Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/EpFbf1kRyHYGQtA9csoIbUdImOI.roa
File:                     EpFbf1kRyHYGQtA9csoIbUdImOI.roa (raw, json)
Hash identifier:          rRBk6rtDnOQ0IXuOkOGWUpeK+fD7i8/ke3punad7AOc=
Subject key identifier:   12:91:5B:7F:59:11:C8:76:06:42:D0:3D:72:CA:08:6D:47:48:98:E2
Certificate issuer:       /CN=e2c2b834fbc91af0ec6b1d34fd64054d2269a1fd
Certificate serial:       018CC794EC0F19D54B9015AA3CD63A44402A
Authority key identifier: E2:C2:B8:34:FB:C9:1A:F0:EC:6B:1D:34:FD:64:05:4D:22:69:A1:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/EpFbf1kRyHYGQtA9csoIbUdImOI.roa
Signing time:             Tue 02 Jan 2024 00:31:14 +0000
ROA not before:           Tue 02 Jan 2024 00:31:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     33185
IP address blocks:        37.221.110.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 14:15:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:ec:0f:19:d5:4b:90:15:aa:3c:d6:3a:44:40:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2c2b834fbc91af0ec6b1d34fd64054d2269a1fd
        Validity
            Not Before: Jan  2 00:31:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=12915b7f5911c8760642d03d72ca086d474898e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:4c:ae:43:90:d5:c5:59:2e:fc:7a:cd:3c:64:
                    8d:9c:1a:d7:29:af:00:8b:cd:a7:c5:58:84:11:b7:
                    5c:7a:62:cf:9a:98:27:97:b6:1f:d9:14:1f:1d:90:
                    84:55:03:00:04:5e:f2:51:eb:70:ac:c0:42:64:10:
                    6b:9e:ef:98:13:9e:9d:63:c9:4d:1e:9f:7c:7b:7d:
                    aa:99:5c:9d:2e:db:c8:b5:ac:9d:97:6d:5b:a5:75:
                    20:80:21:14:de:36:26:62:22:7a:93:64:3e:2b:1e:
                    56:ac:28:2e:9b:ec:4a:36:3e:0e:3f:3a:1e:48:2d:
                    26:fb:87:58:2b:6d:89:5b:82:be:dc:e1:61:62:a0:
                    ed:f9:ed:c1:59:fb:a9:a0:9c:bf:70:22:27:e7:27:
                    fd:d0:1b:ad:5a:e2:a6:ea:17:69:46:29:78:06:11:
                    53:80:c3:28:cb:d5:df:43:c5:e2:dd:d2:56:24:de:
                    b3:6d:21:84:64:1b:36:27:b6:e1:c2:9a:f0:5c:4c:
                    cb:29:7c:55:48:60:37:5a:2e:8d:86:f4:54:ba:84:
                    7e:43:e9:52:cf:13:0d:d5:7b:40:5a:90:17:2c:85:
                    91:33:78:17:da:b9:13:85:c3:ad:13:49:53:08:f3:
                    a4:52:f8:6b:08:ed:1f:21:ca:00:bf:cd:b4:76:7d:
                    c5:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:91:5B:7F:59:11:C8:76:06:42:D0:3D:72:CA:08:6D:47:48:98:E2
            X509v3 Authority Key Identifier:
                keyid:E2:C2:B8:34:FB:C9:1A:F0:EC:6B:1D:34:FD:64:05:4D:22:69:A1:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/EpFbf1kRyHYGQtA9csoIbUdImOI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.221.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:ab:9a:b0:4c:a4:97:9e:af:a5:83:c6:c3:25:2e:0c:f6:a1:
         a1:29:4c:dc:2c:ce:3e:f7:d6:6c:c7:bc:5f:4d:fd:f1:2d:ff:
         15:e9:9c:24:cf:6c:b3:04:76:0c:28:42:5e:eb:59:dc:f8:9f:
         f1:0c:01:ac:cc:dc:0c:0d:20:95:aa:36:f3:c2:f0:e3:7e:8e:
         a0:fb:22:3a:a5:fc:0d:df:66:0b:bd:2a:1e:24:d1:a2:50:2b:
         8d:ff:58:44:e5:c0:6a:a5:17:3a:b8:2d:53:c7:1c:87:b2:a1:
         36:5d:68:2f:32:cc:30:5a:33:64:5a:9f:96:c4:41:74:39:a9:
         2b:ec:b6:24:39:05:4b:4b:f6:0c:75:76:a0:e2:fd:cd:21:ce:
         51:2e:88:7b:cf:e6:c1:1b:42:c9:3e:1c:cc:41:9f:b6:ac:10:
         69:bc:83:50:50:48:fb:8e:aa:44:2b:1a:f3:14:0f:68:c0:53:
         32:8c:69:c4:b9:0b:68:5e:5c:8f:f1:80:81:09:dd:ee:50:00:
         4c:14:9f:c3:7b:4c:4f:f5:91:8b:8a:66:01:43:c2:bd:2f:5e:
         d6:e7:95:3e:b4:7f:9c:a1:b1:6b:cc:2b:74:9a:95:25:63:4b:
         34:21:f1:a3:af:56:52:ec:ac:59:16:2b:f8:7a:39:a7:ef:ee:
         7f:97:2b:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlOwPGdVLkBWqPNY6REAqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyYzJiODM0ZmJjOTFhZjBlYzZiMWQzNGZkNjQwNTRkMjI2
OWExZmQwHhcNMjQwMTAyMDAzMTE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjkxNWI3ZjU5MTFjODc2MDY0MmQwM2Q3MmNhMDg2ZDQ3NDg5OGUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAykyuQ5DVxVku/HrNPGSNnBrXKa8A
i82nxViEEbdcemLPmpgnl7Yf2RQfHZCEVQMABF7yUetwrMBCZBBrnu+YE56dY8lN
Hp98e32qmVydLtvItaydl21bpXUggCEU3jYmYiJ6k2Q+Kx5WrCgum+xKNj4OPzoe
SC0m+4dYK22JW4K+3OFhYqDt+e3BWfupoJy/cCIn5yf90ButWuKm6hdpRil4BhFT
gMMoy9XfQ8Xi3dJWJN6zbSGEZBs2J7bhwprwXEzLKXxVSGA3Wi6NhvRUuoR+Q+lS
zxMN1XtAWpAXLIWRM3gX2rkThcOtE0lTCPOkUvhrCO0fIcoAv820dn3F1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBKRW39ZEch2BkLQPXLKCG1HSJjiMB8GA1UdIwQY
MBaAFOLCuDT7yRrw7GsdNP1kBU0iaaH9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHNLNE5QdkpHdkRzYXgwMF9XUUZUU0pwb2YwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8zZjI0OWItZTgzNi00MWI0LTlhM2Et
OTk0ODA2ZjA4MWYwLzEvRXBGYmYxa1J5SFlHUXRBOWNzb0liVWRJbU9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8zZjI0OWItZTgzNi00MWI0LTlhM2EtOTk0ODA2ZjA4MWYw
LzEvNHNLNE5QdkpHdkRzYXgwMF9XUUZUU0pwb2YwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJd1uMA0G
CSqGSIb3DQEBCwUAA4IBAQCRq5qwTKSXnq+lg8bDJS4M9qGhKUzcLM4+99Zsx7xf
Tf3xLf8V6Zwkz2yzBHYMKEJe61nc+J/xDAGszNwMDSCVqjbzwvDjfo6g+yI6pfwN
32YLvSoeJNGiUCuN/1hE5cBqpRc6uC1TxxyHsqE2XWgvMswwWjNkWp+WxEF0Oakr
7LYkOQVLS/YMdXag4v3NIc5RLoh7z+bBG0LJPhzMQZ+2rBBpvINQUEj7jqpEKxrz
FA9owFMyjGnEuQtoXlyP8YCBCd3uUABMFJ/De0xP9ZGLimYBQ8K9L17W55U+tH+c
obFrzCt0mpUlY0s0IfGjr1ZS7KxZFiv4ejmn7+5/lysu
-----END CERTIFICATE-----