Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/E-Nw43pdX7T3kG8iYhuBtZJdVEQ.roa
File:                     E-Nw43pdX7T3kG8iYhuBtZJdVEQ.roa (raw, json)
Hash identifier:          mdQzUtpAtRZltJ76UWCKaev/I4w1IXZxA2ITjvTeb6c=
Subject key identifier:   13:E3:70:E3:7A:5D:5F:B4:F7:90:6F:22:62:1B:81:B5:92:5D:54:44
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       01901606FA617C75B3CC614D2192405686C9
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/E-Nw43pdX7T3kG8iYhuBtZJdVEQ.roa
Signing time:             Fri 14 Jun 2024 09:14:34 +0000
ROA not before:           Fri 14 Jun 2024 09:14:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20853
IP address blocks:        104.222.161.0/24 maxlen: 24
                          104.222.167.0/24 maxlen: 24
                          104.222.168.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:16:06:fa:61:7c:75:b3:cc:61:4d:21:92:40:56:86:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Jun 14 09:14:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=13e370e37a5d5fb4f7906f22621b81b5925d5444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:07:b6:12:ef:ff:8b:43:0b:2d:75:e5:14:22:
                    6e:53:29:b9:a3:1f:e8:75:85:77:c0:fc:8f:83:a8:
                    4f:e0:3d:d8:6f:e8:80:08:62:9f:77:bd:0d:59:37:
                    86:5b:4e:23:7d:c8:b2:65:4b:d3:e6:03:bb:da:01:
                    31:2c:20:c0:f4:4c:61:86:57:bb:92:31:18:c2:7a:
                    1d:97:42:76:88:79:89:9a:12:1e:ff:19:ba:ff:7a:
                    58:61:39:17:33:04:74:a1:25:9e:c9:6c:1b:0e:a7:
                    4e:0b:3c:f3:d5:f4:1d:b3:4d:1d:17:67:5e:ad:fe:
                    3c:55:66:4a:b3:41:8f:55:f3:9e:c9:dd:29:8c:12:
                    b5:e9:e4:10:d3:01:4a:35:ea:65:e5:e6:89:41:9f:
                    ed:f4:ee:72:e4:18:8c:88:59:e0:3b:df:c7:50:36:
                    b4:4d:86:5d:b4:4a:43:42:08:2f:ad:6d:11:42:fb:
                    34:2c:24:2f:96:45:00:06:af:84:fd:b9:53:91:86:
                    1f:54:fb:63:ca:f0:f5:5e:8b:10:51:92:9b:70:f2:
                    4e:bc:f7:56:15:e5:ce:3d:4b:0d:b9:4f:12:60:cb:
                    45:4a:57:b4:b1:be:9e:86:e1:dd:40:7c:b5:4b:1d:
                    92:b8:7a:ea:9a:05:c6:f6:2c:a5:40:f9:88:d6:b3:
                    51:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:E3:70:E3:7A:5D:5F:B4:F7:90:6F:22:62:1B:81:B5:92:5D:54:44
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/E-Nw43pdX7T3kG8iYhuBtZJdVEQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.222.161.0/24
                  104.222.167.0-104.222.168.255

    Signature Algorithm: sha256WithRSAEncryption
         2b:4f:bd:b8:82:07:b4:64:0a:bd:7d:a3:cf:12:b3:a7:c4:b3:
         9e:9f:b3:e1:24:4c:e6:71:ee:bb:2f:f4:ce:83:8b:5a:31:c2:
         50:96:93:82:80:cf:ee:52:29:1b:d2:11:71:0e:f6:31:13:e6:
         b2:9d:8f:bc:3b:1e:b2:13:b4:71:08:a3:0e:4e:e2:87:67:b2:
         b6:24:64:9a:71:28:4b:a1:50:d8:48:48:e2:2f:c6:fe:92:49:
         e7:10:9a:59:28:8f:a3:6b:69:26:48:68:ad:ee:f1:1f:53:07:
         0b:08:59:ff:53:c2:fa:1a:5b:49:ba:33:1c:01:b9:d7:16:93:
         72:40:4f:98:cb:40:b3:ff:e2:22:d2:31:2a:43:24:dd:e1:c7:
         a6:28:50:69:cb:67:95:40:8c:8d:d2:e6:e2:e7:69:fd:c8:de:
         d2:25:74:d3:c7:af:23:a3:65:7a:13:7f:73:b5:23:5d:67:e6:
         44:64:48:57:b8:9b:32:e5:0c:62:fd:03:fd:29:54:a9:aa:8f:
         e3:54:00:96:bc:67:ad:a1:a7:f6:7a:17:7c:5b:4a:2a:b6:57:
         60:ce:c9:60:a6:f7:ff:46:90:77:95:df:32:a9:27:b8:13:f5:
         fb:04:31:cb:6d:d3:dc:eb:ba:ab:fc:7a:10:2d:6f:9e:f8:c2:
         26:b7:ee:37
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZAWBvphfHWzzGFNIZJAVobJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjQwNjE0MDkxNDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxM2UzNzBlMzdhNWQ1ZmI0Zjc5MDZmMjI2MjFiODFiNTkyNWQ1NDQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApge2Eu//i0MLLXXlFCJuUym5ox/o
dYV3wPyPg6hP4D3Yb+iACGKfd70NWTeGW04jfciyZUvT5gO72gExLCDA9Exhhle7
kjEYwnodl0J2iHmJmhIe/xm6/3pYYTkXMwR0oSWeyWwbDqdOCzzz1fQds00dF2de
rf48VWZKs0GPVfOeyd0pjBK16eQQ0wFKNepl5eaJQZ/t9O5y5BiMiFngO9/HUDa0
TYZdtEpDQggvrW0RQvs0LCQvlkUABq+E/blTkYYfVPtjyvD1XosQUZKbcPJOvPdW
FeXOPUsNuU8SYMtFSle0sb6ehuHdQHy1Sx2SuHrqmgXG9iylQPmI1rNRAQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFBPjcON6XV+095BvImIbgbWSXVREMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvRS1OdzQzcGRYN1Qza0c4aVlodUJ0WkpkVkVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQAaN6hMAwD
BABo3qcDBABo3qgwDQYJKoZIhvcNAQELBQADggEBACtPvbiCB7RkCr19o88Ss6fE
s56fs+EkTOZx7rsv9M6Di1oxwlCWk4KAz+5SKRvSEXEO9jET5rKdj7w7HrITtHEI
ow5O4odnsrYkZJpxKEuhUNhISOIvxv6SSecQmlkoj6NraSZIaK3u8R9TBwsIWf9T
wvoaW0m6MxwBudcWk3JAT5jLQLP/4iLSMSpDJN3hx6YoUGnLZ5VAjI3S5uLnaf3I
3tIldNPHryOjZXoTf3O1I11n5kRkSFe4mzLlDGL9A/0pVKmqj+NUAJa8Z62hp/Z6
F3xbSiq2V2DOyWCm9/9GkHeV3zKpJ7gT9fsEMctt09zruqv8ehAtb574wia37jc=
-----END CERTIFICATE-----