Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/5b1149-647d-4067-9807-445d4588c312/1/ezgTr0JNt3AWLdngxhJQGMv8Kuo.roa
File:                     ezgTr0JNt3AWLdngxhJQGMv8Kuo.roa (raw, json)
Hash identifier:          V2Qz1qtTvo3vVmwftQNU0rS8eJ+z5sLzUc8QzMJjRs0=
Subject key identifier:   7B:38:13:AF:42:4D:B7:70:16:2D:D9:E0:C6:12:50:18:CB:FC:2A:EA
Certificate issuer:       /CN=dac79d2855b897418208d47ba6e51460015b5d7b
Certificate serial:       018CCA28523AFAE04099AE28C67BE92DEA6A
Authority key identifier: DA:C7:9D:28:55:B8:97:41:82:08:D4:7B:A6:E5:14:60:01:5B:5D:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2sedKFW4l0GCCNR7puUUYAFbXXs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/5b1149-647d-4067-9807-445d4588c312/1/ezgTr0JNt3AWLdngxhJQGMv8Kuo.roa
Signing time:             Tue 02 Jan 2024 12:31:29 +0000
ROA not before:           Tue 02 Jan 2024 12:31:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9009
IP address blocks:        213.184.80.0/22 maxlen: 24
                          185.154.216.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/5b1149-647d-4067-9807-445d4588c312/1/2sedKFW4l0GCCNR7puUUYAFbXXs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/5b1149-647d-4067-9807-445d4588c312/1/2sedKFW4l0GCCNR7puUUYAFbXXs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2sedKFW4l0GCCNR7puUUYAFbXXs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 01:01:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:28:52:3a:fa:e0:40:99:ae:28:c6:7b:e9:2d:ea:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dac79d2855b897418208d47ba6e51460015b5d7b
        Validity
            Not Before: Jan  2 12:31:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7b3813af424db770162dd9e0c6125018cbfc2aea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:f8:8f:a2:4a:e6:e1:d6:0a:a8:b6:e0:d4:cf:
                    bb:4c:22:2a:f9:16:a5:39:3f:2c:3a:84:df:20:ab:
                    77:31:15:c9:61:9f:b0:9f:3f:5f:02:5f:fe:cf:6f:
                    8f:99:53:2d:ec:71:99:e8:ab:1b:ae:05:43:a7:c5:
                    1a:6d:93:bf:43:6c:b4:81:f6:bd:cb:03:81:0a:08:
                    b7:ec:52:f0:44:41:ef:2f:5a:3e:d7:6c:86:5f:c7:
                    a4:ca:0e:cf:7c:48:89:ee:cd:70:bc:a7:b4:6d:3d:
                    73:0c:c7:75:b3:ad:f5:c3:ef:bd:c3:d6:b8:44:9c:
                    c9:a2:70:d0:5c:bd:35:b3:79:b0:29:7f:ed:10:83:
                    73:08:f7:ab:ad:a4:3b:0d:4d:cc:31:6a:23:68:08:
                    b5:af:96:58:89:35:61:91:04:37:a0:75:81:bd:38:
                    ac:94:d3:50:d4:ca:f4:3c:f1:4d:12:53:67:7a:12:
                    99:a5:2a:14:9d:e2:05:10:ac:64:d3:a7:2b:c6:34:
                    88:98:5c:92:1f:66:87:c4:eb:59:18:25:f1:75:1d:
                    6c:c4:b8:b5:6c:c3:c0:bb:e3:77:10:57:e5:6b:8d:
                    20:7d:ad:00:a2:16:c5:74:fc:78:b4:3b:d7:a7:94:
                    a1:29:f2:2b:3b:de:3b:f7:db:b5:dc:a8:c3:18:a2:
                    15:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:38:13:AF:42:4D:B7:70:16:2D:D9:E0:C6:12:50:18:CB:FC:2A:EA
            X509v3 Authority Key Identifier:
                keyid:DA:C7:9D:28:55:B8:97:41:82:08:D4:7B:A6:E5:14:60:01:5B:5D:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2sedKFW4l0GCCNR7puUUYAFbXXs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/5b1149-647d-4067-9807-445d4588c312/1/ezgTr0JNt3AWLdngxhJQGMv8Kuo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/5b1149-647d-4067-9807-445d4588c312/1/2sedKFW4l0GCCNR7puUUYAFbXXs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.154.216.0/22
                  213.184.80.0/22

    Signature Algorithm: sha256WithRSAEncryption
         43:f5:b0:6f:54:73:28:9e:d0:e1:7e:f0:6a:7d:c5:de:ea:3b:
         fa:9d:75:d6:ba:b4:12:31:6b:10:c4:db:80:0e:e5:43:e5:3e:
         c1:15:55:4b:46:58:3a:00:53:14:ca:1f:88:dc:30:e6:3e:b6:
         5c:0c:80:72:74:cf:29:1c:53:28:2f:69:c2:25:e6:a5:24:74:
         35:86:37:e0:41:2d:75:4d:69:14:98:04:2e:e7:c9:ee:b7:64:
         f0:c7:92:e0:52:6b:57:0c:cb:1a:c6:c1:03:67:7a:bb:c9:13:
         03:e7:5f:8f:85:c0:34:24:bb:3c:50:42:84:6a:e0:a7:6e:e5:
         56:2d:be:98:8f:5a:87:b0:26:17:20:59:74:85:3f:ac:4c:ab:
         5d:42:a5:a5:ad:af:a6:7a:a3:1d:1b:36:c0:42:84:c2:c2:90:
         92:4d:7b:8f:c2:c9:56:a3:72:0b:c0:b9:f5:b7:d1:97:24:04:
         4e:1e:60:d6:0b:15:14:4c:8c:8b:3a:38:23:17:ef:fd:0c:f0:
         aa:d3:b1:1a:79:4d:a2:59:48:19:ad:5d:59:7a:b5:a2:6d:87:
         f5:38:96:d7:df:0e:5e:37:c6:c8:94:6f:9b:be:f8:29:4a:cb:
         42:81:e0:0d:65:c9:93:47:de:6a:57:dc:c6:63:a0:83:0e:2f:
         6f:a2:77:30
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKKFI6+uBAma4oxnvpLepqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhYzc5ZDI4NTViODk3NDE4MjA4ZDQ3YmE2ZTUxNDYwMDE1
YjVkN2IwHhcNMjQwMTAyMTIzMTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjM4MTNhZjQyNGRiNzcwMTYyZGQ5ZTBjNjEyNTAxOGNiZmMyYWVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0fiPokrm4dYKqLbg1M+7TCIq+Ral
OT8sOoTfIKt3MRXJYZ+wnz9fAl/+z2+PmVMt7HGZ6KsbrgVDp8UabZO/Q2y0gfa9
ywOBCgi37FLwREHvL1o+12yGX8ekyg7PfEiJ7s1wvKe0bT1zDMd1s631w++9w9a4
RJzJonDQXL01s3mwKX/tEINzCPerraQ7DU3MMWojaAi1r5ZYiTVhkQQ3oHWBvTis
lNNQ1Mr0PPFNElNnehKZpSoUneIFEKxk06crxjSImFySH2aHxOtZGCXxdR1sxLi1
bMPAu+N3EFfla40gfa0AohbFdPx4tDvXp5ShKfIrO94799u13KjDGKIVFwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHs4E69CTbdwFi3Z4MYSUBjL/CrqMB8GA1UdIwQY
MBaAFNrHnShVuJdBggjUe6blFGABW117MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnNlZEtGVzRsMEdDQ05SN3B1VVVZQUZiWFhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny81YjExNDktNjQ3ZC00MDY3LTk4MDct
NDQ1ZDQ1ODhjMzEyLzEvZXpnVHIwSk50M0FXTGRuZ3hoSlFHTXY4S3VvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny81YjExNDktNjQ3ZC00MDY3LTk4MDctNDQ1ZDQ1ODhjMzEy
LzEvMnNlZEtGVzRsMEdDQ05SN3B1VVVZQUZiWFhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuZrYAwQC
1bhQMA0GCSqGSIb3DQEBCwUAA4IBAQBD9bBvVHMontDhfvBqfcXe6jv6nXXWurQS
MWsQxNuADuVD5T7BFVVLRlg6AFMUyh+I3DDmPrZcDIBydM8pHFMoL2nCJealJHQ1
hjfgQS11TWkUmAQu58nut2Twx5LgUmtXDMsaxsEDZ3q7yRMD51+PhcA0JLs8UEKE
auCnbuVWLb6Yj1qHsCYXIFl0hT+sTKtdQqWlra+meqMdGzbAQoTCwpCSTXuPwslW
o3ILwLn1t9GXJAROHmDWCxUUTIyLOjgjF+/9DPCq07EaeU2iWUgZrV1ZerWibYf1
OJbX3w5eN8bIlG+bvvgpSstCgeANZcmTR95qV9zGY6CDDi9voncw
-----END CERTIFICATE-----