Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/ca0898-2979-43ae-8b89-fb9741359727/1/7em0t6sNnXkE15I9LtW5nfZVxvg.roa
File:                     7em0t6sNnXkE15I9LtW5nfZVxvg.roa (raw, json)
Hash identifier:          evKJ4zJYuPRPrpsJFXiiLqZgtQcJQ5aAfqovr54sIng=
Subject key identifier:   ED:E9:B4:B7:AB:0D:9D:79:04:D7:92:3D:2E:D5:B9:9D:F6:55:C6:F8
Certificate issuer:       /CN=e575def18a75eb45c440771ace246c50e8a9d316
Certificate serial:       018CC3B70976C93C035BC105822577809858
Authority key identifier: E5:75:DE:F1:8A:75:EB:45:C4:40:77:1A:CE:24:6C:50:E8:A9:D3:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5XXe8Yp160XEQHcaziRsUOip0xY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/ca0898-2979-43ae-8b89-fb9741359727/1/7em0t6sNnXkE15I9LtW5nfZVxvg.roa
Signing time:             Mon 01 Jan 2024 06:30:01 +0000
ROA not before:           Mon 01 Jan 2024 06:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57601
IP address blocks:        91.233.103.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/ca0898-2979-43ae-8b89-fb9741359727/1/5XXe8Yp160XEQHcaziRsUOip0xY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/ca0898-2979-43ae-8b89-fb9741359727/1/5XXe8Yp160XEQHcaziRsUOip0xY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5XXe8Yp160XEQHcaziRsUOip0xY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 13:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:09:76:c9:3c:03:5b:c1:05:82:25:77:80:98:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e575def18a75eb45c440771ace246c50e8a9d316
        Validity
            Not Before: Jan  1 06:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ede9b4b7ab0d9d7904d7923d2ed5b99df655c6f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:c2:11:c6:70:8e:e0:a5:ea:05:9b:f5:95:56:
                    5c:1a:02:c1:a9:33:e6:dc:f4:65:8c:62:80:2b:d7:
                    02:5c:df:d2:a1:31:78:c7:e1:9c:10:f4:ea:3e:c3:
                    dc:44:d8:d7:84:4b:8d:f6:17:ab:81:01:dc:5e:a6:
                    26:7b:68:8e:4d:6b:ab:7c:50:f4:27:73:ff:5a:1c:
                    ce:56:f9:e5:30:91:27:09:84:d2:6c:61:58:6a:eb:
                    ce:f0:57:15:14:fe:c9:ee:ff:5d:40:97:d8:ac:11:
                    b0:54:f2:03:3a:3d:c3:4b:3d:ae:64:b7:df:80:e4:
                    8f:ab:80:12:e5:ba:cd:8e:c1:f6:2b:ea:ca:2f:aa:
                    82:73:a2:62:8d:da:2a:d1:d8:4b:9f:65:ce:11:61:
                    91:9d:36:e3:20:78:bb:d3:ca:68:8a:74:62:30:0c:
                    27:c0:0d:11:98:84:a3:19:15:68:91:7c:9c:33:68:
                    95:bd:3d:17:5f:58:62:93:83:63:db:0a:a6:00:dc:
                    df:3e:f9:59:a8:3e:3e:6e:eb:cc:39:e8:f4:a7:12:
                    3d:16:1f:ee:8e:85:dd:cb:cf:37:64:93:d5:11:d9:
                    49:05:26:e9:2a:3f:58:7d:a9:c4:9b:37:18:c6:14:
                    29:bf:f4:fa:be:d3:67:61:87:9b:44:b9:c0:97:d2:
                    a5:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:E9:B4:B7:AB:0D:9D:79:04:D7:92:3D:2E:D5:B9:9D:F6:55:C6:F8
            X509v3 Authority Key Identifier:
                keyid:E5:75:DE:F1:8A:75:EB:45:C4:40:77:1A:CE:24:6C:50:E8:A9:D3:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5XXe8Yp160XEQHcaziRsUOip0xY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/ca0898-2979-43ae-8b89-fb9741359727/1/7em0t6sNnXkE15I9LtW5nfZVxvg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/ca0898-2979-43ae-8b89-fb9741359727/1/5XXe8Yp160XEQHcaziRsUOip0xY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.233.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:e7:61:98:a0:1f:e3:34:36:50:66:b8:1f:0e:ef:3f:d2:0b:
         dd:bc:6c:55:cc:c3:fb:e1:48:6c:81:ba:5b:42:8f:3e:a7:a9:
         84:ad:76:d1:38:63:28:70:7e:74:98:66:6e:47:b7:d4:97:84:
         78:62:2e:85:c3:43:64:c6:1c:73:c1:6c:ab:44:30:e4:f9:4d:
         33:0c:a8:a7:24:96:52:73:b8:27:4c:bf:49:6a:4d:f2:24:dd:
         34:94:52:56:4c:ce:af:12:19:c6:81:e4:5c:00:62:43:e5:fd:
         1c:b3:6a:ff:24:12:0c:a5:3b:4c:a5:56:7e:a6:1b:67:a6:15:
         d6:eb:3c:fc:ca:15:ba:8d:d8:e7:de:4b:fc:53:40:3d:36:74:
         da:85:5d:c6:3f:e0:5a:a3:82:80:f1:6d:0b:65:e4:6d:1f:52:
         15:da:28:1d:7e:97:3d:05:13:9f:2d:67:d9:ba:0b:3e:b2:d5:
         9f:a4:45:51:a4:2a:70:b7:f4:cb:b2:ea:98:92:25:4f:02:f5:
         d2:97:b6:b2:36:f2:f2:d1:81:d0:e7:b9:f0:b7:71:98:9d:d3:
         ad:d7:e4:fb:f3:8c:6a:73:20:38:69:21:60:d1:74:c1:62:05:
         c5:b3:e2:a0:56:14:18:d4:36:fd:9a:9e:7d:2f:a2:70:60:60:
         0e:42:f4:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtwl2yTwDW8EFgiV3gJhYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1NzVkZWYxOGE3NWViNDVjNDQwNzcxYWNlMjQ2YzUwZThh
OWQzMTYwHhcNMjQwMTAxMDYzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZGU5YjRiN2FiMGQ5ZDc5MDRkNzkyM2QyZWQ1Yjk5ZGY2NTVjNmY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqsIRxnCO4KXqBZv1lVZcGgLBqTPm
3PRljGKAK9cCXN/SoTF4x+GcEPTqPsPcRNjXhEuN9hergQHcXqYme2iOTWurfFD0
J3P/WhzOVvnlMJEnCYTSbGFYauvO8FcVFP7J7v9dQJfYrBGwVPIDOj3DSz2uZLff
gOSPq4AS5brNjsH2K+rKL6qCc6Jijdoq0dhLn2XOEWGRnTbjIHi708poinRiMAwn
wA0RmISjGRVokXycM2iVvT0XX1hik4Nj2wqmANzfPvlZqD4+buvMOej0pxI9Fh/u
joXdy883ZJPVEdlJBSbpKj9YfanEmzcYxhQpv/T6vtNnYYebRLnAl9Kl3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO3ptLerDZ15BNeSPS7VuZ32Vcb4MB8GA1UdIwQY
MBaAFOV13vGKdetFxEB3Gs4kbFDoqdMWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVhYZThZcDE2MFhFUUhjYXppUnNVT2lwMHhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy9jYTA4OTgtMjk3OS00M2FlLThiODkt
ZmI5NzQxMzU5NzI3LzEvN2VtMHQ2c05uWGtFMTVJOUx0VzVuZlpWeHZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy9jYTA4OTgtMjk3OS00M2FlLThiODktZmI5NzQxMzU5NzI3
LzEvNVhYZThZcDE2MFhFUUhjYXppUnNVT2lwMHhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+lnMA0G
CSqGSIb3DQEBCwUAA4IBAQAV52GYoB/jNDZQZrgfDu8/0gvdvGxVzMP74Uhsgbpb
Qo8+p6mErXbROGMocH50mGZuR7fUl4R4Yi6Fw0NkxhxzwWyrRDDk+U0zDKinJJZS
c7gnTL9Jak3yJN00lFJWTM6vEhnGgeRcAGJD5f0cs2r/JBIMpTtMpVZ+phtnphXW
6zz8yhW6jdjn3kv8U0A9NnTahV3GP+Bao4KA8W0LZeRtH1IV2igdfpc9BROfLWfZ
ugs+stWfpEVRpCpwt/TLsuqYkiVPAvXSl7ayNvLy0YHQ57nwt3GYndOt1+T784xq
cyA4aSFg0XTBYgXFs+KgVhQY1Db9mp59L6JwYGAOQvRT
-----END CERTIFICATE-----