Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/c60a92-8c0b-407a-b203-acbcc6cfd7e3/1/7rM-VaToy8nFleI7ojz1mNKQkfc.roa
File:                     7rM-VaToy8nFleI7ojz1mNKQkfc.roa (raw, json)
Hash identifier:          b/9TofnsUBoYwQ/eCofWjRc9i5SxMPb9hAp6azt6fRQ=
Subject key identifier:   EE:B3:3E:55:A4:E8:CB:C9:C5:95:E2:3B:A2:3C:F5:98:D2:90:91:F7
Certificate issuer:       /CN=ef37c4806363eaa6d343af22e038bead2e18b4f4
Certificate serial:       018CC3B6C7060F667A25D744ED723F069119
Authority key identifier: EF:37:C4:80:63:63:EA:A6:D3:43:AF:22:E0:38:BE:AD:2E:18:B4:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7zfEgGNj6qbTQ68i4Di-rS4YtPQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/c60a92-8c0b-407a-b203-acbcc6cfd7e3/1/7rM-VaToy8nFleI7ojz1mNKQkfc.roa
Signing time:             Mon 01 Jan 2024 06:29:44 +0000
ROA not before:           Mon 01 Jan 2024 06:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198295
IP address blocks:        91.197.212.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/c60a92-8c0b-407a-b203-acbcc6cfd7e3/1/7zfEgGNj6qbTQ68i4Di-rS4YtPQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/c60a92-8c0b-407a-b203-acbcc6cfd7e3/1/7zfEgGNj6qbTQ68i4Di-rS4YtPQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7zfEgGNj6qbTQ68i4Di-rS4YtPQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:c7:06:0f:66:7a:25:d7:44:ed:72:3f:06:91:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef37c4806363eaa6d343af22e038bead2e18b4f4
        Validity
            Not Before: Jan  1 06:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eeb33e55a4e8cbc9c595e23ba23cf598d29091f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:92:f9:97:be:9b:f6:22:a2:45:19:74:bb:39:
                    0a:08:b0:b9:b8:9e:d6:cd:d7:6b:28:a2:d9:2a:6a:
                    8c:3b:d8:c4:5e:54:3c:8a:1a:55:9f:9c:0b:de:77:
                    99:84:43:e3:b2:46:bb:1e:33:6c:a4:5c:86:55:47:
                    78:e8:ff:60:80:53:84:3a:69:bd:45:0a:c2:7f:30:
                    ab:fd:f6:d0:77:65:be:bc:a8:6f:41:e6:9a:bb:6d:
                    91:de:9e:73:99:01:36:4a:1f:91:d7:3c:87:43:7e:
                    50:f0:25:a2:ab:26:9c:13:bd:83:d4:65:c9:03:6a:
                    67:78:e0:4d:7e:8d:8a:54:82:34:4d:2e:60:ca:b2:
                    63:fa:ff:45:89:a2:64:86:b1:ad:a6:ce:c2:b1:38:
                    6c:07:88:aa:6a:94:aa:f9:42:f9:0d:b1:f2:2f:91:
                    61:aa:af:5b:6a:e7:d0:43:0f:fc:b8:87:7f:4e:c5:
                    e5:7b:54:91:6b:3b:0c:9f:f6:9f:af:81:3d:e5:70:
                    a9:c7:13:cc:56:82:b9:58:0f:dd:3c:51:97:9b:8c:
                    ac:e4:c0:5b:bc:cc:4d:cc:3f:0c:5c:23:33:9d:a7:
                    93:e1:91:15:1c:fc:d7:09:ba:4a:b2:ea:c4:cd:e2:
                    b4:9e:89:e5:e2:3e:89:18:27:9c:6d:30:ba:5e:b2:
                    50:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:B3:3E:55:A4:E8:CB:C9:C5:95:E2:3B:A2:3C:F5:98:D2:90:91:F7
            X509v3 Authority Key Identifier:
                keyid:EF:37:C4:80:63:63:EA:A6:D3:43:AF:22:E0:38:BE:AD:2E:18:B4:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7zfEgGNj6qbTQ68i4Di-rS4YtPQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/c60a92-8c0b-407a-b203-acbcc6cfd7e3/1/7rM-VaToy8nFleI7ojz1mNKQkfc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/c60a92-8c0b-407a-b203-acbcc6cfd7e3/1/7zfEgGNj6qbTQ68i4Di-rS4YtPQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.197.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8b:c4:46:25:7e:d9:a0:53:b9:7a:b9:03:bf:42:f1:ed:ae:c1:
         f1:ba:6a:6a:45:8b:d2:f1:46:67:67:0b:fd:ef:9d:72:e3:07:
         95:75:26:66:1f:b3:83:62:bb:25:be:a0:8e:7d:ee:49:fd:f2:
         b8:82:b7:0b:3f:b5:1b:dc:12:ce:a2:bc:57:7d:a2:2e:a7:2f:
         41:8d:23:86:1c:a0:0c:ef:92:28:55:da:f5:8b:8c:67:6f:6e:
         d3:54:b2:f0:ee:44:65:30:39:0e:1e:0d:fc:4b:bd:eb:4f:6b:
         18:20:30:be:9d:79:26:b0:ed:1c:9a:ef:af:0f:ee:eb:53:31:
         bf:1f:da:98:3a:17:39:08:2c:26:c1:cf:44:f0:b2:14:4e:3c:
         e6:c5:b3:d9:4a:d3:7b:ff:0a:19:c4:93:91:cb:65:7b:7b:63:
         64:69:67:e2:2e:55:38:c0:b9:3a:c4:f4:fb:f8:99:c1:e5:30:
         41:0d:71:4f:6d:21:d4:4d:49:ed:1f:dd:d7:ef:7f:d2:63:f7:
         e9:a5:cf:eb:56:f2:5e:b7:3d:5f:2c:ff:60:6c:0c:df:38:2d:
         0f:71:24:74:d3:31:5b:b1:10:20:57:48:fd:95:99:fd:9f:99:
         03:38:a6:e8:dd:81:fe:5a:c0:dc:e0:b1:ba:84:f4:81:f6:d5:
         4f:5c:b4:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtscGD2Z6JddE7XI/BpEZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmMzdjNDgwNjM2M2VhYTZkMzQzYWYyMmUwMzhiZWFkMmUx
OGI0ZjQwHhcNMjQwMTAxMDYyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZWIzM2U1NWE0ZThjYmM5YzU5NWUyM2JhMjNjZjU5OGQyOTA5MWY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkpL5l76b9iKiRRl0uzkKCLC5uJ7W
zddrKKLZKmqMO9jEXlQ8ihpVn5wL3neZhEPjska7HjNspFyGVUd46P9ggFOEOmm9
RQrCfzCr/fbQd2W+vKhvQeaau22R3p5zmQE2Sh+R1zyHQ35Q8CWiqyacE72D1GXJ
A2pneOBNfo2KVII0TS5gyrJj+v9FiaJkhrGtps7CsThsB4iqapSq+UL5DbHyL5Fh
qq9baufQQw/8uId/TsXle1SRazsMn/afr4E95XCpxxPMVoK5WA/dPFGXm4ys5MBb
vMxNzD8MXCMznaeT4ZEVHPzXCbpKsurEzeK0nonl4j6JGCecbTC6XrJQEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO6zPlWk6MvJxZXiO6I89ZjSkJH3MB8GA1UdIwQY
MBaAFO83xIBjY+qm00OvIuA4vq0uGLT0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3pmRWdHTmo2cWJUUTY4aTREaS1yUzRZdFBRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS9jNjBhOTItOGMwYi00MDdhLWIyMDMt
YWNiY2M2Y2ZkN2UzLzEvN3JNLVZhVG95OG5GbGVJN29qejFtTktRa2ZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS9jNjBhOTItOGMwYi00MDdhLWIyMDMtYWNiY2M2Y2ZkN2Uz
LzEvN3pmRWdHTmo2cWJUUTY4aTREaS1yUzRZdFBRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW8XUMA0G
CSqGSIb3DQEBCwUAA4IBAQCLxEYlftmgU7l6uQO/QvHtrsHxumpqRYvS8UZnZwv9
751y4weVdSZmH7ODYrslvqCOfe5J/fK4grcLP7Ub3BLOorxXfaIupy9BjSOGHKAM
75IoVdr1i4xnb27TVLLw7kRlMDkOHg38S73rT2sYIDC+nXkmsO0cmu+vD+7rUzG/
H9qYOhc5CCwmwc9E8LIUTjzmxbPZStN7/woZxJORy2V7e2NkaWfiLlU4wLk6xPT7
+JnB5TBBDXFPbSHUTUntH93X73/SY/fppc/rVvJetz1fLP9gbAzfOC0PcSR00zFb
sRAgV0j9lZn9n5kDOKbo3YH+WsDc4LG6hPSB9tVPXLQV
-----END CERTIFICATE-----