Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/79c4ba-38e2-4f5a-959f-47e0937989a8/1/EuHoUL7bWKq1efgqPRlwiuE1TYY.roa
File:                     EuHoUL7bWKq1efgqPRlwiuE1TYY.roa (raw, json)
Hash identifier:          /jKoOusv3A6Fl6GQdJtIb5QtT2fkckUwQIAcK9lW+aY=
Subject key identifier:   12:E1:E8:50:BE:DB:58:AA:B5:79:F8:2A:3D:19:70:8A:E1:35:4D:86
Certificate issuer:       /CN=59dd542781851c0bce5a3ea5cc387650ffc8277e
Certificate serial:       018CC9BCEFD3E45322C4E83FC8234EC47E37
Authority key identifier: 59:DD:54:27:81:85:1C:0B:CE:5A:3E:A5:CC:38:76:50:FF:C8:27:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Wd1UJ4GFHAvOWj6lzDh2UP_IJ34.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/79c4ba-38e2-4f5a-959f-47e0937989a8/1/EuHoUL7bWKq1efgqPRlwiuE1TYY.roa
Signing time:             Tue 02 Jan 2024 10:34:11 +0000
ROA not before:           Tue 02 Jan 2024 10:34:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201486
IP address blocks:        84.47.189.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/79c4ba-38e2-4f5a-959f-47e0937989a8/1/Wd1UJ4GFHAvOWj6lzDh2UP_IJ34.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/79c4ba-38e2-4f5a-959f-47e0937989a8/1/Wd1UJ4GFHAvOWj6lzDh2UP_IJ34.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Wd1UJ4GFHAvOWj6lzDh2UP_IJ34.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 13:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:ef:d3:e4:53:22:c4:e8:3f:c8:23:4e:c4:7e:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=59dd542781851c0bce5a3ea5cc387650ffc8277e
        Validity
            Not Before: Jan  2 10:34:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=12e1e850bedb58aab579f82a3d19708ae1354d86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:85:27:25:ae:ca:b4:4c:f4:b4:72:47:2c:e9:
                    1b:3a:7c:df:c8:d1:de:95:75:b4:eb:fc:ae:a6:f8:
                    79:27:ed:81:8d:17:3c:c7:f0:4c:0e:f0:83:09:6b:
                    da:0f:8f:51:4b:e6:2e:ee:a1:97:64:76:1c:ba:6d:
                    ba:fa:cc:db:c6:ce:cc:bd:85:0a:05:c4:9e:7c:2b:
                    d9:fb:bc:fd:b5:55:df:65:af:5d:5f:f8:3d:0e:9d:
                    e8:15:5a:29:28:10:dc:81:a6:dc:31:3a:75:19:3d:
                    61:2d:f0:7a:92:09:97:c8:85:b3:bf:66:96:6e:48:
                    3a:fb:86:95:99:dc:ec:bb:f9:a9:ee:07:a6:ed:d9:
                    b8:7c:c9:c0:ce:12:e3:79:d7:fd:67:0b:6b:35:9e:
                    56:f0:29:ea:af:a9:6b:b8:98:62:a9:12:a9:cd:a8:
                    0f:34:c6:32:ce:5b:9d:d2:14:c7:ca:97:50:7f:94:
                    72:31:f3:a1:c5:87:4b:cb:7f:b7:45:2d:d8:01:79:
                    cf:90:3a:7c:6c:d4:9b:17:70:94:02:85:4a:5d:55:
                    ec:30:52:96:65:f1:91:a4:b3:f1:42:7f:8e:ba:93:
                    27:94:b3:f6:00:44:eb:62:1f:84:0b:3d:5f:e5:7f:
                    66:83:fb:a0:27:93:f6:3b:12:6e:59:4b:e7:08:05:
                    a9:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:E1:E8:50:BE:DB:58:AA:B5:79:F8:2A:3D:19:70:8A:E1:35:4D:86
            X509v3 Authority Key Identifier:
                keyid:59:DD:54:27:81:85:1C:0B:CE:5A:3E:A5:CC:38:76:50:FF:C8:27:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Wd1UJ4GFHAvOWj6lzDh2UP_IJ34.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/79c4ba-38e2-4f5a-959f-47e0937989a8/1/EuHoUL7bWKq1efgqPRlwiuE1TYY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/79c4ba-38e2-4f5a-959f-47e0937989a8/1/Wd1UJ4GFHAvOWj6lzDh2UP_IJ34.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.47.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:f8:87:1f:92:1e:7e:67:33:33:3a:24:f9:60:b2:bc:82:67:
         f1:52:81:4b:89:fa:bf:66:9f:9b:fa:40:0c:6e:66:aa:a5:16:
         a5:a1:aa:f1:56:f4:a4:2a:8c:26:e7:fe:a1:fe:32:fc:64:d5:
         fd:86:19:ca:63:01:75:da:60:c9:b1:8e:b0:03:09:23:4d:4d:
         de:44:53:1f:95:c7:ba:c8:ee:5a:82:7f:3d:7c:f6:ab:8a:cd:
         ce:e4:03:90:00:31:c7:98:14:5d:4b:10:40:29:a4:41:ef:4e:
         c3:72:35:5a:2a:64:44:50:aa:c8:fe:2b:f4:b8:ac:1d:f9:12:
         19:82:2e:b8:70:a3:2b:f5:64:88:6c:c2:42:1d:76:8c:41:b9:
         36:6a:69:7e:8d:93:b1:f4:83:9a:77:36:b7:90:98:25:9a:f2:
         6d:bb:83:e5:41:e2:b9:5e:75:ec:07:1b:bd:11:ae:0f:a0:e7:
         ab:61:77:83:bb:a5:89:48:92:de:b0:30:d0:39:af:94:0b:f3:
         0d:c0:88:c9:c7:02:99:0b:34:5f:d2:29:b3:f9:1e:e2:1a:77:
         2c:9e:59:3c:18:49:06:2f:f1:a4:17:fc:8b:f3:7c:8f:0b:b1:
         07:60:d3:f3:01:00:90:9e:cd:04:5d:a8:c3:cc:b8:df:d3:2c:
         2d:78:51:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvO/T5FMixOg/yCNOxH43MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5ZGQ1NDI3ODE4NTFjMGJjZTVhM2VhNWNjMzg3NjUwZmZj
ODI3N2UwHhcNMjQwMTAyMTAzNDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMmUxZTg1MGJlZGI1OGFhYjU3OWY4MmEzZDE5NzA4YWUxMzU0ZDg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiYUnJa7KtEz0tHJHLOkbOnzfyNHe
lXW06/yupvh5J+2BjRc8x/BMDvCDCWvaD49RS+Yu7qGXZHYcum26+szbxs7MvYUK
BcSefCvZ+7z9tVXfZa9dX/g9Dp3oFVopKBDcgabcMTp1GT1hLfB6kgmXyIWzv2aW
bkg6+4aVmdzsu/mp7gem7dm4fMnAzhLjedf9ZwtrNZ5W8Cnqr6lruJhiqRKpzagP
NMYyzlud0hTHypdQf5RyMfOhxYdLy3+3RS3YAXnPkDp8bNSbF3CUAoVKXVXsMFKW
ZfGRpLPxQn+OupMnlLP2AETrYh+ECz1f5X9mg/ugJ5P2OxJuWUvnCAWpAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBLh6FC+21iqtXn4Kj0ZcIrhNU2GMB8GA1UdIwQY
MBaAFFndVCeBhRwLzlo+pcw4dlD/yCd+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2QxVUo0R0ZIQXZPV2o2bHpEaDJVUF9JSjM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi83OWM0YmEtMzhlMi00ZjVhLTk1OWYt
NDdlMDkzNzk4OWE4LzEvRXVIb1VMN2JXS3ExZWZncVBSbHdpdUUxVFlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi83OWM0YmEtMzhlMi00ZjVhLTk1OWYtNDdlMDkzNzk4OWE4
LzEvV2QxVUo0R0ZIQXZPV2o2bHpEaDJVUF9JSjM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVC+9MA0G
CSqGSIb3DQEBCwUAA4IBAQCZ+Icfkh5+ZzMzOiT5YLK8gmfxUoFLifq/Zp+b+kAM
bmaqpRaloarxVvSkKowm5/6h/jL8ZNX9hhnKYwF12mDJsY6wAwkjTU3eRFMflce6
yO5agn89fParis3O5AOQADHHmBRdSxBAKaRB707DcjVaKmREUKrI/iv0uKwd+RIZ
gi64cKMr9WSIbMJCHXaMQbk2aml+jZOx9IOadza3kJglmvJtu4PlQeK5XnXsBxu9
Ea4PoOerYXeDu6WJSJLesDDQOa+UC/MNwIjJxwKZCzRf0imz+R7iGncsnlk8GEkG
L/GkF/yL83yPC7EHYNPzAQCQns0EXajDzLjf0ywteFHz
-----END CERTIFICATE-----