Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/eab4d8-6afd-4f81-ab10-464eb183b568/1/byFLsbUH0YsWUNcHl7h6CJu6RFU.roa
File:                     byFLsbUH0YsWUNcHl7h6CJu6RFU.roa (raw, json)
Hash identifier:          4jzd2pENsQtsROJRVfutClNHNhLU04InHwbx/T36RuE=
Subject key identifier:   6F:21:4B:B1:B5:07:D1:8B:16:50:D7:07:97:B8:7A:08:9B:BA:44:55
Certificate issuer:       /CN=e801f23ce821c264d67727536ec183537594c5f2
Certificate serial:       0191C26B1250AB5CB742B8B267443455DAE6
Authority key identifier: E8:01:F2:3C:E8:21:C2:64:D6:77:27:53:6E:C1:83:53:75:94:C5:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6AHyPOghwmTWdydTbsGDU3WUxfI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/eab4d8-6afd-4f81-ab10-464eb183b568/1/byFLsbUH0YsWUNcHl7h6CJu6RFU.roa
Signing time:             Thu 05 Sep 2024 13:41:22 +0000
ROA not before:           Thu 05 Sep 2024 13:41:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2844
IP address blocks:        86.104.48.0/20 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/eab4d8-6afd-4f81-ab10-464eb183b568/1/6AHyPOghwmTWdydTbsGDU3WUxfI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/eab4d8-6afd-4f81-ab10-464eb183b568/1/6AHyPOghwmTWdydTbsGDU3WUxfI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6AHyPOghwmTWdydTbsGDU3WUxfI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 04:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:c2:6b:12:50:ab:5c:b7:42:b8:b2:67:44:34:55:da:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e801f23ce821c264d67727536ec183537594c5f2
        Validity
            Not Before: Sep  5 13:41:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6f214bb1b507d18b1650d70797b87a089bba4455
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:fb:0c:69:16:e2:26:0e:77:5f:38:10:bf:aa:
                    88:4b:0a:9c:bf:06:ef:d1:bb:5d:70:5d:0d:c2:40:
                    2a:7b:fd:10:43:e2:b3:61:07:62:46:e2:01:fb:20:
                    af:6b:02:bc:8e:e9:27:a5:dc:21:9b:a3:24:b3:4a:
                    35:0e:b1:b9:82:e9:0b:0e:21:42:92:b0:83:22:9e:
                    39:d8:5e:97:49:35:c4:f5:68:6b:ea:11:a4:3e:48:
                    92:5e:d4:85:f4:4c:89:7b:f1:29:a9:a9:57:09:76:
                    b7:b2:51:1d:50:d4:96:1d:c5:33:08:2c:99:ee:db:
                    50:28:b2:19:c7:4a:34:a3:40:45:aa:4d:10:2d:24:
                    18:4b:be:72:d3:a5:5a:73:e9:da:5e:0c:ae:2d:7b:
                    56:ee:12:e1:ff:7c:d6:4a:73:61:de:06:c3:5b:5f:
                    c2:21:03:ba:d6:9f:23:05:71:25:7d:ca:1c:a6:73:
                    07:50:f4:d4:c1:83:4e:63:c8:7e:cc:98:51:53:96:
                    6e:e4:1f:48:80:d4:04:84:c4:03:af:aa:a9:9c:a6:
                    b4:b0:8c:d7:2d:82:c8:db:69:0f:61:83:88:dd:1a:
                    98:42:a0:81:09:6f:2b:cc:f5:b7:ac:78:3e:ef:8f:
                    aa:01:bd:41:73:46:33:73:10:7b:15:9d:d8:1d:4c:
                    57:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:21:4B:B1:B5:07:D1:8B:16:50:D7:07:97:B8:7A:08:9B:BA:44:55
            X509v3 Authority Key Identifier:
                keyid:E8:01:F2:3C:E8:21:C2:64:D6:77:27:53:6E:C1:83:53:75:94:C5:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6AHyPOghwmTWdydTbsGDU3WUxfI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/eab4d8-6afd-4f81-ab10-464eb183b568/1/byFLsbUH0YsWUNcHl7h6CJu6RFU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/eab4d8-6afd-4f81-ab10-464eb183b568/1/6AHyPOghwmTWdydTbsGDU3WUxfI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.104.48.0/20

    Signature Algorithm: sha256WithRSAEncryption
         94:8d:dd:6e:b3:1f:d3:63:11:66:64:68:74:53:10:3c:ac:24:
         86:99:a7:93:22:4b:f3:55:4e:8a:56:bd:2e:72:62:e0:48:cb:
         a7:0a:f2:63:59:61:55:ed:7f:d7:e6:88:fa:28:33:da:13:b5:
         98:18:f0:7a:16:69:76:9e:7e:46:12:95:e6:ac:bf:c1:f4:73:
         9f:2a:25:b1:d2:b1:2a:c5:18:14:67:65:2e:8d:80:f4:70:3a:
         0b:eb:88:7d:dd:3d:5c:d3:31:4b:2f:72:e5:e3:d5:08:92:5a:
         34:98:66:05:b8:6b:21:41:56:45:79:07:05:38:a2:72:d4:d4:
         15:27:fd:ba:95:6b:1a:c6:5f:84:bb:35:b7:df:00:94:1d:6e:
         9d:3f:d6:b2:d4:c6:19:53:6f:bd:43:b7:f8:f8:dc:88:29:7e:
         a2:39:fe:d7:4c:cd:ba:ba:99:c1:2f:02:70:3b:b4:f2:f2:ec:
         28:70:50:af:00:71:3c:1a:6e:5f:68:14:f9:f4:e3:4c:8c:3f:
         87:c0:6f:73:83:93:d1:86:6d:94:9a:09:3f:c5:38:62:93:7a:
         f2:2c:8e:71:5c:54:fa:fa:df:5e:2f:0e:a3:4c:a7:1c:bf:d4:
         0e:91:63:17:16:e6:74:fa:cf:59:d5:85:44:6c:40:91:10:e8:
         7b:44:f8:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZHCaxJQq1y3QriyZ0Q0VdrmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4MDFmMjNjZTgyMWMyNjRkNjc3Mjc1MzZlYzE4MzUzNzU5
NGM1ZjIwHhcNMjQwOTA1MTM0MTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjIxNGJiMWI1MDdkMThiMTY1MGQ3MDc5N2I4N2EwODliYmE0NDU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtvsMaRbiJg53XzgQv6qISwqcvwbv
0btdcF0NwkAqe/0QQ+KzYQdiRuIB+yCvawK8juknpdwhm6Mks0o1DrG5gukLDiFC
krCDIp452F6XSTXE9Whr6hGkPkiSXtSF9EyJe/EpqalXCXa3slEdUNSWHcUzCCyZ
7ttQKLIZx0o0o0BFqk0QLSQYS75y06Vac+naXgyuLXtW7hLh/3zWSnNh3gbDW1/C
IQO61p8jBXElfcocpnMHUPTUwYNOY8h+zJhRU5Zu5B9IgNQEhMQDr6qpnKa0sIzX
LYLI22kPYYOI3RqYQqCBCW8rzPW3rHg+74+qAb1Bc0YzcxB7FZ3YHUxXmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG8hS7G1B9GLFlDXB5e4egibukRVMB8GA1UdIwQY
MBaAFOgB8jzoIcJk1ncnU27Bg1N1lMXyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkFIeVBPZ2h3bVRXZHlkVGJzR0RVM1dVeGZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC9lYWI0ZDgtNmFmZC00ZjgxLWFiMTAt
NDY0ZWIxODNiNTY4LzEvYnlGTHNiVUgwWXNXVU5jSGw3aDZDSnU2UkZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC9lYWI0ZDgtNmFmZC00ZjgxLWFiMTAtNDY0ZWIxODNiNTY4
LzEvNkFIeVBPZ2h3bVRXZHlkVGJzR0RVM1dVeGZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEVmgwMA0G
CSqGSIb3DQEBCwUAA4IBAQCUjd1usx/TYxFmZGh0UxA8rCSGmaeTIkvzVU6KVr0u
cmLgSMunCvJjWWFV7X/X5oj6KDPaE7WYGPB6Fml2nn5GEpXmrL/B9HOfKiWx0rEq
xRgUZ2UujYD0cDoL64h93T1c0zFLL3Ll49UIklo0mGYFuGshQVZFeQcFOKJy1NQV
J/26lWsaxl+EuzW33wCUHW6dP9ay1MYZU2+9Q7f4+NyIKX6iOf7XTM26upnBLwJw
O7Ty8uwocFCvAHE8Gm5faBT59ONMjD+HwG9zg5PRhm2Umgk/xThik3ryLI5xXFT6
+t9eLw6jTKccv9QOkWMXFuZ0+s9Z1YVEbECREOh7RPjO
-----END CERTIFICATE-----