Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/ff3b6c-6db3-4821-9a40-e3c7d4e6598f/1/7ek-VXu1Bb_HnF6nFnhD2qQE1g4.roa
File:                     7ek-VXu1Bb_HnF6nFnhD2qQE1g4.roa (raw, json)
Hash identifier:          AumU5pKBea7vwYFOOv+EASVobdpP6GcYBApi3xL4z7w=
Subject key identifier:   ED:E9:3E:55:7B:B5:05:BF:C7:9C:5E:A7:16:78:43:DA:A4:04:D6:0E
Certificate issuer:       /CN=25e1b659862d15a51cb5ff34de7223c69e48126a
Certificate serial:       018CCA2A039988D0032BEBE7D45FA3795767
Authority key identifier: 25:E1:B6:59:86:2D:15:A5:1C:B5:FF:34:DE:72:23:C6:9E:48:12:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JeG2WYYtFaUctf803nIjxp5IEmo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/ff3b6c-6db3-4821-9a40-e3c7d4e6598f/1/7ek-VXu1Bb_HnF6nFnhD2qQE1g4.roa
Signing time:             Tue 02 Jan 2024 12:33:20 +0000
ROA not before:           Tue 02 Jan 2024 12:33:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3225
IP address blocks:        185.75.56.0/24 maxlen: 24
                          185.75.59.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/ff3b6c-6db3-4821-9a40-e3c7d4e6598f/1/JeG2WYYtFaUctf803nIjxp5IEmo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/ff3b6c-6db3-4821-9a40-e3c7d4e6598f/1/JeG2WYYtFaUctf803nIjxp5IEmo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JeG2WYYtFaUctf803nIjxp5IEmo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:03:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:03:99:88:d0:03:2b:eb:e7:d4:5f:a3:79:57:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25e1b659862d15a51cb5ff34de7223c69e48126a
        Validity
            Not Before: Jan  2 12:33:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ede93e557bb505bfc79c5ea7167843daa404d60e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:41:a2:27:d5:90:62:6f:8f:26:2b:28:de:bd:
                    4e:61:bb:64:b7:a0:72:d3:0c:d3:a1:ec:da:d2:19:
                    81:b1:b8:69:42:48:e1:eb:4c:97:eb:0a:d6:89:f8:
                    2b:1d:f3:23:71:ce:4a:f2:cf:24:42:03:7f:74:4f:
                    cb:76:18:ed:d7:ce:39:8b:16:55:60:89:f3:3f:6f:
                    b7:9c:1f:6e:b3:00:e8:8f:78:08:72:15:10:1c:a2:
                    b7:f1:0c:a7:bc:1d:8e:13:11:18:31:49:6e:37:5d:
                    a5:bb:ab:37:6b:a5:47:7f:e1:da:1d:7a:e7:e0:fc:
                    39:4d:49:9a:68:db:f0:2d:6e:e0:83:c9:2f:2d:f6:
                    6b:ce:6c:3e:4b:f9:b3:ed:25:d0:1e:b2:92:f1:84:
                    6c:7c:37:b2:4d:4e:43:c8:cf:e4:84:b9:b2:0f:9d:
                    f9:5b:fe:25:9e:95:7b:c1:cf:58:71:29:e3:04:52:
                    35:ba:df:ba:36:35:19:05:05:51:40:cd:c7:dc:05:
                    73:6a:81:ab:71:14:67:20:1e:1b:67:81:2d:ac:c6:
                    91:df:93:01:b7:0b:80:e4:ec:76:10:f9:8e:ac:72:
                    c6:c1:41:91:da:2f:bd:13:a5:2b:6d:88:9c:32:c7:
                    51:94:a6:7b:47:d5:22:36:7f:c2:f7:ea:83:4e:9d:
                    df:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:E9:3E:55:7B:B5:05:BF:C7:9C:5E:A7:16:78:43:DA:A4:04:D6:0E
            X509v3 Authority Key Identifier:
                keyid:25:E1:B6:59:86:2D:15:A5:1C:B5:FF:34:DE:72:23:C6:9E:48:12:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JeG2WYYtFaUctf803nIjxp5IEmo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/ff3b6c-6db3-4821-9a40-e3c7d4e6598f/1/7ek-VXu1Bb_HnF6nFnhD2qQE1g4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/ff3b6c-6db3-4821-9a40-e3c7d4e6598f/1/JeG2WYYtFaUctf803nIjxp5IEmo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.75.56.0/24
                  185.75.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:39:47:dc:1b:aa:6a:b3:d8:ed:3e:4d:fd:2e:f9:a8:2a:0d:
         7e:87:ee:2e:1d:2d:27:72:7e:a8:7f:ff:2b:c9:82:7a:95:8d:
         a8:50:98:08:93:73:49:e6:99:9f:9c:a8:1a:19:64:65:03:52:
         6f:15:11:01:96:dc:8d:4b:ab:5f:2a:d6:b8:80:9a:78:ea:5c:
         69:c5:44:18:d8:ed:79:d8:85:67:19:61:cc:ba:f7:1a:0a:8f:
         5b:c2:66:81:e2:4f:6b:9e:c6:17:b0:b2:94:72:65:2d:4e:75:
         94:73:f4:b7:f8:94:7b:c2:1d:29:62:4f:43:4b:83:6b:51:15:
         0d:df:dc:02:d3:a7:70:6a:57:27:8a:a7:be:13:24:82:59:ea:
         76:ea:78:e9:2b:09:aa:aa:2c:eb:e2:4e:b6:07:2a:53:ed:ff:
         2e:86:50:c0:cc:00:64:5a:21:93:3c:d2:6b:a1:e1:15:09:0f:
         e0:10:03:e2:dc:57:c6:09:a8:40:d3:41:0e:0d:9b:e9:c6:e9:
         8b:0d:05:e7:29:d0:5e:71:15:7d:ed:8a:b3:04:4e:d1:2e:8d:
         b3:c9:05:af:b0:0b:17:25:38:83:a6:1f:43:e1:75:db:e5:4e:
         48:3b:47:94:4c:90:55:bf:3f:7f:83:ac:96:f7:ad:4b:05:45:
         fa:5b:f9:fd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKKgOZiNADK+vn1F+jeVdnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1ZTFiNjU5ODYyZDE1YTUxY2I1ZmYzNGRlNzIyM2M2OWU0
ODEyNmEwHhcNMjQwMTAyMTIzMzIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZGU5M2U1NTdiYjUwNWJmYzc5YzVlYTcxNjc4NDNkYWE0MDRkNjBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkGiJ9WQYm+PJiso3r1OYbtkt6By
0wzToeza0hmBsbhpQkjh60yX6wrWifgrHfMjcc5K8s8kQgN/dE/Ldhjt1845ixZV
YInzP2+3nB9uswDoj3gIchUQHKK38QynvB2OExEYMUluN12lu6s3a6VHf+HaHXrn
4Pw5TUmaaNvwLW7gg8kvLfZrzmw+S/mz7SXQHrKS8YRsfDeyTU5DyM/khLmyD535
W/4lnpV7wc9YcSnjBFI1ut+6NjUZBQVRQM3H3AVzaoGrcRRnIB4bZ4EtrMaR35MB
twuA5Ox2EPmOrHLGwUGR2i+9E6UrbYicMsdRlKZ7R9UiNn/C9+qDTp3fDQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFO3pPlV7tQW/x5xepxZ4Q9qkBNYOMB8GA1UdIwQY
MBaAFCXhtlmGLRWlHLX/NN5yI8aeSBJqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmVHMldZWXRGYVVjdGY4MDNuSWp4cDVJRW1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9mZjNiNmMtNmRiMy00ODIxLTlhNDAt
ZTNjN2Q0ZTY1OThmLzEvN2VrLVZYdTFCYl9IbkY2bkZuaEQycVFFMWc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9mZjNiNmMtNmRiMy00ODIxLTlhNDAtZTNjN2Q0ZTY1OThm
LzEvSmVHMldZWXRGYVVjdGY4MDNuSWp4cDVJRW1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuUs4AwQA
uUs7MA0GCSqGSIb3DQEBCwUAA4IBAQASOUfcG6pqs9jtPk39LvmoKg1+h+4uHS0n
cn6of/8ryYJ6lY2oUJgIk3NJ5pmfnKgaGWRlA1JvFREBltyNS6tfKta4gJp46lxp
xUQY2O152IVnGWHMuvcaCo9bwmaB4k9rnsYXsLKUcmUtTnWUc/S3+JR7wh0pYk9D
S4NrURUN39wC06dwalcniqe+EySCWep26njpKwmqqizr4k62BypT7f8uhlDAzABk
WiGTPNJroeEVCQ/gEAPi3FfGCahA00EODZvpxumLDQXnKdBecRV97YqzBE7RLo2z
yQWvsAsXJTiDph9D4XXb5U5IO0eUTJBVvz9/g6yW961LBUX6W/n9
-----END CERTIFICATE-----