Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/E8fk2MTy7EtyRxYRcpAsKek1PCM.roa
File:                     E8fk2MTy7EtyRxYRcpAsKek1PCM.roa (raw, json)
Hash identifier:          s/ZB+jM3NURDXZvnVLJTmIgIh9cbJNmwLM7SuYiS9Mk=
Subject key identifier:   13:C7:E4:D8:C4:F2:EC:4B:72:47:16:11:72:90:2C:29:E9:35:3C:23
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       018CC7954CCA46247734E1B0D0BC9D8D61DE
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/E8fk2MTy7EtyRxYRcpAsKek1PCM.roa
Signing time:             Tue 02 Jan 2024 00:31:39 +0000
ROA not before:           Tue 02 Jan 2024 00:31:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42616
IP address blocks:        89.33.105.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:4c:ca:46:24:77:34:e1:b0:d0:bc:9d:8d:61:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Jan  2 00:31:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=13c7e4d8c4f2ec4b7247161172902c29e9353c23
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:8b:06:34:36:d7:27:e9:54:d4:e9:7a:fa:69:
                    ba:82:00:6a:e1:ee:a3:1b:84:b9:46:49:fa:f8:58:
                    a1:6c:48:40:a7:25:4f:93:7f:1c:0b:13:f3:41:59:
                    93:0c:ee:b1:e0:ed:09:e4:15:be:df:51:17:9f:f7:
                    f6:8d:5a:4c:2c:f8:b0:0c:5a:06:a5:11:a5:85:e7:
                    28:aa:09:42:fc:5b:c5:a2:40:92:e5:f4:37:a4:f6:
                    54:c5:68:e0:10:80:f6:27:cf:e7:05:3d:ef:5e:7c:
                    f6:3f:ec:df:5a:89:7b:06:ae:0c:0b:61:5c:d6:55:
                    39:53:a3:c7:38:09:8c:33:31:d5:64:1d:dc:bf:4c:
                    fd:99:c5:a8:c9:48:8f:7a:4f:7a:11:9b:99:00:4a:
                    ef:06:d7:e7:58:18:d8:e9:53:4a:23:6b:57:77:56:
                    85:4c:75:3f:19:f6:fd:b9:5a:35:e0:e5:3d:2e:2e:
                    c8:75:fa:6e:c5:bb:67:60:94:60:b2:44:61:56:23:
                    27:2a:5e:11:45:e2:06:0a:86:b5:de:01:ee:7f:2f:
                    3e:2d:d2:6f:ae:37:9c:63:cf:bc:c2:6b:cf:d4:c3:
                    77:7d:47:88:94:68:ee:99:44:95:e6:15:dc:22:7d:
                    dc:9a:4d:f1:5d:74:20:2b:91:25:90:9d:d1:86:07:
                    ef:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:C7:E4:D8:C4:F2:EC:4B:72:47:16:11:72:90:2C:29:E9:35:3C:23
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/E8fk2MTy7EtyRxYRcpAsKek1PCM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.33.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:4c:e9:cd:41:0c:7c:93:0d:2e:f0:43:ec:1c:6f:af:e1:0f:
         d4:bb:ea:68:1b:cd:cc:e3:29:09:2c:13:76:0e:d1:9a:70:a7:
         d9:44:7b:58:54:61:1a:ab:37:15:06:0e:81:78:45:73:46:db:
         d3:6d:bc:60:d9:ef:60:e6:b5:e7:f5:7f:d2:3d:51:d8:8d:3e:
         73:57:46:ce:1f:13:a5:83:88:75:34:7e:ae:4d:7d:1d:6a:64:
         2f:e5:a3:8b:50:81:ce:9f:49:0d:53:40:11:51:4c:e5:46:f1:
         82:6c:0e:92:3f:36:2d:41:65:fa:3a:85:97:25:4c:ad:39:24:
         b5:aa:9c:ff:85:34:e1:47:28:0c:b3:04:1b:00:8d:25:56:3a:
         84:4b:17:7a:08:df:c8:b5:03:20:25:7b:05:34:61:86:8c:c0:
         a7:d8:f6:74:d5:14:6c:51:c9:e8:fa:26:e9:99:b4:d8:60:20:
         21:08:35:6e:e2:08:9e:ee:2e:1d:3c:da:a1:7e:7e:11:f0:54:
         65:ef:d4:c8:d5:8b:94:fd:62:6d:92:a9:d7:c9:e8:7e:8c:d0:
         b1:ae:c3:1e:11:9a:ef:a9:69:4b:39:36:f3:26:65:6c:aa:31:
         77:46:d1:0d:18:98:cf:b0:8a:af:ea:46:4c:ed:6d:a5:66:04:
         60:65:1f:df
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzHlUzKRiR3NOGw0LydjWHeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjQwMTAyMDAzMTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxM2M3ZTRkOGM0ZjJlYzRiNzI0NzE2MTE3MjkwMmMyOWU5MzUzYzIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq4sGNDbXJ+lU1Ol6+mm6ggBq4e6j
G4S5Rkn6+FihbEhApyVPk38cCxPzQVmTDO6x4O0J5BW+31EXn/f2jVpMLPiwDFoG
pRGlhecoqglC/FvFokCS5fQ3pPZUxWjgEID2J8/nBT3vXnz2P+zfWol7Bq4MC2Fc
1lU5U6PHOAmMMzHVZB3cv0z9mcWoyUiPek96EZuZAErvBtfnWBjY6VNKI2tXd1aF
THU/Gfb9uVo14OU9Li7IdfpuxbtnYJRgskRhViMnKl4RReIGCoa13gHufy8+LdJv
rjecY8+8wmvP1MN3fUeIlGjumUSV5hXcIn3cmk3xXXQgK5ElkJ3RhgfvqQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFBPH5NjE8uxLckcWEXKQLCnpNTwjMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL0U4ZmsyTVR5N0V0eVJ4WVJjcEFzS2VrMVBDTS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABZIWkw
DQYJKoZIhvcNAQELBQADggEBABNM6c1BDHyTDS7wQ+wcb6/hD9S76mgbzczjKQks
E3YO0Zpwp9lEe1hUYRqrNxUGDoF4RXNG29NtvGDZ72Dmtef1f9I9UdiNPnNXRs4f
E6WDiHU0fq5NfR1qZC/lo4tQgc6fSQ1TQBFRTOVG8YJsDpI/Ni1BZfo6hZclTK05
JLWqnP+FNOFHKAyzBBsAjSVWOoRLF3oI38i1AyAlewU0YYaMwKfY9nTVFGxRyej6
JumZtNhgICEINW7iCJ7uLh082qF+fhHwVGXv1MjVi5T9Ym2SqdfJ6H6M0LGuwx4R
mu+paUs5NvMmZWyqMXdG0Q0YmM+wiq/qRkztbaVmBGBlH98=
-----END CERTIFICATE-----