Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/EbdEBw9khSsZyEvxRDw7Tu5ANLE.roa
File:                     EbdEBw9khSsZyEvxRDw7Tu5ANLE.roa (raw, json)
Hash identifier:          JOcS8jr0TvLK4zKsZ9cWaxJDVrCrstxAm5dJS6PXXjU=
Subject key identifier:   11:B7:44:07:0F:64:85:2B:19:C8:4B:F1:44:3C:3B:4E:EE:40:34:B1
Certificate issuer:       /CN=9cb25ce550e4d9bda05bd5d45c8b6ba37430bbba
Certificate serial:       0190A2C67872022E6FC32C7E57993211EFD4
Authority key identifier: 9C:B2:5C:E5:50:E4:D9:BD:A0:5B:D5:D4:5C:8B:6B:A3:74:30:BB:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nLJc5VDk2b2gW9XUXItro3Qwu7o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/EbdEBw9khSsZyEvxRDw7Tu5ANLE.roa
Signing time:             Thu 11 Jul 2024 17:10:34 +0000
ROA not before:           Thu 11 Jul 2024 17:10:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35758
IP address blocks:        185.114.205.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/nLJc5VDk2b2gW9XUXItro3Qwu7o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/nLJc5VDk2b2gW9XUXItro3Qwu7o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nLJc5VDk2b2gW9XUXItro3Qwu7o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:a2:c6:78:72:02:2e:6f:c3:2c:7e:57:99:32:11:ef:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9cb25ce550e4d9bda05bd5d45c8b6ba37430bbba
        Validity
            Not Before: Jul 11 17:10:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=11b744070f64852b19c84bf1443c3b4eee4034b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:ae:51:22:2e:79:6a:65:c0:76:d2:7b:63:7b:
                    2e:c3:43:07:40:ca:07:74:a2:84:be:bc:54:42:0b:
                    29:ec:44:da:5b:64:7d:d8:62:31:26:b6:04:78:4f:
                    cf:15:d7:ce:02:1a:e8:07:ab:36:59:79:47:3a:4e:
                    8f:75:5a:85:dd:2a:6a:42:d0:09:44:66:c3:9a:f9:
                    1c:6c:c4:09:4b:0f:62:b2:34:94:7a:9e:5b:04:81:
                    48:14:6f:87:52:d4:bc:ba:1e:ef:82:ec:25:61:11:
                    5f:f4:6c:50:d6:39:f3:7b:64:33:d3:42:f2:88:eb:
                    d8:ae:90:83:b4:1f:bc:d6:a0:31:42:45:40:27:7c:
                    e4:d0:d9:31:16:d3:7e:b5:40:ef:45:e0:08:19:5c:
                    8d:8a:a8:8e:b0:90:68:1e:b6:81:1e:15:41:1a:e2:
                    4e:80:48:07:61:e0:a5:4f:ad:3a:9b:75:9b:d4:b9:
                    c1:06:76:40:ec:d3:bc:06:65:38:ec:e0:7e:f2:fe:
                    c6:2f:12:9a:bc:c6:14:b2:3c:8a:8e:47:60:0f:7b:
                    be:7e:7e:79:a8:96:64:de:cd:ea:4e:74:8d:54:95:
                    aa:1c:68:07:fd:97:87:4d:a8:10:c0:aa:2a:d4:ad:
                    c9:e7:cb:01:7c:f5:da:f4:f5:c4:a8:9f:87:0c:c0:
                    95:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:B7:44:07:0F:64:85:2B:19:C8:4B:F1:44:3C:3B:4E:EE:40:34:B1
            X509v3 Authority Key Identifier:
                keyid:9C:B2:5C:E5:50:E4:D9:BD:A0:5B:D5:D4:5C:8B:6B:A3:74:30:BB:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nLJc5VDk2b2gW9XUXItro3Qwu7o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/EbdEBw9khSsZyEvxRDw7Tu5ANLE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/nLJc5VDk2b2gW9XUXItro3Qwu7o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.114.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:dd:96:81:03:7f:c6:12:04:7e:cd:d2:ef:79:99:08:d8:b9:
         f9:a4:59:0d:4c:3a:20:17:d2:c6:6a:12:40:d9:f8:90:7e:99:
         a5:5a:d1:03:be:7b:2c:d7:2f:82:9d:53:91:ad:f8:e5:39:c4:
         3d:d2:88:30:3f:af:26:b7:b3:7f:fe:c6:5c:3a:48:64:18:e4:
         38:76:be:d9:bd:b1:0c:99:33:8a:3b:9e:94:f1:4f:24:8f:bf:
         db:47:91:70:43:a5:c5:6b:b8:f6:57:78:18:a6:24:57:9a:84:
         b6:54:14:6f:6f:c3:8d:36:04:f7:10:36:3a:06:a0:fb:b4:8f:
         c2:3b:46:c7:5b:c5:fb:f2:63:36:2f:e7:14:c4:d5:b1:fe:ca:
         5b:5d:12:36:1c:15:01:8b:19:06:de:86:09:4a:f1:38:5f:b1:
         9e:35:53:60:27:42:ff:59:06:50:93:32:26:5d:5d:0d:f4:48:
         5d:79:78:8f:5c:56:f3:85:9b:5d:0e:e6:28:8c:3f:50:7b:65:
         d7:56:86:8f:52:75:8a:df:64:5e:20:40:db:33:8f:34:78:71:
         e5:d9:3a:6c:fa:6f:aa:92:2a:9e:60:e2:bc:35:78:64:f0:60:
         18:49:92:9c:32:f1:95:a0:bb:c5:05:89:a0:6d:9d:41:04:23:
         12:93:e5:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZCixnhyAi5vwyx+V5kyEe/UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljYjI1Y2U1NTBlNGQ5YmRhMDViZDVkNDVjOGI2YmEzNzQz
MGJiYmEwHhcNMjQwNzExMTcxMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMWI3NDQwNzBmNjQ4NTJiMTljODRiZjE0NDNjM2I0ZWVlNDAzNGIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAma5RIi55amXAdtJ7Y3suw0MHQMoH
dKKEvrxUQgsp7ETaW2R92GIxJrYEeE/PFdfOAhroB6s2WXlHOk6PdVqF3SpqQtAJ
RGbDmvkcbMQJSw9isjSUep5bBIFIFG+HUtS8uh7vguwlYRFf9GxQ1jnze2Qz00Ly
iOvYrpCDtB+81qAxQkVAJ3zk0NkxFtN+tUDvReAIGVyNiqiOsJBoHraBHhVBGuJO
gEgHYeClT606m3Wb1LnBBnZA7NO8BmU47OB+8v7GLxKavMYUsjyKjkdgD3u+fn55
qJZk3s3qTnSNVJWqHGgH/ZeHTagQwKoq1K3J58sBfPXa9PXEqJ+HDMCV5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBG3RAcPZIUrGchL8UQ8O07uQDSxMB8GA1UdIwQY
MBaAFJyyXOVQ5Nm9oFvV1FyLa6N0MLu6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkxKYzVWRGsyYjJnVzlYVVhJdHJvM1F3dTdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS80ZjMzNmItNGE3OS00NDI1LTk1NTYt
YmU0NWYwZDJhYmJiLzEvRWJkRUJ3OWtoU3NaeUV2eFJEdzdUdTVBTkxFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS80ZjMzNmItNGE3OS00NDI1LTk1NTYtYmU0NWYwZDJhYmJi
LzEvbkxKYzVWRGsyYjJnVzlYVVhJdHJvM1F3dTdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXLNMA0G
CSqGSIb3DQEBCwUAA4IBAQBh3ZaBA3/GEgR+zdLveZkI2Ln5pFkNTDogF9LGahJA
2fiQfpmlWtEDvnss1y+CnVORrfjlOcQ90ogwP68mt7N//sZcOkhkGOQ4dr7ZvbEM
mTOKO56U8U8kj7/bR5FwQ6XFa7j2V3gYpiRXmoS2VBRvb8ONNgT3EDY6BqD7tI/C
O0bHW8X78mM2L+cUxNWx/spbXRI2HBUBixkG3oYJSvE4X7GeNVNgJ0L/WQZQkzIm
XV0N9EhdeXiPXFbzhZtdDuYojD9Qe2XXVoaPUnWK32ReIEDbM480eHHl2Tps+m+q
kiqeYOK8NXhk8GAYSZKcMvGVoLvFBYmgbZ1BBCMSk+VF
-----END CERTIFICATE-----