Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/e5cf00-55b8-4359-ac1e-aa0c4dc03222/1/65W0hMH5imwR6YS4mShKkxbZjFo.roa
File:                     65W0hMH5imwR6YS4mShKkxbZjFo.roa (raw, json)
Hash identifier:          kU7X0b0mkJB1n4o3bpZPOzLKa+6EO4Bcl+yuLyPTrrk=
Subject key identifier:   EB:95:B4:84:C1:F9:8A:6C:11:E9:84:B8:99:28:4A:93:16:D9:8C:5A
Certificate issuer:       /CN=e2d73ffc3f37c4fec4bd35ad1c595cd056baecfd
Certificate serial:       0191293C04322DC3E9766541ABC28B7DC0C9
Authority key identifier: E2:D7:3F:FC:3F:37:C4:FE:C4:BD:35:AD:1C:59:5C:D0:56:BA:EC:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4tc__D83xP7EvTWtHFlc0Fa67P0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/e5cf00-55b8-4359-ac1e-aa0c4dc03222/1/65W0hMH5imwR6YS4mShKkxbZjFo.roa
Signing time:             Tue 06 Aug 2024 19:48:04 +0000
ROA not before:           Tue 06 Aug 2024 19:48:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58192
IP address blocks:        185.93.89.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/e5cf00-55b8-4359-ac1e-aa0c4dc03222/1/4tc__D83xP7EvTWtHFlc0Fa67P0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/e5cf00-55b8-4359-ac1e-aa0c4dc03222/1/4tc__D83xP7EvTWtHFlc0Fa67P0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4tc__D83xP7EvTWtHFlc0Fa67P0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:55:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:29:3c:04:32:2d:c3:e9:76:65:41:ab:c2:8b:7d:c0:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2d73ffc3f37c4fec4bd35ad1c595cd056baecfd
        Validity
            Not Before: Aug  6 19:48:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eb95b484c1f98a6c11e984b899284a9316d98c5a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:0b:a6:83:ee:21:e5:8b:fe:50:b4:3e:1d:af:
                    7f:43:a3:08:73:d7:5d:5b:54:88:30:18:de:74:a8:
                    91:53:03:ae:42:44:3b:68:85:ec:bf:de:8a:61:ec:
                    e6:5e:ea:5a:7c:5c:74:2e:2a:5c:e3:ac:1f:83:89:
                    27:14:ec:f9:d8:86:56:1f:f5:48:0e:cb:20:2e:6a:
                    e9:cf:33:0e:5d:10:a3:e7:3f:49:8e:58:f5:9f:46:
                    f0:f5:37:81:57:54:17:16:b6:d1:58:b8:14:a2:dd:
                    65:06:b5:b4:48:4f:fe:e2:90:ff:94:7b:16:b6:8c:
                    c2:17:82:ed:73:89:22:3c:d7:5d:08:7f:49:5e:ce:
                    27:7f:d2:f3:36:41:42:52:ef:c6:f9:da:59:3e:03:
                    ca:91:96:44:58:2c:e7:79:0d:33:d4:80:91:62:95:
                    28:33:eb:f2:15:30:d8:4c:56:1e:5f:32:7b:cd:92:
                    3f:64:37:df:02:92:41:a0:5e:44:49:2a:f3:1a:68:
                    d1:61:9d:cd:f3:77:18:0b:0f:9a:79:cf:46:ca:43:
                    13:7f:d6:38:dd:f6:bc:3c:24:57:9a:e1:03:56:60:
                    dc:37:f9:c9:a8:3c:9f:83:50:77:42:07:48:a6:4e:
                    5c:c0:63:9f:1e:69:2a:69:73:91:a8:c1:5a:e5:78:
                    af:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:95:B4:84:C1:F9:8A:6C:11:E9:84:B8:99:28:4A:93:16:D9:8C:5A
            X509v3 Authority Key Identifier:
                keyid:E2:D7:3F:FC:3F:37:C4:FE:C4:BD:35:AD:1C:59:5C:D0:56:BA:EC:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4tc__D83xP7EvTWtHFlc0Fa67P0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/e5cf00-55b8-4359-ac1e-aa0c4dc03222/1/65W0hMH5imwR6YS4mShKkxbZjFo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/e5cf00-55b8-4359-ac1e-aa0c4dc03222/1/4tc__D83xP7EvTWtHFlc0Fa67P0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.93.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:f0:d6:f1:f8:de:98:97:c2:a9:22:e1:65:b8:d6:0a:8c:3d:
         fc:ae:c3:34:75:e3:32:35:8a:96:a7:35:fe:25:0e:f7:64:59:
         40:03:7a:0f:27:b0:b3:ef:0b:88:17:17:a0:a2:c0:49:41:94:
         1f:a9:53:d8:6f:69:6e:cf:04:49:c6:33:e6:b5:9a:35:02:09:
         28:50:20:43:56:0f:e8:19:e1:8c:61:a5:f0:b1:cc:c7:26:6f:
         9b:f2:44:81:aa:1f:26:4a:91:27:d4:73:83:84:31:bf:83:d6:
         db:19:cd:f2:3c:ef:75:6c:2f:1a:e0:e7:e3:0e:f7:61:e5:aa:
         68:b0:5f:3b:88:dc:38:26:83:e8:4e:f3:eb:9c:1d:46:66:a7:
         ca:22:1a:c0:b9:09:53:70:3b:8b:e9:46:7d:a4:13:2b:38:21:
         b8:cf:fa:56:2a:31:e0:9f:f9:fa:16:f7:49:45:dc:72:5b:38:
         c3:48:5f:e5:99:47:fa:06:7c:83:f2:bb:62:4e:c5:a1:9f:ca:
         39:3e:8f:66:03:72:09:4c:05:48:1d:0c:1f:df:2e:ba:db:cb:
         a4:ae:cc:8a:60:ee:95:3b:e7:c2:ed:7d:15:d0:0a:94:5b:a6:
         08:0d:8b:a3:28:d2:a7:49:bb:1e:a9:6c:3d:70:86:76:8a:4d:
         f3:38:a3:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZEpPAQyLcPpdmVBq8KLfcDJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyZDczZmZjM2YzN2M0ZmVjNGJkMzVhZDFjNTk1Y2QwNTZi
YWVjZmQwHhcNMjQwODA2MTk0ODA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjk1YjQ4NGMxZjk4YTZjMTFlOTg0Yjg5OTI4NGE5MzE2ZDk4YzVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuQumg+4h5Yv+ULQ+Ha9/Q6MIc9dd
W1SIMBjedKiRUwOuQkQ7aIXsv96KYezmXupafFx0Lipc46wfg4knFOz52IZWH/VI
DssgLmrpzzMOXRCj5z9Jjlj1n0bw9TeBV1QXFrbRWLgUot1lBrW0SE/+4pD/lHsW
tozCF4Ltc4kiPNddCH9JXs4nf9LzNkFCUu/G+dpZPgPKkZZEWCzneQ0z1ICRYpUo
M+vyFTDYTFYeXzJ7zZI/ZDffApJBoF5ESSrzGmjRYZ3N83cYCw+aec9GykMTf9Y4
3fa8PCRXmuEDVmDcN/nJqDyfg1B3QgdIpk5cwGOfHmkqaXORqMFa5Xiv1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOuVtITB+YpsEemEuJkoSpMW2YxaMB8GA1UdIwQY
MBaAFOLXP/w/N8T+xL01rRxZXNBWuuz9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHRjX19EODN4UDdFdlRXdEhGbGMwRmE2N1AwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS9lNWNmMDAtNTViOC00MzU5LWFjMWUt
YWEwYzRkYzAzMjIyLzEvNjVXMGhNSDVpbXdSNllTNG1TaEtreGJaakZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS9lNWNmMDAtNTViOC00MzU5LWFjMWUtYWEwYzRkYzAzMjIy
LzEvNHRjX19EODN4UDdFdlRXdEhGbGMwRmE2N1AwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuV1ZMA0G
CSqGSIb3DQEBCwUAA4IBAQBq8Nbx+N6Yl8KpIuFluNYKjD38rsM0deMyNYqWpzX+
JQ73ZFlAA3oPJ7Cz7wuIFxegosBJQZQfqVPYb2luzwRJxjPmtZo1AgkoUCBDVg/o
GeGMYaXwsczHJm+b8kSBqh8mSpEn1HODhDG/g9bbGc3yPO91bC8a4OfjDvdh5apo
sF87iNw4JoPoTvPrnB1GZqfKIhrAuQlTcDuL6UZ9pBMrOCG4z/pWKjHgn/n6FvdJ
RdxyWzjDSF/lmUf6BnyD8rtiTsWhn8o5Po9mA3IJTAVIHQwf3y6628ukrsyKYO6V
O+fC7X0V0AqUW6YIDYujKNKnSbseqWw9cIZ2ik3zOKNn
-----END CERTIFICATE-----