Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/eeob2ee4lfFzOOMEsHvp08f6qTk.roa
File:                     eeob2ee4lfFzOOMEsHvp08f6qTk.roa (raw, json)
Hash identifier:          0B+jfajS9x0UOg+XsVtGs3LZcCLSBc/7t9eJKjvj4DM=
Subject key identifier:   79:EA:1B:D9:E7:B8:95:F1:73:38:E3:04:B0:7B:E9:D3:C7:FA:A9:39
Certificate issuer:       /CN=0a7327805df20fb5c1d6f4e89074743caeb24af7
Certificate serial:       019422FB5BD7E785C6B2F61790CA315E4600
Authority key identifier: 0A:73:27:80:5D:F2:0F:B5:C1:D6:F4:E8:90:74:74:3C:AE:B2:4A:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CnMngF3yD7XB1vTokHR0PK6ySvc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/eeob2ee4lfFzOOMEsHvp08f6qTk.roa
Signing time:             Wed 01 Jan 2025 17:48:05 +0000
ROA not before:           Wed 01 Jan 2025 17:48:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214789
IP address blocks:        91.147.110.0/24 maxlen: 24
                          194.164.115.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/CnMngF3yD7XB1vTokHR0PK6ySvc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/CnMngF3yD7XB1vTokHR0PK6ySvc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CnMngF3yD7XB1vTokHR0PK6ySvc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 02:01:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:5b:d7:e7:85:c6:b2:f6:17:90:ca:31:5e:46:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a7327805df20fb5c1d6f4e89074743caeb24af7
        Validity
            Not Before: Jan  1 17:48:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=79ea1bd9e7b895f17338e304b07be9d3c7faa939
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:be:c7:39:8a:0d:1c:85:89:1d:0c:ea:0a:e0:
                    28:e6:9d:84:ee:0a:4b:f1:70:71:25:1c:8d:fd:2c:
                    33:5a:ae:8e:04:54:2b:22:5a:58:a4:8f:bc:de:18:
                    d0:e2:ec:61:98:d8:99:22:9d:65:81:49:10:34:96:
                    14:31:de:ca:9f:2a:cd:8f:a2:7f:8b:ac:da:6e:0d:
                    91:76:0d:5a:9d:03:74:be:b9:24:2a:55:37:88:5e:
                    71:49:06:b0:9c:f2:fb:60:23:79:a2:89:41:3d:b4:
                    da:c7:9b:99:a0:0c:0b:fb:7a:fe:d4:86:9a:31:41:
                    02:6d:71:2b:c4:1c:17:23:10:f0:2d:64:f3:ba:ea:
                    b0:13:a7:e5:b7:44:8f:b7:d9:bc:b0:89:a6:b7:2b:
                    4f:0e:db:c3:2c:62:f2:f5:99:c2:c3:cf:b5:45:8a:
                    d4:26:e6:57:93:4c:51:21:1c:65:43:a2:d2:40:8e:
                    8b:ce:a9:6e:5f:89:f1:2c:d4:6c:d4:3e:92:f3:e6:
                    1c:8b:03:6e:94:17:a6:3d:d1:01:10:f9:3a:4b:fa:
                    be:e8:45:43:ed:c1:87:1d:74:da:0f:1d:d9:38:00:
                    b2:a9:ec:7c:51:a4:15:a8:d8:b8:7e:1e:f9:fe:42:
                    3d:37:9b:ad:52:a2:de:c9:f5:84:e9:67:33:f1:b2:
                    e1:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:EA:1B:D9:E7:B8:95:F1:73:38:E3:04:B0:7B:E9:D3:C7:FA:A9:39
            X509v3 Authority Key Identifier:
                keyid:0A:73:27:80:5D:F2:0F:B5:C1:D6:F4:E8:90:74:74:3C:AE:B2:4A:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CnMngF3yD7XB1vTokHR0PK6ySvc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/eeob2ee4lfFzOOMEsHvp08f6qTk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/CnMngF3yD7XB1vTokHR0PK6ySvc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.147.110.0/24
                  194.164.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:ec:c3:42:18:73:de:e8:9c:a2:f7:11:4c:5c:59:a2:bd:27:
         b2:d6:70:9f:5d:3d:10:cb:d9:f6:8c:90:13:82:32:e3:f6:07:
         6f:a3:36:39:18:81:4c:e4:9a:ca:0f:6b:57:fb:64:51:9d:eb:
         4b:1a:d1:33:6a:d1:d5:a0:eb:96:42:cb:2a:ee:d2:bc:08:1e:
         f2:c2:3d:59:44:ea:b5:93:9a:0f:83:96:9e:cc:81:bd:a4:69:
         70:08:c5:1e:1f:df:fb:b6:f7:c0:9e:fb:6f:73:34:10:33:ab:
         f5:e8:4a:71:8a:55:a9:4e:b0:8a:fe:08:de:ea:8e:44:7c:18:
         f0:dd:90:d8:a5:b4:96:ff:be:8f:3f:7a:47:ae:6e:7b:c2:46:
         ff:e0:06:b3:1c:27:d5:b8:a5:1b:39:29:34:8b:cb:e6:b3:a1:
         9f:d0:d6:72:01:11:f6:5b:35:3c:fc:aa:95:cf:3a:f7:cc:4c:
         66:e3:a5:b1:d6:3d:f5:57:11:ee:b1:23:05:ad:13:ce:af:9d:
         8f:2c:85:9f:13:73:60:db:8d:3d:04:f6:ed:22:36:c3:8b:8b:
         98:8f:4d:1e:40:f3:8c:d3:d1:6b:e4:13:79:4f:ef:08:3a:4d:
         b3:d5:f3:2f:2c:0a:70:f0:63:64:e0:d5:0d:2f:33:af:47:53:
         2b:a7:74:6e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQi+1vX54XGsvYXkMoxXkYAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhNzMyNzgwNWRmMjBmYjVjMWQ2ZjRlODkwNzQ3NDNjYWVi
MjRhZjcwHhcNMjUwMTAxMTc0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OWVhMWJkOWU3Yjg5NWYxNzMzOGUzMDRiMDdiZTlkM2M3ZmFhOTM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi77HOYoNHIWJHQzqCuAo5p2E7gpL
8XBxJRyN/SwzWq6OBFQrIlpYpI+83hjQ4uxhmNiZIp1lgUkQNJYUMd7KnyrNj6J/
i6zabg2Rdg1anQN0vrkkKlU3iF5xSQawnPL7YCN5oolBPbTax5uZoAwL+3r+1Iaa
MUECbXErxBwXIxDwLWTzuuqwE6flt0SPt9m8sImmtytPDtvDLGLy9ZnCw8+1RYrU
JuZXk0xRIRxlQ6LSQI6LzqluX4nxLNRs1D6S8+YciwNulBemPdEBEPk6S/q+6EVD
7cGHHXTaDx3ZOACyqex8UaQVqNi4fh75/kI9N5utUqLeyfWE6Wcz8bLhOQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHnqG9nnuJXxczjjBLB76dPH+qk5MB8GA1UdIwQY
MBaAFApzJ4Bd8g+1wdb06JB0dDyuskr3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ25NbmdGM3lEN1hCMXZUb2tIUjBQSzZ5U3ZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS84YjFmYWMtNWEyMS00ODQ4LWE2NmEt
MTBiYjQ1NzlkNTI4LzEvZWVvYjJlZTRsZkZ6T09NRXNIdnAwOGY2cVRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS84YjFmYWMtNWEyMS00ODQ4LWE2NmEtMTBiYjQ1NzlkNTI4
LzEvQ25NbmdGM3lEN1hCMXZUb2tIUjBQSzZ5U3ZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW5NuAwQA
wqRzMA0GCSqGSIb3DQEBCwUAA4IBAQCV7MNCGHPe6Jyi9xFMXFmivSey1nCfXT0Q
y9n2jJATgjLj9gdvozY5GIFM5JrKD2tX+2RRnetLGtEzatHVoOuWQssq7tK8CB7y
wj1ZROq1k5oPg5aezIG9pGlwCMUeH9/7tvfAnvtvczQQM6v16EpxilWpTrCK/gje
6o5EfBjw3ZDYpbSW/76PP3pHrm57wkb/4AazHCfVuKUbOSk0i8vms6Gf0NZyARH2
WzU8/KqVzzr3zExm46Wx1j31VxHusSMFrRPOr52PLIWfE3Ng2409BPbtIjbDi4uY
j00eQPOM09Fr5BN5T+8IOk2z1fMvLApw8GNk4NUNLzOvR1Mrp3Ru
-----END CERTIFICATE-----