Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/pvMmgYGITWZ5kATk1-L7enPTOr8.roa
File:                     pvMmgYGITWZ5kATk1-L7enPTOr8.roa (raw, json)
Hash identifier:          /S6l2kFdeHe3G2wA7/bgKdYmjFFke+r4sB6CLGRvgJ8=
Subject key identifier:   A6:F3:26:81:81:88:4D:66:79:90:04:E4:D7:E2:FB:7A:73:D3:3A:BF
Certificate issuer:       /CN=8193ffe9db37626b13f85d7cc457aad5c1f30c9f
Certificate serial:       018CC94AB847DAB043917AD1573A995E3AD1
Authority key identifier: 81:93:FF:E9:DB:37:62:6B:13:F8:5D:7C:C4:57:AA:D5:C1:F3:0C:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/pvMmgYGITWZ5kATk1-L7enPTOr8.roa
Signing time:             Tue 02 Jan 2024 08:29:26 +0000
ROA not before:           Tue 02 Jan 2024 08:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211373
IP address blocks:        83.147.25.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4a:b8:47:da:b0:43:91:7a:d1:57:3a:99:5e:3a:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8193ffe9db37626b13f85d7cc457aad5c1f30c9f
        Validity
            Not Before: Jan  2 08:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a6f3268181884d66799004e4d7e2fb7a73d33abf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:30:fb:44:57:f0:12:88:c6:37:54:1e:33:b2:
                    e8:f1:bf:1b:ea:18:ac:72:61:54:88:36:fe:bd:85:
                    08:7b:8d:77:56:40:c3:7f:f4:b3:d8:5c:c6:df:86:
                    76:32:1a:c1:c7:24:f7:83:b6:07:79:24:37:15:99:
                    df:b3:b8:8c:6c:8b:7b:c3:58:ea:94:c8:f5:ae:ab:
                    7a:83:c3:aa:cd:83:4e:15:64:15:7b:af:54:ca:bd:
                    6f:97:c4:e1:3f:4d:25:f6:20:10:c1:51:6d:26:0c:
                    4e:5d:be:b3:13:02:4e:7c:86:47:02:9e:41:6c:2f:
                    56:ae:4f:99:b1:4f:18:81:bd:bc:c5:c1:fb:0a:57:
                    3c:45:f0:ba:ac:f6:ae:2b:69:e7:7f:b5:e3:d1:de:
                    17:09:c0:6b:7b:4f:38:da:95:70:b6:4c:ad:2b:5a:
                    3c:32:60:dd:3f:38:29:a4:69:da:af:0f:79:0e:85:
                    ee:dd:ad:88:d3:4f:e9:48:e8:d2:77:8a:0a:7d:e8:
                    1d:3f:b9:1a:bf:2c:19:ad:76:0d:d5:16:09:9e:99:
                    a0:3f:e5:ea:46:05:db:7e:24:9d:40:6d:d1:f0:7a:
                    b8:55:d8:48:b0:53:fe:2a:8e:76:dd:cc:58:c1:a6:
                    5a:40:43:7d:16:2f:89:22:38:27:ba:ab:e0:32:f5:
                    12:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:F3:26:81:81:88:4D:66:79:90:04:E4:D7:E2:FB:7A:73:D3:3A:BF
            X509v3 Authority Key Identifier:
                keyid:81:93:FF:E9:DB:37:62:6B:13:F8:5D:7C:C4:57:AA:D5:C1:F3:0C:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/pvMmgYGITWZ5kATk1-L7enPTOr8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.147.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:08:31:72:9e:7a:7e:30:b9:f6:98:d5:da:33:b3:2d:0d:1d:
         3c:3b:77:28:b1:7e:47:47:c8:c7:71:71:a1:71:2f:96:ff:68:
         c4:f6:65:87:97:24:cb:40:90:85:91:49:a9:c8:5c:7f:51:b0:
         71:4d:7d:cd:d9:a5:77:36:fd:fb:2f:e5:60:39:20:9d:38:ad:
         99:67:20:77:5c:7f:37:42:22:55:93:2b:b9:42:be:36:69:2a:
         c8:09:c9:51:28:31:54:b2:cb:be:34:b8:fc:aa:3a:46:94:e6:
         a9:12:81:7e:75:66:a8:ba:b0:b4:38:ef:82:89:cc:45:93:64:
         ec:1d:fa:48:e4:b7:6d:50:05:2c:15:55:d2:cd:ab:d9:7c:9b:
         63:d8:61:86:96:56:6a:7b:e0:ff:21:66:b0:67:02:b9:1e:38:
         81:f9:89:44:75:c6:14:6f:b8:7a:b9:c0:f4:da:b2:86:22:87:
         c4:61:b6:ec:d6:72:47:1f:16:07:6f:13:bc:78:4b:6d:ac:bd:
         cc:00:ca:0b:3c:e0:e0:f2:c0:1e:41:cd:ae:36:ab:a1:25:72:
         5c:38:f2:d2:10:57:7b:89:dc:41:44:c5:8c:64:61:3c:48:94:
         bb:64:18:65:63:61:67:0a:5d:3e:46:67:ca:83:16:3e:f8:b1:
         bf:5a:d9:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJSrhH2rBDkXrRVzqZXjrRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxOTNmZmU5ZGIzNzYyNmIxM2Y4NWQ3Y2M0NTdhYWQ1YzFm
MzBjOWYwHhcNMjQwMTAyMDgyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNmYzMjY4MTgxODg0ZDY2Nzk5MDA0ZTRkN2UyZmI3YTczZDMzYWJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmDD7RFfwEojGN1QeM7Lo8b8b6his
cmFUiDb+vYUIe413VkDDf/Sz2FzG34Z2MhrBxyT3g7YHeSQ3FZnfs7iMbIt7w1jq
lMj1rqt6g8OqzYNOFWQVe69Uyr1vl8ThP00l9iAQwVFtJgxOXb6zEwJOfIZHAp5B
bC9Wrk+ZsU8Ygb28xcH7Clc8RfC6rPauK2nnf7Xj0d4XCcBre0842pVwtkytK1o8
MmDdPzgppGnarw95DoXu3a2I00/pSOjSd4oKfegdP7kavywZrXYN1RYJnpmgP+Xq
RgXbfiSdQG3R8Hq4VdhIsFP+Ko523cxYwaZaQEN9Fi+JIjgnuqvgMvUS2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKbzJoGBiE1meZAE5Nfi+3pz0zq/MB8GA1UdIwQY
MBaAFIGT/+nbN2JrE/hdfMRXqtXB8wyfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1pQXzZkczNZbXNULUYxOHhGZXExY0h6REo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy83NmJjMWUtYjZmNC00MDhhLWJiODkt
MDhkMTI3MGMyZTcxLzEvcHZNbWdZR0lUV1o1a0FUazEtTDdlblBUT3I4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy83NmJjMWUtYjZmNC00MDhhLWJiODktMDhkMTI3MGMyZTcx
LzEvZ1pQXzZkczNZbXNULUYxOHhGZXExY0h6REo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAU5MZMA0G
CSqGSIb3DQEBCwUAA4IBAQCaCDFynnp+MLn2mNXaM7MtDR08O3cosX5HR8jHcXGh
cS+W/2jE9mWHlyTLQJCFkUmpyFx/UbBxTX3N2aV3Nv37L+VgOSCdOK2ZZyB3XH83
QiJVkyu5Qr42aSrICclRKDFUssu+NLj8qjpGlOapEoF+dWaourC0OO+CicxFk2Ts
HfpI5LdtUAUsFVXSzavZfJtj2GGGllZqe+D/IWawZwK5HjiB+YlEdcYUb7h6ucD0
2rKGIofEYbbs1nJHHxYHbxO8eEttrL3MAMoLPODg8sAeQc2uNquhJXJcOPLSEFd7
idxBRMWMZGE8SJS7ZBhlY2FnCl0+RmfKgxY++LG/Wtnu
-----END CERTIFICATE-----