Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/bf58da-a9d2-421a-b43a-92c3bf74a97b/1/7ex5US1oQulMCozZUEVxvSsZNzg.roa
File:                     7ex5US1oQulMCozZUEVxvSsZNzg.roa (raw, json)
Hash identifier:          JyzZQpr65qMCQwtcVPiytYR7or/xpCHEBW58hiCNfHY=
Subject key identifier:   ED:EC:79:51:2D:68:42:E9:4C:0A:8C:D9:50:45:71:BD:2B:19:37:38
Certificate issuer:       /CN=2793bde946ae936d3cacc136a5f3239edf2431f4
Certificate serial:       018DA76F8C246B2B13DCF926FA370524EBC3
Authority key identifier: 27:93:BD:E9:46:AE:93:6D:3C:AC:C1:36:A5:F3:23:9E:DF:24:31:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J5O96Uauk208rME2pfMjnt8kMfQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/bf58da-a9d2-421a-b43a-92c3bf74a97b/1/7ex5US1oQulMCozZUEVxvSsZNzg.roa
Signing time:             Wed 14 Feb 2024 11:45:21 +0000
ROA not before:           Wed 14 Feb 2024 11:45:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7018
IP address blocks:        91.188.252.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/bf58da-a9d2-421a-b43a-92c3bf74a97b/1/J5O96Uauk208rME2pfMjnt8kMfQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/bf58da-a9d2-421a-b43a-92c3bf74a97b/1/J5O96Uauk208rME2pfMjnt8kMfQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J5O96Uauk208rME2pfMjnt8kMfQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:a7:6f:8c:24:6b:2b:13:dc:f9:26:fa:37:05:24:eb:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2793bde946ae936d3cacc136a5f3239edf2431f4
        Validity
            Not Before: Feb 14 11:45:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=edec79512d6842e94c0a8cd9504571bd2b193738
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:c4:79:72:c2:51:07:b3:6f:e7:ff:ec:a7:a7:
                    d7:65:f9:03:1a:e2:e3:48:8b:60:f1:62:2a:a9:1e:
                    ac:77:10:51:95:da:72:5e:bc:c4:de:52:b4:fd:c4:
                    07:a2:85:1c:3a:94:95:69:af:6e:82:80:b6:80:b7:
                    37:9a:b5:b7:ef:a5:f6:78:a6:c9:55:80:21:62:e8:
                    9d:d9:16:2c:41:45:91:4a:4a:1c:3b:7b:04:87:c1:
                    53:d4:db:e4:b7:26:15:87:ba:58:05:bc:fc:24:c9:
                    5d:65:a1:3f:b4:ba:1b:de:c5:02:25:c2:7e:0c:24:
                    63:fc:45:c6:88:ab:ac:d2:ff:eb:d4:28:70:83:25:
                    c7:6b:aa:d4:ca:3c:4b:e4:47:2a:4d:dd:df:27:c1:
                    6c:21:f2:93:04:99:92:8a:d6:0a:21:94:3b:9d:05:
                    c8:02:93:84:83:45:35:14:19:3c:4b:5f:a5:59:47:
                    89:d4:e5:12:4f:21:de:b2:e2:df:b6:e7:23:e0:2d:
                    74:82:fa:27:9f:0d:3a:7f:8b:49:e4:cd:55:e5:40:
                    8a:cf:ab:94:28:4f:06:3f:53:1e:bf:71:12:5c:9a:
                    79:9f:32:0d:8e:53:7e:35:21:68:e6:4c:30:6a:57:
                    eb:3a:37:95:6a:9b:af:06:63:47:48:11:5f:de:80:
                    e7:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:EC:79:51:2D:68:42:E9:4C:0A:8C:D9:50:45:71:BD:2B:19:37:38
            X509v3 Authority Key Identifier:
                keyid:27:93:BD:E9:46:AE:93:6D:3C:AC:C1:36:A5:F3:23:9E:DF:24:31:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J5O96Uauk208rME2pfMjnt8kMfQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/bf58da-a9d2-421a-b43a-92c3bf74a97b/1/7ex5US1oQulMCozZUEVxvSsZNzg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/bf58da-a9d2-421a-b43a-92c3bf74a97b/1/J5O96Uauk208rME2pfMjnt8kMfQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.188.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:ee:c7:c4:d0:80:b2:e1:df:46:89:9f:5f:fe:99:a1:3d:75:
         d2:94:82:b6:38:7d:aa:d0:de:5e:ea:ce:b4:f2:2d:47:9d:6f:
         85:b7:08:a9:3f:69:8a:de:57:86:a4:93:01:f4:75:5e:a5:0d:
         0c:fd:53:35:fa:b5:56:f7:d1:c8:d3:47:f3:d1:f6:ac:67:de:
         49:21:cc:23:52:b7:ac:a0:fe:5b:bb:1e:b2:56:93:01:49:2e:
         b9:13:59:80:f3:fe:81:ff:a2:ab:37:c0:aa:7b:b3:3d:e8:66:
         f2:aa:01:d5:b1:1b:42:5f:ba:01:f4:42:03:81:88:7d:d3:fa:
         fe:dc:29:d4:7b:f6:52:b4:bf:0d:83:54:0c:34:bf:65:0e:aa:
         3c:73:60:1e:66:1a:74:0a:7c:98:fc:88:9a:d8:9c:8f:fe:a3:
         3a:56:2c:6f:36:1f:1f:06:59:30:3d:37:a9:80:fd:ce:03:0a:
         18:bb:e4:f5:e0:e9:c6:8e:7f:d2:1c:fd:ab:15:58:3b:18:e3:
         e9:1f:f4:5f:22:36:d4:45:12:af:07:0d:9a:2d:b2:6a:ae:99:
         d0:4e:8f:cc:5b:9b:93:98:43:95:2b:b0:b3:63:d9:ad:9a:f8:
         65:62:43:cf:4b:40:17:2a:61:97:1e:5f:de:84:ad:d8:36:0d:
         6b:7b:fa:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2nb4wkaysT3Pkm+jcFJOvDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OTNiZGU5NDZhZTkzNmQzY2FjYzEzNmE1ZjMyMzllZGYy
NDMxZjQwHhcNMjQwMjE0MTE0NTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZGVjNzk1MTJkNjg0MmU5NGMwYThjZDk1MDQ1NzFiZDJiMTkzNzM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmMR5csJRB7Nv5//sp6fXZfkDGuLj
SItg8WIqqR6sdxBRldpyXrzE3lK0/cQHooUcOpSVaa9ugoC2gLc3mrW376X2eKbJ
VYAhYuid2RYsQUWRSkocO3sEh8FT1NvktyYVh7pYBbz8JMldZaE/tLob3sUCJcJ+
DCRj/EXGiKus0v/r1ChwgyXHa6rUyjxL5EcqTd3fJ8FsIfKTBJmSitYKIZQ7nQXI
ApOEg0U1FBk8S1+lWUeJ1OUSTyHesuLftucj4C10gvonnw06f4tJ5M1V5UCKz6uU
KE8GP1Mev3ESXJp5nzINjlN+NSFo5kwwalfrOjeVapuvBmNHSBFf3oDnnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO3seVEtaELpTAqM2VBFcb0rGTc4MB8GA1UdIwQY
MBaAFCeTvelGrpNtPKzBNqXzI57fJDH0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjVPOTZVYXVrMjA4ck1FMnBmTWpudDhrTWZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi9iZjU4ZGEtYTlkMi00MjFhLWI0M2Et
OTJjM2JmNzRhOTdiLzEvN2V4NVVTMW9RdWxNQ296WlVFVnh2U3NaTnpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi9iZjU4ZGEtYTlkMi00MjFhLWI0M2EtOTJjM2JmNzRhOTdi
LzEvSjVPOTZVYXVrMjA4ck1FMnBmTWpudDhrTWZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW7z8MA0G
CSqGSIb3DQEBCwUAA4IBAQBc7sfE0ICy4d9GiZ9f/pmhPXXSlIK2OH2q0N5e6s60
8i1HnW+FtwipP2mK3leGpJMB9HVepQ0M/VM1+rVW99HI00fz0fasZ95JIcwjUres
oP5bux6yVpMBSS65E1mA8/6B/6KrN8Cqe7M96GbyqgHVsRtCX7oB9EIDgYh90/r+
3CnUe/ZStL8Ng1QMNL9lDqo8c2AeZhp0CnyY/Iia2JyP/qM6VixvNh8fBlkwPTep
gP3OAwoYu+T14OnGjn/SHP2rFVg7GOPpH/RfIjbURRKvBw2aLbJqrpnQTo/MW5uT
mEOVK7CzY9mtmvhlYkPPS0AXKmGXHl/ehK3YNg1re/ro
-----END CERTIFICATE-----