Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/e0Grg-uy8nQrLcQgYE8P2g3CCfY.roa
File:                     e0Grg-uy8nQrLcQgYE8P2g3CCfY.roa (raw, json)
Hash identifier:          yg5BS3czdFssDdfArgE+skNd8XOOEl0FTxlTQGkq2FQ=
Subject key identifier:   7B:41:AB:83:EB:B2:F2:74:2B:2D:C4:20:60:4F:0F:DA:0D:C2:09:F6
Certificate issuer:       /CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
Certificate serial:       018CC86FF009047CB6562DF36546B7E0F694
Authority key identifier: 8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/e0Grg-uy8nQrLcQgYE8P2g3CCfY.roa
Signing time:             Tue 02 Jan 2024 04:30:28 +0000
ROA not before:           Tue 02 Jan 2024 04:30:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49027
IP address blocks:        195.33.202.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 12:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:f0:09:04:7c:b6:56:2d:f3:65:46:b7:e0:f6:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
        Validity
            Not Before: Jan  2 04:30:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7b41ab83ebb2f2742b2dc420604f0fda0dc209f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:06:c8:62:3d:e5:38:1c:b5:24:76:9c:89:5b:
                    4e:8d:5d:1f:60:62:b5:99:bf:be:c9:8d:d8:0b:ae:
                    2e:fd:2b:95:69:15:f5:5c:7b:7d:c8:fe:5f:ca:a5:
                    0c:2a:be:43:51:9f:4e:bf:07:9b:3a:60:67:cb:df:
                    94:98:bf:43:30:a6:e4:0c:77:c0:ad:74:27:c0:ec:
                    cf:43:00:9b:ac:06:24:b3:fb:30:a3:a1:16:eb:ab:
                    59:2f:a1:a9:ea:3f:b2:d0:59:ec:0b:93:a7:01:7e:
                    48:6e:b5:75:a4:80:65:56:d8:bd:cd:bd:37:7a:b6:
                    cf:76:12:e0:24:21:25:7a:c8:6f:b7:5b:f4:65:2d:
                    ec:ab:ee:9e:dc:8c:f2:cf:5b:fa:8d:cb:61:f2:e3:
                    63:ba:bc:15:48:61:4d:c2:2b:94:d2:8d:40:de:23:
                    29:30:aa:3d:e8:6c:02:b1:4f:45:6f:f9:7d:ad:12:
                    d9:45:46:6b:0d:47:2e:26:6d:5a:be:01:e7:71:23:
                    79:05:d1:5d:d3:d3:52:bc:ae:19:b8:d2:05:d6:4a:
                    dd:16:2f:e6:36:d5:63:99:0d:44:ef:e3:df:85:cd:
                    7c:91:64:75:ad:6e:cc:a8:c2:76:57:5c:5a:76:0d:
                    0b:48:ae:9b:27:13:e2:81:f1:fb:12:93:58:e5:6d:
                    ca:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:41:AB:83:EB:B2:F2:74:2B:2D:C4:20:60:4F:0F:DA:0D:C2:09:F6
            X509v3 Authority Key Identifier:
                keyid:8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/e0Grg-uy8nQrLcQgYE8P2g3CCfY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.33.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:0a:fd:d3:bc:d9:83:04:48:95:d9:78:08:e0:b9:2e:56:82:
         8a:d9:11:99:e4:ec:7e:ca:09:65:8c:55:5f:8e:40:58:85:31:
         8e:f9:35:3c:f4:86:00:33:a6:c5:8e:5d:ee:a0:f5:16:71:b0:
         75:ad:cb:5c:ab:e8:57:a9:95:27:bc:71:26:2c:72:7d:40:4d:
         6d:29:dd:c3:e1:82:49:79:c5:39:84:e7:e2:fa:9d:20:52:82:
         01:e1:fb:10:8d:6e:cd:a4:ba:10:c4:af:56:42:4d:ee:d3:70:
         69:92:2c:68:dc:17:4f:3e:bc:02:be:38:1e:cb:59:70:34:f4:
         76:51:9a:71:ca:5a:fe:e7:90:98:69:b2:a2:63:8c:d3:5f:72:
         fc:85:25:86:52:26:0e:8e:e4:97:f5:c1:14:80:6c:84:eb:94:
         8a:6d:75:6e:7f:7a:88:2e:54:4e:74:e3:00:7a:c8:32:77:0b:
         16:06:ea:36:02:8d:d3:8f:e6:55:2c:b1:b4:1d:68:3e:ac:bb:
         69:e5:2f:84:36:35:e1:ac:fb:0d:69:b4:f6:49:eb:fd:c3:3b:
         8a:80:15:86:db:2b:e8:0c:87:a5:54:c8:27:d6:f2:94:c2:d9:
         d4:41:37:90:ac:6d:24:07:64:dc:a7:08:67:87:a3:6d:79:39:
         6b:6f:4d:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb/AJBHy2Vi3zZUa34PaUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkNTljNDMyM2Y3NjdjZTRmZmM4NWRhYWQyMDhiOTBjMDRm
YmQzZTkwHhcNMjQwMTAyMDQzMDI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjQxYWI4M2ViYjJmMjc0MmIyZGM0MjA2MDRmMGZkYTBkYzIwOWY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoQbIYj3lOBy1JHaciVtOjV0fYGK1
mb++yY3YC64u/SuVaRX1XHt9yP5fyqUMKr5DUZ9OvwebOmBny9+UmL9DMKbkDHfA
rXQnwOzPQwCbrAYks/swo6EW66tZL6Gp6j+y0FnsC5OnAX5IbrV1pIBlVti9zb03
erbPdhLgJCEleshvt1v0ZS3sq+6e3Izyz1v6jcth8uNjurwVSGFNwiuU0o1A3iMp
MKo96GwCsU9Fb/l9rRLZRUZrDUcuJm1avgHncSN5BdFd09NSvK4ZuNIF1krdFi/m
NtVjmQ1E7+Pfhc18kWR1rW7MqMJ2V1xadg0LSK6bJxPigfH7EpNY5W3K9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHtBq4PrsvJ0Ky3EIGBPD9oNwgn2MB8GA1UdIwQY
MBaAFI1ZxDI/dnzk/8hdqtIIuQwE+9PpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUt
ZjJiZTlmNmM2NjRjLzEvZTBHcmctdXk4blFyTGNRZ1lFOFAyZzNDQ2ZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUtZjJiZTlmNmM2NjRj
LzEvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwyHKMA0G
CSqGSIb3DQEBCwUAA4IBAQBJCv3TvNmDBEiV2XgI4LkuVoKK2RGZ5Ox+yglljFVf
jkBYhTGO+TU89IYAM6bFjl3uoPUWcbB1rctcq+hXqZUnvHEmLHJ9QE1tKd3D4YJJ
ecU5hOfi+p0gUoIB4fsQjW7NpLoQxK9WQk3u03Bpkixo3BdPPrwCvjgey1lwNPR2
UZpxylr+55CYabKiY4zTX3L8hSWGUiYOjuSX9cEUgGyE65SKbXVuf3qILlROdOMA
esgydwsWBuo2Ao3Tj+ZVLLG0HWg+rLtp5S+ENjXhrPsNabT2Sev9wzuKgBWG2yvo
DIelVMgn1vKUwtnUQTeQrG0kB2Tcpwhnh6NteTlrb028
-----END CERTIFICATE-----