Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/c73287-b1b1-4aca-bd2e-db4f352e9ad3/1/7e_BXnkEfgulFn7-1BZZCSk-m5Q.roa
File:                     7e_BXnkEfgulFn7-1BZZCSk-m5Q.roa (raw, json)
Hash identifier:          vl+owVIw1+NKLksbv8MmHtwhUbDkxgfDv2/CAxs15Ao=
Subject key identifier:   ED:EF:C1:5E:79:04:7E:0B:A5:16:7E:FE:D4:16:59:09:29:3E:9B:94
Certificate issuer:       /CN=e30cc9429b63382e9b1714d21b3c96d2e5ebe257
Certificate serial:       018CC727423F96636630ED2222D1E5B476AA
Authority key identifier: E3:0C:C9:42:9B:63:38:2E:9B:17:14:D2:1B:3C:96:D2:E5:EB:E2:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4wzJQptjOC6bFxTSGzyW0uXr4lc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/c73287-b1b1-4aca-bd2e-db4f352e9ad3/1/7e_BXnkEfgulFn7-1BZZCSk-m5Q.roa
Signing time:             Mon 01 Jan 2024 22:31:27 +0000
ROA not before:           Mon 01 Jan 2024 22:31:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8149
IP address blocks:        213.152.243.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/c73287-b1b1-4aca-bd2e-db4f352e9ad3/1/4wzJQptjOC6bFxTSGzyW0uXr4lc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/c73287-b1b1-4aca-bd2e-db4f352e9ad3/1/4wzJQptjOC6bFxTSGzyW0uXr4lc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4wzJQptjOC6bFxTSGzyW0uXr4lc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 05:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:42:3f:96:63:66:30:ed:22:22:d1:e5:b4:76:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e30cc9429b63382e9b1714d21b3c96d2e5ebe257
        Validity
            Not Before: Jan  1 22:31:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=edefc15e79047e0ba5167efed4165909293e9b94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:31:39:c8:97:18:3c:09:52:6f:75:96:96:91:
                    2f:4e:d0:69:09:5a:38:c0:18:d0:6b:c6:e8:c3:4e:
                    0e:a1:77:a1:3a:2e:13:8a:d8:a7:aa:68:7b:18:52:
                    dc:f2:98:97:40:30:9e:93:06:4d:38:60:ca:4c:54:
                    37:30:aa:79:0d:14:af:c9:91:83:a7:df:c8:9d:28:
                    b7:91:d6:a0:99:3d:b9:f4:51:a1:d4:24:ac:13:bb:
                    b4:ad:0a:a6:d2:7e:70:42:d8:16:e0:58:92:4b:2b:
                    e8:4b:49:73:3c:c9:c9:fa:f3:1a:b4:ba:00:eb:c8:
                    63:88:3c:f3:83:30:83:9a:fb:16:e4:44:e8:7f:1f:
                    98:1c:4e:12:bd:06:08:b7:6d:77:c0:8a:67:55:74:
                    fe:ac:87:51:5e:1f:d6:f9:c4:3b:ea:f5:dc:35:b4:
                    e6:4f:ea:b7:b3:80:a5:b8:c6:1c:69:f7:ae:72:f8:
                    ff:06:17:b1:53:54:ca:59:85:eb:97:11:fb:c4:29:
                    14:c1:9a:8d:6a:0c:00:67:c3:5e:b4:b6:f3:82:1b:
                    0c:5e:b8:9d:4e:5d:08:0b:8c:84:f9:ce:bc:1c:e3:
                    02:a9:a6:49:4b:4d:01:d3:ae:51:a8:dc:02:7d:41:
                    f1:1e:79:37:0d:52:6c:73:6f:22:21:84:b9:07:33:
                    f8:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:EF:C1:5E:79:04:7E:0B:A5:16:7E:FE:D4:16:59:09:29:3E:9B:94
            X509v3 Authority Key Identifier:
                keyid:E3:0C:C9:42:9B:63:38:2E:9B:17:14:D2:1B:3C:96:D2:E5:EB:E2:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4wzJQptjOC6bFxTSGzyW0uXr4lc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c73287-b1b1-4aca-bd2e-db4f352e9ad3/1/7e_BXnkEfgulFn7-1BZZCSk-m5Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c73287-b1b1-4aca-bd2e-db4f352e9ad3/1/4wzJQptjOC6bFxTSGzyW0uXr4lc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.152.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:1e:b8:a7:43:d1:97:49:42:b8:d5:30:3f:7a:05:b9:4e:55:
         34:0c:91:a0:f6:45:77:e8:f0:00:b7:ba:68:21:a5:11:de:c1:
         70:07:73:5d:67:4f:c1:3e:62:49:8e:28:d7:ef:1f:e1:25:19:
         5c:20:c3:b3:c2:59:1e:12:7a:30:ba:2c:62:29:08:58:6f:94:
         4d:46:fe:dc:75:50:f4:97:df:71:9a:ef:66:fe:97:72:6c:40:
         f2:0a:7f:0f:2b:84:73:4d:48:83:c0:df:7a:27:0f:fb:c4:6f:
         f2:a6:eb:72:64:29:9a:c7:5f:66:ce:7e:a9:e9:9f:9a:92:dd:
         c9:7d:87:39:f5:f0:69:3f:12:00:34:e3:cd:18:be:91:55:05:
         97:97:df:76:09:31:38:bc:a5:ad:b0:46:bd:ec:d1:d1:ab:e9:
         d1:a1:59:5b:55:11:51:b7:60:f7:4b:81:0b:b9:ba:5b:2a:2e:
         73:a7:8c:ed:0d:8e:a0:fb:67:3a:9a:fb:d5:2f:98:11:c9:f5:
         2d:a6:f4:72:2b:38:75:e1:83:31:35:2a:b7:46:9f:90:2e:43:
         aa:ba:31:fd:b4:b9:be:2f:0b:5a:40:e6:9a:86:18:ee:6b:a8:
         09:4b:ef:cf:8d:13:60:72:f5:c0:98:ef:66:74:d9:5f:60:4f:
         21:d0:86:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ0I/lmNmMO0iItHltHaqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzMGNjOTQyOWI2MzM4MmU5YjE3MTRkMjFiM2M5NmQyZTVl
YmUyNTcwHhcNMjQwMTAxMjIzMTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZGVmYzE1ZTc5MDQ3ZTBiYTUxNjdlZmVkNDE2NTkwOTI5M2U5Yjk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqzE5yJcYPAlSb3WWlpEvTtBpCVo4
wBjQa8bow04OoXehOi4Titinqmh7GFLc8piXQDCekwZNOGDKTFQ3MKp5DRSvyZGD
p9/InSi3kdagmT259FGh1CSsE7u0rQqm0n5wQtgW4FiSSyvoS0lzPMnJ+vMatLoA
68hjiDzzgzCDmvsW5ETofx+YHE4SvQYIt213wIpnVXT+rIdRXh/W+cQ76vXcNbTm
T+q3s4CluMYcafeucvj/BhexU1TKWYXrlxH7xCkUwZqNagwAZ8NetLbzghsMXrid
Tl0IC4yE+c68HOMCqaZJS00B065RqNwCfUHxHnk3DVJsc28iIYS5BzP4AwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO3vwV55BH4LpRZ+/tQWWQkpPpuUMB8GA1UdIwQY
MBaAFOMMyUKbYzgumxcU0hs8ltLl6+JXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHd6SlFwdGpPQzZiRnhUU0d6eVcwdVhyNGxjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9jNzMyODctYjFiMS00YWNhLWJkMmUt
ZGI0ZjM1MmU5YWQzLzEvN2VfQlhua0VmZ3VsRm43LTFCWlpDU2stbTVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9jNzMyODctYjFiMS00YWNhLWJkMmUtZGI0ZjM1MmU5YWQz
LzEvNHd6SlFwdGpPQzZiRnhUU0d6eVcwdVhyNGxjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1ZjzMA0G
CSqGSIb3DQEBCwUAA4IBAQBbHrinQ9GXSUK41TA/egW5TlU0DJGg9kV36PAAt7po
IaUR3sFwB3NdZ0/BPmJJjijX7x/hJRlcIMOzwlkeEnowuixiKQhYb5RNRv7cdVD0
l99xmu9m/pdybEDyCn8PK4RzTUiDwN96Jw/7xG/yputyZCmax19mzn6p6Z+akt3J
fYc59fBpPxIANOPNGL6RVQWXl992CTE4vKWtsEa97NHRq+nRoVlbVRFRt2D3S4EL
ubpbKi5zp4ztDY6g+2c6mvvVL5gRyfUtpvRyKzh14YMxNSq3Rp+QLkOqujH9tLm+
LwtaQOaahhjua6gJS+/PjRNgcvXAmO9mdNlfYE8h0Ibe
-----END CERTIFICATE-----