Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/EQo6Zg0F5MmYJsOAbxkD6AQ8Sts.roa
File:                     EQo6Zg0F5MmYJsOAbxkD6AQ8Sts.roa (raw, json)
Hash identifier:          y+Ao+GBtFQQt7mS4LiCaUIPhgB7YVYeqMXVWTP0TmWA=
Subject key identifier:   11:0A:3A:66:0D:05:E4:C9:98:26:C3:80:6F:19:03:E8:04:3C:4A:DB
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       019102BD488A815E7D0F65F72EECF86FFA54
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/EQo6Zg0F5MmYJsOAbxkD6AQ8Sts.roa
Signing time:             Tue 30 Jul 2024 08:24:04 +0000
ROA not before:           Tue 30 Jul 2024 08:24:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209242
IP address blocks:        193.124.36.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:02:bd:48:8a:81:5e:7d:0f:65:f7:2e:ec:f8:6f:fa:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jul 30 08:24:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=110a3a660d05e4c99826c3806f1903e8043c4adb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:83:d6:2b:34:a7:95:78:62:fb:26:18:c4:66:
                    c4:42:c5:e6:cf:65:38:fc:d0:a2:97:e1:87:18:28:
                    70:31:52:db:15:7c:2c:fa:f2:a0:dc:3b:df:20:a0:
                    9e:91:34:0b:96:b7:5f:89:cb:a8:c3:dd:43:30:9c:
                    29:6c:e7:b1:6e:5c:70:04:f2:9d:30:d5:8c:46:c9:
                    e9:95:ff:91:37:e8:eb:20:c8:1e:9d:d8:28:5e:46:
                    43:a0:f4:ac:eb:3b:28:2c:ff:c2:0d:58:22:44:1c:
                    89:e2:33:34:2d:a5:48:94:f0:b4:24:25:dc:09:cc:
                    92:fd:0f:f7:a4:59:c4:cf:8b:01:03:ec:74:5f:59:
                    79:20:c0:0e:a0:4c:da:ee:bc:e7:34:85:ea:f3:74:
                    86:18:cf:c1:89:b9:f6:ae:f0:46:f2:76:71:c0:72:
                    83:d8:4a:0e:3a:d5:ab:e6:94:00:ea:a6:b2:e6:88:
                    81:21:8c:a0:a8:37:48:db:5e:89:fa:dd:8c:78:fa:
                    45:59:bd:d8:da:c6:19:8a:c2:e2:b8:a3:11:3c:40:
                    01:7a:ae:d3:ea:f8:10:06:4b:16:0f:ad:69:b3:43:
                    ee:5e:de:62:7e:ed:ea:97:df:20:03:2a:64:8d:17:
                    29:1f:0a:91:87:70:71:48:a9:5b:9d:97:86:12:20:
                    8a:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:0A:3A:66:0D:05:E4:C9:98:26:C3:80:6F:19:03:E8:04:3C:4A:DB
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/EQo6Zg0F5MmYJsOAbxkD6AQ8Sts.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.124.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:0d:9c:a2:62:b4:0e:f3:d4:7e:2d:a2:ba:03:a4:43:8e:46:
         fb:a3:04:23:bc:65:b0:79:21:91:5b:b1:b4:38:08:74:9e:26:
         d1:51:7e:76:9a:d4:9c:2b:2c:d8:d4:7d:64:c9:3f:b5:2f:3f:
         a4:ae:69:45:ab:ec:a2:26:29:6e:0c:a9:20:cf:eb:45:77:0f:
         8b:30:c4:62:49:3c:24:a9:8d:42:2f:24:ce:11:de:8b:4d:dc:
         39:b6:44:87:ab:db:ef:b6:39:00:fa:47:cd:5b:2b:b0:86:83:
         3a:21:31:ea:bd:f8:81:cc:17:21:4d:15:23:3b:0b:e8:88:4a:
         ea:18:4f:4a:47:58:6f:37:31:c0:6a:df:ff:3c:e1:93:46:0b:
         16:8d:a6:63:07:e6:92:13:a1:42:aa:a0:9a:1b:7d:10:dd:2c:
         38:f2:fb:47:92:85:64:bc:5e:30:8b:61:88:87:dc:9f:47:10:
         9f:eb:65:57:13:dc:b7:78:4c:95:d4:3f:f6:5e:79:09:7d:78:
         4a:ec:0e:01:ac:ab:a2:4e:b4:0a:4b:61:37:05:c3:74:8f:a3:
         09:5d:2c:58:0d:e9:e4:ba:ee:28:16:39:1d:70:a7:2a:43:75:
         3d:6e:b2:33:d7:e2:18:f5:0f:77:ae:d2:80:c8:c1:65:97:cf:
         7a:0a:33:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZECvUiKgV59D2X3Luz4b/pUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwNzMwMDgyNDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTBhM2E2NjBkMDVlNGM5OTgyNmMzODA2ZjE5MDNlODA0M2M0YWRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmYPWKzSnlXhi+yYYxGbEQsXmz2U4
/NCil+GHGChwMVLbFXws+vKg3DvfIKCekTQLlrdficuow91DMJwpbOexblxwBPKd
MNWMRsnplf+RN+jrIMgendgoXkZDoPSs6zsoLP/CDVgiRByJ4jM0LaVIlPC0JCXc
CcyS/Q/3pFnEz4sBA+x0X1l5IMAOoEza7rznNIXq83SGGM/Bibn2rvBG8nZxwHKD
2EoOOtWr5pQA6qay5oiBIYygqDdI216J+t2MePpFWb3Y2sYZisLiuKMRPEABeq7T
6vgQBksWD61ps0PuXt5ifu3ql98gAypkjRcpHwqRh3BxSKlbnZeGEiCK8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBEKOmYNBeTJmCbDgG8ZA+gEPErbMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvRVFvNlpnMEY1TW1ZSnNPQWJ4a0Q2QVE4U3RzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwXwkMA0G
CSqGSIb3DQEBCwUAA4IBAQBfDZyiYrQO89R+LaK6A6RDjkb7owQjvGWweSGRW7G0
OAh0nibRUX52mtScKyzY1H1kyT+1Lz+krmlFq+yiJiluDKkgz+tFdw+LMMRiSTwk
qY1CLyTOEd6LTdw5tkSHq9vvtjkA+kfNWyuwhoM6ITHqvfiBzBchTRUjOwvoiErq
GE9KR1hvNzHAat//POGTRgsWjaZjB+aSE6FCqqCaG30Q3Sw48vtHkoVkvF4wi2GI
h9yfRxCf62VXE9y3eEyV1D/2XnkJfXhK7A4BrKuiTrQKS2E3BcN0j6MJXSxYDenk
uu4oFjkdcKcqQ3U9brIz1+IY9Q93rtKAyMFll896CjPi
-----END CERTIFICATE-----