Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/303105-e7c8-4a44-a181-cb40ee048dc0/1/c7GHjUXvP8btIvcml4LcD4VkYOM.roa
File:                     c7GHjUXvP8btIvcml4LcD4VkYOM.roa (raw, json)
Hash identifier:          lgKa9wCtaIjipobvxaCb69zyYXCluB6896+GR28i1Y4=
Subject key identifier:   73:B1:87:8D:45:EF:3F:C6:ED:22:F7:26:97:82:DC:0F:85:64:60:E3
Certificate issuer:       /CN=a07dcb6db9a75c1017fee672f73b961771b77ca1
Certificate serial:       018CCA29827D38BB8325074AE0F73A6C33AA
Authority key identifier: A0:7D:CB:6D:B9:A7:5C:10:17:FE:E6:72:F7:3B:96:17:71:B7:7C:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oH3LbbmnXBAX_uZy9zuWF3G3fKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/303105-e7c8-4a44-a181-cb40ee048dc0/1/c7GHjUXvP8btIvcml4LcD4VkYOM.roa
Signing time:             Tue 02 Jan 2024 12:32:47 +0000
ROA not before:           Tue 02 Jan 2024 12:32:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212472
IP address blocks:        31.12.72.0/24 maxlen: 24
                          213.163.252.0/23 maxlen: 24
                          2a12:acc0::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/303105-e7c8-4a44-a181-cb40ee048dc0/1/oH3LbbmnXBAX_uZy9zuWF3G3fKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/303105-e7c8-4a44-a181-cb40ee048dc0/1/oH3LbbmnXBAX_uZy9zuWF3G3fKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oH3LbbmnXBAX_uZy9zuWF3G3fKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 30 Jun 2024 01:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:82:7d:38:bb:83:25:07:4a:e0:f7:3a:6c:33:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a07dcb6db9a75c1017fee672f73b961771b77ca1
        Validity
            Not Before: Jan  2 12:32:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=73b1878d45ef3fc6ed22f7269782dc0f856460e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:87:50:75:1e:98:ec:08:23:79:4f:95:69:40:
                    d1:ab:35:ef:71:9a:f8:09:c2:7a:8f:2a:6a:f8:6a:
                    56:e1:0b:a1:29:b1:42:02:19:4a:70:dc:d2:d2:96:
                    32:7a:aa:03:01:bb:4e:86:32:da:d9:d3:96:2e:fb:
                    d3:3f:55:c6:6a:64:fa:c0:5f:d1:7e:f4:fb:73:99:
                    fe:4a:1d:93:7b:e1:c5:12:1d:27:88:7b:df:3f:84:
                    6d:26:8f:38:2e:b3:e4:f3:10:13:26:0e:36:9b:24:
                    05:75:29:de:72:9d:69:a3:b2:d5:99:91:ba:94:15:
                    ae:d7:c2:4e:be:ea:3f:9b:50:64:c5:46:f0:ed:45:
                    ea:cc:00:fa:b5:a8:e5:1c:a2:26:da:f0:18:fd:56:
                    a8:72:f4:43:26:75:3b:cd:5b:16:f3:d6:a6:1d:7c:
                    e0:71:45:72:1b:29:39:ec:63:f1:84:fa:cd:16:45:
                    89:e1:29:e4:2a:a9:8f:f0:67:0f:b5:4c:96:1a:04:
                    bd:bd:39:7c:27:20:8a:b2:38:60:77:8e:66:82:c1:
                    22:34:51:c4:29:c1:bf:39:2a:db:d5:5c:0f:5e:65:
                    44:65:e2:75:2c:a1:b7:e0:c9:e2:76:19:a1:03:2f:
                    79:8f:39:af:95:f7:1a:07:a6:ae:1a:7a:b2:d5:f2:
                    5e:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:B1:87:8D:45:EF:3F:C6:ED:22:F7:26:97:82:DC:0F:85:64:60:E3
            X509v3 Authority Key Identifier:
                keyid:A0:7D:CB:6D:B9:A7:5C:10:17:FE:E6:72:F7:3B:96:17:71:B7:7C:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oH3LbbmnXBAX_uZy9zuWF3G3fKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/303105-e7c8-4a44-a181-cb40ee048dc0/1/c7GHjUXvP8btIvcml4LcD4VkYOM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/303105-e7c8-4a44-a181-cb40ee048dc0/1/oH3LbbmnXBAX_uZy9zuWF3G3fKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.12.72.0/24
                  213.163.252.0/23
                IPv6:
                  2a12:acc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         05:60:b0:11:50:17:3b:21:13:31:4d:ea:ec:5f:f8:33:dd:c6:
         cf:29:50:96:58:a5:25:9f:1a:4f:e5:54:41:cc:14:46:38:3e:
         32:e9:28:af:96:73:56:cd:fa:a1:2e:ad:23:aa:48:cd:57:df:
         42:9f:1b:49:c1:44:fe:de:b6:df:48:06:81:d7:13:5d:1e:3e:
         f5:a7:4f:91:b3:65:28:a6:86:66:f2:e0:f3:ac:71:c7:b0:a8:
         0c:42:7c:57:ca:45:9f:e7:23:e6:d7:90:e9:b9:1b:09:35:84:
         53:58:70:64:91:9d:14:b1:bd:f6:d4:a3:db:e1:72:64:98:93:
         8d:ad:a5:b1:3b:83:29:e5:18:f9:93:11:2a:bc:9f:47:bd:8a:
         37:60:ef:ba:44:f9:9e:95:b5:03:a4:33:6a:54:c2:69:10:60:
         b7:bd:36:92:80:bd:ed:9a:ca:59:fa:1c:58:4f:c5:d3:44:15:
         05:5f:07:9a:32:c1:63:c4:a8:c5:08:73:eb:7f:6b:b2:0f:28:
         15:b9:8d:18:5a:6c:d1:81:05:bb:03:84:4f:7f:6f:73:35:c8:
         ec:9a:bc:d5:3e:cf:e8:33:3f:9a:27:27:4c:4e:e5:06:fe:60:
         2a:85:62:24:82:d4:f0:2b:cd:e0:84:8d:51:60:a5:cb:35:35:
         f5:e7:f0:39
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzKKYJ9OLuDJQdK4Pc6bDOqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwN2RjYjZkYjlhNzVjMTAxN2ZlZTY3MmY3M2I5NjE3NzFi
NzdjYTEwHhcNMjQwMTAyMTIzMjQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3M2IxODc4ZDQ1ZWYzZmM2ZWQyMmY3MjY5NzgyZGMwZjg1NjQ2MGUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjodQdR6Y7AgjeU+VaUDRqzXvcZr4
CcJ6jypq+GpW4QuhKbFCAhlKcNzS0pYyeqoDAbtOhjLa2dOWLvvTP1XGamT6wF/R
fvT7c5n+Sh2Te+HFEh0niHvfP4RtJo84LrPk8xATJg42myQFdSnecp1po7LVmZG6
lBWu18JOvuo/m1BkxUbw7UXqzAD6tajlHKIm2vAY/VaocvRDJnU7zVsW89amHXzg
cUVyGyk57GPxhPrNFkWJ4SnkKqmP8GcPtUyWGgS9vTl8JyCKsjhgd45mgsEiNFHE
KcG/OSrb1VwPXmVEZeJ1LKG34MnidhmhAy95jzmvlfcaB6auGnqy1fJePQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFHOxh41F7z/G7SL3JpeC3A+FZGDjMB8GA1UdIwQY
MBaAFKB9y225p1wQF/7mcvc7lhdxt3yhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb0gzTGJibW5YQkFYX3VaeTl6dVdGM0czZktFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS8zMDMxMDUtZTdjOC00YTQ0LWExODEt
Y2I0MGVlMDQ4ZGMwLzEvYzdHSGpVWHZQOGJ0SXZjbWw0TGNENFZrWU9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS8zMDMxMDUtZTdjOC00YTQ0LWExODEtY2I0MGVlMDQ4ZGMw
LzEvb0gzTGJibW5YQkFYX3VaeTl6dVdGM0czZktFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAHwxIAwQB
1aP8MA0EAgACMAcDBQMqEqzAMA0GCSqGSIb3DQEBCwUAA4IBAQAFYLARUBc7IRMx
TersX/gz3cbPKVCWWKUlnxpP5VRBzBRGOD4y6SivlnNWzfqhLq0jqkjNV99CnxtJ
wUT+3rbfSAaB1xNdHj71p0+Rs2UopoZm8uDzrHHHsKgMQnxXykWf5yPm15DpuRsJ
NYRTWHBkkZ0Usb321KPb4XJkmJONraWxO4Mp5Rj5kxEqvJ9HvYo3YO+6RPmelbUD
pDNqVMJpEGC3vTaSgL3tmspZ+hxYT8XTRBUFXweaMsFjxKjFCHPrf2uyDygVuY0Y
WmzRgQW7A4RPf29zNcjsmrzVPs/oMz+aJydMTuUG/mAqhWIkgtTwK83ghI1RYKXL
NTX15/A5
-----END CERTIFICATE-----