Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/eba459-03d3-4cd5-8606-25c5f7123e35/1/uKpm5yR6HAw0eVXr_rA_x8eBsWc.roa
File:                     uKpm5yR6HAw0eVXr_rA_x8eBsWc.roa (raw, json)
Hash identifier:          eypRa8+0zlAG7k3t6ZXH28Z/8C2IvGWJ3oMOGDL8yuk=
Subject key identifier:   B8:AA:66:E7:24:7A:1C:0C:34:79:55:EB:FE:B0:3F:C7:C7:81:B1:67
Certificate issuer:       /CN=a214fabfef203a8ee08ccb47dd6473fce799a28f
Certificate serial:       018CC9BBBBDDCDB042FF81A8920036546952
Authority key identifier: A2:14:FA:BF:EF:20:3A:8E:E0:8C:CB:47:DD:64:73:FC:E7:99:A2:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ohT6v-8gOo7gjMtH3WRz_OeZoo8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/eba459-03d3-4cd5-8606-25c5f7123e35/1/uKpm5yR6HAw0eVXr_rA_x8eBsWc.roa
Signing time:             Tue 02 Jan 2024 10:32:52 +0000
ROA not before:           Tue 02 Jan 2024 10:32:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49544
IP address blocks:        89.104.160.0/21 maxlen: 21
                          2a00:1708::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/eba459-03d3-4cd5-8606-25c5f7123e35/1/ohT6v-8gOo7gjMtH3WRz_OeZoo8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/eba459-03d3-4cd5-8606-25c5f7123e35/1/ohT6v-8gOo7gjMtH3WRz_OeZoo8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ohT6v-8gOo7gjMtH3WRz_OeZoo8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 22:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:bb:dd:cd:b0:42:ff:81:a8:92:00:36:54:69:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a214fabfef203a8ee08ccb47dd6473fce799a28f
        Validity
            Not Before: Jan  2 10:32:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b8aa66e7247a1c0c347955ebfeb03fc7c781b167
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:a3:24:1e:89:a6:93:1f:0d:7a:7e:d0:1d:49:
                    74:0a:c8:4f:2b:43:e3:a4:d4:28:b1:2f:be:35:53:
                    30:8a:e1:a4:1e:d6:94:fe:9c:1c:91:45:a4:7c:0b:
                    03:9c:fa:1e:fa:46:19:4a:c6:1f:29:4c:c1:db:73:
                    4f:3c:f6:ba:dd:14:4c:c6:37:b3:78:b7:e9:ac:67:
                    d3:5a:76:80:44:43:0b:da:b9:47:b9:57:f7:c4:da:
                    6f:ea:dd:5a:3a:5f:ae:ce:d5:56:88:33:2b:32:f7:
                    be:9d:b3:ba:3a:2f:f1:04:98:7c:e1:fd:0c:b5:a8:
                    27:3e:da:c2:02:c3:bd:64:1f:7e:c0:e6:d1:71:7b:
                    23:91:0e:8c:0e:eb:8b:65:56:49:8a:0b:1b:3e:42:
                    f5:a3:71:7b:6c:d5:c7:1e:25:c2:2e:d1:c6:d4:56:
                    0f:08:85:99:e3:5f:d3:d5:96:5d:90:78:78:97:02:
                    c7:2b:cb:78:76:eb:43:8f:21:50:f9:f0:6f:25:84:
                    a7:e7:95:c0:b3:26:0b:be:25:54:64:1d:03:04:72:
                    e1:23:b7:40:2e:9b:13:80:99:88:07:d0:f3:ed:93:
                    b2:a8:de:bf:ff:53:d1:d6:6d:97:fe:0e:b8:21:db:
                    c6:45:95:f1:d8:b6:09:3c:b1:b6:ac:4f:4b:50:27:
                    78:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:AA:66:E7:24:7A:1C:0C:34:79:55:EB:FE:B0:3F:C7:C7:81:B1:67
            X509v3 Authority Key Identifier:
                keyid:A2:14:FA:BF:EF:20:3A:8E:E0:8C:CB:47:DD:64:73:FC:E7:99:A2:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ohT6v-8gOo7gjMtH3WRz_OeZoo8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/eba459-03d3-4cd5-8606-25c5f7123e35/1/uKpm5yR6HAw0eVXr_rA_x8eBsWc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/eba459-03d3-4cd5-8606-25c5f7123e35/1/ohT6v-8gOo7gjMtH3WRz_OeZoo8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.104.160.0/21
                IPv6:
                  2a00:1708::/32

    Signature Algorithm: sha256WithRSAEncryption
         71:90:d7:06:82:97:74:30:16:58:30:da:cc:d2:d1:8d:eb:d2:
         62:ba:c8:1b:e1:90:3a:de:eb:36:3c:c7:3d:82:7c:5a:23:b1:
         31:c7:34:ff:41:a7:f5:ed:98:f3:44:c9:1d:e2:b2:ad:7b:42:
         f4:da:ec:5e:20:8e:81:d2:a9:88:c3:65:89:97:f5:e5:2a:65:
         81:40:32:9c:99:46:ac:26:08:4f:9a:46:e5:56:09:2c:7c:77:
         e0:4e:3c:45:dd:10:86:ab:48:9c:b2:06:7d:55:0f:19:57:ad:
         fe:3f:6b:f2:84:0e:e2:8b:94:7e:0c:bc:16:44:67:2d:72:6a:
         4a:df:51:37:73:a8:ee:63:04:b5:e6:d5:0e:dd:9e:7c:ac:6c:
         5f:fa:d6:9e:67:9b:5b:d1:e8:00:28:4c:ca:2a:dd:0c:b8:c2:
         43:b4:15:5d:fc:76:a7:64:04:93:d2:f3:40:6f:88:10:e2:ef:
         29:22:28:24:72:7e:58:77:1f:12:04:dd:6a:ef:f6:ed:34:74:
         e6:dd:e7:24:6b:1a:a4:49:8b:03:c3:ec:6e:9c:2b:85:c1:00:
         57:07:1a:99:7f:26:10:d8:a0:38:78:58:aa:3c:ff:f6:5b:b7:
         5d:d8:aa:c7:80:91:8f:74:27:41:fc:30:a8:25:ed:12:a6:fa:
         ec:41:38:05
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJu7vdzbBC/4GokgA2VGlSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyMTRmYWJmZWYyMDNhOGVlMDhjY2I0N2RkNjQ3M2ZjZTc5
OWEyOGYwHhcNMjQwMTAyMTAzMjUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOGFhNjZlNzI0N2ExYzBjMzQ3OTU1ZWJmZWIwM2ZjN2M3ODFiMTY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzaMkHommkx8Nen7QHUl0CshPK0Pj
pNQosS++NVMwiuGkHtaU/pwckUWkfAsDnPoe+kYZSsYfKUzB23NPPPa63RRMxjez
eLfprGfTWnaAREML2rlHuVf3xNpv6t1aOl+uztVWiDMrMve+nbO6Oi/xBJh84f0M
tagnPtrCAsO9ZB9+wObRcXsjkQ6MDuuLZVZJigsbPkL1o3F7bNXHHiXCLtHG1FYP
CIWZ41/T1ZZdkHh4lwLHK8t4dutDjyFQ+fBvJYSn55XAsyYLviVUZB0DBHLhI7dA
LpsTgJmIB9Dz7ZOyqN6//1PR1m2X/g64IdvGRZXx2LYJPLG2rE9LUCd4bwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLiqZuckehwMNHlV6/6wP8fHgbFnMB8GA1UdIwQY
MBaAFKIU+r/vIDqO4IzLR91kc/znmaKPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2hUNnYtOGdPbzdnak10SDNXUnpfT2Vab284LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny9lYmE0NTktMDNkMy00Y2Q1LTg2MDYt
MjVjNWY3MTIzZTM1LzEvdUtwbTV5UjZIQXcwZVZYcl9yQV94OGVCc1djLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny9lYmE0NTktMDNkMy00Y2Q1LTg2MDYtMjVjNWY3MTIzZTM1
LzEvb2hUNnYtOGdPbzdnak10SDNXUnpfT2Vab284LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDWWigMA0E
AgACMAcDBQAqABcIMA0GCSqGSIb3DQEBCwUAA4IBAQBxkNcGgpd0MBZYMNrM0tGN
69Jiusgb4ZA63us2PMc9gnxaI7ExxzT/Qaf17ZjzRMkd4rKte0L02uxeII6B0qmI
w2WJl/XlKmWBQDKcmUasJghPmkblVgksfHfgTjxF3RCGq0icsgZ9VQ8ZV63+P2vy
hA7ii5R+DLwWRGctcmpK31E3c6juYwS15tUO3Z58rGxf+taeZ5tb0egAKEzKKt0M
uMJDtBVd/HanZAST0vNAb4gQ4u8pIigkcn5Ydx8SBN1q7/btNHTm3eckaxqkSYsD
w+xunCuFwQBXBxqZfyYQ2KA4eFiqPP/2W7dd2KrHgJGPdCdB/DCoJe0SpvrsQTgF
-----END CERTIFICATE-----