Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a0450e-5634-458d-918f-103d93d251ab/1/EkuLKLwBZy9Ew-cW-qDf_L2DQZ0.roa
File:                     EkuLKLwBZy9Ew-cW-qDf_L2DQZ0.roa (raw, json)
Hash identifier:          wabdO88bjoZkvWTZ1oDgrViKiBuLG+cwDnC+1ngAcnE=
Subject key identifier:   12:4B:8B:28:BC:01:67:2F:44:C3:E7:16:FA:A0:DF:FC:BD:83:41:9D
Certificate issuer:       /CN=1034068b5e9f7314277e2be9726c732131b1756c
Certificate serial:       01941FFA6A056033F41219223B608CABC2D1
Authority key identifier: 10:34:06:8B:5E:9F:73:14:27:7E:2B:E9:72:6C:73:21:31:B1:75:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EDQGi16fcxQnfivpcmxzITGxdWw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a0450e-5634-458d-918f-103d93d251ab/1/EkuLKLwBZy9Ew-cW-qDf_L2DQZ0.roa
Signing time:             Wed 01 Jan 2025 03:48:12 +0000
ROA not before:           Wed 01 Jan 2025 03:48:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50010
IP address blocks:        62.231.248.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a0450e-5634-458d-918f-103d93d251ab/1/EDQGi16fcxQnfivpcmxzITGxdWw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a0450e-5634-458d-918f-103d93d251ab/1/EDQGi16fcxQnfivpcmxzITGxdWw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EDQGi16fcxQnfivpcmxzITGxdWw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 09:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:6a:05:60:33:f4:12:19:22:3b:60:8c:ab:c2:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1034068b5e9f7314277e2be9726c732131b1756c
        Validity
            Not Before: Jan  1 03:48:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=124b8b28bc01672f44c3e716faa0dffcbd83419d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:66:b8:75:e9:ca:66:f3:de:24:b1:00:07:3b:
                    06:0c:40:09:3c:aa:14:d6:0d:cd:a5:e2:2b:94:3f:
                    c5:05:16:a2:e2:bf:af:eb:53:27:a4:bb:90:79:37:
                    fd:de:c9:99:3e:11:6e:96:83:c6:ba:96:f8:39:0f:
                    89:ba:5a:44:d1:ca:86:db:b2:e3:3f:d5:11:fe:c6:
                    5f:6b:e2:ca:ad:37:82:d8:09:8c:0a:1d:29:49:46:
                    21:d0:14:74:3f:5c:64:2d:50:f3:3b:4e:c2:af:79:
                    1a:b1:b5:ab:fa:1e:1c:d8:fc:ac:8e:ba:ec:98:59:
                    4c:74:d9:2a:2b:40:45:c8:21:27:cf:d1:13:46:9b:
                    65:b7:6b:3f:ec:84:f9:7f:c8:e4:1b:fd:e7:75:da:
                    e4:84:5b:a1:05:d1:a1:ad:23:c9:ed:2a:f1:10:bb:
                    7d:8f:98:86:00:b8:6f:01:50:f0:75:a7:62:d0:63:
                    eb:2c:8b:45:78:da:42:76:2c:85:9a:81:2d:3e:1d:
                    c6:a9:65:89:5c:e4:f6:53:b6:8d:ee:0b:b8:f2:6d:
                    ac:fb:41:26:76:df:a3:bd:b5:5d:0c:ae:ff:fc:4f:
                    5b:53:0e:2d:1c:47:59:d8:18:c5:34:05:8f:f0:73:
                    98:75:46:71:f6:45:b1:32:32:a0:68:36:54:73:e7:
                    4b:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:4B:8B:28:BC:01:67:2F:44:C3:E7:16:FA:A0:DF:FC:BD:83:41:9D
            X509v3 Authority Key Identifier:
                keyid:10:34:06:8B:5E:9F:73:14:27:7E:2B:E9:72:6C:73:21:31:B1:75:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EDQGi16fcxQnfivpcmxzITGxdWw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a0450e-5634-458d-918f-103d93d251ab/1/EkuLKLwBZy9Ew-cW-qDf_L2DQZ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a0450e-5634-458d-918f-103d93d251ab/1/EDQGi16fcxQnfivpcmxzITGxdWw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.231.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:d7:a5:f7:2e:59:c3:4b:09:9f:fb:0d:9c:e6:d8:ee:32:f4:
         37:fc:26:fa:16:0e:fd:36:f5:bd:e0:ba:bf:60:69:e5:54:fa:
         f9:23:39:69:8f:6e:32:5d:e5:e8:8e:f4:f2:51:3b:b0:0d:af:
         30:95:2a:fa:70:12:21:67:bc:38:97:9a:30:f2:3c:93:fe:ca:
         20:4c:bd:58:73:b0:bb:c6:8f:38:d2:f0:57:bd:99:45:ac:42:
         ff:01:ce:25:4e:a9:54:89:1c:b9:66:4f:56:c6:fc:04:2b:2f:
         93:4d:37:f3:64:09:73:07:de:7f:8f:31:a5:d2:a0:32:9d:d9:
         80:61:69:ce:bf:d0:57:4d:15:e5:6c:85:fb:1e:e1:0f:b6:91:
         64:8a:ce:5a:d2:d9:e1:19:fd:d8:0e:90:a4:58:cf:db:c8:f9:
         57:11:f3:dd:88:7a:82:3b:86:cd:78:e7:b4:ec:3c:af:d4:26:
         f9:ef:28:12:ce:4e:08:ec:44:57:51:a5:5b:c3:66:20:07:3d:
         24:07:ee:38:dd:d1:68:a1:48:05:5b:e0:4d:12:1b:a1:91:fd:
         d8:b8:d2:72:c0:4b:53:1c:fe:9d:1d:71:30:5b:35:89:0b:c2:
         b7:89:28:03:6b:3d:60:5e:79:b9:c6:7f:35:0f:e3:da:ef:99:
         c6:53:2b:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+moFYDP0EhkiO2CMq8LRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwMzQwNjhiNWU5ZjczMTQyNzdlMmJlOTcyNmM3MzIxMzFi
MTc1NmMwHhcNMjUwMTAxMDM0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjRiOGIyOGJjMDE2NzJmNDRjM2U3MTZmYWEwZGZmY2JkODM0MTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvGa4denKZvPeJLEABzsGDEAJPKoU
1g3NpeIrlD/FBRai4r+v61MnpLuQeTf93smZPhFuloPGupb4OQ+JulpE0cqG27Lj
P9UR/sZfa+LKrTeC2AmMCh0pSUYh0BR0P1xkLVDzO07Cr3kasbWr+h4c2Pysjrrs
mFlMdNkqK0BFyCEnz9ETRptlt2s/7IT5f8jkG/3nddrkhFuhBdGhrSPJ7SrxELt9
j5iGALhvAVDwdadi0GPrLItFeNpCdiyFmoEtPh3GqWWJXOT2U7aN7gu48m2s+0Em
dt+jvbVdDK7//E9bUw4tHEdZ2BjFNAWP8HOYdUZx9kWxMjKgaDZUc+dLkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBJLiyi8AWcvRMPnFvqg3/y9g0GdMB8GA1UdIwQY
MBaAFBA0Boten3MUJ34r6XJscyExsXVsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRURRR2kxNmZjeFFuZml2cGNteHpJVEd4ZFd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hMDQ1MGUtNTYzNC00NThkLTkxOGYt
MTAzZDkzZDI1MWFiLzEvRWt1TEtMd0JaeTlFdy1jVy1xRGZfTDJEUVowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hMDQ1MGUtNTYzNC00NThkLTkxOGYtMTAzZDkzZDI1MWFi
LzEvRURRR2kxNmZjeFFuZml2cGNteHpJVEd4ZFd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPuf4MA0G
CSqGSIb3DQEBCwUAA4IBAQCA16X3LlnDSwmf+w2c5tjuMvQ3/Cb6Fg79NvW94Lq/
YGnlVPr5Izlpj24yXeXojvTyUTuwDa8wlSr6cBIhZ7w4l5ow8jyT/sogTL1Yc7C7
xo840vBXvZlFrEL/Ac4lTqlUiRy5Zk9WxvwEKy+TTTfzZAlzB95/jzGl0qAyndmA
YWnOv9BXTRXlbIX7HuEPtpFkis5a0tnhGf3YDpCkWM/byPlXEfPdiHqCO4bNeOe0
7Dyv1Cb57ygSzk4I7ERXUaVbw2YgBz0kB+443dFooUgFW+BNEhuhkf3YuNJywEtT
HP6dHXEwWzWJC8K3iSgDaz1gXnm5xn81D+Pa75nGUyun
-----END CERTIFICATE-----