Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/7faf5e-7435-49fe-acd7-20fbc906494b/1/YmZ3Bhdexlbcjbv4xcak1mtxPio.roa
File:                     YmZ3Bhdexlbcjbv4xcak1mtxPio.roa (raw, json)
Hash identifier:          PaSP5QT51Y7hFX6jkfJrFitvo2JrC/KUVVVm99tQWDI=
Subject key identifier:   62:66:77:06:17:5E:C6:56:DC:8D:BB:F8:C5:C6:A4:D6:6B:71:3E:2A
Certificate issuer:       /CN=07a6a589ee848a8052238191b98035e775122725
Certificate serial:       018CC493686B037614025691200D3635FDC7
Authority key identifier: 07:A6:A5:89:EE:84:8A:80:52:23:81:91:B9:80:35:E7:75:12:27:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B6alie6EioBSI4GRuYA153USJyU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/7faf5e-7435-49fe-acd7-20fbc906494b/1/YmZ3Bhdexlbcjbv4xcak1mtxPio.roa
Signing time:             Mon 01 Jan 2024 10:30:43 +0000
ROA not before:           Mon 01 Jan 2024 10:30:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        193.207.0.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/7faf5e-7435-49fe-acd7-20fbc906494b/1/B6alie6EioBSI4GRuYA153USJyU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/7faf5e-7435-49fe-acd7-20fbc906494b/1/B6alie6EioBSI4GRuYA153USJyU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B6alie6EioBSI4GRuYA153USJyU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 19:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:68:6b:03:76:14:02:56:91:20:0d:36:35:fd:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07a6a589ee848a8052238191b98035e775122725
        Validity
            Not Before: Jan  1 10:30:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=62667706175ec656dc8dbbf8c5c6a4d66b713e2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:e6:e9:bd:fc:35:cf:ca:10:7e:e1:bd:0f:de:
                    c5:81:49:73:e7:d3:73:03:7c:93:7c:00:7c:79:44:
                    7b:aa:67:d0:3f:b1:ae:65:58:91:17:33:6f:63:12:
                    60:e2:f1:07:a0:ce:3e:7e:cb:8d:38:42:49:56:29:
                    10:7e:25:a1:b0:b6:a5:11:5b:9d:e8:6e:cf:01:a6:
                    49:e7:e1:04:b2:ef:9a:55:c0:c6:a8:39:59:5b:2b:
                    1f:51:07:3e:38:64:98:70:45:19:05:5d:b4:6c:6c:
                    31:c6:78:b8:8a:53:6d:1f:a4:1c:c7:0b:c1:f5:74:
                    e4:56:07:b8:fa:3f:d0:be:34:ad:3c:42:94:aa:66:
                    62:91:80:13:47:c9:b7:72:bd:4c:cf:56:cf:c2:cc:
                    f6:f2:92:7f:d2:a5:81:c7:a9:1d:9f:24:4a:15:d3:
                    7f:00:66:13:e8:67:89:89:01:c5:a7:4c:78:0a:05:
                    09:b3:a2:0c:2d:e9:42:0c:e7:b8:c2:3f:d5:a8:90:
                    91:f0:85:62:05:1c:e9:7e:4d:93:50:27:4a:8d:45:
                    67:50:30:a9:89:20:69:0c:5e:93:05:c4:10:22:23:
                    ba:dd:15:5d:5d:44:25:a2:81:20:5c:26:40:03:a2:
                    67:60:42:e5:38:45:84:6f:40:37:ed:9b:9f:47:49:
                    ee:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:66:77:06:17:5E:C6:56:DC:8D:BB:F8:C5:C6:A4:D6:6B:71:3E:2A
            X509v3 Authority Key Identifier:
                keyid:07:A6:A5:89:EE:84:8A:80:52:23:81:91:B9:80:35:E7:75:12:27:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B6alie6EioBSI4GRuYA153USJyU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/7faf5e-7435-49fe-acd7-20fbc906494b/1/YmZ3Bhdexlbcjbv4xcak1mtxPio.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/7faf5e-7435-49fe-acd7-20fbc906494b/1/B6alie6EioBSI4GRuYA153USJyU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.207.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:d4:99:f6:34:4a:e0:01:cf:31:e8:23:92:7f:6f:b4:c8:53:
         61:7a:9d:22:b7:c7:2f:93:91:f4:70:37:c7:e6:d6:1a:bb:8e:
         01:47:88:8c:b8:54:bc:d8:a3:c0:85:e8:be:41:3d:a8:00:48:
         33:4a:94:4e:ea:6e:59:58:49:c2:cc:99:6d:ef:f8:df:c7:8f:
         87:69:57:c8:6c:a0:ff:eb:55:42:a1:37:18:ed:33:70:f6:83:
         63:3c:f3:f7:2a:ae:90:33:f6:37:b0:b3:e7:69:77:ed:f8:2b:
         df:f6:a6:93:23:36:04:a2:11:9d:1c:42:27:e9:d5:90:ef:8a:
         90:10:ee:b7:c0:63:d1:c4:56:ff:2f:65:de:29:3e:17:0a:dd:
         61:1f:39:c9:fa:18:3f:62:f3:32:5a:49:b1:ee:24:b8:1f:2c:
         a8:69:3c:0b:52:e0:3c:87:82:db:8c:9c:11:be:e5:8e:a2:60:
         a5:7a:b1:33:db:5b:85:a4:43:c5:e4:95:81:31:0e:2f:f0:93:
         4b:40:84:43:fb:eb:22:29:30:2d:de:00:32:c3:5f:73:fc:75:
         81:f2:13:cf:b6:31:09:7f:3a:2a:5e:29:bf:ea:f2:4c:0a:49:
         6d:be:49:3e:d6:c1:66:1c:ad:f1:dc:ec:f0:c9:aa:44:ee:44:
         3a:63:da:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk2hrA3YUAlaRIA02Nf3HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3YTZhNTg5ZWU4NDhhODA1MjIzODE5MWI5ODAzNWU3NzUx
MjI3MjUwHhcNMjQwMTAxMTAzMDQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjY2NzcwNjE3NWVjNjU2ZGM4ZGJiZjhjNWM2YTRkNjZiNzEzZTJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi+bpvfw1z8oQfuG9D97FgUlz59Nz
A3yTfAB8eUR7qmfQP7GuZViRFzNvYxJg4vEHoM4+fsuNOEJJVikQfiWhsLalEVud
6G7PAaZJ5+EEsu+aVcDGqDlZWysfUQc+OGSYcEUZBV20bGwxxni4ilNtH6QcxwvB
9XTkVge4+j/QvjStPEKUqmZikYATR8m3cr1Mz1bPwsz28pJ/0qWBx6kdnyRKFdN/
AGYT6GeJiQHFp0x4CgUJs6IMLelCDOe4wj/VqJCR8IViBRzpfk2TUCdKjUVnUDCp
iSBpDF6TBcQQIiO63RVdXUQlooEgXCZAA6JnYELlOEWEb0A37ZufR0nukwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGJmdwYXXsZW3I27+MXGpNZrcT4qMB8GA1UdIwQY
MBaAFAempYnuhIqAUiOBkbmANed1EiclMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQjZhbGllNkVpb0JTSTRHUnVZQTE1M1VTSnlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC83ZmFmNWUtNzQzNS00OWZlLWFjZDct
MjBmYmM5MDY0OTRiLzEvWW1aM0JoZGV4bGJjamJ2NHhjYWsxbXR4UGlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC83ZmFmNWUtNzQzNS00OWZlLWFjZDctMjBmYmM5MDY0OTRi
LzEvQjZhbGllNkVpb0JTSTRHUnVZQTE1M1VTSnlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwc8AMA0G
CSqGSIb3DQEBCwUAA4IBAQBu1Jn2NErgAc8x6COSf2+0yFNhep0it8cvk5H0cDfH
5tYau44BR4iMuFS82KPAhei+QT2oAEgzSpRO6m5ZWEnCzJlt7/jfx4+HaVfIbKD/
61VCoTcY7TNw9oNjPPP3Kq6QM/Y3sLPnaXft+Cvf9qaTIzYEohGdHEIn6dWQ74qQ
EO63wGPRxFb/L2XeKT4XCt1hHznJ+hg/YvMyWkmx7iS4HyyoaTwLUuA8h4LbjJwR
vuWOomClerEz21uFpEPF5JWBMQ4v8JNLQIRD++siKTAt3gAyw19z/HWB8hPPtjEJ
fzoqXim/6vJMCkltvkk+1sFmHK3x3OzwyapE7kQ6Y9o/
-----END CERTIFICATE-----