Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/e7bUmvu8y84JqEA_jE5DWmv06wo.roa
File:                     e7bUmvu8y84JqEA_jE5DWmv06wo.roa (raw, json)
Hash identifier:          ap+px3r/FzR7APWB/QJzLJ5afrKZQKwiSjfK2HSI7Bw=
Subject key identifier:   7B:B6:D4:9A:FB:BC:CB:CE:09:A8:40:3F:8C:4E:43:5A:6B:F4:EB:0A
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0195EAA7F3C4071DA2E96FEE7E1302951F80
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/e7bUmvu8y84JqEA_jE5DWmv06wo.roa
Signing time:             Mon 31 Mar 2025 05:23:50 +0000
ROA not before:           Mon 31 Mar 2025 05:23:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44092
IP address blocks:        93.88.206.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 May 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:ea:a7:f3:c4:07:1d:a2:e9:6f:ee:7e:13:02:95:1f:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Mar 31 05:23:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7bb6d49afbbccbce09a8403f8c4e435a6bf4eb0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:d0:68:7b:b5:d9:5e:5e:6c:39:68:a1:ed:69:
                    64:46:e0:04:7c:b4:68:42:35:4a:17:d4:54:5d:35:
                    fd:0a:17:b9:69:93:03:9d:1f:58:f0:c7:cc:8a:c6:
                    72:90:78:99:62:ce:67:93:69:84:c9:cc:ff:a0:33:
                    69:a5:fd:8d:1e:12:6b:8b:ed:9d:7e:bf:d4:9f:c1:
                    8c:8e:4f:89:38:c0:c8:3a:1f:6c:53:ac:2f:ce:29:
                    b5:20:de:c9:64:4d:84:3d:30:db:b5:f0:37:d4:fc:
                    e8:32:57:3e:ea:1e:4d:58:a5:f5:e4:c2:a2:6d:e1:
                    e3:03:d5:e9:b9:04:32:eb:72:60:d3:87:02:da:e8:
                    dc:fc:01:f0:cd:25:2a:88:5f:32:12:19:49:09:8b:
                    e7:4f:d5:21:6c:f8:c4:67:4b:d2:b0:a2:b5:81:c4:
                    50:92:2c:1e:5e:73:2e:6f:05:7d:db:64:37:e8:95:
                    3a:fd:a2:24:03:41:cd:3a:b9:6e:84:d4:4b:90:10:
                    8b:6d:01:eb:2a:6d:14:37:0b:b5:ce:88:92:ec:a0:
                    05:8a:6c:23:b8:a9:74:0c:b9:01:89:04:c0:7f:04:
                    0c:21:42:2c:71:16:e7:77:7a:40:3b:5f:e1:26:f8:
                    38:5f:22:c8:35:58:b2:6c:01:55:f0:42:d0:e1:0c:
                    cf:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:B6:D4:9A:FB:BC:CB:CE:09:A8:40:3F:8C:4E:43:5A:6B:F4:EB:0A
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/e7bUmvu8y84JqEA_jE5DWmv06wo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.88.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:f3:a4:88:14:6d:03:b2:66:d5:c4:c9:78:b6:ce:1b:f3:ef:
         fc:0d:c2:32:63:25:fa:7c:3f:84:85:30:33:fb:1a:51:b1:86:
         0c:de:8a:34:b6:72:ad:c2:a7:2e:b4:ad:02:e7:ee:c2:29:a9:
         41:ff:38:f0:25:ba:5f:bc:dd:72:8d:02:bf:be:f9:cd:ba:61:
         e3:1e:6b:e8:67:6e:7b:4c:2f:c5:88:73:99:f7:83:5c:d3:ba:
         25:56:c3:e4:f8:03:19:ba:ae:50:84:ee:aa:47:ad:9a:a0:b2:
         fe:42:b6:c1:c4:66:a6:69:b9:b6:70:6d:f9:ab:da:1e:a4:7a:
         89:f3:77:39:7b:a6:f0:5e:d9:cb:86:a3:a9:0e:34:2c:97:f3:
         23:7d:30:43:ce:90:27:a7:83:62:54:8c:3c:74:ff:40:e0:fb:
         73:60:03:ed:41:52:2b:e1:74:f8:d4:46:b7:25:50:de:df:9e:
         46:de:c0:e4:4b:f7:40:ee:c4:6a:54:2c:72:c8:ef:18:8a:2c:
         2b:28:61:eb:47:c5:26:f9:54:44:3a:8d:d2:c2:f3:4e:f3:5f:
         fa:6e:22:d7:90:2d:39:0f:ac:7b:07:de:eb:2c:30:70:a5:25:
         8f:40:2b:bf:18:00:9c:42:a2:79:db:7c:40:e9:4a:8f:c1:05:
         1e:1e:e1:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZXqp/PEBx2i6W/ufhMClR+AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMzMxMDUyMzUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YmI2ZDQ5YWZiYmNjYmNlMDlhODQwM2Y4YzRlNDM1YTZiZjRlYjBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmtBoe7XZXl5sOWih7WlkRuAEfLRo
QjVKF9RUXTX9Che5aZMDnR9Y8MfMisZykHiZYs5nk2mEycz/oDNppf2NHhJri+2d
fr/Un8GMjk+JOMDIOh9sU6wvzim1IN7JZE2EPTDbtfA31PzoMlc+6h5NWKX15MKi
beHjA9XpuQQy63Jg04cC2ujc/AHwzSUqiF8yEhlJCYvnT9UhbPjEZ0vSsKK1gcRQ
kiweXnMubwV922Q36JU6/aIkA0HNOrluhNRLkBCLbQHrKm0UNwu1zoiS7KAFimwj
uKl0DLkBiQTAfwQMIUIscRbnd3pAO1/hJvg4XyLINViybAFV8ELQ4QzPMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHu21Jr7vMvOCahAP4xOQ1pr9OsKMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvZTdiVW12dTh5ODRKcUVBX2pFNURXbXYwNndvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXVjOMA0G
CSqGSIb3DQEBCwUAA4IBAQAc86SIFG0DsmbVxMl4ts4b8+/8DcIyYyX6fD+EhTAz
+xpRsYYM3oo0tnKtwqcutK0C5+7CKalB/zjwJbpfvN1yjQK/vvnNumHjHmvoZ257
TC/FiHOZ94Nc07olVsPk+AMZuq5QhO6qR62aoLL+QrbBxGamabm2cG35q9oepHqJ
83c5e6bwXtnLhqOpDjQsl/MjfTBDzpAnp4NiVIw8dP9A4PtzYAPtQVIr4XT41Ea3
JVDe355G3sDkS/dA7sRqVCxyyO8YiiwrKGHrR8Um+VREOo3SwvNO81/6biLXkC05
D6x7B97rLDBwpSWPQCu/GACcQqJ523xA6UqPwQUeHuEE
-----END CERTIFICATE-----