Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/df6c28-8860-43dd-b86a-6c4c73bfe616/1/EZ-uG791xT4_kyLh71Y9NKol9es.roa
File:                     EZ-uG791xT4_kyLh71Y9NKol9es.roa (raw, json)
Hash identifier:          gxp65J5FxS0gwZJopWnRREKK5kAEfnh3NLZ6wRpIigA=
Subject key identifier:   11:9F:AE:1B:BF:75:C5:3E:3F:93:22:E1:EF:56:3D:34:AA:25:F5:EB
Certificate issuer:       /CN=90db0007438537166cf3e59696db240a9412bef1
Certificate serial:       018CC8713C98DB2C667280FEA1780E8E42E6
Authority key identifier: 90:DB:00:07:43:85:37:16:6C:F3:E5:96:96:DB:24:0A:94:12:BE:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kNsAB0OFNxZs8-WWltskCpQSvvE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/df6c28-8860-43dd-b86a-6c4c73bfe616/1/EZ-uG791xT4_kyLh71Y9NKol9es.roa
Signing time:             Tue 02 Jan 2024 04:31:53 +0000
ROA not before:           Tue 02 Jan 2024 04:31:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21245
IP address blocks:        80.91.216.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/df6c28-8860-43dd-b86a-6c4c73bfe616/1/kNsAB0OFNxZs8-WWltskCpQSvvE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/df6c28-8860-43dd-b86a-6c4c73bfe616/1/kNsAB0OFNxZs8-WWltskCpQSvvE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kNsAB0OFNxZs8-WWltskCpQSvvE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 07:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:3c:98:db:2c:66:72:80:fe:a1:78:0e:8e:42:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=90db0007438537166cf3e59696db240a9412bef1
        Validity
            Not Before: Jan  2 04:31:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=119fae1bbf75c53e3f9322e1ef563d34aa25f5eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:93:1a:93:de:a1:78:ea:b9:5e:2f:c8:f7:12:
                    8f:ac:51:d3:58:02:f7:90:a0:e1:67:0b:60:58:2c:
                    0c:d7:e5:aa:c2:42:5a:9f:28:21:99:f6:3e:61:f3:
                    46:34:6a:9b:b2:c1:33:2f:a6:fe:32:04:9d:2a:39:
                    8b:3a:87:6f:15:0b:2c:1d:23:f3:04:05:15:26:bd:
                    ed:52:71:c8:3a:c5:20:40:9e:60:ab:bb:57:0d:11:
                    ef:22:16:50:e4:49:6a:cf:33:76:4f:cf:9d:2c:06:
                    29:59:b3:04:b3:ff:59:c6:27:6b:83:80:aa:17:07:
                    a3:33:d1:34:cb:2f:ff:33:4e:76:94:9a:43:f2:bc:
                    91:96:8a:e8:fb:e5:52:66:e3:62:ce:81:c3:2a:b8:
                    28:21:f7:01:f7:a1:b9:5d:d0:94:e5:eb:a9:94:cd:
                    f5:ad:32:17:15:62:9e:df:23:b9:cf:f5:0e:5b:63:
                    7f:89:54:3a:51:7c:64:05:c6:9d:a9:31:4f:4f:ba:
                    53:73:99:bd:6b:96:78:00:27:02:36:4b:e4:01:d5:
                    58:a7:a1:e2:fd:0b:50:bf:a3:4b:23:c6:60:f9:8f:
                    54:d0:f6:ca:eb:2d:d4:ad:34:7f:ab:92:e8:fd:fd:
                    43:76:9c:8e:f0:c8:e9:a5:29:fe:7a:e8:db:5f:8c:
                    02:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:9F:AE:1B:BF:75:C5:3E:3F:93:22:E1:EF:56:3D:34:AA:25:F5:EB
            X509v3 Authority Key Identifier:
                keyid:90:DB:00:07:43:85:37:16:6C:F3:E5:96:96:DB:24:0A:94:12:BE:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kNsAB0OFNxZs8-WWltskCpQSvvE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/df6c28-8860-43dd-b86a-6c4c73bfe616/1/EZ-uG791xT4_kyLh71Y9NKol9es.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/df6c28-8860-43dd-b86a-6c4c73bfe616/1/kNsAB0OFNxZs8-WWltskCpQSvvE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.91.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:ec:ad:ea:cc:6e:4f:54:b2:f6:02:29:0c:4a:b3:37:f3:af:
         3c:30:74:52:6c:08:4c:27:11:58:fb:ad:77:8c:ff:c4:e2:b5:
         de:ea:d0:9a:6d:08:d8:8e:ea:6e:d1:ab:ad:f5:8d:15:71:24:
         1a:17:02:1b:a2:2d:67:72:40:7b:f7:9d:f6:b5:ee:64:cb:67:
         8a:94:9f:ef:25:81:71:34:93:01:a2:5a:df:cb:0c:41:d6:d0:
         10:fa:83:83:ab:1c:a5:c3:33:8c:8d:a6:c0:52:2b:c0:d0:5b:
         ec:90:6c:6a:20:47:6f:e1:47:fc:22:44:cb:24:9d:d3:94:d9:
         cc:5d:6a:54:6b:16:50:cc:e2:ae:71:69:5c:55:b4:e2:9f:67:
         dd:5d:e7:13:12:53:f9:f5:a6:e3:34:36:5d:aa:a0:82:a2:68:
         e7:37:78:42:ad:9a:c3:72:e5:89:2d:f9:df:30:04:3c:d5:a2:
         c3:8b:60:72:b2:51:15:2b:1c:4c:de:4f:66:0b:98:1a:8e:62:
         ca:bf:3e:76:38:c6:3e:99:4c:d0:e6:e5:7e:59:2c:d4:78:87:
         ed:ea:c2:ba:5d:0c:70:b8:5d:c7:19:a5:21:79:db:1f:8b:0a:
         ed:df:c1:8a:48:ee:07:de:b2:76:2e:5c:27:27:f5:8d:d8:b3:
         49:e7:22:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcTyY2yxmcoD+oXgOjkLmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwZGIwMDA3NDM4NTM3MTY2Y2YzZTU5Njk2ZGIyNDBhOTQx
MmJlZjEwHhcNMjQwMTAyMDQzMTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTlmYWUxYmJmNzVjNTNlM2Y5MzIyZTFlZjU2M2QzNGFhMjVmNWViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqZMak96heOq5Xi/I9xKPrFHTWAL3
kKDhZwtgWCwM1+WqwkJanyghmfY+YfNGNGqbssEzL6b+MgSdKjmLOodvFQssHSPz
BAUVJr3tUnHIOsUgQJ5gq7tXDRHvIhZQ5ElqzzN2T8+dLAYpWbMEs/9Zxidrg4Cq
FwejM9E0yy//M052lJpD8ryRloro++VSZuNizoHDKrgoIfcB96G5XdCU5euplM31
rTIXFWKe3yO5z/UOW2N/iVQ6UXxkBcadqTFPT7pTc5m9a5Z4ACcCNkvkAdVYp6Hi
/QtQv6NLI8Zg+Y9U0PbK6y3UrTR/q5Lo/f1DdpyO8MjppSn+eujbX4wC9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBGfrhu/dcU+P5Mi4e9WPTSqJfXrMB8GA1UdIwQY
MBaAFJDbAAdDhTcWbPPllpbbJAqUEr7xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva05zQUIwT0ZOeFpzOC1XV2x0c2tDcFFTdnZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS9kZjZjMjgtODg2MC00M2RkLWI4NmEt
NmM0YzczYmZlNjE2LzEvRVotdUc3OTF4VDRfa3lMaDcxWTlOS29sOWVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS9kZjZjMjgtODg2MC00M2RkLWI4NmEtNmM0YzczYmZlNjE2
LzEva05zQUIwT0ZOeFpzOC1XV2x0c2tDcFFTdnZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUFvYMA0G
CSqGSIb3DQEBCwUAA4IBAQBf7K3qzG5PVLL2AikMSrM38688MHRSbAhMJxFY+613
jP/E4rXe6tCabQjYjupu0aut9Y0VcSQaFwIboi1nckB79532te5ky2eKlJ/vJYFx
NJMBolrfywxB1tAQ+oODqxylwzOMjabAUivA0FvskGxqIEdv4Uf8IkTLJJ3TlNnM
XWpUaxZQzOKucWlcVbTin2fdXecTElP59abjNDZdqqCComjnN3hCrZrDcuWJLfnf
MAQ81aLDi2ByslEVKxxM3k9mC5gajmLKvz52OMY+mUzQ5uV+WSzUeIft6sK6XQxw
uF3HGaUhedsfiwrt38GKSO4H3rJ2LlwnJ/WN2LNJ5yLz
-----END CERTIFICATE-----