Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/EaGiUrL7HbAbeh_88qDDIsBWZFI.roa
File:                     EaGiUrL7HbAbeh_88qDDIsBWZFI.roa (raw, json)
Hash identifier:          hR98S9MURy9gdsX8a8Z1pyweXIn9igNcAgFRRLmIuQY=
Subject key identifier:   11:A1:A2:52:B2:FB:1D:B0:1B:7A:1F:FC:F2:A0:C3:22:C0:56:64:52
Certificate issuer:       /CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
Certificate serial:       018FE2706530EC3CD8790C3ED7A9B7E846E8
Authority key identifier: DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/EaGiUrL7HbAbeh_88qDDIsBWZFI.roa
Signing time:             Tue 04 Jun 2024 08:49:27 +0000
ROA not before:           Tue 04 Jun 2024 08:49:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207944
IP address blocks:        178.156.22.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:e2:70:65:30:ec:3c:d8:79:0c:3e:d7:a9:b7:e8:46:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
        Validity
            Not Before: Jun  4 08:49:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=11a1a252b2fb1db01b7a1ffcf2a0c322c0566452
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:f1:2d:55:3c:f8:4f:a7:dc:75:4c:be:21:a4:
                    c8:bc:8a:9a:70:df:ba:e6:4f:b0:5e:13:c5:4f:bc:
                    c5:cc:8c:35:25:08:d2:8c:37:21:23:e0:c1:8b:b1:
                    8a:87:6d:af:89:7c:a5:46:83:5c:3a:10:d7:ae:8b:
                    e2:68:c9:f3:bd:68:cc:39:09:4c:44:ee:90:30:87:
                    c2:1f:26:c3:30:ac:78:2c:7d:43:68:1e:c7:05:18:
                    a8:29:cb:b9:bc:55:97:ba:06:82:16:98:b5:81:2a:
                    ac:f5:f2:76:72:1c:27:c5:f5:19:97:ff:97:06:62:
                    58:bd:af:49:51:17:24:dc:55:51:5e:25:5b:ba:57:
                    df:fd:64:32:5d:e9:54:18:34:3e:88:3c:3e:14:af:
                    2d:6c:bd:49:1a:d4:2a:47:6f:50:de:a3:26:33:21:
                    b0:e3:d9:2a:09:2c:74:f4:15:b2:69:63:79:a0:eb:
                    09:61:51:33:3b:6e:b8:b7:d0:03:30:69:e7:86:2a:
                    ad:74:7d:1c:d6:26:dd:fe:07:07:96:9b:c8:7e:31:
                    48:a2:27:b7:15:27:eb:a4:a7:31:3e:99:b0:af:f7:
                    aa:17:84:4a:26:ef:0b:cf:dc:e8:a6:bc:d1:44:a8:
                    d7:4d:a9:3a:46:54:fa:aa:e6:63:01:b9:de:2b:a6:
                    1c:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:A1:A2:52:B2:FB:1D:B0:1B:7A:1F:FC:F2:A0:C3:22:C0:56:64:52
            X509v3 Authority Key Identifier:
                keyid:DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/EaGiUrL7HbAbeh_88qDDIsBWZFI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.156.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:7c:4b:06:1b:9e:0b:3e:89:f6:cb:a9:c6:70:e4:5e:07:68:
         27:d7:59:ef:33:b5:6e:58:01:1c:67:af:fc:9a:45:ea:b7:e5:
         c2:e6:47:47:32:8f:d3:d3:27:c0:f6:06:fb:21:5a:7b:48:d8:
         a7:1f:ce:a9:7d:85:78:29:d0:2d:aa:da:5c:11:15:03:69:43:
         67:39:e3:25:54:e6:a6:d1:92:9f:ff:ed:12:05:e7:66:8a:9c:
         0b:60:dd:4e:be:cc:22:27:78:15:60:f0:de:54:26:7d:35:31:
         e3:f2:cd:08:19:e2:f3:79:da:c5:90:e0:69:53:cb:69:4b:30:
         33:0f:ba:b0:29:8b:fb:15:ed:bb:6f:6b:62:9f:1f:b3:ef:94:
         3d:02:de:f5:e7:fa:59:b0:03:b2:9b:26:2e:4c:c5:03:4a:25:
         42:10:33:05:7b:bb:ac:51:55:09:70:9a:6d:1c:a6:fd:7f:21:
         5e:a7:8e:62:96:f9:bd:93:b1:41:44:60:82:5e:d3:e9:5d:e1:
         da:d2:69:35:51:1b:e2:85:3b:1f:fc:92:84:1e:6f:6e:9f:ce:
         f2:2c:d9:3b:77:3f:17:c4:c3:7b:e0:9f:7c:d7:b0:7d:99:11:
         21:71:d4:14:d3:67:ca:f1:31:81:af:90:a6:d5:5d:8b:08:6f:
         7c:57:ad:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/icGUw7DzYeQw+16m36EboMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhYWYxN2IwMDE1ZGJiN2NkOTkyZjI2Y2RmZjAxYzRlMjYy
MGI3M2UwHhcNMjQwNjA0MDg0OTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMWExYTI1MmIyZmIxZGIwMWI3YTFmZmNmMmEwYzMyMmMwNTY2NDUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu/EtVTz4T6fcdUy+IaTIvIqacN+6
5k+wXhPFT7zFzIw1JQjSjDchI+DBi7GKh22viXylRoNcOhDXroviaMnzvWjMOQlM
RO6QMIfCHybDMKx4LH1DaB7HBRioKcu5vFWXugaCFpi1gSqs9fJ2chwnxfUZl/+X
BmJYva9JURck3FVRXiVbulff/WQyXelUGDQ+iDw+FK8tbL1JGtQqR29Q3qMmMyGw
49kqCSx09BWyaWN5oOsJYVEzO264t9ADMGnnhiqtdH0c1ibd/gcHlpvIfjFIoie3
FSfrpKcxPpmwr/eqF4RKJu8Lz9zoprzRRKjXTak6RlT6quZjAbneK6YcXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBGholKy+x2wG3of/PKgwyLAVmRSMB8GA1UdIwQY
MBaAFNqvF7ABXbt82ZLybN/wHE4mILc+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAt
Y2YwNmQxOTgzYmExLzEvRWFHaVVyTDdIYkFiZWhfODhxRERJc0JXWkZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAtY2YwNmQxOTgzYmEx
LzEvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAspwWMA0G
CSqGSIb3DQEBCwUAA4IBAQAvfEsGG54LPon2y6nGcOReB2gn11nvM7VuWAEcZ6/8
mkXqt+XC5kdHMo/T0yfA9gb7IVp7SNinH86pfYV4KdAtqtpcERUDaUNnOeMlVOam
0ZKf/+0SBedmipwLYN1OvswiJ3gVYPDeVCZ9NTHj8s0IGeLzedrFkOBpU8tpSzAz
D7qwKYv7Fe27b2tinx+z75Q9At715/pZsAOymyYuTMUDSiVCEDMFe7usUVUJcJpt
HKb9fyFep45ilvm9k7FBRGCCXtPpXeHa0mk1URvihTsf/JKEHm9un87yLNk7dz8X
xMN74J9817B9mREhcdQU02fK8TGBr5Cm1V2LCG98V62V
-----END CERTIFICATE-----