Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/905378-228a-41b4-bce8-87d3b023d919/1/EXzs16b-M2w9oZ8ahEJzBLCMg6k.roa
File:                     EXzs16b-M2w9oZ8ahEJzBLCMg6k.roa (raw, json)
Hash identifier:          8MQHuwP0X3gwSHI7Khb0H/Ujwe+M0sDcRamivNF/nR4=
Subject key identifier:   11:7C:EC:D7:A6:FE:33:6C:3D:A1:9F:1A:84:42:73:04:B0:8C:83:A9
Certificate issuer:       /CN=60ebd4f7ac3d24920de1c1ff1185d9507e9ad078
Certificate serial:       018DC1F6ED6E3E3E8D77AAFE834F05935F94
Authority key identifier: 60:EB:D4:F7:AC:3D:24:92:0D:E1:C1:FF:11:85:D9:50:7E:9A:D0:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YOvU96w9JJIN4cH_EYXZUH6a0Hg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/905378-228a-41b4-bce8-87d3b023d919/1/EXzs16b-M2w9oZ8ahEJzBLCMg6k.roa
Signing time:             Mon 19 Feb 2024 15:23:21 +0000
ROA not before:           Mon 19 Feb 2024 15:23:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216383
IP address blocks:        109.95.65.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/905378-228a-41b4-bce8-87d3b023d919/1/YOvU96w9JJIN4cH_EYXZUH6a0Hg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/905378-228a-41b4-bce8-87d3b023d919/1/YOvU96w9JJIN4cH_EYXZUH6a0Hg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YOvU96w9JJIN4cH_EYXZUH6a0Hg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 18:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c1:f6:ed:6e:3e:3e:8d:77:aa:fe:83:4f:05:93:5f:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60ebd4f7ac3d24920de1c1ff1185d9507e9ad078
        Validity
            Not Before: Feb 19 15:23:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=117cecd7a6fe336c3da19f1a84427304b08c83a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:3b:52:70:11:e6:7f:aa:cf:2a:d2:30:fe:cb:
                    8c:52:02:2b:f2:a3:e0:88:da:94:76:89:71:a1:19:
                    02:e8:c1:0e:9a:21:70:d0:90:e5:6a:d2:23:1c:11:
                    3a:a4:c5:c0:35:15:cd:d7:ac:29:de:46:c8:d9:d2:
                    d2:f3:46:f9:e2:e7:e4:76:89:a0:2f:60:55:d1:7f:
                    d9:01:ef:6c:37:0d:66:a0:32:09:05:b3:be:7e:49:
                    1c:2e:dd:b5:e1:be:63:16:16:26:fb:27:c5:69:df:
                    dc:64:cc:c5:b2:4b:53:d2:e0:f2:7d:e4:9d:14:f7:
                    29:ca:d2:93:57:bf:3b:45:30:83:62:d8:a9:96:2f:
                    23:4a:2d:60:aa:be:a4:d1:f7:81:fd:6c:36:26:0c:
                    42:3b:4e:4c:82:6c:ef:3c:03:cb:47:39:ed:d1:4a:
                    90:19:a3:5d:42:c8:90:7c:77:27:f6:d0:37:0f:61:
                    4c:17:2f:a1:36:86:95:85:6d:9d:5a:ac:19:9d:ec:
                    bb:7b:62:43:ff:12:44:dd:fe:18:87:9b:52:2c:28:
                    bb:30:04:50:ea:f5:84:37:b6:2a:27:67:96:18:b5:
                    80:37:ef:07:46:81:11:16:40:0a:fd:c6:75:b2:da:
                    30:69:61:05:3e:07:74:be:a4:f6:e6:4e:29:16:fc:
                    34:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:7C:EC:D7:A6:FE:33:6C:3D:A1:9F:1A:84:42:73:04:B0:8C:83:A9
            X509v3 Authority Key Identifier:
                keyid:60:EB:D4:F7:AC:3D:24:92:0D:E1:C1:FF:11:85:D9:50:7E:9A:D0:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YOvU96w9JJIN4cH_EYXZUH6a0Hg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/905378-228a-41b4-bce8-87d3b023d919/1/EXzs16b-M2w9oZ8ahEJzBLCMg6k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/905378-228a-41b4-bce8-87d3b023d919/1/YOvU96w9JJIN4cH_EYXZUH6a0Hg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.95.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:86:c7:9e:19:50:5f:51:d5:8e:b6:7a:95:80:d2:2e:18:8e:
         30:3d:21:fc:f3:17:bd:32:1e:cc:c1:7c:d0:a3:c0:d4:3e:6b:
         e8:51:4e:ed:50:bb:34:02:ab:45:f0:de:f7:3b:f3:d9:81:6c:
         8f:43:87:40:5d:3a:24:92:3f:c5:84:64:a7:df:38:e8:1c:86:
         3b:11:03:05:0b:ac:87:79:09:69:9b:8f:6d:fc:68:b2:2e:a1:
         88:0a:14:6f:90:90:11:96:45:a8:8e:53:77:06:c4:4e:27:c6:
         be:e9:34:56:c9:71:7e:c4:8a:24:cd:86:f6:54:27:a6:44:c6:
         d5:a7:d8:30:a9:89:1f:b3:1f:ce:fc:36:69:60:c4:16:e5:ef:
         75:0a:f5:a3:ff:d7:61:61:a1:60:9c:c2:17:43:7a:7c:78:57:
         4f:a1:3e:89:bc:ea:27:6b:ca:b3:93:bb:e8:1e:e1:bd:62:ae:
         f6:b6:48:af:3e:40:6a:e4:df:8a:35:3f:fe:11:e0:22:95:aa:
         09:43:8c:0e:05:93:92:7d:73:1f:cc:0a:91:74:e5:e2:83:9f:
         e2:a2:0b:28:95:b2:42:55:1f:8e:1d:67:f4:c0:9b:11:c5:ab:
         8d:91:2a:7b:0a:51:ba:b5:97:30:42:21:ae:ac:41:78:a1:38:
         4e:c2:0f:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3B9u1uPj6Nd6r+g08Fk1+UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwZWJkNGY3YWMzZDI0OTIwZGUxYzFmZjExODVkOTUwN2U5
YWQwNzgwHhcNMjQwMjE5MTUyMzIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTdjZWNkN2E2ZmUzMzZjM2RhMTlmMWE4NDQyNzMwNGIwOGM4M2E5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2TtScBHmf6rPKtIw/suMUgIr8qPg
iNqUdolxoRkC6MEOmiFw0JDlatIjHBE6pMXANRXN16wp3kbI2dLS80b54ufkdomg
L2BV0X/ZAe9sNw1moDIJBbO+fkkcLt214b5jFhYm+yfFad/cZMzFsktT0uDyfeSd
FPcpytKTV787RTCDYtipli8jSi1gqr6k0feB/Ww2JgxCO05MgmzvPAPLRznt0UqQ
GaNdQsiQfHcn9tA3D2FMFy+hNoaVhW2dWqwZney7e2JD/xJE3f4Yh5tSLCi7MARQ
6vWEN7YqJ2eWGLWAN+8HRoERFkAK/cZ1stowaWEFPgd0vqT25k4pFvw0LQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBF87Nem/jNsPaGfGoRCcwSwjIOpMB8GA1UdIwQY
MBaAFGDr1PesPSSSDeHB/xGF2VB+mtB4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWU92VTk2dzlKSklONGNIX0VZWFpVSDZhMEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi85MDUzNzgtMjI4YS00MWI0LWJjZTgt
ODdkM2IwMjNkOTE5LzEvRVh6czE2Yi1NMnc5b1o4YWhFSnpCTENNZzZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi85MDUzNzgtMjI4YS00MWI0LWJjZTgtODdkM2IwMjNkOTE5
LzEvWU92VTk2dzlKSklONGNIX0VZWFpVSDZhMEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbV9BMA0G
CSqGSIb3DQEBCwUAA4IBAQCehseeGVBfUdWOtnqVgNIuGI4wPSH88xe9Mh7MwXzQ
o8DUPmvoUU7tULs0AqtF8N73O/PZgWyPQ4dAXTokkj/FhGSn3zjoHIY7EQMFC6yH
eQlpm49t/GiyLqGIChRvkJARlkWojlN3BsROJ8a+6TRWyXF+xIokzYb2VCemRMbV
p9gwqYkfsx/O/DZpYMQW5e91CvWj/9dhYaFgnMIXQ3p8eFdPoT6JvOona8qzk7vo
HuG9Yq72tkivPkBq5N+KNT/+EeAilaoJQ4wOBZOSfXMfzAqRdOXig5/iogsolbJC
VR+OHWf0wJsRxauNkSp7ClG6tZcwQiGurEF4oThOwg/s
-----END CERTIFICATE-----