Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/8613ad-4f5f-45fd-8799-a09a875f5903/1/Eoa2DgYKZQhIPrEs2BVXe4pbre4.roa
File:                     Eoa2DgYKZQhIPrEs2BVXe4pbre4.roa (raw, json)
Hash identifier:          Lzu15VnANjg8WWEayf+Lga5VSNyXHu7NEi9f0IPI47U=
Subject key identifier:   12:86:B6:0E:06:0A:65:08:48:3E:B1:2C:D8:15:57:7B:8A:5B:AD:EE
Certificate issuer:       /CN=d2c1d5fd4e20ade5f11b66afb10a54c8ffe4b040
Certificate serial:       0194228DF46B7FFF107DA18FA48094169D99
Authority key identifier: D2:C1:D5:FD:4E:20:AD:E5:F1:1B:66:AF:B1:0A:54:C8:FF:E4:B0:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0sHV_U4greXxG2avsQpUyP_ksEA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/8613ad-4f5f-45fd-8799-a09a875f5903/1/Eoa2DgYKZQhIPrEs2BVXe4pbre4.roa
Signing time:             Wed 01 Jan 2025 15:48:36 +0000
ROA not before:           Wed 01 Jan 2025 15:48:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        192.118.70.0/24 maxlen: 24
                          192.118.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/8613ad-4f5f-45fd-8799-a09a875f5903/1/0sHV_U4greXxG2avsQpUyP_ksEA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/8613ad-4f5f-45fd-8799-a09a875f5903/1/0sHV_U4greXxG2avsQpUyP_ksEA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0sHV_U4greXxG2avsQpUyP_ksEA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:f4:6b:7f:ff:10:7d:a1:8f:a4:80:94:16:9d:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d2c1d5fd4e20ade5f11b66afb10a54c8ffe4b040
        Validity
            Not Before: Jan  1 15:48:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1286b60e060a6508483eb12cd815577b8a5badee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:19:07:5b:14:a5:e4:8e:5e:78:49:dd:2e:9b:
                    18:99:c4:9f:a8:a5:88:3c:6f:e2:02:8f:4d:17:d8:
                    4b:d8:9c:5b:05:d9:ce:a8:7e:59:08:cf:b9:48:a5:
                    e4:5c:67:d4:17:18:df:07:ca:f3:9f:1f:ee:87:87:
                    07:77:68:b8:d0:3a:f4:42:cb:2d:cc:0d:ba:b0:fb:
                    1a:73:af:5a:6f:bc:bd:59:bc:da:90:5d:92:4e:f7:
                    6a:02:87:9b:c7:27:c8:db:2f:ce:9c:34:b4:2a:57:
                    14:cd:43:b2:b4:7d:d3:fc:c1:59:e1:80:15:53:0e:
                    b6:2a:c8:ad:fb:85:71:34:27:27:bd:aa:5b:b0:c5:
                    62:e2:b2:eb:be:e5:30:bb:6c:5a:56:a1:9e:9c:23:
                    b3:17:62:72:f3:1c:ba:09:f4:e8:88:5f:a2:26:f1:
                    8b:95:76:a1:e0:28:d7:9a:00:e7:ed:48:75:18:5e:
                    9a:69:e4:9a:bf:62:40:2b:4a:38:e8:a5:d7:d0:26:
                    f5:b8:d5:04:07:e0:3c:91:51:ce:9c:82:aa:72:7a:
                    8b:89:77:08:24:5c:24:a5:2c:bc:67:fc:ce:7e:61:
                    ce:54:e9:4b:ea:b8:b7:1f:c6:bd:5f:35:af:09:62:
                    f4:da:eb:d1:32:dd:5d:26:66:c8:4c:3a:75:d5:c2:
                    97:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:86:B6:0E:06:0A:65:08:48:3E:B1:2C:D8:15:57:7B:8A:5B:AD:EE
            X509v3 Authority Key Identifier:
                keyid:D2:C1:D5:FD:4E:20:AD:E5:F1:1B:66:AF:B1:0A:54:C8:FF:E4:B0:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0sHV_U4greXxG2avsQpUyP_ksEA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/8613ad-4f5f-45fd-8799-a09a875f5903/1/Eoa2DgYKZQhIPrEs2BVXe4pbre4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/8613ad-4f5f-45fd-8799-a09a875f5903/1/0sHV_U4greXxG2avsQpUyP_ksEA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.118.70.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0b:c3:be:8d:e6:7f:75:a6:48:31:fe:cf:c8:3a:4f:f5:8b:36:
         50:f3:91:e3:fa:65:6e:42:d5:d6:8a:d5:70:31:7a:15:91:e4:
         f8:a6:12:b5:7d:c1:da:b7:b3:a8:ab:c0:a7:0d:15:e5:29:bc:
         93:fb:77:c3:83:95:75:66:ac:5a:da:6a:4b:f4:1f:2b:cb:ea:
         88:ae:59:5b:e2:38:f4:1b:aa:a8:dc:2b:db:8b:38:7c:ea:c3:
         98:7f:b0:85:90:14:25:9e:ec:b3:69:25:58:e8:08:1d:fe:f9:
         3f:83:63:c5:5a:83:6a:98:bb:09:a8:9f:4a:1d:5c:53:5d:37:
         8f:0a:00:a5:21:ab:6f:07:48:43:d8:f7:2d:ce:d5:c4:33:1f:
         77:25:9f:4f:0f:34:33:43:9b:69:fd:26:ec:07:4c:6d:c3:04:
         46:70:8b:24:ab:45:b8:90:bb:4c:02:3e:fe:35:9c:59:97:f4:
         f6:d9:2e:88:44:50:30:2f:84:eb:9f:30:a3:38:fe:dc:fb:38:
         57:c9:03:e0:eb:44:1f:37:31:b1:36:73:1e:8f:3e:50:c8:ee:
         3b:8d:4e:56:03:e9:e2:9e:11:ba:3e:e7:d7:fc:02:f4:61:60:
         a0:be:51:3c:3d:86:1c:6a:4b:aa:8d:22:81:2d:fe:f0:f1:8f:
         a9:2c:f2:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijfRrf/8QfaGPpICUFp2ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyYzFkNWZkNGUyMGFkZTVmMTFiNjZhZmIxMGE1NGM4ZmZl
NGIwNDAwHhcNMjUwMTAxMTU0ODM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjg2YjYwZTA2MGE2NTA4NDgzZWIxMmNkODE1NTc3YjhhNWJhZGVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlxkHWxSl5I5eeEndLpsYmcSfqKWI
PG/iAo9NF9hL2JxbBdnOqH5ZCM+5SKXkXGfUFxjfB8rznx/uh4cHd2i40Dr0Qsst
zA26sPsac69ab7y9WbzakF2STvdqAoebxyfI2y/OnDS0KlcUzUOytH3T/MFZ4YAV
Uw62Ksit+4VxNCcnvapbsMVi4rLrvuUwu2xaVqGenCOzF2Jy8xy6CfToiF+iJvGL
lXah4CjXmgDn7Uh1GF6aaeSav2JAK0o46KXX0Cb1uNUEB+A8kVHOnIKqcnqLiXcI
JFwkpSy8Z/zOfmHOVOlL6ri3H8a9XzWvCWL02uvRMt1dJmbITDp11cKXdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBKGtg4GCmUISD6xLNgVV3uKW63uMB8GA1UdIwQY
MBaAFNLB1f1OIK3l8Rtmr7EKVMj/5LBAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHNIVl9VNGdyZVh4RzJhdnNRcFV5UF9rc0VBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC84NjEzYWQtNGY1Zi00NWZkLTg3OTkt
YTA5YTg3NWY1OTAzLzEvRW9hMkRnWUtaUWhJUHJFczJCVlhlNHBicmU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC84NjEzYWQtNGY1Zi00NWZkLTg3OTktYTA5YTg3NWY1OTAz
LzEvMHNIVl9VNGdyZVh4RzJhdnNRcFV5UF9rc0VBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwHZGMA0G
CSqGSIb3DQEBCwUAA4IBAQALw76N5n91pkgx/s/IOk/1izZQ85Hj+mVuQtXWitVw
MXoVkeT4phK1fcHat7Ooq8CnDRXlKbyT+3fDg5V1Zqxa2mpL9B8ry+qIrllb4jj0
G6qo3Cvbizh86sOYf7CFkBQlnuyzaSVY6Agd/vk/g2PFWoNqmLsJqJ9KHVxTXTeP
CgClIatvB0hD2PctztXEMx93JZ9PDzQzQ5tp/SbsB0xtwwRGcIskq0W4kLtMAj7+
NZxZl/T22S6IRFAwL4TrnzCjOP7c+zhXyQPg60QfNzGxNnMejz5QyO47jU5WA+ni
nhG6PufX/AL0YWCgvlE8PYYcakuqjSKBLf7w8Y+pLPLP
-----END CERTIFICATE-----