Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/57cb04-58ce-433b-93ab-10bc59d8ff8d/1/7_r-Ds94yPYLchK-Nf6YJT24eLc.roa
File:                     7_r-Ds94yPYLchK-Nf6YJT24eLc.roa (raw, json)
Hash identifier:          bQC8jdLR+AmeVqSsINRsAzDzLRqdvnPDS88Fum76t1Y=
Subject key identifier:   EF:FA:FE:0E:CF:78:C8:F6:0B:72:12:BE:35:FE:98:25:3D:B8:78:B7
Certificate issuer:       /CN=83486841b4f4adc56264c5963085182a220e46d4
Certificate serial:       018EA973AC6CC404CFC0229D648A91D9896E
Authority key identifier: 83:48:68:41:B4:F4:AD:C5:62:64:C5:96:30:85:18:2A:22:0E:46:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g0hoQbT0rcViZMWWMIUYKiIORtQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/57cb04-58ce-433b-93ab-10bc59d8ff8d/1/7_r-Ds94yPYLchK-Nf6YJT24eLc.roa
Signing time:             Thu 04 Apr 2024 14:11:54 +0000
ROA not before:           Thu 04 Apr 2024 14:11:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        185.148.191.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/57cb04-58ce-433b-93ab-10bc59d8ff8d/1/g0hoQbT0rcViZMWWMIUYKiIORtQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/57cb04-58ce-433b-93ab-10bc59d8ff8d/1/g0hoQbT0rcViZMWWMIUYKiIORtQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g0hoQbT0rcViZMWWMIUYKiIORtQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:a9:73:ac:6c:c4:04:cf:c0:22:9d:64:8a:91:d9:89:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=83486841b4f4adc56264c5963085182a220e46d4
        Validity
            Not Before: Apr  4 14:11:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=effafe0ecf78c8f60b7212be35fe98253db878b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:31:6b:54:fe:2b:84:dc:04:e7:53:78:50:bf:
                    86:e0:29:c8:f8:9b:e8:c6:ce:10:64:71:15:65:71:
                    86:69:cf:2e:e3:02:17:0f:61:02:40:4e:67:a6:a5:
                    bb:8e:a1:21:23:9b:85:b8:72:b9:24:e3:52:df:26:
                    0c:d5:18:d7:38:8b:49:0a:52:eb:00:b7:73:b7:9e:
                    d8:e2:63:f3:3c:80:6f:8d:c0:77:06:67:ba:71:ff:
                    17:e0:3b:f5:de:f9:53:cd:d7:98:db:93:a4:a0:b2:
                    fb:1a:74:8b:80:e5:3e:15:ac:94:2e:be:5a:5c:db:
                    09:c1:fb:bb:2a:a2:2d:46:c1:36:5a:f7:39:6c:ad:
                    52:bf:ba:5d:6d:6a:1d:3a:49:05:a7:fb:93:e0:08:
                    d0:9f:cf:a4:52:2e:dd:f4:2e:e5:0c:74:ac:23:bd:
                    2e:3c:26:22:37:f2:85:8f:67:c7:f8:db:5f:ed:27:
                    5c:d6:11:f8:9a:ed:43:d3:c3:35:89:6a:5c:2c:47:
                    15:e3:50:1e:47:49:ef:b8:55:66:11:99:aa:c0:cc:
                    c4:ed:77:6e:fd:18:b8:37:9f:cc:a2:79:56:47:d9:
                    c7:8e:c0:bd:9c:48:bd:e2:33:bb:71:c4:91:c0:df:
                    19:cb:a2:ca:a2:18:6e:f2:29:ae:1d:8e:6a:75:40:
                    e9:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:FA:FE:0E:CF:78:C8:F6:0B:72:12:BE:35:FE:98:25:3D:B8:78:B7
            X509v3 Authority Key Identifier:
                keyid:83:48:68:41:B4:F4:AD:C5:62:64:C5:96:30:85:18:2A:22:0E:46:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g0hoQbT0rcViZMWWMIUYKiIORtQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/57cb04-58ce-433b-93ab-10bc59d8ff8d/1/7_r-Ds94yPYLchK-Nf6YJT24eLc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/57cb04-58ce-433b-93ab-10bc59d8ff8d/1/g0hoQbT0rcViZMWWMIUYKiIORtQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.148.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:8a:f7:42:eb:59:0d:71:f1:53:53:db:b5:d8:9d:f4:5b:55:
         c8:27:76:91:55:8d:20:d5:4c:71:f1:58:6a:20:18:34:b9:cd:
         85:d6:ca:36:a4:ab:68:2e:b8:ce:dd:f0:e6:ec:25:d3:b6:30:
         4f:a7:f3:8c:08:a8:55:8c:2a:24:a6:83:23:54:f4:b8:d1:7e:
         77:38:9f:1c:08:93:06:61:46:f5:3b:83:24:ac:41:6c:64:4b:
         2a:97:6c:c1:e7:a9:1f:29:7b:50:6d:b4:9d:76:12:25:26:ec:
         16:cf:ac:9f:9a:a0:c5:80:52:9a:49:6b:56:9d:be:5d:66:c9:
         f8:5f:08:46:1c:73:40:b4:59:69:9f:d8:9d:7f:ae:5d:d8:d4:
         f4:b1:01:b4:81:a9:b5:82:91:6a:6e:a6:66:3f:9d:ff:82:92:
         16:d3:8b:25:c9:79:a3:93:6d:60:c5:da:1f:00:5e:19:5f:f5:
         50:57:c9:cb:e8:8b:6d:3c:8e:e8:1b:ae:84:63:9c:04:c9:ea:
         2a:cb:0f:5b:52:76:1b:48:22:39:ff:56:35:04:1d:2c:08:ae:
         39:83:39:5c:1f:ce:88:61:39:29:f3:3a:d4:bf:e9:06:f9:ef:
         c2:b7:c8:1d:80:9f:e9:b9:eb:b1:bc:d8:25:d7:8e:ba:a7:f9:
         24:57:d9:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6pc6xsxATPwCKdZIqR2YluMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzNDg2ODQxYjRmNGFkYzU2MjY0YzU5NjMwODUxODJhMjIw
ZTQ2ZDQwHhcNMjQwNDA0MTQxMTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZmZhZmUwZWNmNzhjOGY2MGI3MjEyYmUzNWZlOTgyNTNkYjg3OGI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqDFrVP4rhNwE51N4UL+G4CnI+Jvo
xs4QZHEVZXGGac8u4wIXD2ECQE5npqW7jqEhI5uFuHK5JONS3yYM1RjXOItJClLr
ALdzt57Y4mPzPIBvjcB3Bme6cf8X4Dv13vlTzdeY25OkoLL7GnSLgOU+FayULr5a
XNsJwfu7KqItRsE2Wvc5bK1Sv7pdbWodOkkFp/uT4AjQn8+kUi7d9C7lDHSsI70u
PCYiN/KFj2fH+Ntf7Sdc1hH4mu1D08M1iWpcLEcV41AeR0nvuFVmEZmqwMzE7Xdu
/Ri4N5/MonlWR9nHjsC9nEi94jO7ccSRwN8Zy6LKohhu8imuHY5qdUDpBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO/6/g7PeMj2C3ISvjX+mCU9uHi3MB8GA1UdIwQY
MBaAFINIaEG09K3FYmTFljCFGCoiDkbUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzBob1FiVDByY1ZpWk1XV01JVVlLaUlPUnRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi81N2NiMDQtNThjZS00MzNiLTkzYWIt
MTBiYzU5ZDhmZjhkLzEvN19yLURzOTR5UFlMY2hLLU5mNllKVDI0ZUxjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi81N2NiMDQtNThjZS00MzNiLTkzYWItMTBiYzU5ZDhmZjhk
LzEvZzBob1FiVDByY1ZpWk1XV01JVVlLaUlPUnRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZS/MA0G
CSqGSIb3DQEBCwUAA4IBAQCSivdC61kNcfFTU9u12J30W1XIJ3aRVY0g1Uxx8Vhq
IBg0uc2F1so2pKtoLrjO3fDm7CXTtjBPp/OMCKhVjCokpoMjVPS40X53OJ8cCJMG
YUb1O4MkrEFsZEsql2zB56kfKXtQbbSddhIlJuwWz6yfmqDFgFKaSWtWnb5dZsn4
XwhGHHNAtFlpn9idf65d2NT0sQG0gam1gpFqbqZmP53/gpIW04slyXmjk21gxdof
AF4ZX/VQV8nL6IttPI7oG66EY5wEyeoqyw9bUnYbSCI5/1Y1BB0sCK45gzlcH86I
YTkp8zrUv+kG+e/Ct8gdgJ/pueuxvNgl1466p/kkV9lg
-----END CERTIFICATE-----