOceCXmKEaLAw6UCPPcWR8uYSc0xARYAhj2cJw
qy22tHoEzV5Adh8Na4ahmGwpUUcme1taIW0FuZNL9i/QGWaShPEvcATvr8sM57z/
ll4205yQq2FLCZiQNF8N8vVYoLh3D61zRbPYN+Ub7QvbbtPxujgsnQ2/sQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO/ugHCC6fpMhdEVIXzq37jfVE2fMB8GA1UdIwQY
MBaAFEwzk7KhvXkZhZgHg4qx47ADe4tPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVERPVHNxRzllUm1GbUFlRGlySGpzQU43aTA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi82MDk0YWYtNzJjNS00ZWI1LTk4ZWEt
MGUyZWE2YTAyMTgyLzEvNy02QWNJTHAta3lGMFJVaGZPcmZ1TjlVVFo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi82MDk0YWYtNzJjNS00ZWI1LTk4ZWEtMGUyZWE2YTAyMTgy
LzEvVERPVHNxRzllUm1GbUFlRGlySGpzQU43aTA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufsoMA0G
CSqGSIb3DQEBCwUAA4IBAQA+gSJqQsuvoEs2KE48rfyhsfmtN8elceO5zTsAWact
soR+r4bobeQ4/tMgjbY53rupiiRKqjswFPb/Uh1nnOjNjEWC8NqnHUbMHZmYOXBT
v7xJ6hPRqNm0j+gA6EzBF7u5BeVw647yhvWj8kFNDYzmIJIoRgXAEvtMTaa0+RVm
ema5SEKbq1YUW8MPS4nTBlVoR8i6i8dx1OmIZRmrXEH1rhBZW0gPu43ejyDs35Pt
5D3LBkoSnAupD1vXfThnyQpEhKWRHW83QIctESxrB8oO+pgo/544pxyFxEDD1880
0DD7w5kSGyRw26Syxy6iTTnFOIacTnX0OFiC+kl99SH4
-----END CERTIFICATE-----