Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/4b6354-a7a3-4351-a7de-aeac5d9cdc7b/1/EA0oQHmxnPcNlpweYhvIMkBKglE.roa
File:                     EA0oQHmxnPcNlpweYhvIMkBKglE.roa (raw, json)
Hash identifier:          uYWUjtu/Ae0e/YPJHkelU6+QkDBBjNcOs4VBDPAZ47c=
Subject key identifier:   10:0D:28:40:79:B1:9C:F7:0D:96:9C:1E:62:1B:C8:32:40:4A:82:51
Certificate issuer:       /CN=048eefb5b26483561711c990f20ff552ac4e2c9c
Certificate serial:       018CC348B7BF250065A3C078F11AF62FF9AF
Authority key identifier: 04:8E:EF:B5:B2:64:83:56:17:11:C9:90:F2:0F:F5:52:AC:4E:2C:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BI7vtbJkg1YXEcmQ8g_1UqxOLJw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/4b6354-a7a3-4351-a7de-aeac5d9cdc7b/1/EA0oQHmxnPcNlpweYhvIMkBKglE.roa
Signing time:             Mon 01 Jan 2024 04:29:31 +0000
ROA not before:           Mon 01 Jan 2024 04:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42082
IP address blocks:        91.151.128.0/20 maxlen: 24
                          185.146.176.0/22 maxlen: 24
                          2a03:3580::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/4b6354-a7a3-4351-a7de-aeac5d9cdc7b/1/BI7vtbJkg1YXEcmQ8g_1UqxOLJw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/4b6354-a7a3-4351-a7de-aeac5d9cdc7b/1/BI7vtbJkg1YXEcmQ8g_1UqxOLJw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BI7vtbJkg1YXEcmQ8g_1UqxOLJw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 07:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:b7:bf:25:00:65:a3:c0:78:f1:1a:f6:2f:f9:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048eefb5b26483561711c990f20ff552ac4e2c9c
        Validity
            Not Before: Jan  1 04:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=100d284079b19cf70d969c1e621bc832404a8251
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:00:f6:de:a4:c4:06:8f:ee:fb:02:18:8d:ad:
                    a9:46:f6:46:fb:e1:46:62:bf:d8:7f:9b:46:bd:dd:
                    82:b2:82:c4:92:61:9d:48:87:62:62:5e:3c:c1:e7:
                    ca:0b:12:c1:3d:0f:02:5f:09:87:b1:f6:a2:c7:a0:
                    4e:e8:e7:f8:9e:4d:2d:26:e8:a1:ed:b7:7e:c7:31:
                    2e:8a:fd:56:d9:f5:a4:41:af:cc:a9:cb:c3:5d:a1:
                    b1:43:f0:f8:9a:69:4b:24:db:de:43:b4:23:24:2e:
                    9a:3c:27:b6:e3:1a:7c:4b:92:10:35:88:d5:9c:eb:
                    94:d6:d8:62:d5:33:03:91:ff:0f:b1:22:36:3b:10:
                    bf:a3:0f:83:5e:aa:60:a4:ab:b1:67:60:00:a8:30:
                    c4:6a:9c:20:0b:61:3b:65:d6:87:c7:13:4b:22:42:
                    66:2a:57:1d:59:66:6e:b3:bf:a7:d7:b9:fc:38:cb:
                    cf:a5:78:f3:bb:47:24:c5:7c:9c:b2:d3:9a:62:7a:
                    57:1f:c2:86:2f:8c:db:4f:f3:6c:14:80:27:a9:44:
                    36:74:10:2c:8a:97:5c:9e:d1:0c:35:7b:a8:6d:dc:
                    c0:fd:c9:88:12:b0:7a:a0:bf:93:f4:e8:7f:d6:4a:
                    22:73:e6:89:31:26:79:52:6f:b8:8a:ab:0a:0d:b4:
                    2d:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:0D:28:40:79:B1:9C:F7:0D:96:9C:1E:62:1B:C8:32:40:4A:82:51
            X509v3 Authority Key Identifier:
                keyid:04:8E:EF:B5:B2:64:83:56:17:11:C9:90:F2:0F:F5:52:AC:4E:2C:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BI7vtbJkg1YXEcmQ8g_1UqxOLJw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/4b6354-a7a3-4351-a7de-aeac5d9cdc7b/1/EA0oQHmxnPcNlpweYhvIMkBKglE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/4b6354-a7a3-4351-a7de-aeac5d9cdc7b/1/BI7vtbJkg1YXEcmQ8g_1UqxOLJw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.151.128.0/20
                  185.146.176.0/22
                IPv6:
                  2a03:3580::/32

    Signature Algorithm: sha256WithRSAEncryption
         6f:ba:79:86:9f:67:32:0e:d8:b2:6e:9e:28:46:f5:3c:1a:97:
         7d:84:da:ed:d5:c8:47:09:9d:fa:11:66:63:f1:d5:a9:9e:a8:
         53:7b:cd:ee:3b:72:4e:87:f8:f1:a6:ba:2d:76:23:56:c4:ba:
         fc:fb:9b:9b:a6:8a:ad:af:0d:fe:31:b9:7b:f1:5d:07:4c:49:
         57:1f:87:7f:fd:ab:c4:7e:cc:f3:a0:93:ea:1f:54:7e:ce:bc:
         db:dc:bd:15:e6:01:89:6a:6a:65:38:93:d3:4e:66:b3:fa:09:
         fa:8b:06:7b:4e:df:7d:63:bd:68:07:44:ae:2b:4c:01:1a:33:
         22:7e:a7:98:db:e2:27:fd:9a:00:4b:1c:3e:1a:56:88:06:97:
         ec:ac:6c:ba:c9:78:67:f9:60:d2:a0:18:5f:38:6d:72:f9:80:
         6f:d0:34:7a:41:1a:68:f8:1f:e0:5c:a6:2c:88:ef:e1:42:11:
         47:5a:39:d8:ff:6c:cd:45:fe:47:1f:1a:41:01:0b:7d:4a:2b:
         e0:f9:51:17:ec:8c:f8:cb:db:58:df:13:31:8b:de:b7:e5:8e:
         83:bb:5c:dd:a4:05:68:34:32:46:ea:29:81:42:25:ee:82:42:
         6e:df:17:6e:aa:82:fd:1b:a7:c2:e9:3d:db:ca:36:b4:a5:62:
         d4:fc:74:2a
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzDSLe/JQBlo8B48Rr2L/mvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0OGVlZmI1YjI2NDgzNTYxNzExYzk5MGYyMGZmNTUyYWM0
ZTJjOWMwHhcNMjQwMTAxMDQyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDBkMjg0MDc5YjE5Y2Y3MGQ5NjljMWU2MjFiYzgzMjQwNGE4MjUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAggD23qTEBo/u+wIYja2pRvZG++FG
Yr/Yf5tGvd2CsoLEkmGdSIdiYl48wefKCxLBPQ8CXwmHsfaix6BO6Of4nk0tJuih
7bd+xzEuiv1W2fWkQa/MqcvDXaGxQ/D4mmlLJNveQ7QjJC6aPCe24xp8S5IQNYjV
nOuU1thi1TMDkf8PsSI2OxC/ow+DXqpgpKuxZ2AAqDDEapwgC2E7ZdaHxxNLIkJm
KlcdWWZus7+n17n8OMvPpXjzu0ckxXycstOaYnpXH8KGL4zbT/NsFIAnqUQ2dBAs
ipdcntEMNXuobdzA/cmIErB6oL+T9Oh/1koic+aJMSZ5Um+4iqsKDbQtbwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFBANKEB5sZz3DZacHmIbyDJASoJRMB8GA1UdIwQY
MBaAFASO77WyZINWFxHJkPIP9VKsTiycMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQkk3dnRiSmtnMVlYRWNtUThnXzFVcXhPTEp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS80YjYzNTQtYTdhMy00MzUxLWE3ZGUt
YWVhYzVkOWNkYzdiLzEvRUEwb1FIbXhuUGNObHB3ZVlodklNa0JLZ2xFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS80YjYzNTQtYTdhMy00MzUxLWE3ZGUtYWVhYzVkOWNkYzdi
LzEvQkk3dnRiSmtnMVlYRWNtUThnXzFVcXhPTEp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQEW5eAAwQC
uZKwMA0EAgACMAcDBQAqAzWAMA0GCSqGSIb3DQEBCwUAA4IBAQBvunmGn2cyDtiy
bp4oRvU8Gpd9hNrt1chHCZ36EWZj8dWpnqhTe83uO3JOh/jxprotdiNWxLr8+5ub
poqtrw3+Mbl78V0HTElXH4d//avEfszzoJPqH1R+zrzb3L0V5gGJamplOJPTTmaz
+gn6iwZ7Tt99Y71oB0SuK0wBGjMifqeY2+In/ZoASxw+GlaIBpfsrGy6yXhn+WDS
oBhfOG1y+YBv0DR6QRpo+B/gXKYsiO/hQhFHWjnY/2zNRf5HHxpBAQt9Sivg+VEX
7Iz4y9tY3xMxi9635Y6Du1zdpAVoNDJG6imBQiXugkJu3xduqoL9G6fC6T3byja0
pWLU/HQq
-----END CERTIFICATE-----