Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/d70dcf-95e7-4495-a411-3a5718b41f7b/1/7gw9mllt_oJ6-R2iEFwHTPMRPcM.roa
File:                     7gw9mllt_oJ6-R2iEFwHTPMRPcM.roa (raw, json)
Hash identifier:          wQc1PyGipK01KkbxWOxGyce49OrkcWwX7x8UCdOWJ9M=
Subject key identifier:   EE:0C:3D:9A:59:6D:FE:82:7A:F9:1D:A2:10:5C:07:4C:F3:11:3D:C3
Certificate issuer:       /CN=07c18247a5326473abc96f5a1071d159c1eb7ecd
Certificate serial:       018CC64B6063D1D791A3B1CA80283C48852E
Authority key identifier: 07:C1:82:47:A5:32:64:73:AB:C9:6F:5A:10:71:D1:59:C1:EB:7E:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B8GCR6UyZHOryW9aEHHRWcHrfs0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/d70dcf-95e7-4495-a411-3a5718b41f7b/1/7gw9mllt_oJ6-R2iEFwHTPMRPcM.roa
Signing time:             Mon 01 Jan 2024 18:31:17 +0000
ROA not before:           Mon 01 Jan 2024 18:31:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31593
IP address blocks:        193.22.84.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/d70dcf-95e7-4495-a411-3a5718b41f7b/1/B8GCR6UyZHOryW9aEHHRWcHrfs0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/d70dcf-95e7-4495-a411-3a5718b41f7b/1/B8GCR6UyZHOryW9aEHHRWcHrfs0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B8GCR6UyZHOryW9aEHHRWcHrfs0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 10:02:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:60:63:d1:d7:91:a3:b1:ca:80:28:3c:48:85:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07c18247a5326473abc96f5a1071d159c1eb7ecd
        Validity
            Not Before: Jan  1 18:31:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ee0c3d9a596dfe827af91da2105c074cf3113dc3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:14:a3:5a:ed:05:27:8f:78:2b:5c:ae:6b:99:
                    32:d2:ed:00:e9:11:ec:bd:c5:c9:f0:c4:e8:4b:09:
                    34:8a:01:3c:8f:72:82:24:06:b8:ae:75:f6:87:bd:
                    4c:86:d1:95:31:05:40:50:bf:b7:33:4d:f6:28:62:
                    3c:7c:e7:64:21:b8:d4:24:1b:9b:80:49:e5:f5:ca:
                    85:1d:9e:e8:55:2f:af:9a:ad:d8:c4:c3:7a:17:ed:
                    c8:b4:4b:1b:99:44:f9:28:2b:16:e8:b4:c9:af:c2:
                    85:50:95:d1:7a:36:b5:cf:87:c5:f0:9d:69:e4:bd:
                    e0:1d:02:56:79:03:ad:56:6d:55:5a:35:b9:b9:e6:
                    c6:f9:20:3f:ab:73:94:cb:ae:30:03:ed:7d:c9:d0:
                    be:e7:6c:15:a2:a5:17:d2:9a:96:e1:2e:7f:f4:88:
                    6d:3a:0a:ba:39:16:2c:64:db:36:74:ed:63:bf:fe:
                    a2:28:41:46:64:04:8d:99:86:5f:a2:c0:d4:7b:3b:
                    92:fe:41:89:63:37:c3:f2:39:f0:82:5c:d1:73:3e:
                    56:27:1c:40:1c:95:2a:b5:16:fc:6b:8f:26:28:67:
                    3e:ad:bd:30:cc:6a:92:d4:05:02:2f:0b:82:12:40:
                    03:23:5b:00:80:fb:75:11:bf:15:10:77:26:2e:75:
                    5d:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:0C:3D:9A:59:6D:FE:82:7A:F9:1D:A2:10:5C:07:4C:F3:11:3D:C3
            X509v3 Authority Key Identifier:
                keyid:07:C1:82:47:A5:32:64:73:AB:C9:6F:5A:10:71:D1:59:C1:EB:7E:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B8GCR6UyZHOryW9aEHHRWcHrfs0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/d70dcf-95e7-4495-a411-3a5718b41f7b/1/7gw9mllt_oJ6-R2iEFwHTPMRPcM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/d70dcf-95e7-4495-a411-3a5718b41f7b/1/B8GCR6UyZHOryW9aEHHRWcHrfs0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.22.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:16:fd:01:dc:18:e6:27:1a:ad:63:29:37:bd:e8:92:46:d0:
         d3:39:c6:ce:8f:47:d1:e3:ec:37:04:fc:d0:a0:e8:b6:ae:72:
         f5:dc:17:cc:c5:55:fd:96:26:dd:c4:75:6d:4f:44:5a:2c:26:
         8e:4f:46:a4:a2:13:95:ff:7a:02:92:e6:fa:98:87:06:02:ea:
         b1:fb:f1:20:c3:dd:8a:8b:36:f5:18:37:e4:04:12:c4:fd:46:
         2e:84:c3:3e:05:6c:46:77:17:f1:be:6a:b0:4f:cc:a4:1d:e9:
         40:ff:f7:24:74:62:ec:4d:07:d8:00:45:a9:21:b9:a7:2f:16:
         56:ca:8b:f3:65:c5:d2:ed:bc:55:41:80:40:22:8b:64:d9:62:
         6e:40:61:60:af:7e:86:77:91:ac:f8:6c:14:51:f9:1e:88:fc:
         b0:2f:a8:35:c8:ce:db:6a:56:e2:7c:ec:8e:4b:0d:00:ee:a2:
         bd:82:14:e1:1d:de:1c:9a:67:07:50:b8:22:cc:b4:36:42:43:
         00:89:59:69:35:b7:5a:e0:bf:ae:9a:a9:3c:9a:cb:c3:23:d9:
         1a:76:47:11:34:ee:39:1f:2d:f6:3e:82:27:31:60:52:ec:93:
         62:87:08:3a:71:2c:0a:0b:81:04:7b:7f:0d:ff:b7:e5:fb:61:
         42:ea:0c:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS2Bj0deRo7HKgCg8SIUuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3YzE4MjQ3YTUzMjY0NzNhYmM5NmY1YTEwNzFkMTU5YzFl
YjdlY2QwHhcNMjQwMTAxMTgzMTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTBjM2Q5YTU5NmRmZTgyN2FmOTFkYTIxMDVjMDc0Y2YzMTEzZGMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhBSjWu0FJ494K1yua5ky0u0A6RHs
vcXJ8MToSwk0igE8j3KCJAa4rnX2h71MhtGVMQVAUL+3M032KGI8fOdkIbjUJBub
gEnl9cqFHZ7oVS+vmq3YxMN6F+3ItEsbmUT5KCsW6LTJr8KFUJXReja1z4fF8J1p
5L3gHQJWeQOtVm1VWjW5uebG+SA/q3OUy64wA+19ydC+52wVoqUX0pqW4S5/9Iht
Ogq6ORYsZNs2dO1jv/6iKEFGZASNmYZfosDUezuS/kGJYzfD8jnwglzRcz5WJxxA
HJUqtRb8a48mKGc+rb0wzGqS1AUCLwuCEkADI1sAgPt1Eb8VEHcmLnVdEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO4MPZpZbf6CevkdohBcB0zzET3DMB8GA1UdIwQY
MBaAFAfBgkelMmRzq8lvWhBx0VnB637NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQjhHQ1I2VXlaSE9yeVc5YUVISFJXY0hyZnMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS9kNzBkY2YtOTVlNy00NDk1LWE0MTEt
M2E1NzE4YjQxZjdiLzEvN2d3OW1sbHRfb0o2LVIyaUVGd0hUUE1SUGNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS9kNzBkY2YtOTVlNy00NDk1LWE0MTEtM2E1NzE4YjQxZjdi
LzEvQjhHQ1I2VXlaSE9yeVc5YUVISFJXY0hyZnMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRZUMA0G
CSqGSIb3DQEBCwUAA4IBAQBhFv0B3BjmJxqtYyk3veiSRtDTOcbOj0fR4+w3BPzQ
oOi2rnL13BfMxVX9libdxHVtT0RaLCaOT0akohOV/3oCkub6mIcGAuqx+/Egw92K
izb1GDfkBBLE/UYuhMM+BWxGdxfxvmqwT8ykHelA//ckdGLsTQfYAEWpIbmnLxZW
yovzZcXS7bxVQYBAIotk2WJuQGFgr36Gd5Gs+GwUUfkeiPywL6g1yM7balbifOyO
Sw0A7qK9ghThHd4cmmcHULgizLQ2QkMAiVlpNbda4L+umqk8msvDI9kadkcRNO45
Hy32PoInMWBS7JNihwg6cSwKC4EEe38N/7fl+2FC6gwr
-----END CERTIFICATE-----