Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/ede94e-ba2a-41ee-b12c-e0534e23859b/1/ESkgqHmzqaHdHuthFNPpA9qUKQI.roa
File:                     ESkgqHmzqaHdHuthFNPpA9qUKQI.roa (raw, json)
Hash identifier:          25lDweW/UnBW+LT8T5ZuwsMzuDOFKmWlvFqeqLQPYRc=
Subject key identifier:   11:29:20:A8:79:B3:A9:A1:DD:1E:EB:61:14:D3:E9:03:DA:94:29:02
Certificate issuer:       /CN=e6596f1b163cab0c45a84eeb13261b65f1a22962
Certificate serial:       018CC6499A638D6B15C5237DD09E51F3B357
Authority key identifier: E6:59:6F:1B:16:3C:AB:0C:45:A8:4E:EB:13:26:1B:65:F1:A2:29:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5llvGxY8qwxFqE7rEyYbZfGiKWI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/ede94e-ba2a-41ee-b12c-e0534e23859b/1/ESkgqHmzqaHdHuthFNPpA9qUKQI.roa
Signing time:             Mon 01 Jan 2024 18:29:21 +0000
ROA not before:           Mon 01 Jan 2024 18:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204559
IP address blocks:        178.235.243.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/ede94e-ba2a-41ee-b12c-e0534e23859b/1/5llvGxY8qwxFqE7rEyYbZfGiKWI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/ede94e-ba2a-41ee-b12c-e0534e23859b/1/5llvGxY8qwxFqE7rEyYbZfGiKWI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5llvGxY8qwxFqE7rEyYbZfGiKWI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:46:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:9a:63:8d:6b:15:c5:23:7d:d0:9e:51:f3:b3:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e6596f1b163cab0c45a84eeb13261b65f1a22962
        Validity
            Not Before: Jan  1 18:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=112920a879b3a9a1dd1eeb6114d3e903da942902
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:e8:1e:11:ae:3c:99:67:93:ac:12:37:c4:a6:
                    38:a1:d0:07:c1:a3:47:fc:b6:c0:9f:aa:b1:d2:fb:
                    59:e3:f2:44:30:4f:5a:43:4a:e2:22:5d:6b:4d:28:
                    1d:06:42:8c:3f:99:3e:c9:ad:71:7d:21:48:f5:52:
                    cd:f8:14:b2:3c:66:fb:dd:65:f1:b5:14:26:75:90:
                    90:4b:3b:2f:c8:84:8e:2b:49:22:d7:a5:b6:81:3a:
                    9e:ee:dd:8e:b4:43:20:9b:af:95:47:7a:56:e8:77:
                    38:b4:00:23:5b:17:7e:42:eb:da:43:de:ba:13:ef:
                    a4:0d:e0:1f:57:99:eb:bb:4b:24:a8:42:d0:15:86:
                    ae:d6:a4:c3:93:61:7a:7f:56:26:92:a9:2b:bf:a9:
                    c2:b2:21:b7:38:ed:31:1a:4a:a7:81:f1:ff:4d:0b:
                    a8:f3:4b:33:1d:43:74:48:f2:95:1c:a3:25:ba:a4:
                    2c:fc:87:72:e0:fc:39:97:80:d6:39:9c:9f:de:bb:
                    2d:42:78:ba:e3:f4:3e:0e:50:85:cf:a1:b7:d8:f3:
                    15:67:b5:d5:78:a5:d8:0d:e5:8c:a4:a4:72:25:29:
                    50:8d:7e:ba:4a:09:32:14:f3:2c:5f:de:7b:4e:9e:
                    29:37:a1:5d:ba:9f:08:3e:ac:bb:86:26:bb:63:96:
                    0d:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:29:20:A8:79:B3:A9:A1:DD:1E:EB:61:14:D3:E9:03:DA:94:29:02
            X509v3 Authority Key Identifier:
                keyid:E6:59:6F:1B:16:3C:AB:0C:45:A8:4E:EB:13:26:1B:65:F1:A2:29:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5llvGxY8qwxFqE7rEyYbZfGiKWI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/ede94e-ba2a-41ee-b12c-e0534e23859b/1/ESkgqHmzqaHdHuthFNPpA9qUKQI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/ede94e-ba2a-41ee-b12c-e0534e23859b/1/5llvGxY8qwxFqE7rEyYbZfGiKWI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.235.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:fe:be:b5:dd:3a:4a:2e:1e:40:c7:d3:a4:0a:ec:41:66:51:
         d6:d9:7d:55:bc:e7:b2:cf:46:5e:57:32:ba:b8:c8:b1:69:a2:
         9b:de:f3:5f:20:c4:b3:d4:ac:78:13:70:6e:b9:dc:76:aa:33:
         5c:f7:b4:7d:d4:2d:2c:2c:89:20:44:9e:5e:07:83:10:20:16:
         7f:ff:f4:f9:39:f8:7d:93:fb:04:50:1f:bf:1e:12:2d:3b:38:
         6a:47:85:c3:60:d1:b8:9c:d1:47:f8:0f:fc:78:82:a8:10:e7:
         e5:45:ac:4e:73:22:3b:34:e8:61:75:3a:82:fb:7a:fd:c0:63:
         84:8f:3e:9b:f6:34:24:bd:c8:8e:b8:9a:e1:f4:35:8f:4a:0b:
         b9:e9:9c:5b:fb:41:c3:e8:4f:ee:68:c9:5d:0f:b0:f3:4f:b5:
         74:12:7b:75:a7:a2:ab:71:fe:fb:b3:19:33:f1:8d:4c:64:85:
         27:d5:68:31:1e:d3:f1:8e:86:b0:06:69:1b:2e:2a:16:2d:d4:
         3d:6c:7d:f1:7c:0d:b4:42:75:40:bf:94:9a:c2:73:34:54:2f:
         98:4b:12:d3:e9:32:49:9b:d2:d2:dd:30:6f:18:00:b2:a0:70:
         18:68:d5:05:5d:e9:16:49:b9:12:9f:54:78:2c:d0:e2:1e:e9:
         c6:9a:d6:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSZpjjWsVxSN90J5R87NXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2NTk2ZjFiMTYzY2FiMGM0NWE4NGVlYjEzMjYxYjY1ZjFh
MjI5NjIwHhcNMjQwMTAxMTgyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTI5MjBhODc5YjNhOWExZGQxZWViNjExNGQzZTkwM2RhOTQyOTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwegeEa48mWeTrBI3xKY4odAHwaNH
/LbAn6qx0vtZ4/JEME9aQ0riIl1rTSgdBkKMP5k+ya1xfSFI9VLN+BSyPGb73WXx
tRQmdZCQSzsvyISOK0ki16W2gTqe7t2OtEMgm6+VR3pW6Hc4tAAjWxd+QuvaQ966
E++kDeAfV5nru0skqELQFYau1qTDk2F6f1Ymkqkrv6nCsiG3OO0xGkqngfH/TQuo
80szHUN0SPKVHKMluqQs/Idy4Pw5l4DWOZyf3rstQni64/Q+DlCFz6G32PMVZ7XV
eKXYDeWMpKRyJSlQjX66SgkyFPMsX957Tp4pN6Fdup8IPqy7hia7Y5YNvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBEpIKh5s6mh3R7rYRTT6QPalCkCMB8GA1UdIwQY
MBaAFOZZbxsWPKsMRahO6xMmG2XxoiliMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWxsdkd4WThxd3hGcUU3ckV5WWJaZkdpS1dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS9lZGU5NGUtYmEyYS00MWVlLWIxMmMt
ZTA1MzRlMjM4NTliLzEvRVNrZ3FIbXpxYUhkSHV0aEZOUHBBOXFVS1FJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS9lZGU5NGUtYmEyYS00MWVlLWIxMmMtZTA1MzRlMjM4NTli
LzEvNWxsdkd4WThxd3hGcUU3ckV5WWJaZkdpS1dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsuvzMA0G
CSqGSIb3DQEBCwUAA4IBAQCh/r613TpKLh5Ax9OkCuxBZlHW2X1VvOeyz0ZeVzK6
uMixaaKb3vNfIMSz1Kx4E3Buudx2qjNc97R91C0sLIkgRJ5eB4MQIBZ///T5Ofh9
k/sEUB+/HhItOzhqR4XDYNG4nNFH+A/8eIKoEOflRaxOcyI7NOhhdTqC+3r9wGOE
jz6b9jQkvciOuJrh9DWPSgu56Zxb+0HD6E/uaMldD7DzT7V0Ent1p6Krcf77sxkz
8Y1MZIUn1WgxHtPxjoawBmkbLioWLdQ9bH3xfA20QnVAv5SawnM0VC+YSxLT6TJJ
m9LS3TBvGACyoHAYaNUFXekWSbkSn1R4LNDiHunGmtZw
-----END CERTIFICATE-----