Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/72a4e3-f793-4f9a-ba4e-0590394a2efa/1/ENo_Zspvj04vt4yi4vFVhRuW3IY.roa
File:                     ENo_Zspvj04vt4yi4vFVhRuW3IY.roa (raw, json)
Hash identifier:          /PdKJ/LjuagIjxdC4EOqV+NYvvV9nXhLykuxkUrQXqU=
Subject key identifier:   10:DA:3F:66:CA:6F:8F:4E:2F:B7:8C:A2:E2:F1:55:85:1B:96:DC:86
Certificate issuer:       /CN=6fdbbe7e978029c6ceaa557b4a76da68074311b1
Certificate serial:       018CC8DF19CB57C9396CD7728E4C01D9D06A
Authority key identifier: 6F:DB:BE:7E:97:80:29:C6:CE:AA:55:7B:4A:76:DA:68:07:43:11:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b9u-fpeAKcbOqlV7SnbaaAdDEbE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/72a4e3-f793-4f9a-ba4e-0590394a2efa/1/ENo_Zspvj04vt4yi4vFVhRuW3IY.roa
Signing time:             Tue 02 Jan 2024 06:31:53 +0000
ROA not before:           Tue 02 Jan 2024 06:31:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197588
IP address blocks:        185.191.244.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/72a4e3-f793-4f9a-ba4e-0590394a2efa/1/b9u-fpeAKcbOqlV7SnbaaAdDEbE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/72a4e3-f793-4f9a-ba4e-0590394a2efa/1/b9u-fpeAKcbOqlV7SnbaaAdDEbE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b9u-fpeAKcbOqlV7SnbaaAdDEbE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:19:cb:57:c9:39:6c:d7:72:8e:4c:01:d9:d0:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6fdbbe7e978029c6ceaa557b4a76da68074311b1
        Validity
            Not Before: Jan  2 06:31:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=10da3f66ca6f8f4e2fb78ca2e2f155851b96dc86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:a2:36:86:72:16:f1:32:8d:71:77:da:c8:ed:
                    82:df:23:05:ff:e8:8c:13:6a:5f:78:96:c1:4e:8c:
                    01:ee:7b:46:c0:22:69:63:bf:25:b4:db:6c:eb:4f:
                    42:ab:9e:71:45:7f:d8:4e:8c:d8:20:d9:37:fe:75:
                    07:73:1d:f0:3f:40:a9:a0:c0:65:3d:65:1e:ab:9d:
                    a9:93:b0:78:bd:43:aa:12:b7:a1:f9:ad:49:57:2c:
                    93:f1:4d:ca:1a:78:45:51:57:56:05:71:ef:a8:b1:
                    47:aa:d6:4e:1e:ee:29:09:27:48:12:1c:fc:b4:05:
                    de:5e:5c:1f:a9:46:c9:43:65:77:c7:54:db:38:4c:
                    1d:5c:65:2b:e5:95:8e:28:dd:83:84:7a:cb:33:be:
                    9b:00:b1:ea:f2:d4:4b:c2:e3:8b:76:57:5d:8e:2b:
                    e3:04:fb:22:f0:8b:82:b4:50:b1:c7:11:b0:fa:28:
                    08:c2:b5:d0:f7:50:ba:eb:71:54:a7:86:a6:23:eb:
                    a2:fc:04:c3:56:66:b7:22:c4:61:57:13:8a:dc:ab:
                    2e:43:28:9d:45:07:5e:34:70:7e:f0:7f:03:93:5f:
                    93:e7:b3:01:7f:07:53:d1:c4:3a:b6:f3:d6:7c:66:
                    9f:76:01:b4:b2:8d:9f:2c:a7:4e:42:3d:73:db:76:
                    06:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:DA:3F:66:CA:6F:8F:4E:2F:B7:8C:A2:E2:F1:55:85:1B:96:DC:86
            X509v3 Authority Key Identifier:
                keyid:6F:DB:BE:7E:97:80:29:C6:CE:AA:55:7B:4A:76:DA:68:07:43:11:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9u-fpeAKcbOqlV7SnbaaAdDEbE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/72a4e3-f793-4f9a-ba4e-0590394a2efa/1/ENo_Zspvj04vt4yi4vFVhRuW3IY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/72a4e3-f793-4f9a-ba4e-0590394a2efa/1/b9u-fpeAKcbOqlV7SnbaaAdDEbE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.191.244.0/23

    Signature Algorithm: sha256WithRSAEncryption
         00:05:41:f5:51:f6:ab:0b:79:f8:f7:c5:80:ae:a3:1b:9b:e0:
         f0:1a:c4:5f:14:2c:ac:7a:39:40:f6:d7:f5:32:db:d4:df:32:
         5c:44:03:03:7e:59:3c:5e:c1:0a:ea:3b:34:16:c1:97:da:8c:
         27:89:ab:ad:cd:6d:d4:d5:0f:73:10:f4:f7:83:06:c1:74:fa:
         bf:1d:ac:3b:0f:03:4c:85:93:01:aa:20:c9:af:c4:ce:17:9c:
         32:87:12:35:be:52:00:80:a3:1d:ec:07:30:d1:3f:e6:9b:c9:
         9d:75:e6:80:4d:8f:df:6b:b8:ca:0e:6e:97:dc:25:c3:8b:19:
         f5:e8:42:d1:ea:cb:76:8d:f7:1c:b1:3d:43:c7:af:2d:8a:5c:
         e4:27:7c:4b:d7:87:20:28:5e:08:0f:b1:f8:f8:ab:6f:82:ce:
         ad:55:0c:a8:58:82:cf:5b:c9:1f:df:41:75:57:fc:18:dc:f1:
         eb:34:d1:17:e3:44:53:fa:df:b5:4f:ce:19:4e:1b:80:ab:bd:
         de:1b:49:d0:cc:10:db:82:6d:52:dd:45:ad:66:a1:c3:f7:09:
         f0:ad:2a:87:14:21:4c:9d:20:6b:92:a2:0e:36:cd:c7:ff:27:
         96:e8:1a:0d:14:3b:78:cf:78:3f:08:4e:12:59:b7:2f:68:8c:
         21:ae:ec:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3xnLV8k5bNdyjkwB2dBqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmZGJiZTdlOTc4MDI5YzZjZWFhNTU3YjRhNzZkYTY4MDc0
MzExYjEwHhcNMjQwMTAyMDYzMTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMGRhM2Y2NmNhNmY4ZjRlMmZiNzhjYTJlMmYxNTU4NTFiOTZkYzg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjqI2hnIW8TKNcXfayO2C3yMF/+iM
E2pfeJbBTowB7ntGwCJpY78ltNts609Cq55xRX/YTozYINk3/nUHcx3wP0CpoMBl
PWUeq52pk7B4vUOqEreh+a1JVyyT8U3KGnhFUVdWBXHvqLFHqtZOHu4pCSdIEhz8
tAXeXlwfqUbJQ2V3x1TbOEwdXGUr5ZWOKN2DhHrLM76bALHq8tRLwuOLdlddjivj
BPsi8IuCtFCxxxGw+igIwrXQ91C663FUp4amI+ui/ATDVma3IsRhVxOK3KsuQyid
RQdeNHB+8H8Dk1+T57MBfwdT0cQ6tvPWfGafdgG0so2fLKdOQj1z23YGgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBDaP2bKb49OL7eMouLxVYUbltyGMB8GA1UdIwQY
MBaAFG/bvn6XgCnGzqpVe0p22mgHQxGxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjl1LWZwZUFLY2JPcWxWN1NuYmFhQWRERWJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS83MmE0ZTMtZjc5My00ZjlhLWJhNGUt
MDU5MDM5NGEyZWZhLzEvRU5vX1pzcHZqMDR2dDR5aTR2RlZoUnVXM0lZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS83MmE0ZTMtZjc5My00ZjlhLWJhNGUtMDU5MDM5NGEyZWZh
LzEvYjl1LWZwZUFLY2JPcWxWN1NuYmFhQWRERWJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBub/0MA0G
CSqGSIb3DQEBCwUAA4IBAQAABUH1UfarC3n498WArqMbm+DwGsRfFCysejlA9tf1
MtvU3zJcRAMDflk8XsEK6js0FsGX2owniautzW3U1Q9zEPT3gwbBdPq/Haw7DwNM
hZMBqiDJr8TOF5wyhxI1vlIAgKMd7Acw0T/mm8mddeaATY/fa7jKDm6X3CXDixn1
6ELR6st2jfccsT1Dx68tilzkJ3xL14cgKF4ID7H4+Ktvgs6tVQyoWILPW8kf30F1
V/wY3PHrNNEX40RT+t+1T84ZThuAq73eG0nQzBDbgm1S3UWtZqHD9wnwrSqHFCFM
nSBrkqIONs3H/yeW6BoNFDt4z3g/CE4SWbcvaIwhruxn
-----END CERTIFICATE-----