Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/7e90ac-90cf-4523-8f97-31660c22d19e/1/lst7GaVLWfW6x5pAlgrq_l7xyDM.roa
File:                     lst7GaVLWfW6x5pAlgrq_l7xyDM.roa (raw, json)
Hash identifier:          cVCKWp7C1pJPqgzI8MjI+F1zS8PPKSeM4v5L6AkrPzg=
Subject key identifier:   96:CB:7B:19:A5:4B:59:F5:BA:C7:9A:40:96:0A:EA:FE:5E:F1:C8:33
Certificate issuer:       /CN=cb4d83a67fb35af88de83c1304c6743a51531361
Certificate serial:       018E0E9FDBE26941FCDB937584632CDDB2C2
Authority key identifier: CB:4D:83:A6:7F:B3:5A:F8:8D:E8:3C:13:04:C6:74:3A:51:53:13:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/y02Dpn-zWviN6DwTBMZ0OlFTE2E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/7e90ac-90cf-4523-8f97-31660c22d19e/1/lst7GaVLWfW6x5pAlgrq_l7xyDM.roa
Signing time:             Tue 05 Mar 2024 12:39:01 +0000
ROA not before:           Tue 05 Mar 2024 12:39:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209328
IP address blocks:        176.97.50.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/7e90ac-90cf-4523-8f97-31660c22d19e/1/y02Dpn-zWviN6DwTBMZ0OlFTE2E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/7e90ac-90cf-4523-8f97-31660c22d19e/1/y02Dpn-zWviN6DwTBMZ0OlFTE2E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/y02Dpn-zWviN6DwTBMZ0OlFTE2E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:0e:9f:db:e2:69:41:fc:db:93:75:84:63:2c:dd:b2:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cb4d83a67fb35af88de83c1304c6743a51531361
        Validity
            Not Before: Mar  5 12:39:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=96cb7b19a54b59f5bac79a40960aeafe5ef1c833
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:0f:27:b4:f2:1a:9e:d8:14:46:e1:8b:ee:e4:
                    91:42:39:0c:19:bc:12:85:4e:24:18:86:67:a3:1d:
                    b3:fd:a8:45:bb:b8:a6:49:45:4f:25:90:91:32:54:
                    62:c5:b0:d5:92:dc:e3:a4:41:2b:8d:5e:b3:23:9b:
                    1c:53:cf:72:72:c3:d8:fa:15:ce:8b:fa:94:1d:48:
                    7f:fb:3c:87:41:cc:eb:ab:5c:dc:e5:22:ec:00:b1:
                    56:7b:df:f6:a2:fb:6f:46:af:c5:ec:8e:a7:8e:2c:
                    cf:03:0f:46:b6:4b:c3:e5:25:0e:f1:b1:ff:6c:91:
                    be:fa:54:07:da:28:b9:66:8f:db:24:7c:0e:16:df:
                    2c:eb:d3:9e:e8:1f:e3:86:67:c5:19:05:f7:1f:87:
                    6b:be:95:9f:80:67:76:73:46:97:5f:97:07:16:e5:
                    c2:69:d7:63:3c:a0:55:61:d4:39:c1:69:5b:37:ab:
                    d0:48:1e:ac:92:4a:36:51:b0:f8:e2:1e:86:bd:ba:
                    a5:10:9b:82:2e:d4:38:02:56:ca:a0:9d:af:ff:28:
                    3a:7b:76:5e:2a:b4:9f:26:c8:3d:63:83:d7:d0:4c:
                    5b:d4:56:90:a7:6c:21:e0:29:cb:67:dd:cc:97:c0:
                    3f:cb:9d:d1:0c:d2:1e:79:d0:cf:17:60:4e:cd:61:
                    a7:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:CB:7B:19:A5:4B:59:F5:BA:C7:9A:40:96:0A:EA:FE:5E:F1:C8:33
            X509v3 Authority Key Identifier:
                keyid:CB:4D:83:A6:7F:B3:5A:F8:8D:E8:3C:13:04:C6:74:3A:51:53:13:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y02Dpn-zWviN6DwTBMZ0OlFTE2E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/7e90ac-90cf-4523-8f97-31660c22d19e/1/lst7GaVLWfW6x5pAlgrq_l7xyDM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/7e90ac-90cf-4523-8f97-31660c22d19e/1/y02Dpn-zWviN6DwTBMZ0OlFTE2E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.97.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:b0:82:a8:62:76:8a:47:0a:e9:6a:d4:eb:50:cf:61:a5:09:
         e2:f0:42:41:ba:40:ef:65:a3:2c:67:c3:76:8d:a1:be:ae:91:
         66:79:c8:bf:19:a0:ef:d8:37:57:4d:83:c1:c0:31:c1:f4:53:
         1a:f3:d3:88:22:85:97:63:04:be:88:2e:aa:19:31:84:4b:96:
         13:0a:d6:18:9e:fd:25:bc:9e:47:ee:04:cb:85:01:1a:8b:8a:
         7e:91:cd:29:06:24:33:11:50:72:9d:1b:91:82:95:f8:f5:b8:
         8f:16:e3:6b:54:11:c3:54:75:7b:a0:9e:0c:d5:c6:91:84:89:
         17:7c:16:31:a8:e3:c1:bc:e7:21:09:d1:36:35:cd:28:eb:3c:
         20:57:17:29:99:e3:a6:e5:f3:cd:33:53:a9:a9:a4:b8:38:03:
         1a:36:73:bf:22:a3:2e:c8:67:13:3a:a3:62:7d:10:05:d2:ad:
         64:05:9f:bf:96:36:34:4f:a2:2e:7f:fa:71:19:99:43:01:eb:
         11:e8:ca:dc:f1:2f:a2:a8:ef:f4:cb:0e:0d:90:69:fb:8d:cc:
         3b:3c:c7:5c:e8:94:41:74:8f:38:17:95:5a:30:c1:95:60:cc:
         12:9a:7d:6b:df:28:3f:f1:fd:5f:88:1c:62:f0:a4:39:a1:36:
         68:7c:02:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4On9viaUH825N1hGMs3bLCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiNGQ4M2E2N2ZiMzVhZjg4ZGU4M2MxMzA0YzY3NDNhNTE1
MzEzNjEwHhcNMjQwMzA1MTIzOTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NmNiN2IxOWE1NGI1OWY1YmFjNzlhNDA5NjBhZWFmZTVlZjFjODMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjg8ntPIantgURuGL7uSRQjkMGbwS
hU4kGIZnox2z/ahFu7imSUVPJZCRMlRixbDVktzjpEErjV6zI5scU89ycsPY+hXO
i/qUHUh/+zyHQczrq1zc5SLsALFWe9/2ovtvRq/F7I6njizPAw9GtkvD5SUO8bH/
bJG++lQH2ii5Zo/bJHwOFt8s69Oe6B/jhmfFGQX3H4drvpWfgGd2c0aXX5cHFuXC
addjPKBVYdQ5wWlbN6vQSB6skko2UbD44h6GvbqlEJuCLtQ4AlbKoJ2v/yg6e3Ze
KrSfJsg9Y4PX0Exb1FaQp2wh4CnLZ93Ml8A/y53RDNIeedDPF2BOzWGnrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJbLexmlS1n1useaQJYK6v5e8cgzMB8GA1UdIwQY
MBaAFMtNg6Z/s1r4jeg8EwTGdDpRUxNhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveTAyRHBuLXpXdmlONkR3VEJNWjBPbEZURTJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS83ZTkwYWMtOTBjZi00NTIzLThmOTct
MzE2NjBjMjJkMTllLzEvbHN0N0dhVkxXZlc2eDVwQWxncnFfbDd4eURNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS83ZTkwYWMtOTBjZi00NTIzLThmOTctMzE2NjBjMjJkMTll
LzEveTAyRHBuLXpXdmlONkR3VEJNWjBPbEZURTJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsGEyMA0G
CSqGSIb3DQEBCwUAA4IBAQB8sIKoYnaKRwrpatTrUM9hpQni8EJBukDvZaMsZ8N2
jaG+rpFmeci/GaDv2DdXTYPBwDHB9FMa89OIIoWXYwS+iC6qGTGES5YTCtYYnv0l
vJ5H7gTLhQEai4p+kc0pBiQzEVBynRuRgpX49biPFuNrVBHDVHV7oJ4M1caRhIkX
fBYxqOPBvOchCdE2Nc0o6zwgVxcpmeOm5fPNM1OpqaS4OAMaNnO/IqMuyGcTOqNi
fRAF0q1kBZ+/ljY0T6Iuf/pxGZlDAesR6Mrc8S+iqO/0yw4NkGn7jcw7PMdc6JRB
dI84F5VaMMGVYMwSmn1r3yg/8f1fiBxi8KQ5oTZofALC
-----END CERTIFICATE-----