Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/Ehc3A5wFyxSxaVu2JN_l2n6bEM4.roa
File:                     Ehc3A5wFyxSxaVu2JN_l2n6bEM4.roa (raw, json)
Hash identifier:          7Tt2rA6zfiq0xOHK0YG3vUvHjTlygYo8XF+ji7LgCg4=
Subject key identifier:   12:17:37:03:9C:05:CB:14:B1:69:5B:B6:24:DF:E5:DA:7E:9B:10:CE
Certificate issuer:       /CN=0802b95ce6239d526c35ae7a8e2ceb48aeb82b5f
Certificate serial:       01941F8C613B15B048681A052AA6C87189F1
Authority key identifier: 08:02:B9:5C:E6:23:9D:52:6C:35:AE:7A:8E:2C:EB:48:AE:B8:2B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/Ehc3A5wFyxSxaVu2JN_l2n6bEM4.roa
Signing time:             Wed 01 Jan 2025 01:48:01 +0000
ROA not before:           Wed 01 Jan 2025 01:48:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42901
IP address blocks:        80.90.241.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:61:3b:15:b0:48:68:1a:05:2a:a6:c8:71:89:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0802b95ce6239d526c35ae7a8e2ceb48aeb82b5f
        Validity
            Not Before: Jan  1 01:48:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=121737039c05cb14b1695bb624dfe5da7e9b10ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:9b:ab:26:d1:23:54:b3:86:12:b7:46:ab:8e:
                    ff:05:94:c6:19:52:8d:d8:81:aa:6a:83:dc:3b:53:
                    5b:a1:95:4e:e9:a1:83:21:e9:81:5b:d9:50:65:22:
                    95:11:27:2c:e7:2b:19:d4:c3:18:f5:cb:b5:59:a9:
                    df:10:d8:a5:e7:3d:f7:eb:17:29:2e:a9:ca:b2:29:
                    8e:d8:b5:3b:ba:cd:0c:1b:ab:9c:74:71:f1:4b:e9:
                    5a:26:6c:2e:88:00:33:f3:81:ad:f3:7e:f0:0e:61:
                    4d:e2:32:78:5f:97:45:42:bd:a6:4f:10:08:81:e1:
                    68:1e:3b:27:c9:05:fc:ae:37:10:6e:58:6a:d4:cd:
                    74:ae:f8:82:55:96:90:1c:93:4f:9f:ca:8e:d8:d1:
                    01:ba:5f:ec:95:3b:ce:15:a6:4d:8b:87:35:a2:4a:
                    c0:45:0f:54:46:c0:8d:25:0e:29:c1:26:d5:5e:de:
                    0e:a8:1f:c2:71:c7:a2:22:26:ee:f2:47:33:1b:0d:
                    11:e2:49:18:04:1a:82:ca:f3:e2:59:c8:f7:f8:30:
                    07:e6:1d:86:b1:4a:4a:8a:ac:68:12:04:d7:b3:6d:
                    be:44:78:e4:02:2c:0e:ac:91:d4:f7:d5:d0:23:20:
                    54:31:ed:ec:23:77:78:70:e2:9f:f8:c8:1c:4c:89:
                    f2:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:17:37:03:9C:05:CB:14:B1:69:5B:B6:24:DF:E5:DA:7E:9B:10:CE
            X509v3 Authority Key Identifier:
                keyid:08:02:B9:5C:E6:23:9D:52:6C:35:AE:7A:8E:2C:EB:48:AE:B8:2B:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/Ehc3A5wFyxSxaVu2JN_l2n6bEM4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.90.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c3:9c:1a:2c:a6:81:56:80:72:d0:cc:9b:2c:f3:94:68:32:a9:
         4b:23:d1:b2:17:93:07:5c:ed:34:76:18:28:00:68:da:99:e9:
         49:6a:92:09:59:c8:1e:77:4c:3e:a4:27:e7:eb:32:c4:00:05:
         76:71:ac:88:f3:fa:9f:87:ae:c0:a0:8e:47:b1:8b:80:ac:9f:
         d9:68:0c:9a:58:d6:d2:f9:c3:43:3e:c9:be:a5:29:9f:85:bf:
         de:13:60:2e:52:84:7a:fa:1b:aa:71:b4:52:1c:2d:e8:54:fe:
         dc:1a:11:a0:e5:47:3d:1d:c9:9b:47:ec:82:dd:91:f3:03:a8:
         51:13:66:05:0b:cd:9e:d5:cd:2e:d9:00:3c:9e:b5:66:9b:b9:
         a8:61:5d:ea:3b:b1:3a:9e:a7:35:da:18:08:00:6d:db:d0:00:
         d4:b5:67:1b:29:dc:01:cb:2c:ae:3b:77:d7:6d:c0:a0:18:ee:
         d7:14:89:b3:bf:74:41:6f:b6:12:af:91:10:a8:67:a8:93:0f:
         4f:10:ad:fb:1d:09:bf:b6:3d:1e:46:69:3b:06:17:04:fc:f6:
         94:42:ce:04:ec:27:4c:c2:a1:1e:09:11:3f:34:fd:23:41:9f:
         6b:0e:5f:18:7c:fd:61:cd:17:ba:cb:9f:7a:39:67:46:a0:b8:
         29:cc:99:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjGE7FbBIaBoFKqbIcYnxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MDJiOTVjZTYyMzlkNTI2YzM1YWU3YThlMmNlYjQ4YWVi
ODJiNWYwHhcNMjUwMTAxMDE0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjE3MzcwMzljMDVjYjE0YjE2OTViYjYyNGRmZTVkYTdlOWIxMGNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5JurJtEjVLOGErdGq47/BZTGGVKN
2IGqaoPcO1NboZVO6aGDIemBW9lQZSKVEScs5ysZ1MMY9cu1WanfENil5z336xcp
LqnKsimO2LU7us0MG6ucdHHxS+laJmwuiAAz84Gt837wDmFN4jJ4X5dFQr2mTxAI
geFoHjsnyQX8rjcQblhq1M10rviCVZaQHJNPn8qO2NEBul/slTvOFaZNi4c1okrA
RQ9URsCNJQ4pwSbVXt4OqB/CcceiIibu8kczGw0R4kkYBBqCyvPiWcj3+DAH5h2G
sUpKiqxoEgTXs22+RHjkAiwOrJHU99XQIyBUMe3sI3d4cOKf+MgcTInyqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBIXNwOcBcsUsWlbtiTf5dp+mxDOMB8GA1UdIwQY
MBaAFAgCuVzmI51SbDWueo4s60iuuCtfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0FLNVhPWWpuVkpzTmE1NmppenJTSzY0SzE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8xMGU5NjUtNzQwOS00NGQ4LTk1MDIt
Y2YwYWEzZWNhZDI4LzEvRWhjM0E1d0Z5eFN4YVZ1MkpOX2wybjZiRU00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC8xMGU5NjUtNzQwOS00NGQ4LTk1MDItY2YwYWEzZWNhZDI4
LzEvQ0FLNVhPWWpuVkpzTmE1NmppenJTSzY0SzE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUFrxMA0G
CSqGSIb3DQEBCwUAA4IBAQDDnBospoFWgHLQzJss85RoMqlLI9GyF5MHXO00dhgo
AGjamelJapIJWcged0w+pCfn6zLEAAV2cayI8/qfh67AoI5HsYuArJ/ZaAyaWNbS
+cNDPsm+pSmfhb/eE2AuUoR6+huqcbRSHC3oVP7cGhGg5Uc9HcmbR+yC3ZHzA6hR
E2YFC82e1c0u2QA8nrVmm7moYV3qO7E6nqc12hgIAG3b0ADUtWcbKdwByyyuO3fX
bcCgGO7XFImzv3RBb7YSr5EQqGeokw9PEK37HQm/tj0eRmk7BhcE/PaUQs4E7CdM
wqEeCRE/NP0jQZ9rDl8YfP1hzRe6y596OWdGoLgpzJl8
-----END CERTIFICATE-----