Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/eab4d8-6afd-4f81-ab10-464eb183b568/1/eD9KOBh6WJpzy2UGZhjWqbKZgnY.roa
File:                     eD9KOBh6WJpzy2UGZhjWqbKZgnY.roa (raw, json)
Hash identifier:          FY6Q9bwWqxHzpxkPC637XhwCXB1ndMnstCgqHGzLhzg=
Subject key identifier:   78:3F:4A:38:18:7A:58:9A:73:CB:65:06:66:18:D6:A9:B2:99:82:76
Certificate issuer:       /CN=e801f23ce821c264d67727536ec183537594c5f2
Certificate serial:       018CC49369BD4BD31381C7C617ABD77411FF
Authority key identifier: E8:01:F2:3C:E8:21:C2:64:D6:77:27:53:6E:C1:83:53:75:94:C5:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6AHyPOghwmTWdydTbsGDU3WUxfI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/eab4d8-6afd-4f81-ab10-464eb183b568/1/eD9KOBh6WJpzy2UGZhjWqbKZgnY.roa
Signing time:             Mon 01 Jan 2024 10:30:44 +0000
ROA not before:           Mon 01 Jan 2024 10:30:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8748
IP address blocks:        194.47.128.0/19 maxlen: 19
                          193.11.184.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/eab4d8-6afd-4f81-ab10-464eb183b568/1/6AHyPOghwmTWdydTbsGDU3WUxfI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/eab4d8-6afd-4f81-ab10-464eb183b568/1/6AHyPOghwmTWdydTbsGDU3WUxfI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6AHyPOghwmTWdydTbsGDU3WUxfI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 22:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:69:bd:4b:d3:13:81:c7:c6:17:ab:d7:74:11:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e801f23ce821c264d67727536ec183537594c5f2
        Validity
            Not Before: Jan  1 10:30:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=783f4a38187a589a73cb65066618d6a9b2998276
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:88:b4:1f:c2:d9:46:9b:46:c0:85:fd:ba:3f:
                    af:02:9b:53:3d:59:a1:fe:38:a9:5f:34:5b:7a:1e:
                    1b:7a:46:39:c9:97:98:af:6f:8a:3a:d7:a2:e7:dc:
                    72:e0:1b:5d:b2:c0:da:73:81:ae:06:4a:6a:7c:6d:
                    1b:fc:90:c9:60:2a:50:29:b4:1c:9e:68:a9:f6:98:
                    c0:14:2b:18:21:68:72:77:23:de:79:1a:b0:9f:ba:
                    88:1a:a3:94:f1:1b:25:30:11:39:b7:60:e5:e7:0d:
                    77:25:41:24:66:da:48:13:6d:2d:e6:02:f0:b4:e8:
                    2c:f7:f1:58:bd:6d:21:e4:8a:83:ce:76:78:43:b4:
                    ff:48:a0:5c:a2:75:66:88:8b:73:5d:82:77:48:8b:
                    5a:cc:f9:e3:5e:fb:a3:97:55:5e:9b:f3:ee:ad:2a:
                    e2:7f:c7:24:a1:fb:14:9a:7e:78:a6:02:83:1f:69:
                    9a:2f:20:b1:91:20:8d:6f:61:42:71:96:bf:12:14:
                    cb:95:91:64:6e:e3:a2:cb:c6:12:d7:3b:94:7e:3b:
                    5a:1f:9b:3f:7d:7a:f5:4d:ff:9e:7d:8c:f9:15:75:
                    6b:69:ae:f0:df:6c:6d:04:7b:3f:29:af:0c:01:e6:
                    b4:d4:c4:b4:08:01:ff:a6:6f:f7:e6:3f:40:7b:de:
                    e3:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:3F:4A:38:18:7A:58:9A:73:CB:65:06:66:18:D6:A9:B2:99:82:76
            X509v3 Authority Key Identifier:
                keyid:E8:01:F2:3C:E8:21:C2:64:D6:77:27:53:6E:C1:83:53:75:94:C5:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6AHyPOghwmTWdydTbsGDU3WUxfI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/eab4d8-6afd-4f81-ab10-464eb183b568/1/eD9KOBh6WJpzy2UGZhjWqbKZgnY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/eab4d8-6afd-4f81-ab10-464eb183b568/1/6AHyPOghwmTWdydTbsGDU3WUxfI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.11.184.0/21
                  194.47.128.0/19

    Signature Algorithm: sha256WithRSAEncryption
         1a:05:e6:2d:cc:8a:7a:7c:79:4a:6d:ca:bc:55:39:37:19:bd:
         fe:bf:8c:92:4d:25:6b:d1:49:5a:2d:09:39:61:92:a9:36:3a:
         92:77:bc:75:57:de:e5:a6:60:20:0f:57:81:47:07:f4:41:26:
         06:b8:17:18:bf:90:a2:aa:9f:1c:cb:2a:41:72:8b:6f:03:98:
         5c:71:65:c9:39:fb:a1:8d:ae:2e:88:d4:05:d1:9c:aa:64:56:
         29:11:77:6e:9d:d8:a9:24:40:56:dd:ed:64:1c:bd:f6:75:50:
         90:dc:4d:23:ea:37:14:a2:51:a4:cd:6e:19:4a:5c:89:29:b5:
         9b:a4:71:a1:b4:ac:20:60:ab:5f:01:e0:c1:77:4f:9c:8e:9a:
         88:34:c4:e9:ac:fd:77:a7:0e:1e:dd:db:fa:f1:e8:97:ca:e5:
         56:97:31:09:4a:16:4f:98:d1:19:47:b5:89:75:41:13:81:c0:
         a0:64:72:27:a1:57:b0:ba:f3:5a:a5:5a:b3:c1:80:35:fc:98:
         e8:14:71:77:72:ba:5f:d9:23:40:81:f7:ac:2c:d7:b0:d0:b8:
         04:6f:df:b2:b3:b7:91:a4:90:fd:6a:4f:73:c2:c6:f0:2c:a7:
         85:41:18:c2:cd:02:6a:77:1b:fb:7e:21:6f:16:d1:42:7c:28:
         f1:ae:6b:9f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEk2m9S9MTgcfGF6vXdBH/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4MDFmMjNjZTgyMWMyNjRkNjc3Mjc1MzZlYzE4MzUzNzU5
NGM1ZjIwHhcNMjQwMTAxMTAzMDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODNmNGEzODE4N2E1ODlhNzNjYjY1MDY2NjE4ZDZhOWIyOTk4Mjc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgIi0H8LZRptGwIX9uj+vAptTPVmh
/jipXzRbeh4bekY5yZeYr2+KOtei59xy4BtdssDac4GuBkpqfG0b/JDJYCpQKbQc
nmip9pjAFCsYIWhydyPeeRqwn7qIGqOU8RslMBE5t2Dl5w13JUEkZtpIE20t5gLw
tOgs9/FYvW0h5IqDznZ4Q7T/SKBconVmiItzXYJ3SItazPnjXvujl1Vem/PurSri
f8ckofsUmn54pgKDH2maLyCxkSCNb2FCcZa/EhTLlZFkbuOiy8YS1zuUfjtaH5s/
fXr1Tf+efYz5FXVraa7w32xtBHs/Ka8MAea01MS0CAH/pm/35j9Ae97jvQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHg/SjgYeliac8tlBmYY1qmymYJ2MB8GA1UdIwQY
MBaAFOgB8jzoIcJk1ncnU27Bg1N1lMXyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkFIeVBPZ2h3bVRXZHlkVGJzR0RVM1dVeGZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC9lYWI0ZDgtNmFmZC00ZjgxLWFiMTAt
NDY0ZWIxODNiNTY4LzEvZUQ5S09CaDZXSnB6eTJVR1poaldxYktaZ25ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC9lYWI0ZDgtNmFmZC00ZjgxLWFiMTAtNDY0ZWIxODNiNTY4
LzEvNkFIeVBPZ2h3bVRXZHlkVGJzR0RVM1dVeGZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDwQu4AwQF
wi+AMA0GCSqGSIb3DQEBCwUAA4IBAQAaBeYtzIp6fHlKbcq8VTk3Gb3+v4ySTSVr
0UlaLQk5YZKpNjqSd7x1V97lpmAgD1eBRwf0QSYGuBcYv5Ciqp8cyypBcotvA5hc
cWXJOfuhja4uiNQF0ZyqZFYpEXdundipJEBW3e1kHL32dVCQ3E0j6jcUolGkzW4Z
SlyJKbWbpHGhtKwgYKtfAeDBd0+cjpqINMTprP13pw4e3dv68eiXyuVWlzEJShZP
mNEZR7WJdUETgcCgZHInoVewuvNapVqzwYA1/JjoFHF3crpf2SNAgfesLNew0LgE
b9+ys7eRpJD9ak9zwsbwLKeFQRjCzQJqdxv7fiFvFtFCfCjxrmuf
-----END CERTIFICATE-----