Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/EEWnkJAn_t3aT0VJNI6okWbZWLQ.roa
File:                     EEWnkJAn_t3aT0VJNI6okWbZWLQ.roa (raw, json)
Hash identifier:          l5TzIvx9xnVrEMvNf4qUfRHsSPshcnDyQHBGyaSBTiw=
Subject key identifier:   10:45:A7:90:90:27:FE:DD:DA:4F:45:49:34:8E:A8:91:66:D9:58:B4
Certificate issuer:       /CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
Certificate serial:       018CC2DAD78F7AFE80BA3742D8F297E433F6
Authority key identifier: 54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/EEWnkJAn_t3aT0VJNI6okWbZWLQ.roa
Signing time:             Mon 01 Jan 2024 02:29:31 +0000
ROA not before:           Mon 01 Jan 2024 02:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62147
IP address blocks:        88.220.250.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 09:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:d7:8f:7a:fe:80:ba:37:42:d8:f2:97:e4:33:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
        Validity
            Not Before: Jan  1 02:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1045a7909027feddda4f4549348ea89166d958b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:93:bf:c4:15:af:c1:a2:b2:6e:5a:14:e3:2a:
                    ed:2d:ed:92:24:c4:ca:b3:14:cb:e0:61:38:83:ea:
                    a7:b2:48:c6:82:c3:e2:07:9f:07:62:50:45:77:11:
                    dc:b1:41:d2:f5:26:e5:b2:1a:6d:63:b7:a7:b9:e7:
                    d4:a8:d6:3f:23:18:6f:81:4a:10:35:9a:7d:ff:79:
                    eb:63:37:71:14:67:ac:98:2b:9f:28:d3:40:f9:d9:
                    0b:95:f0:ca:f0:a2:8c:e1:23:1a:c9:14:f9:da:20:
                    ec:f5:b8:8c:29:cf:e0:88:55:b4:92:1d:45:87:41:
                    78:0b:d5:9b:fa:36:94:b8:5b:bb:d9:79:66:4e:97:
                    32:c9:27:cf:a8:3d:d6:78:0a:b8:01:12:0f:8e:5f:
                    bf:fb:ae:ee:04:8f:71:fa:fe:43:97:d0:f6:d2:ef:
                    79:94:af:08:54:0d:dd:13:d4:b6:a3:f6:94:b5:e6:
                    3c:d0:c1:6d:3d:cb:f3:b3:25:e3:f7:8b:25:56:2e:
                    ef:39:4c:f4:4c:8a:14:e1:23:4c:6c:7f:98:ab:c6:
                    6c:62:23:02:dc:00:3b:a8:f2:12:fd:91:f9:1b:ca:
                    4e:95:22:81:6a:8d:f4:93:18:3a:98:a2:20:5c:f6:
                    e3:7d:30:82:79:eb:83:eb:97:79:c6:41:9a:0a:56:
                    04:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:45:A7:90:90:27:FE:DD:DA:4F:45:49:34:8E:A8:91:66:D9:58:B4
            X509v3 Authority Key Identifier:
                keyid:54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/EEWnkJAn_t3aT0VJNI6okWbZWLQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.220.250.0/23

    Signature Algorithm: sha256WithRSAEncryption
         c4:15:e8:54:28:67:27:6c:ae:85:a8:da:e9:e1:6e:7b:c1:34:
         97:5d:ce:5f:15:31:4e:ce:67:fa:30:af:4e:5d:f1:93:04:94:
         f2:a2:f6:f4:92:85:cc:72:47:fa:9c:99:e3:6b:64:26:ff:e0:
         55:94:95:b5:49:03:89:6a:2b:25:53:42:9c:88:ab:f1:49:a3:
         6a:20:70:fb:05:87:ef:6f:b3:78:2e:ee:df:3b:9e:75:4e:ef:
         65:14:9e:a0:71:5c:7b:fb:d4:ae:aa:3c:17:16:1f:56:51:53:
         7d:33:8e:37:e1:a3:09:6e:e7:76:1b:10:5c:fc:6d:4b:c9:dd:
         e3:73:70:91:c3:7d:f6:f6:69:cb:88:94:29:f0:40:34:ea:b1:
         a1:8e:de:06:b7:83:e1:3d:fc:7c:41:a3:89:d2:15:d8:86:bc:
         c8:d0:c1:e8:b6:d3:c6:e5:73:e6:cf:b2:1b:67:f9:c9:ca:10:
         d8:d9:45:b7:8e:32:6c:39:68:3c:94:34:35:1c:cb:f8:82:c5:
         a0:a1:38:40:43:ab:91:ba:28:20:04:5f:38:85:b8:1c:07:aa:
         e4:c6:92:c5:bd:68:33:f2:4f:af:93:8e:a6:fd:3a:10:f5:49:
         ee:bb:52:81:8e:3c:74:df:87:89:ec:59:64:98:fb:67:cc:4f:
         33:a0:30:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2tePev6AujdC2PKX5DP2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NjgzNGU2ODg5MGYzOTg2YTFiMDQ1N2NlMGY1NGFlMDNj
MmQ3NmIwHhcNMjQwMTAxMDIyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDQ1YTc5MDkwMjdmZWRkZGE0ZjQ1NDkzNDhlYTg5MTY2ZDk1OGI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlZO/xBWvwaKybloU4yrtLe2SJMTK
sxTL4GE4g+qnskjGgsPiB58HYlBFdxHcsUHS9SblshptY7enuefUqNY/IxhvgUoQ
NZp9/3nrYzdxFGesmCufKNNA+dkLlfDK8KKM4SMayRT52iDs9biMKc/giFW0kh1F
h0F4C9Wb+jaUuFu72XlmTpcyySfPqD3WeAq4ARIPjl+/+67uBI9x+v5Dl9D20u95
lK8IVA3dE9S2o/aUteY80MFtPcvzsyXj94slVi7vOUz0TIoU4SNMbH+Yq8ZsYiMC
3AA7qPIS/ZH5G8pOlSKBao30kxg6mKIgXPbjfTCCeeuD65d5xkGaClYE/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBBFp5CQJ/7d2k9FSTSOqJFm2Vi0MB8GA1UdIwQY
MBaAFFRoNOaIkPOYahsEV84PVK4DwtdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQt
NTI3NjZiMjRiYWE0LzEvRUVXbmtKQW5fdDNhVDBWSk5JNm9rV2JaV0xRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQtNTI3NjZiMjRiYWE0
LzEvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBWNz6MA0G
CSqGSIb3DQEBCwUAA4IBAQDEFehUKGcnbK6FqNrp4W57wTSXXc5fFTFOzmf6MK9O
XfGTBJTyovb0koXMckf6nJnja2Qm/+BVlJW1SQOJaislU0KciKvxSaNqIHD7BYfv
b7N4Lu7fO551Tu9lFJ6gcVx7+9SuqjwXFh9WUVN9M4434aMJbud2GxBc/G1Lyd3j
c3CRw3329mnLiJQp8EA06rGhjt4Gt4PhPfx8QaOJ0hXYhrzI0MHottPG5XPmz7Ib
Z/nJyhDY2UW3jjJsOWg8lDQ1HMv4gsWgoThAQ6uRuiggBF84hbgcB6rkxpLFvWgz
8k+vk46m/ToQ9Unuu1KBjjx034eJ7FlkmPtnzE8zoDAm
-----END CERTIFICATE-----