Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/1eqm836d6wo3UhoXeUPepjuSNPk.roa
File:                     1eqm836d6wo3UhoXeUPepjuSNPk.roa (raw, json)
Hash identifier:          nNI4UeOBaNm/zykbwcR4CBVhUJUx7/SsxfkDb4Py/Kw=
Subject key identifier:   D5:EA:A6:F3:7E:9D:EB:0A:37:52:1A:17:79:43:DE:A6:3B:92:34:F9
Certificate issuer:       /CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
Certificate serial:       019566F2D12FAFBE23FF9CD4410E940CBFFA
Authority key identifier: 62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/1eqm836d6wo3UhoXeUPepjuSNPk.roa
Signing time:             Wed 05 Mar 2025 15:35:44 +0000
ROA not before:           Wed 05 Mar 2025 15:35:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     53730
IP address blocks:        194.93.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:66:f2:d1:2f:af:be:23:ff:9c:d4:41:0e:94:0c:bf:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
        Validity
            Not Before: Mar  5 15:35:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d5eaa6f37e9deb0a37521a177943dea63b9234f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:05:3c:41:c7:19:0b:35:2c:56:f9:99:95:3e:
                    85:27:82:29:9f:d0:66:93:b6:ec:4c:7c:3d:aa:7a:
                    d3:f6:b9:5d:65:0f:5e:fa:a8:e1:a6:e8:15:a1:9b:
                    fa:de:dd:03:27:72:82:1e:39:a3:cf:c2:9a:82:a5:
                    53:a0:06:41:72:d6:c5:00:4b:45:1e:b9:b9:4e:aa:
                    5f:34:22:aa:79:47:bd:57:6c:c2:7e:03:3b:07:63:
                    52:6f:24:6c:90:90:34:5b:ee:0f:ef:6a:41:db:ce:
                    d6:40:50:ea:31:bf:2f:39:61:c3:19:8d:c3:db:08:
                    e3:b4:dc:e3:12:85:21:05:d9:12:a0:a5:65:ac:87:
                    cb:df:a4:a4:26:eb:00:b8:9a:1f:ae:6f:9a:f3:58:
                    87:a8:74:1e:f9:43:5d:67:28:6d:43:f3:6d:d5:3f:
                    e4:82:10:88:d5:f4:97:4e:2e:82:9e:3b:fe:d9:a4:
                    81:5a:90:74:b7:a9:80:db:5a:5f:15:30:03:67:e3:
                    c9:fb:fb:94:ba:d3:61:8b:8a:df:60:1d:a3:9c:5e:
                    6d:1a:5b:f7:cc:df:d3:f1:67:04:d1:f4:60:1b:22:
                    c0:a7:8c:75:ed:7b:cc:46:53:3e:ef:bb:c3:2e:da:
                    b1:35:ca:0e:3c:67:75:1b:d8:53:2f:f0:bb:8f:1c:
                    28:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:EA:A6:F3:7E:9D:EB:0A:37:52:1A:17:79:43:DE:A6:3B:92:34:F9
            X509v3 Authority Key Identifier:
                keyid:62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/1eqm836d6wo3UhoXeUPepjuSNPk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.93.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:42:b6:c8:87:d3:5d:28:c9:4e:cd:66:51:85:72:42:ac:e5:
         14:59:7e:e0:eb:9a:72:79:f3:2c:bd:0b:ad:42:d5:fe:be:15:
         36:24:01:b2:33:b0:d7:70:20:da:9d:76:7e:3d:d3:8c:74:32:
         ca:ea:10:07:ad:ce:0e:8a:63:f8:23:0e:86:34:fa:52:0a:69:
         02:9a:bc:67:2f:52:83:57:87:23:9b:ac:b9:05:60:e0:84:69:
         18:45:e4:98:ac:44:5c:8e:1e:3d:c1:b5:f3:67:98:50:54:99:
         a6:9a:d1:9f:19:03:45:04:bb:d3:ba:b6:25:cb:d3:f3:d1:b0:
         ca:75:de:ff:6e:b5:45:a1:a3:15:23:83:7e:dd:2e:0f:09:18:
         31:81:ee:56:c0:b2:5d:88:61:bd:67:9e:a2:f9:62:51:b0:2c:
         37:82:69:61:9e:96:ce:ec:2b:42:44:3a:b8:b3:cc:aa:2c:a4:
         1b:7d:57:2b:ac:6b:9f:9f:3a:8b:50:6d:50:ab:ab:7d:7f:f9:
         75:90:33:37:61:49:11:24:96:05:11:1d:3e:e3:4b:ff:84:a7:
         60:dd:d5:4a:59:af:4d:ee:48:5b:f7:d0:cb:b1:67:dc:cb:f4:
         20:2a:9d:f8:38:6d:aa:15:aa:54:97:ee:90:79:33:2d:dc:75:
         52:57:01:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZVm8tEvr74j/5zUQQ6UDL/6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjJlMWMyYTUzMTUzMzRiNjZkODBmNzhkNWI1MGI0MmU0
ODBiOWMwHhcNMjUwMzA1MTUzNTQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNWVhYTZmMzdlOWRlYjBhMzc1MjFhMTc3OTQzZGVhNjNiOTIzNGY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoAU8QccZCzUsVvmZlT6FJ4Ipn9Bm
k7bsTHw9qnrT9rldZQ9e+qjhpugVoZv63t0DJ3KCHjmjz8KagqVToAZBctbFAEtF
Hrm5TqpfNCKqeUe9V2zCfgM7B2NSbyRskJA0W+4P72pB287WQFDqMb8vOWHDGY3D
2wjjtNzjEoUhBdkSoKVlrIfL36SkJusAuJofrm+a81iHqHQe+UNdZyhtQ/Nt1T/k
ghCI1fSXTi6Cnjv+2aSBWpB0t6mA21pfFTADZ+PJ+/uUutNhi4rfYB2jnF5tGlv3
zN/T8WcE0fRgGyLAp4x17XvMRlM+77vDLtqxNcoOPGd1G9hTL/C7jxwonQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNXqpvN+nesKN1IaF3lD3qY7kjT5MB8GA1UdIwQY
MBaAFGIi4cKlMVM0tm2A941bULQuSAucMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEt
NTczNzAxYzg0ODMzLzEvMWVxbTgzNmQ2d28zVWhvWGVVUGVwanVTTlBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEtNTczNzAxYzg0ODMz
LzEvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwl06MA0G
CSqGSIb3DQEBCwUAA4IBAQB3QrbIh9NdKMlOzWZRhXJCrOUUWX7g65pyefMsvQut
QtX+vhU2JAGyM7DXcCDanXZ+PdOMdDLK6hAHrc4OimP4Iw6GNPpSCmkCmrxnL1KD
V4cjm6y5BWDghGkYReSYrERcjh49wbXzZ5hQVJmmmtGfGQNFBLvTurYly9Pz0bDK
dd7/brVFoaMVI4N+3S4PCRgxge5WwLJdiGG9Z56i+WJRsCw3gmlhnpbO7CtCRDq4
s8yqLKQbfVcrrGufnzqLUG1Qq6t9f/l1kDM3YUkRJJYFER0+40v/hKdg3dVKWa9N
7khb99DLsWfcy/QgKp34OG2qFapUl+6QeTMt3HVSVwFK
-----END CERTIFICATE-----