Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/EAS6KfBFqKEZbWY5fu6CGL_F9Ys.roa
File:                     EAS6KfBFqKEZbWY5fu6CGL_F9Ys.roa (raw, json)
Hash identifier:          8MbeO2wrKAFIuAFdWb/CrYTqlN67/4ACM9R69yO4xzw=
Subject key identifier:   10:04:BA:29:F0:45:A8:A1:19:6D:66:39:7E:EE:82:18:BF:C5:F5:8B
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       018CC56E0C86F9A52F6F2137FD447AF2F6C2
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/EAS6KfBFqKEZbWY5fu6CGL_F9Ys.roa
Signing time:             Mon 01 Jan 2024 14:29:32 +0000
ROA not before:           Mon 01 Jan 2024 14:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199790
IP address blocks:        37.139.38.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:0c:86:f9:a5:2f:6f:21:37:fd:44:7a:f2:f6:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Jan  1 14:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1004ba29f045a8a1196d66397eee8218bfc5f58b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:03:ab:06:c5:db:0f:6d:43:8c:55:ff:08:01:
                    cc:1f:78:6b:46:3e:ff:b5:a1:ca:8a:38:97:5a:2c:
                    e8:fd:b8:97:41:17:15:27:9d:e7:07:81:70:47:3b:
                    8e:91:70:cd:fc:10:49:52:e1:ac:63:d6:f8:88:11:
                    37:6b:d1:ad:dc:ef:e5:38:b7:84:cf:b0:36:ac:79:
                    1a:f1:97:5d:a6:09:70:8d:dc:af:b0:a9:42:59:19:
                    b4:c3:db:a4:8f:7f:ed:da:ab:c5:b6:69:97:42:6d:
                    ca:3b:6d:eb:26:ed:3b:22:fe:d1:6f:9b:1f:15:35:
                    c0:80:b2:42:0b:18:62:9e:96:7f:4a:9b:c2:46:8b:
                    ea:2a:38:20:ff:46:5f:d4:96:0e:a0:d0:23:f9:06:
                    19:fe:16:a8:3f:79:b2:6a:da:dd:fb:5e:73:d5:fc:
                    d8:ca:e7:ad:ff:5d:0c:27:fd:57:69:af:df:5a:86:
                    d5:d6:e8:6d:7d:f4:80:6b:d7:b5:da:ca:c6:63:b8:
                    2b:62:01:3f:fb:66:75:32:28:1a:eb:ba:31:99:8d:
                    3a:fa:1a:92:5c:f9:e6:d7:05:82:4b:3a:a9:fe:54:
                    80:e3:32:d5:f3:6d:d2:21:91:31:30:85:2f:d1:3f:
                    02:d3:01:f8:be:59:80:87:90:da:70:97:23:7f:17:
                    5a:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:04:BA:29:F0:45:A8:A1:19:6D:66:39:7E:EE:82:18:BF:C5:F5:8B
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/EAS6KfBFqKEZbWY5fu6CGL_F9Ys.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.139.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b8:00:6a:3a:c9:d1:34:13:8b:bc:14:90:1b:41:11:fd:e8:11:
         01:5d:bb:cc:2d:26:89:fe:fa:0b:42:cc:29:c9:a5:ba:45:25:
         5f:68:cd:8e:dd:2b:e9:e9:d5:d6:3a:c9:7a:7a:36:69:10:51:
         80:a5:9a:91:56:63:99:8e:c6:19:d8:8a:e8:64:3c:c1:df:78:
         78:e5:f9:8b:96:5b:05:1b:87:b5:4c:34:b7:78:86:76:ca:d3:
         fc:83:19:3f:e5:38:5f:fe:33:fd:6b:7f:f3:fc:50:83:d8:63:
         21:83:fb:cc:fd:b8:e3:f5:6d:a7:88:71:57:ba:d4:8b:4f:5f:
         3e:50:17:d6:51:76:40:ca:37:49:15:e0:13:b7:42:08:1f:66:
         33:8b:99:cc:8f:a7:86:23:1a:a2:ec:0d:24:24:48:d6:e2:54:
         34:5e:e9:88:61:d7:08:88:6a:b5:bd:4e:63:96:ef:80:9f:05:
         39:e8:75:c8:7e:3d:74:ad:21:49:65:f7:03:92:56:64:f3:11:
         65:44:9f:24:07:81:16:ad:08:7a:8f:2e:94:c9:fc:38:0e:d3:
         5a:0b:80:3c:2f:b1:cc:02:2e:07:21:9b:c2:0d:0a:fd:c7:c9:
         f3:14:34:d3:89:31:f5:b6:1c:bd:46:d2:32:48:b4:dd:54:6e:
         86:da:77:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbgyG+aUvbyE3/UR68vbCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjQwMTAxMTQyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDA0YmEyOWYwNDVhOGExMTk2ZDY2Mzk3ZWVlODIxOGJmYzVmNThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuQOrBsXbD21DjFX/CAHMH3hrRj7/
taHKijiXWizo/biXQRcVJ53nB4FwRzuOkXDN/BBJUuGsY9b4iBE3a9Gt3O/lOLeE
z7A2rHka8ZddpglwjdyvsKlCWRm0w9ukj3/t2qvFtmmXQm3KO23rJu07Iv7Rb5sf
FTXAgLJCCxhinpZ/SpvCRovqKjgg/0Zf1JYOoNAj+QYZ/haoP3myatrd+15z1fzY
yuet/10MJ/1Xaa/fWobV1uhtffSAa9e12srGY7grYgE/+2Z1Miga67oxmY06+hqS
XPnm1wWCSzqp/lSA4zLV823SIZExMIUv0T8C0wH4vlmAh5DacJcjfxdaCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBAEuinwRaihGW1mOX7ughi/xfWLMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvRUFTNktmQkZxS0VaYldZNWZ1NkNHTF9GOVlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJYsmMA0G
CSqGSIb3DQEBCwUAA4IBAQC4AGo6ydE0E4u8FJAbQRH96BEBXbvMLSaJ/voLQswp
yaW6RSVfaM2O3Svp6dXWOsl6ejZpEFGApZqRVmOZjsYZ2IroZDzB33h45fmLllsF
G4e1TDS3eIZ2ytP8gxk/5Thf/jP9a3/z/FCD2GMhg/vM/bjj9W2niHFXutSLT18+
UBfWUXZAyjdJFeATt0IIH2Yzi5nMj6eGIxqi7A0kJEjW4lQ0XumIYdcIiGq1vU5j
lu+AnwU56HXIfj10rSFJZfcDklZk8xFlRJ8kB4EWrQh6jy6Uyfw4DtNaC4A8L7HM
Ai4HIZvCDQr9x8nzFDTTiTH1thy9RtIySLTdVG6G2ndj
-----END CERTIFICATE-----