Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/EHOd_Gn88FlRHN10Q46Qi17A5yw.roa
File:                     EHOd_Gn88FlRHN10Q46Qi17A5yw.roa (raw, json)
Hash identifier:          9vuQ3ygCAvmj1IqgsBCdlVaz3EdYkvzUAMTr3WBBRls=
Subject key identifier:   10:73:9D:FC:69:FC:F0:59:51:1C:DD:74:43:8E:90:8B:5E:C0:E7:2C
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       018CC64AEC20C6807214BCCAA9A5BADB907E
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/EHOd_Gn88FlRHN10Q46Qi17A5yw.roa
Signing time:             Mon 01 Jan 2024 18:30:48 +0000
ROA not before:           Mon 01 Jan 2024 18:30:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49852
IP address blocks:        85.121.150.0/24 maxlen: 24
                          80.96.30.0/23 maxlen: 23
                          85.121.218.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:ec:20:c6:80:72:14:bc:ca:a9:a5:ba:db:90:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Jan  1 18:30:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=10739dfc69fcf059511cdd74438e908b5ec0e72c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:83:49:6f:b4:24:3d:50:03:22:0c:37:f5:2d:
                    25:d9:fd:9a:3e:0d:a9:2d:ce:b4:6b:bc:5a:34:64:
                    a4:46:66:29:ff:7f:da:4a:11:6e:b8:81:27:ff:27:
                    56:f6:5b:b1:d7:0c:c1:db:30:71:06:ef:a5:e0:83:
                    06:df:ad:b7:da:13:2d:d0:85:77:71:c4:b4:4c:15:
                    23:68:49:de:58:83:a3:3f:e8:5d:ab:d5:d2:3d:eb:
                    94:16:fd:50:ba:98:4a:89:c0:64:c2:5c:77:09:16:
                    ac:73:91:d5:ce:40:10:ac:6c:db:99:ba:76:2c:70:
                    41:99:ab:c8:89:68:cd:07:53:72:30:3f:e1:bb:59:
                    e2:8d:57:2d:31:fb:1b:b2:dc:8c:be:83:bd:f7:a5:
                    eb:64:e5:56:ea:b4:6b:69:0a:48:8c:2c:58:4f:12:
                    1b:56:9c:ff:0f:1b:36:18:2c:28:7b:b8:d0:7a:f0:
                    8d:fe:a2:b4:af:54:95:7b:ad:eb:fe:a6:89:0b:ea:
                    fc:46:d0:ad:2f:84:f7:40:05:72:d8:4f:10:20:26:
                    28:7b:12:3a:5b:69:6d:75:69:fc:39:5c:eb:bf:95:
                    40:8a:44:8e:9e:86:d0:f8:8c:30:d3:0d:6a:5d:fd:
                    7a:eb:87:16:53:19:6d:c5:29:25:ba:dc:0d:75:87:
                    b5:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:73:9D:FC:69:FC:F0:59:51:1C:DD:74:43:8E:90:8B:5E:C0:E7:2C
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/EHOd_Gn88FlRHN10Q46Qi17A5yw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.96.30.0/23
                  85.121.150.0/24
                  85.121.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:b3:82:c7:97:ec:24:2f:f6:62:8f:73:c9:eb:76:e5:48:40:
         fc:2e:15:f1:c2:68:16:3b:4b:b5:b8:c2:f5:6e:f5:c7:6f:3f:
         d0:c5:72:7f:e9:22:b2:7e:be:0d:61:7d:62:b3:20:a9:f6:40:
         ee:d7:92:32:7c:7d:d3:fd:cb:ed:a0:c1:17:d9:79:f3:77:64:
         8e:f8:6c:d2:ea:45:ef:68:c6:45:7d:35:62:ed:17:d1:6e:f0:
         5f:7a:9f:41:f3:3c:7d:83:45:f6:b9:92:a3:a2:d6:bb:f7:7a:
         bd:24:c6:35:e2:5d:77:9c:72:ee:aa:ae:df:cf:a7:e4:7f:62:
         70:6d:2e:2f:65:67:03:3f:37:e5:f0:4d:64:bd:18:f9:6d:45:
         aa:78:43:f8:63:f4:6f:a9:ff:a4:0d:81:08:b1:4d:3f:eb:d3:
         90:b6:c8:ea:b6:d8:fc:5c:36:85:d3:d9:ad:bf:65:33:51:e8:
         d3:ba:be:4d:cb:c5:2e:65:58:75:9c:fb:e8:04:f1:4b:9f:eb:
         47:b7:23:7a:92:2a:fb:ca:cb:f2:cc:d9:df:29:88:97:cc:0a:
         2a:cc:b9:ba:68:59:e5:a7:43:ea:ff:d5:5c:e6:09:1a:f4:9c:
         6b:b7:c0:10:35:36:3f:46:61:9a:8b:7f:f8:26:96:a4:a7:c1:
         d1:61:eb:d2
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzGSuwgxoByFLzKqaW625B+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjQwMTAxMTgzMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDczOWRmYzY5ZmNmMDU5NTExY2RkNzQ0MzhlOTA4YjVlYzBlNzJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlYNJb7QkPVADIgw39S0l2f2aPg2p
Lc60a7xaNGSkRmYp/3/aShFuuIEn/ydW9lux1wzB2zBxBu+l4IMG36232hMt0IV3
ccS0TBUjaEneWIOjP+hdq9XSPeuUFv1QuphKicBkwlx3CRasc5HVzkAQrGzbmbp2
LHBBmavIiWjNB1NyMD/hu1nijVctMfsbstyMvoO996XrZOVW6rRraQpIjCxYTxIb
Vpz/Dxs2GCwoe7jQevCN/qK0r1SVe63r/qaJC+r8RtCtL4T3QAVy2E8QICYoexI6
W2ltdWn8OVzrv5VAikSOnobQ+Iww0w1qXf1664cWUxltxSklutwNdYe1pQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBBznfxp/PBZURzddEOOkItewOcsMB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvRUhPZF9Hbjg4RmxSSE4xMFE0NlFpMTdBNXl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBUGAeAwQA
VXmWAwQAVXnaMA0GCSqGSIb3DQEBCwUAA4IBAQAYs4LHl+wkL/Zij3PJ63blSED8
LhXxwmgWO0u1uML1bvXHbz/QxXJ/6SKyfr4NYX1isyCp9kDu15IyfH3T/cvtoMEX
2Xnzd2SO+GzS6kXvaMZFfTVi7RfRbvBfep9B8zx9g0X2uZKjota793q9JMY14l13
nHLuqq7fz6fkf2JwbS4vZWcDPzfl8E1kvRj5bUWqeEP4Y/Rvqf+kDYEIsU0/69OQ
tsjqttj8XDaF09mtv2UzUejTur5Ny8UuZVh1nPvoBPFLn+tHtyN6kir7ysvyzNnf
KYiXzAoqzLm6aFnlp0Pq/9Vc5gka9Jxrt8AQNTY/RmGai3/4Jpakp8HRYevS
-----END CERTIFICATE-----