Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/1-7S4RDci-bUtz72kXcHo1qx2A4s.roa
File:                     1-7S4RDci-bUtz72kXcHo1qx2A4s.roa (raw, json)
Hash identifier:          URcrNgNIBKmROVYTJa1B1JbAes9TOZybp2mxgBHH1sg=
Subject key identifier:   FB:B4:B8:44:37:22:F9:B5:2D:CF:BD:A4:5D:C1:E8:D6:AC:76:03:8B
Certificate issuer:       /CN=570fb0f1d8b8c198b0dc86158afbcbc529cf16be
Certificate serial:       018F4DC0DF16E7FC94186B8392325D72FBE3
Authority key identifier: 57:0F:B0:F1:D8:B8:C1:98:B0:DC:86:15:8A:FB:CB:C5:29:CF:16:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vw-w8di4wZiw3IYVivvLxSnPFr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/1-7S4RDci-bUtz72kXcHo1qx2A4s.roa
Signing time:             Mon 06 May 2024 11:53:56 +0000
ROA not before:           Mon 06 May 2024 11:53:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        93.177.114.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/Vw-w8di4wZiw3IYVivvLxSnPFr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/Vw-w8di4wZiw3IYVivvLxSnPFr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vw-w8di4wZiw3IYVivvLxSnPFr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:4d:c0:df:16:e7:fc:94:18:6b:83:92:32:5d:72:fb:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=570fb0f1d8b8c198b0dc86158afbcbc529cf16be
        Validity
            Not Before: May  6 11:53:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fbb4b8443722f9b52dcfbda45dc1e8d6ac76038b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:ce:3d:0a:46:d6:1a:35:80:13:68:00:bf:dd:
                    f1:cd:8b:b0:f2:98:95:79:10:27:38:dc:ee:f0:53:
                    22:f8:93:01:7a:a0:fd:8c:40:34:7e:25:e8:7d:fc:
                    2d:c0:67:4e:bb:3a:13:d7:33:9b:f8:d0:a5:28:53:
                    00:31:f1:cd:26:ed:18:cf:8d:02:3a:c9:51:46:31:
                    b9:0b:ca:d2:c2:9c:88:57:33:f2:ea:fb:f0:ab:59:
                    70:a1:62:0e:db:58:d9:f6:ef:d3:14:31:86:db:92:
                    2e:c5:16:ff:db:3e:78:18:9a:55:f1:82:2f:33:b4:
                    4c:f7:42:45:70:53:f7:ea:be:92:65:22:68:de:f9:
                    5c:4f:6b:c9:86:75:91:6d:cf:a8:e0:7e:ac:d3:36:
                    dd:1d:95:16:59:22:3a:2a:ac:8f:96:b8:c0:8e:15:
                    d8:0e:fb:6d:5d:20:ec:84:12:74:7b:1e:20:f4:6a:
                    0e:60:61:23:e1:02:b4:01:56:36:e4:9c:93:89:3c:
                    93:6b:49:bd:2a:16:26:92:27:56:b7:5e:c2:8c:76:
                    6c:b3:9e:90:7a:61:58:a2:23:06:c5:a6:04:d1:70:
                    ce:1a:cc:79:e3:5b:dc:57:ed:75:90:b0:ea:ae:7a:
                    01:38:0d:c1:92:c6:87:2f:da:91:08:b7:22:74:86:
                    51:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:B4:B8:44:37:22:F9:B5:2D:CF:BD:A4:5D:C1:E8:D6:AC:76:03:8B
            X509v3 Authority Key Identifier:
                keyid:57:0F:B0:F1:D8:B8:C1:98:B0:DC:86:15:8A:FB:CB:C5:29:CF:16:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vw-w8di4wZiw3IYVivvLxSnPFr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/1-7S4RDci-bUtz72kXcHo1qx2A4s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/Vw-w8di4wZiw3IYVivvLxSnPFr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.177.114.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8a:79:15:02:9b:b4:70:a4:54:a8:9a:90:26:64:19:cb:1f:08:
         50:0e:72:ef:8e:c4:4e:1e:3b:78:1c:f8:46:44:e5:33:c3:7d:
         a1:76:34:90:67:28:7d:77:41:09:e8:01:f4:02:d2:4c:32:19:
         46:0f:b0:82:64:42:49:b7:d3:3c:5e:fb:6b:01:53:a6:80:9f:
         ac:64:7f:cb:0d:5a:6b:ce:e3:59:98:09:4d:9b:2d:65:83:48:
         19:f4:c0:9a:1e:39:0a:40:54:6c:25:0d:89:cb:b8:0d:c1:b8:
         70:13:cb:e6:3a:62:6e:67:7e:03:83:c0:4c:8a:05:1b:38:cf:
         83:40:7c:d4:eb:cf:16:8e:8b:34:af:b8:b4:a2:7c:2a:67:71:
         74:5c:24:89:41:da:13:43:68:9a:3a:99:c4:c1:2a:6f:aa:ee:
         e4:ce:a2:0d:21:fa:ab:48:65:9b:c3:a7:1c:6e:83:7c:6f:e5:
         70:34:36:52:d5:80:1c:51:8b:a6:0f:2d:a0:75:3b:f8:8e:c8:
         24:17:c5:4d:2f:a2:bb:84:ce:c1:7d:6d:0e:ed:a0:ca:0a:b1:
         76:57:28:4b:1d:3e:2e:7d:c4:0f:50:e4:e2:38:a7:34:4f:3e:
         47:b6:b7:d7:e8:9b:80:2c:d4:45:c2:3b:86:7a:76:7d:e3:e9:
         27:08:3f:1e
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY9NwN8W5/yUGGuDkjJdcvvjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3MGZiMGYxZDhiOGMxOThiMGRjODYxNThhZmJjYmM1Mjlj
ZjE2YmUwHhcNMjQwNTA2MTE1MzU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYmI0Yjg0NDM3MjJmOWI1MmRjZmJkYTQ1ZGMxZThkNmFjNzYwMzhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAks49CkbWGjWAE2gAv93xzYuw8piV
eRAnONzu8FMi+JMBeqD9jEA0fiXoffwtwGdOuzoT1zOb+NClKFMAMfHNJu0Yz40C
OslRRjG5C8rSwpyIVzPy6vvwq1lwoWIO21jZ9u/TFDGG25IuxRb/2z54GJpV8YIv
M7RM90JFcFP36r6SZSJo3vlcT2vJhnWRbc+o4H6s0zbdHZUWWSI6KqyPlrjAjhXY
DvttXSDshBJ0ex4g9GoOYGEj4QK0AVY25JyTiTyTa0m9KhYmkidWt17CjHZss56Q
emFYoiMGxaYE0XDOGsx541vcV+11kLDqrnoBOA3BksaHL9qRCLcidIZRgQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPu0uEQ3Ivm1Lc+9pF3B6NasdgOLMB8GA1UdIwQY
MBaAFFcPsPHYuMGYsNyGFYr7y8Upzxa+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnctdzhkaTR3Wml3M0lZVml2dkx4U25QRnI0LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS8wOTQ5ZmMtYWNjZC00NzFmLWE5Y2Qt
OTcyNDNlMzE2MjcyLzEvMS03UzRSRGNpLWJVdHo3MmtYY0hvMXF4MkE0cy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNjEvMDk0OWZjLWFjY2QtNDcxZi1hOWNkLTk3MjQzZTMxNjI3
Mi8xL1Z3LXc4ZGk0d1ppdzNJWVZpdnZMeFNuUEZyNC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAV2xcjAN
BgkqhkiG9w0BAQsFAAOCAQEAinkVApu0cKRUqJqQJmQZyx8IUA5y747ETh47eBz4
RkTlM8N9oXY0kGcofXdBCegB9ALSTDIZRg+wgmRCSbfTPF77awFTpoCfrGR/yw1a
a87jWZgJTZstZYNIGfTAmh45CkBUbCUNicu4DcG4cBPL5jpibmd+A4PATIoFGzjP
g0B81OvPFo6LNK+4tKJ8KmdxdFwkiUHaE0NomjqZxMEqb6ru5M6iDSH6q0hlm8On
HG6DfG/lcDQ2UtWAHFGLpg8toHU7+I7IJBfFTS+iu4TOwX1tDu2gygqxdlcoSx0+
Ln3ED1Dk4jinNE8+R7a31+ibgCzURcI7hnp2fePpJwg/Hg==
-----END CERTIFICATE-----