Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/EJEBVm0-sOs69eH4qDrvfHjjvk8.roa
File:                     EJEBVm0-sOs69eH4qDrvfHjjvk8.roa (raw, json)
Hash identifier:          A8mrYzSxZMj4P+OpDfEP8dGiHqExKWX01Tpz7aAzpA8=
Subject key identifier:   10:91:01:56:6D:3E:B0:EB:3A:F5:E1:F8:A8:3A:EF:7C:78:E3:BE:4F
Certificate issuer:       /CN=ddf8b45254e5470d1d4cce6fb7dfd4d0d83b5d59
Certificate serial:       018CC49399436DBB3D6339C1423B07885200
Authority key identifier: DD:F8:B4:52:54:E5:47:0D:1D:4C:CE:6F:B7:DF:D4:D0:D8:3B:5D:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/EJEBVm0-sOs69eH4qDrvfHjjvk8.roa
Signing time:             Mon 01 Jan 2024 10:30:56 +0000
ROA not before:           Mon 01 Jan 2024 10:30:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204721
IP address blocks:        5.105.59.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 20:58:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:99:43:6d:bb:3d:63:39:c1:42:3b:07:88:52:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ddf8b45254e5470d1d4cce6fb7dfd4d0d83b5d59
        Validity
            Not Before: Jan  1 10:30:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=109101566d3eb0eb3af5e1f8a83aef7c78e3be4f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:f9:5a:70:36:67:d6:1c:76:c0:2e:df:d7:06:
                    af:94:cf:1a:6c:30:4b:7d:ef:54:fa:1a:bf:41:32:
                    06:3a:8f:46:1c:be:4f:a3:95:9d:1e:90:cb:8a:9d:
                    45:63:c5:61:d1:8c:1c:74:32:70:b3:8c:e7:00:71:
                    6b:b9:8c:94:d4:10:b2:f3:43:96:a2:cf:a7:68:d7:
                    1e:dd:1f:8e:e3:8a:c2:bc:0b:15:6f:51:93:cd:98:
                    b9:58:d4:5b:0f:13:68:48:59:59:5d:d1:ca:55:ad:
                    13:4a:f9:bc:e5:c9:1b:c1:46:cd:4e:62:30:5f:93:
                    6a:84:0c:ef:29:46:00:94:87:f4:33:f4:2f:98:42:
                    fa:34:7b:8b:57:92:f9:79:9c:6b:68:68:9c:40:f0:
                    e9:7a:fc:7b:76:7f:1b:7a:60:02:c5:f6:11:44:c1:
                    a7:70:a7:a7:52:ae:eb:d1:75:ec:6f:78:7e:12:f2:
                    a8:d8:77:e8:0c:ae:41:ec:39:f5:d4:9d:e2:3b:72:
                    01:dc:63:c0:ac:b7:37:e5:82:53:0e:11:67:41:b7:
                    64:ec:7f:98:b8:c4:5b:8c:8c:d1:f2:85:3f:71:fb:
                    cf:c8:3c:55:3a:5e:8f:cb:b0:30:95:14:c1:07:83:
                    2a:53:97:b6:92:da:76:e9:4c:6f:6e:0f:ee:c6:2b:
                    fc:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:91:01:56:6D:3E:B0:EB:3A:F5:E1:F8:A8:3A:EF:7C:78:E3:BE:4F
            X509v3 Authority Key Identifier:
                keyid:DD:F8:B4:52:54:E5:47:0D:1D:4C:CE:6F:B7:DF:D4:D0:D8:3B:5D:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/EJEBVm0-sOs69eH4qDrvfHjjvk8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.105.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:70:56:79:64:e2:0d:72:6c:70:35:53:43:cb:68:5e:7d:67:
         98:1c:61:35:27:93:5c:62:81:97:9a:66:17:d5:6f:16:4f:fd:
         ae:6b:0b:28:5d:da:e3:a0:5c:e5:1c:4b:e1:1a:5f:30:0d:5c:
         3a:01:44:e9:4a:95:87:8c:26:43:42:b1:0e:13:84:6f:52:89:
         cf:17:fd:86:2e:40:4e:a9:70:86:70:11:ae:9f:fb:6c:63:1d:
         1a:71:38:ae:35:58:93:3e:80:e9:0a:31:94:51:38:cf:c7:39:
         5b:e4:ef:86:ec:e2:94:dc:45:2e:90:75:a4:7e:65:fb:c1:15:
         e4:de:81:57:c5:96:91:cb:94:a8:51:ea:5f:bd:88:61:f9:26:
         7c:7b:e3:30:9f:92:75:39:d7:94:84:e0:b9:f0:aa:c3:20:2c:
         1b:85:5a:24:a0:3d:dd:0d:e3:6e:3c:7f:ba:8b:42:ac:21:a4:
         fb:5d:48:31:93:91:da:47:f3:07:e7:e8:c8:2a:75:a3:73:80:
         74:6e:a1:13:f9:c3:42:d5:66:5a:d1:fb:1c:a5:97:ac:a4:04:
         61:34:48:9f:27:0c:4f:c0:7d:3b:ac:1a:66:17:83:94:3b:b9:
         79:da:65:46:7f:54:21:38:6f:16:e0:72:de:ee:2c:ee:76:11:
         f9:0a:80:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk5lDbbs9YznBQjsHiFIAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkZjhiNDUyNTRlNTQ3MGQxZDRjY2U2ZmI3ZGZkNGQwZDgz
YjVkNTkwHhcNMjQwMTAxMTAzMDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDkxMDE1NjZkM2ViMGViM2FmNWUxZjhhODNhZWY3Yzc4ZTNiZTRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgPlacDZn1hx2wC7f1wavlM8abDBL
fe9U+hq/QTIGOo9GHL5Po5WdHpDLip1FY8Vh0YwcdDJws4znAHFruYyU1BCy80OW
os+naNce3R+O44rCvAsVb1GTzZi5WNRbDxNoSFlZXdHKVa0TSvm85ckbwUbNTmIw
X5NqhAzvKUYAlIf0M/QvmEL6NHuLV5L5eZxraGicQPDpevx7dn8bemACxfYRRMGn
cKenUq7r0XXsb3h+EvKo2HfoDK5B7Dn11J3iO3IB3GPArLc35YJTDhFnQbdk7H+Y
uMRbjIzR8oU/cfvPyDxVOl6Py7AwlRTBB4MqU5e2ktp26Uxvbg/uxiv8vwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBCRAVZtPrDrOvXh+Kg673x4475PMB8GA1UdIwQY
MBaAFN34tFJU5UcNHUzOb7ff1NDYO11ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2ZpMFVsVGxSdzBkVE01dnQ5X1UwTmc3WFZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS84ZmM3NDYtZmMwOC00MjExLWJhM2It
ODkzOTA2ZmI3ODU4LzEvRUpFQlZtMC1zT3M2OWVINHFEcnZmSGpqdms4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS84ZmM3NDYtZmMwOC00MjExLWJhM2ItODkzOTA2ZmI3ODU4
LzEvM2ZpMFVsVGxSdzBkVE01dnQ5X1UwTmc3WFZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABWk7MA0G
CSqGSIb3DQEBCwUAA4IBAQBrcFZ5ZOINcmxwNVNDy2hefWeYHGE1J5NcYoGXmmYX
1W8WT/2uawsoXdrjoFzlHEvhGl8wDVw6AUTpSpWHjCZDQrEOE4RvUonPF/2GLkBO
qXCGcBGun/tsYx0acTiuNViTPoDpCjGUUTjPxzlb5O+G7OKU3EUukHWkfmX7wRXk
3oFXxZaRy5SoUepfvYhh+SZ8e+Mwn5J1OdeUhOC58KrDICwbhVokoD3dDeNuPH+6
i0KsIaT7XUgxk5HaR/MH5+jIKnWjc4B0bqET+cNC1WZa0fscpZespARhNEifJwxP
wH07rBpmF4OUO7l52mVGf1QhOG8W4HLe7izudhH5CoAD
-----END CERTIFICATE-----