Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/72155a-d109-4c2d-b974-1128e5ce6a5b/1/_EI-DCtehkQJuSEZGP7N7ioX6Zg.roa
File:                     _EI-DCtehkQJuSEZGP7N7ioX6Zg.roa (raw, json)
Hash identifier:          uPXDlP3jf6C/noTaAyluTTWys0GZfmXGo9pUC5iBPfs=
Subject key identifier:   FC:42:3E:0C:2B:5E:86:44:09:B9:21:19:18:FE:CD:EE:2A:17:E9:98
Certificate issuer:       /CN=4c2b89c3c57a3e296aa4061e962840be7ae8f018
Certificate serial:       01942143E756647B55D7E2224EAD4669C90A
Authority key identifier: 4C:2B:89:C3:C5:7A:3E:29:6A:A4:06:1E:96:28:40:BE:7A:E8:F0:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TCuJw8V6PilqpAYelihAvnro8Bg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/72155a-d109-4c2d-b974-1128e5ce6a5b/1/_EI-DCtehkQJuSEZGP7N7ioX6Zg.roa
Signing time:             Wed 01 Jan 2025 09:48:05 +0000
ROA not before:           Wed 01 Jan 2025 09:48:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57043
IP address blocks:        85.234.106.0/24 maxlen: 24
                          85.234.107.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/72155a-d109-4c2d-b974-1128e5ce6a5b/1/TCuJw8V6PilqpAYelihAvnro8Bg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/72155a-d109-4c2d-b974-1128e5ce6a5b/1/TCuJw8V6PilqpAYelihAvnro8Bg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TCuJw8V6PilqpAYelihAvnro8Bg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:e7:56:64:7b:55:d7:e2:22:4e:ad:46:69:c9:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c2b89c3c57a3e296aa4061e962840be7ae8f018
        Validity
            Not Before: Jan  1 09:48:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fc423e0c2b5e864409b9211918fecdee2a17e998
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:a1:2b:7b:d8:b3:d1:cc:56:d9:d2:72:e3:f0:
                    ff:4e:b6:7d:2a:20:e3:df:3c:5c:9f:3f:f2:b1:cd:
                    94:d0:d7:7b:93:d2:57:da:9f:67:73:7f:2d:8b:3c:
                    56:fd:89:79:64:17:16:c2:3e:17:a4:31:3d:5f:07:
                    71:e4:e2:14:f2:48:4e:dd:6e:86:9b:fb:2f:da:53:
                    13:c1:68:98:a5:71:08:fd:4c:13:ad:fb:68:d6:34:
                    fb:5c:2f:b7:79:23:85:80:a8:93:8b:49:4e:55:b5:
                    72:fe:aa:1b:61:36:ce:89:c1:ba:1a:cb:ae:19:dd:
                    a0:70:4e:68:45:70:3f:20:c7:09:5f:33:d7:de:45:
                    77:17:d2:d1:be:7a:04:16:4b:76:a5:23:e4:29:16:
                    18:94:2b:11:e5:28:dc:9a:17:55:39:d1:36:1b:72:
                    ee:4c:c1:3f:f1:0e:04:72:e0:03:b0:cb:f0:4e:f2:
                    ba:00:c5:e4:7b:44:ef:c9:ca:1b:fc:97:0c:ea:ce:
                    57:ae:7e:6d:51:13:16:10:1f:50:fc:44:5a:d1:a7:
                    58:d4:e1:36:cb:b7:fb:94:51:9d:5b:44:5c:f7:12:
                    ce:69:0c:c0:00:f0:cc:92:36:69:df:f7:c9:6c:3d:
                    e2:21:2f:7e:35:b1:7a:05:42:76:3c:b7:37:17:5d:
                    47:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:42:3E:0C:2B:5E:86:44:09:B9:21:19:18:FE:CD:EE:2A:17:E9:98
            X509v3 Authority Key Identifier:
                keyid:4C:2B:89:C3:C5:7A:3E:29:6A:A4:06:1E:96:28:40:BE:7A:E8:F0:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TCuJw8V6PilqpAYelihAvnro8Bg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/72155a-d109-4c2d-b974-1128e5ce6a5b/1/_EI-DCtehkQJuSEZGP7N7ioX6Zg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/72155a-d109-4c2d-b974-1128e5ce6a5b/1/TCuJw8V6PilqpAYelihAvnro8Bg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.234.106.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8e:47:8d:3e:de:1c:ad:a7:d0:4c:37:8f:be:12:5b:1d:ed:4a:
         fe:59:ac:09:6e:57:42:25:a0:14:b0:c4:ce:08:e0:5c:0e:4f:
         e8:c8:3a:17:0b:cb:c3:19:f1:85:56:b5:e6:d9:53:2d:8e:64:
         9c:29:e5:1d:0a:94:02:33:c4:2b:2a:08:42:36:aa:ea:07:af:
         e9:d8:20:9f:79:86:a6:68:bf:b1:64:95:f4:d7:33:45:17:6e:
         53:d7:35:a4:5e:d1:d0:7e:d8:a8:f4:a4:2b:69:25:29:e2:e2:
         d9:e2:c0:af:f8:69:6a:54:5e:9f:ce:f3:a0:9c:60:32:07:85:
         d5:77:60:a4:f9:68:b0:3c:c1:83:f5:fd:0f:0c:9f:5f:4c:91:
         43:a1:0a:eb:75:b9:ca:9b:c9:54:03:ab:62:b4:5f:fb:e5:7e:
         90:90:17:a4:c7:63:9e:d5:c2:66:c0:e3:5c:17:0a:76:31:4e:
         5e:3b:41:80:5a:78:e5:8d:c5:ed:2c:1f:dd:28:90:c3:9f:5d:
         63:b9:39:61:d4:26:aa:f7:b7:b3:a2:14:10:8e:01:1e:a4:dc:
         3d:b7:29:5d:2c:1a:05:91:0b:a3:bc:82:58:50:8c:60:79:2f:
         25:68:c7:4d:e4:df:c6:7b:73:e0:77:f8:dd:7f:6e:47:ff:12:
         35:ea:a0:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ+dWZHtV1+IiTq1GackKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjMmI4OWMzYzU3YTNlMjk2YWE0MDYxZTk2Mjg0MGJlN2Fl
OGYwMTgwHhcNMjUwMTAxMDk0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzQyM2UwYzJiNWU4NjQ0MDliOTIxMTkxOGZlY2RlZTJhMTdlOTk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp6Ere9iz0cxW2dJy4/D/TrZ9KiDj
3zxcnz/ysc2U0Nd7k9JX2p9nc38tizxW/Yl5ZBcWwj4XpDE9Xwdx5OIU8khO3W6G
m/sv2lMTwWiYpXEI/UwTrfto1jT7XC+3eSOFgKiTi0lOVbVy/qobYTbOicG6Gsuu
Gd2gcE5oRXA/IMcJXzPX3kV3F9LRvnoEFkt2pSPkKRYYlCsR5SjcmhdVOdE2G3Lu
TME/8Q4EcuADsMvwTvK6AMXke0Tvycob/JcM6s5Xrn5tURMWEB9Q/ERa0adY1OE2
y7f7lFGdW0Rc9xLOaQzAAPDMkjZp3/fJbD3iIS9+NbF6BUJ2PLc3F11H6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPxCPgwrXoZECbkhGRj+ze4qF+mYMB8GA1UdIwQY
MBaAFEwricPFej4paqQGHpYoQL566PAYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEN1Snc4VjZQaWxxcEFZZWxpaEF2bnJvOEJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni83MjE1NWEtZDEwOS00YzJkLWI5NzQt
MTEyOGU1Y2U2YTViLzEvX0VJLURDdGVoa1FKdVNFWkdQN043aW9YNlpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni83MjE1NWEtZDEwOS00YzJkLWI5NzQtMTEyOGU1Y2U2YTVi
LzEvVEN1Snc4VjZQaWxxcEFZZWxpaEF2bnJvOEJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBVepqMA0G
CSqGSIb3DQEBCwUAA4IBAQCOR40+3hytp9BMN4++Elsd7Ur+WawJbldCJaAUsMTO
COBcDk/oyDoXC8vDGfGFVrXm2VMtjmScKeUdCpQCM8QrKghCNqrqB6/p2CCfeYam
aL+xZJX01zNFF25T1zWkXtHQftio9KQraSUp4uLZ4sCv+GlqVF6fzvOgnGAyB4XV
d2Ck+WiwPMGD9f0PDJ9fTJFDoQrrdbnKm8lUA6titF/75X6QkBekx2Oe1cJmwONc
Fwp2MU5eO0GAWnjljcXtLB/dKJDDn11juTlh1Caq97ezohQQjgEepNw9tyldLBoF
kQujvIJYUIxgeS8laMdN5N/Ge3Pgd/jdf25H/xI16qAN
-----END CERTIFICATE-----