Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/0898be-b037-429f-b504-1d934a048474/1/5_PWrBd38YxQ__mTfy1AiU7yLVY.roa
File:                     5_PWrBd38YxQ__mTfy1AiU7yLVY.roa (raw, json)
Hash identifier:          8dg1W7DY4SeB/Fop8SwiErfCK7vNFJeJ4R3+GGxTojk=
Subject key identifier:   E7:F3:D6:AC:17:77:F1:8C:50:FF:F9:93:7F:2D:40:89:4E:F2:2D:56
Certificate issuer:       /CN=e92c415d1775ae9993e900a7536b46ab144a9aa2
Certificate serial:       018CC56E2085F2E4A4FC9104AD5A8E504D8C
Authority key identifier: E9:2C:41:5D:17:75:AE:99:93:E9:00:A7:53:6B:46:AB:14:4A:9A:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6SxBXRd1rpmT6QCnU2tGqxRKmqI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/0898be-b037-429f-b504-1d934a048474/1/5_PWrBd38YxQ__mTfy1AiU7yLVY.roa
Signing time:             Mon 01 Jan 2024 14:29:37 +0000
ROA not before:           Mon 01 Jan 2024 14:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212833
IP address blocks:        91.223.7.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/0898be-b037-429f-b504-1d934a048474/1/6SxBXRd1rpmT6QCnU2tGqxRKmqI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/0898be-b037-429f-b504-1d934a048474/1/6SxBXRd1rpmT6QCnU2tGqxRKmqI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6SxBXRd1rpmT6QCnU2tGqxRKmqI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:20:85:f2:e4:a4:fc:91:04:ad:5a:8e:50:4d:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e92c415d1775ae9993e900a7536b46ab144a9aa2
        Validity
            Not Before: Jan  1 14:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e7f3d6ac1777f18c50fff9937f2d40894ef22d56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:80:d4:e5:64:c6:d3:47:bf:ed:d1:2b:fa:9f:
                    8a:c5:cb:4a:d0:75:88:93:13:b4:43:6e:5d:ce:35:
                    9d:54:d1:8c:c1:47:77:ca:0a:e8:2f:db:c5:64:67:
                    5d:d2:be:1a:f1:8a:af:20:84:cc:3f:e1:ef:ba:56:
                    0b:f1:24:22:ba:d9:51:b8:0d:91:27:e6:7b:f5:3e:
                    f1:a3:85:3b:43:95:ab:2e:d6:66:68:c4:82:63:49:
                    43:59:fc:0d:6b:b0:b3:95:6a:6f:60:72:56:42:64:
                    0f:d0:87:1a:79:13:3f:fd:eb:68:25:d8:01:ba:95:
                    82:3f:17:bd:a5:ff:22:53:19:c8:ef:a7:2b:c5:e2:
                    a2:3c:85:d3:3f:06:d7:fb:68:bc:8b:44:ed:c6:e5:
                    1e:ba:f2:36:20:43:03:5a:18:47:16:a8:fb:bf:58:
                    e6:88:8a:78:7d:f9:6b:0d:8a:80:ae:20:16:a6:73:
                    73:fc:86:ff:3c:3f:9c:a9:5f:2e:0f:51:bd:6f:a7:
                    c5:f6:42:db:d2:03:0b:83:d5:f0:7c:ff:e0:2e:3c:
                    0c:d2:78:e1:7f:e4:98:4d:0d:6f:a3:95:52:30:0c:
                    6a:2f:34:e9:09:68:76:36:20:da:ee:c7:a0:50:b3:
                    d1:ef:5a:e7:02:c5:4e:a3:ee:40:6d:07:1a:99:f9:
                    b4:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:F3:D6:AC:17:77:F1:8C:50:FF:F9:93:7F:2D:40:89:4E:F2:2D:56
            X509v3 Authority Key Identifier:
                keyid:E9:2C:41:5D:17:75:AE:99:93:E9:00:A7:53:6B:46:AB:14:4A:9A:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6SxBXRd1rpmT6QCnU2tGqxRKmqI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/0898be-b037-429f-b504-1d934a048474/1/5_PWrBd38YxQ__mTfy1AiU7yLVY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/0898be-b037-429f-b504-1d934a048474/1/6SxBXRd1rpmT6QCnU2tGqxRKmqI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:ea:ba:50:f6:51:ec:c1:38:1f:da:b4:f6:a1:99:28:90:f1:
         28:9b:53:da:e2:b4:84:32:fe:d6:c4:1d:98:63:15:9e:33:4d:
         0a:4a:8b:80:ed:8d:05:f4:48:f5:61:f4:13:56:65:0e:0f:28:
         17:cb:98:20:82:f4:e5:f2:d0:a3:a4:5b:d5:69:f0:d3:1f:21:
         49:f7:70:83:58:d2:60:21:90:9e:0a:ec:5a:eb:98:b7:19:48:
         d4:5b:f4:10:3d:83:a3:55:fd:3f:41:71:10:8b:a3:e4:f9:3c:
         31:b2:0d:62:0b:e6:d7:f3:34:4e:e7:04:9b:a9:91:fd:8f:48:
         29:e9:88:d6:d0:71:fb:b2:79:e0:dd:2d:b9:55:92:bd:df:e8:
         df:99:b4:fa:67:c9:ac:e4:dc:52:5c:94:d9:bc:4d:29:42:65:
         09:f3:52:4e:e9:ce:05:be:6d:01:cd:11:18:b4:f4:46:31:b0:
         2b:fa:65:15:d9:62:7f:c5:74:4d:81:db:81:ce:7c:6f:12:03:
         fa:76:fe:2c:b2:73:08:f0:38:89:01:67:f7:08:19:33:fa:86:
         33:91:bd:70:fd:ed:6a:ec:8c:49:32:78:47:4f:7b:9d:b7:e6:
         30:bd:24:57:2d:5d:06:6e:a0:b4:60:2c:43:60:10:3c:4a:d7:
         f4:71:39:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbiCF8uSk/JEErVqOUE2MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5MmM0MTVkMTc3NWFlOTk5M2U5MDBhNzUzNmI0NmFiMTQ0
YTlhYTIwHhcNMjQwMTAxMTQyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlN2YzZDZhYzE3NzdmMThjNTBmZmY5OTM3ZjJkNDA4OTRlZjIyZDU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApoDU5WTG00e/7dEr+p+KxctK0HWI
kxO0Q25dzjWdVNGMwUd3ygroL9vFZGdd0r4a8YqvIITMP+HvulYL8SQiutlRuA2R
J+Z79T7xo4U7Q5WrLtZmaMSCY0lDWfwNa7CzlWpvYHJWQmQP0IcaeRM//etoJdgB
upWCPxe9pf8iUxnI76crxeKiPIXTPwbX+2i8i0TtxuUeuvI2IEMDWhhHFqj7v1jm
iIp4fflrDYqAriAWpnNz/Ib/PD+cqV8uD1G9b6fF9kLb0gMLg9XwfP/gLjwM0njh
f+SYTQ1vo5VSMAxqLzTpCWh2NiDa7segULPR71rnAsVOo+5AbQcamfm02QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOfz1qwXd/GMUP/5k38tQIlO8i1WMB8GA1UdIwQY
MBaAFOksQV0Xda6Zk+kAp1NrRqsUSpqiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlN4QlhSZDFycG1UNlFDblUydEdxeFJLbXFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS8wODk4YmUtYjAzNy00MjlmLWI1MDQt
MWQ5MzRhMDQ4NDc0LzEvNV9QV3JCZDM4WXhRX19tVGZ5MUFpVTd5TFZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS8wODk4YmUtYjAzNy00MjlmLWI1MDQtMWQ5MzRhMDQ4NDc0
LzEvNlN4QlhSZDFycG1UNlFDblUydEdxeFJLbXFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW98HMA0G
CSqGSIb3DQEBCwUAA4IBAQCz6rpQ9lHswTgf2rT2oZkokPEom1Pa4rSEMv7WxB2Y
YxWeM00KSouA7Y0F9Ej1YfQTVmUODygXy5gggvTl8tCjpFvVafDTHyFJ93CDWNJg
IZCeCuxa65i3GUjUW/QQPYOjVf0/QXEQi6Pk+Twxsg1iC+bX8zRO5wSbqZH9j0gp
6YjW0HH7snng3S25VZK93+jfmbT6Z8ms5NxSXJTZvE0pQmUJ81JO6c4Fvm0BzREY
tPRGMbAr+mUV2WJ/xXRNgduBznxvEgP6dv4ssnMI8DiJAWf3CBkz+oYzkb1w/e1q
7IxJMnhHT3udt+YwvSRXLV0GbqC0YCxDYBA8Stf0cTn5
-----END CERTIFICATE-----
Generated at Fri Nov 22 22:30:29 2024 by rpki-client on console-fra.rpki-client.org