Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/3318d9-5669-4920-a55c-73a63b259beb/1/EBtcNhOJ92IGPVl-KdrFygnNVn4.roa
File:                     EBtcNhOJ92IGPVl-KdrFygnNVn4.roa (raw, json)
Hash identifier:          Ykla49kgLw0fjmlAc5cpzOXx1fYgIVxrEDqc3yCSjAA=
Subject key identifier:   10:1B:5C:36:13:89:F7:62:06:3D:59:7E:29:DA:C5:CA:09:CD:56:7E
Certificate issuer:       /CN=234b449894589d16f676bff282abedaa56cc7b8d
Certificate serial:       019423D6F0BE3D83CBA36469D54EBF64BA9C
Authority key identifier: 23:4B:44:98:94:58:9D:16:F6:76:BF:F2:82:AB:ED:AA:56:CC:7B:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I0tEmJRYnRb2dr_ygqvtqlbMe40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/3318d9-5669-4920-a55c-73a63b259beb/1/EBtcNhOJ92IGPVl-KdrFygnNVn4.roa
Signing time:             Wed 01 Jan 2025 21:47:56 +0000
ROA not before:           Wed 01 Jan 2025 21:47:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59748
IP address blocks:        185.73.156.0/22 maxlen: 22
                          2a03:43e0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/3318d9-5669-4920-a55c-73a63b259beb/1/I0tEmJRYnRb2dr_ygqvtqlbMe40.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/3318d9-5669-4920-a55c-73a63b259beb/1/I0tEmJRYnRb2dr_ygqvtqlbMe40.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I0tEmJRYnRb2dr_ygqvtqlbMe40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 03:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:f0:be:3d:83:cb:a3:64:69:d5:4e:bf:64:ba:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=234b449894589d16f676bff282abedaa56cc7b8d
        Validity
            Not Before: Jan  1 21:47:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=101b5c361389f762063d597e29dac5ca09cd567e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:b7:e3:c2:40:54:6b:76:03:6a:d3:ba:a5:6d:
                    e1:31:87:54:15:a2:2b:23:2b:81:d8:41:e3:24:3a:
                    67:92:5e:0a:af:d6:a5:78:47:c8:36:5f:dd:b9:6a:
                    a7:ce:7b:f9:c4:e4:89:9b:d6:64:78:eb:ef:b7:d1:
                    7b:2e:27:1f:2f:18:d4:e0:dc:86:9e:f9:f6:75:bf:
                    e8:c8:cb:5f:9f:9a:6f:08:a3:ae:a4:50:88:59:40:
                    15:e4:c2:ab:07:9f:91:c7:20:37:88:ee:2c:89:35:
                    e3:07:25:b0:23:02:47:31:e5:be:d3:4e:36:85:fc:
                    af:8f:b8:cb:53:f3:6d:2a:b4:ff:27:33:8e:d3:5f:
                    b2:93:8d:77:99:dd:ef:f8:f4:ab:25:e0:7b:04:62:
                    b3:99:23:9f:b9:3f:93:7f:56:c5:44:fa:f9:4d:5f:
                    d0:4b:c2:0c:f7:d7:87:ec:01:74:ca:31:b1:1d:07:
                    da:97:bf:d4:f4:34:08:0e:94:0b:36:ce:a3:e1:9d:
                    a5:fd:e2:48:a0:6e:08:1a:16:11:1a:bc:a2:b8:22:
                    76:a3:93:5b:ab:d4:d3:fd:86:e6:0c:45:76:99:77:
                    fd:25:e3:86:82:a8:69:6e:05:71:20:e1:9f:71:92:
                    cb:6d:3f:56:44:52:06:5a:6d:e3:08:16:2d:23:eb:
                    ae:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:1B:5C:36:13:89:F7:62:06:3D:59:7E:29:DA:C5:CA:09:CD:56:7E
            X509v3 Authority Key Identifier:
                keyid:23:4B:44:98:94:58:9D:16:F6:76:BF:F2:82:AB:ED:AA:56:CC:7B:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I0tEmJRYnRb2dr_ygqvtqlbMe40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/3318d9-5669-4920-a55c-73a63b259beb/1/EBtcNhOJ92IGPVl-KdrFygnNVn4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/3318d9-5669-4920-a55c-73a63b259beb/1/I0tEmJRYnRb2dr_ygqvtqlbMe40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.73.156.0/22
                IPv6:
                  2a03:43e0::/32

    Signature Algorithm: sha256WithRSAEncryption
         9a:f8:2a:a2:48:8a:96:3c:f5:6c:8c:36:26:fb:c4:bd:04:64:
         5b:16:04:98:a0:3f:9d:90:31:44:41:7e:37:a0:ee:84:7c:d0:
         24:0e:a3:6a:4e:ef:3c:76:ac:d4:8f:fb:92:6d:06:c0:a4:0a:
         79:cf:91:d0:21:28:ab:aa:f5:5b:67:7d:9c:41:02:79:a3:ae:
         91:2a:ef:59:c2:75:f3:c7:7e:a9:72:51:a7:b1:49:aa:f7:4c:
         db:eb:29:29:8a:2d:3d:24:ac:4e:08:fd:4d:c3:ee:81:4a:e7:
         91:e7:9d:f6:cb:82:ed:37:e2:df:14:2c:b1:4b:5d:be:51:7b:
         97:8d:26:7f:7e:f0:a6:e2:a8:da:6f:27:71:72:f2:1c:89:8d:
         4f:e9:51:41:88:35:6e:c0:69:54:93:5b:d0:08:35:60:99:e7:
         0a:0f:7f:5f:d0:b0:22:79:90:c5:4d:79:77:6f:b4:f8:59:0e:
         45:78:bf:cd:15:66:1d:38:72:29:d4:eb:61:e6:e0:86:8c:51:
         27:31:fe:c7:0a:0a:5c:3d:ae:1e:ee:7c:2f:2c:aa:43:ef:04:
         98:5e:93:83:85:06:cd:92:c5:97:07:8a:5c:26:b4:f5:25:8d:
         c5:50:b4:be:65:96:b8:f3:8a:b4:d9:fd:4b:96:6e:bd:f1:b2:
         5b:5d:8e:f9
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQj1vC+PYPLo2Rp1U6/ZLqcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzNGI0NDk4OTQ1ODlkMTZmNjc2YmZmMjgyYWJlZGFhNTZj
YzdiOGQwHhcNMjUwMTAxMjE0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDFiNWMzNjEzODlmNzYyMDYzZDU5N2UyOWRhYzVjYTA5Y2Q1NjdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtLfjwkBUa3YDatO6pW3hMYdUFaIr
IyuB2EHjJDpnkl4Kr9aleEfINl/duWqnznv5xOSJm9ZkeOvvt9F7LicfLxjU4NyG
nvn2db/oyMtfn5pvCKOupFCIWUAV5MKrB5+RxyA3iO4siTXjByWwIwJHMeW+0042
hfyvj7jLU/NtKrT/JzOO01+yk413md3v+PSrJeB7BGKzmSOfuT+Tf1bFRPr5TV/Q
S8IM99eH7AF0yjGxHQfal7/U9DQIDpQLNs6j4Z2l/eJIoG4IGhYRGryiuCJ2o5Nb
q9TT/YbmDEV2mXf9JeOGgqhpbgVxIOGfcZLLbT9WRFIGWm3jCBYtI+uu8QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBAbXDYTifdiBj1ZfinaxcoJzVZ+MB8GA1UdIwQY
MBaAFCNLRJiUWJ0W9na/8oKr7apWzHuNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTB0RW1KUlluUmIyZHJfeWdxdnRxbGJNZTQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC8zMzE4ZDktNTY2OS00OTIwLWE1NWMt
NzNhNjNiMjU5YmViLzEvRUJ0Y05oT0o5MklHUFZsLUtkckZ5Z25OVm40LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC8zMzE4ZDktNTY2OS00OTIwLWE1NWMtNzNhNjNiMjU5YmVi
LzEvSTB0RW1KUlluUmIyZHJfeWdxdnRxbGJNZTQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuUmcMA0E
AgACMAcDBQAqA0PgMA0GCSqGSIb3DQEBCwUAA4IBAQCa+CqiSIqWPPVsjDYm+8S9
BGRbFgSYoD+dkDFEQX43oO6EfNAkDqNqTu88dqzUj/uSbQbApAp5z5HQISirqvVb
Z32cQQJ5o66RKu9ZwnXzx36pclGnsUmq90zb6ykpii09JKxOCP1Nw+6BSueR5532
y4LtN+LfFCyxS12+UXuXjSZ/fvCm4qjabydxcvIciY1P6VFBiDVuwGlUk1vQCDVg
mecKD39f0LAieZDFTXl3b7T4WQ5FeL/NFWYdOHIp1Oth5uCGjFEnMf7HCgpcPa4e
7nwvLKpD7wSYXpODhQbNksWXB4pcJrT1JY3FULS+ZZa484q02f1Llm698bJbXY75
-----END CERTIFICATE-----