Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/aac010-5ef0-4844-b233-4457ebea5a45/1/eZJ2h01xU0WAHuzMWDJVjRi7Oy8.roa
File:                     eZJ2h01xU0WAHuzMWDJVjRi7Oy8.roa (raw, json)
Hash identifier:          G4IiykO7+lL7RfPhRy7ZnPGb8SMlwWkjglBndg/JyCs=
Subject key identifier:   79:92:76:87:4D:71:53:45:80:1E:EC:CC:58:32:55:8D:18:BB:3B:2F
Certificate issuer:       /CN=efb45cc923978c1a24bdee96cc7b3af37386d2a8
Certificate serial:       018CC793D681E42B5BE06FA770E6334B96E0
Authority key identifier: EF:B4:5C:C9:23:97:8C:1A:24:BD:EE:96:CC:7B:3A:F3:73:86:D2:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/77RcySOXjBokve6WzHs683OG0qg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/aac010-5ef0-4844-b233-4457ebea5a45/1/eZJ2h01xU0WAHuzMWDJVjRi7Oy8.roa
Signing time:             Tue 02 Jan 2024 00:30:03 +0000
ROA not before:           Tue 02 Jan 2024 00:30:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1770
IP address blocks:        195.177.202.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/aac010-5ef0-4844-b233-4457ebea5a45/1/77RcySOXjBokve6WzHs683OG0qg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/aac010-5ef0-4844-b233-4457ebea5a45/1/77RcySOXjBokve6WzHs683OG0qg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/77RcySOXjBokve6WzHs683OG0qg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:d6:81:e4:2b:5b:e0:6f:a7:70:e6:33:4b:96:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=efb45cc923978c1a24bdee96cc7b3af37386d2a8
        Validity
            Not Before: Jan  2 00:30:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=799276874d715345801eeccc5832558d18bb3b2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:82:3e:4b:77:51:05:ee:9b:c7:d5:ee:13:54:
                    6d:b2:5b:3e:71:5b:ba:84:11:84:0b:e7:5b:77:70:
                    b2:08:05:72:86:c1:7d:8f:99:f0:67:c7:4e:25:3e:
                    91:08:e4:43:e8:35:ae:a5:98:09:a3:7b:4c:ca:1a:
                    c6:65:52:4c:1b:33:5a:dc:c8:ba:0d:36:b2:9b:11:
                    22:fc:be:7e:07:5f:09:47:d2:93:5b:78:37:9f:81:
                    a1:18:b3:42:7b:de:96:8f:f0:58:02:95:71:e5:11:
                    b3:11:89:4a:14:b7:ba:4a:9e:0c:fc:73:52:0e:1c:
                    ae:d8:54:74:8b:67:b5:9e:63:fb:02:43:d2:7c:40:
                    4f:6e:a7:ad:a6:07:a6:20:b7:2f:ac:e2:a9:ef:34:
                    65:f5:f5:b0:51:88:01:b0:cb:9b:24:9e:ab:e3:11:
                    55:5e:54:cf:7b:b1:fa:58:0a:3e:cb:6c:cf:95:01:
                    2f:95:a5:6f:5f:5a:d4:79:74:25:e9:c7:7b:30:f6:
                    83:d3:fa:d9:4d:0a:2f:b9:03:51:a4:e0:ff:60:41:
                    7a:a3:7c:41:11:fa:79:74:f7:7c:1d:25:0a:05:58:
                    14:b8:a4:8b:e2:40:a9:e1:3c:1c:84:8f:06:0f:23:
                    ae:e2:cc:82:1d:a7:8a:17:95:7d:75:21:45:0b:33:
                    8a:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:92:76:87:4D:71:53:45:80:1E:EC:CC:58:32:55:8D:18:BB:3B:2F
            X509v3 Authority Key Identifier:
                keyid:EF:B4:5C:C9:23:97:8C:1A:24:BD:EE:96:CC:7B:3A:F3:73:86:D2:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/77RcySOXjBokve6WzHs683OG0qg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/aac010-5ef0-4844-b233-4457ebea5a45/1/eZJ2h01xU0WAHuzMWDJVjRi7Oy8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/aac010-5ef0-4844-b233-4457ebea5a45/1/77RcySOXjBokve6WzHs683OG0qg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.177.202.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4e:7b:97:2f:1a:6d:67:ba:35:f3:47:bf:f6:a4:90:67:d7:ba:
         cf:1d:b4:aa:fa:c7:7c:d6:a6:1d:d4:8c:30:33:c0:2f:29:48:
         a3:6d:8f:3b:bb:06:f2:5a:9c:0c:c5:4e:cf:3b:2c:f4:a3:02:
         8d:a9:5e:2e:a5:78:0c:3f:ba:ad:0d:2a:f5:72:6e:cc:42:1c:
         c7:43:37:ed:aa:f3:17:b8:2a:2d:a3:1d:cb:70:17:03:e6:92:
         3c:e2:c2:ad:7a:1d:d4:81:93:28:9a:46:c0:c4:c0:e3:11:e3:
         c8:b9:b2:a6:93:bd:10:7a:6c:5b:e9:f3:e6:63:b0:9d:d0:10:
         05:df:7a:ad:7d:8a:54:d5:57:84:bf:fd:20:57:0c:17:31:2e:
         08:56:e0:d7:2e:ca:7a:44:83:4a:9f:88:01:07:37:5e:9f:3e:
         b7:81:56:34:3b:d5:a2:68:c9:5c:22:ca:f1:a7:c7:02:b7:85:
         7b:c0:6c:61:b9:1f:c7:db:ad:64:7d:86:20:39:8c:af:b9:49:
         8e:8f:2f:05:ef:73:a6:12:54:bf:2d:64:e4:f0:83:3e:5d:e0:
         93:58:8b:05:28:a2:c6:6e:7b:69:18:2e:62:74:7e:6c:a6:83:
         2d:7c:21:0d:ca:a4:40:cd:4b:fd:8e:f6:e8:fd:86:08:e7:98:
         45:9f:06:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHk9aB5Ctb4G+ncOYzS5bgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmYjQ1Y2M5MjM5NzhjMWEyNGJkZWU5NmNjN2IzYWYzNzM4
NmQyYTgwHhcNMjQwMTAyMDAzMDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTkyNzY4NzRkNzE1MzQ1ODAxZWVjY2M1ODMyNTU4ZDE4YmIzYjJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmYI+S3dRBe6bx9XuE1Rtsls+cVu6
hBGEC+dbd3CyCAVyhsF9j5nwZ8dOJT6RCORD6DWupZgJo3tMyhrGZVJMGzNa3Mi6
DTaymxEi/L5+B18JR9KTW3g3n4GhGLNCe96Wj/BYApVx5RGzEYlKFLe6Sp4M/HNS
Dhyu2FR0i2e1nmP7AkPSfEBPbqetpgemILcvrOKp7zRl9fWwUYgBsMubJJ6r4xFV
XlTPe7H6WAo+y2zPlQEvlaVvX1rUeXQl6cd7MPaD0/rZTQovuQNRpOD/YEF6o3xB
Efp5dPd8HSUKBVgUuKSL4kCp4TwchI8GDyOu4syCHaeKF5V9dSFFCzOKbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHmSdodNcVNFgB7szFgyVY0YuzsvMB8GA1UdIwQY
MBaAFO+0XMkjl4waJL3ulsx7OvNzhtKoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzdSY3lTT1hqQm9rdmU2V3pIczY4M09HMHFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC9hYWMwMTAtNWVmMC00ODQ0LWIyMzMt
NDQ1N2ViZWE1YTQ1LzEvZVpKMmgwMXhVMFdBSHV6TVdESlZqUmk3T3k4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC9hYWMwMTAtNWVmMC00ODQ0LWIyMzMtNDQ1N2ViZWE1YTQ1
LzEvNzdSY3lTT1hqQm9rdmU2V3pIczY4M09HMHFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw7HKMA0G
CSqGSIb3DQEBCwUAA4IBAQBOe5cvGm1nujXzR7/2pJBn17rPHbSq+sd81qYd1Iww
M8AvKUijbY87uwbyWpwMxU7POyz0owKNqV4upXgMP7qtDSr1cm7MQhzHQzftqvMX
uCotox3LcBcD5pI84sKteh3UgZMomkbAxMDjEePIubKmk70Qemxb6fPmY7Cd0BAF
33qtfYpU1VeEv/0gVwwXMS4IVuDXLsp6RINKn4gBBzdenz63gVY0O9WiaMlcIsrx
p8cCt4V7wGxhuR/H261kfYYgOYyvuUmOjy8F73OmElS/LWTk8IM+XeCTWIsFKKLG
bntpGC5idH5spoMtfCENyqRAzUv9jvbo/YYI55hFnwZx
-----END CERTIFICATE-----