Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/EOwy3O0xd4aAnVaEkBZeyYak5Fk.roa
File:                     EOwy3O0xd4aAnVaEkBZeyYak5Fk.roa (raw, json)
Hash identifier:          3hzHRnBwXg8D2xAuwAM/L2nmYm0WsE8Oe384bMyi6ro=
Subject key identifier:   10:EC:32:DC:ED:31:77:86:80:9D:56:84:90:16:5E:C9:86:A4:E4:59
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019277795225FD57E8186F552CEEB72B42B9
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/EOwy3O0xd4aAnVaEkBZeyYak5Fk.roa
Signing time:             Thu 10 Oct 2024 17:28:12 +0000
ROA not before:           Thu 10 Oct 2024 17:28:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216022
IP address blocks:        82.152.249.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 01:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:77:79:52:25:fd:57:e8:18:6f:55:2c:ee:b7:2b:42:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Oct 10 17:28:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=10ec32dced317786809d568490165ec986a4e459
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:18:14:b6:0f:89:74:94:85:c1:c4:0a:b4:2c:
                    a3:d9:8b:e8:37:bb:5f:a1:e2:a6:9f:26:df:e7:f8:
                    31:06:9f:7c:a9:94:61:93:ec:91:f7:e7:df:12:b8:
                    ef:e6:0d:f1:fa:fa:36:7e:64:6b:5b:2a:de:34:9d:
                    75:61:da:ae:2f:10:18:61:ad:58:7e:83:a3:55:09:
                    32:bc:10:ee:6f:37:0c:8e:8c:ed:5e:e0:b8:ce:d4:
                    66:4b:a5:77:9b:a9:d9:80:5d:3f:0c:a2:37:fd:6a:
                    55:3c:88:41:50:57:d4:d2:a8:b8:bd:48:b5:c9:d9:
                    2c:68:32:7e:ab:92:42:c8:90:6f:8a:a1:56:75:82:
                    19:43:d8:63:75:74:cb:a9:f3:1e:d4:00:cf:70:f5:
                    50:f0:0c:e6:8d:81:25:ea:14:af:39:7f:79:04:e8:
                    e7:e4:6d:ca:b5:5b:bf:7b:6b:3c:9f:bc:46:af:c9:
                    36:e3:06:c0:dc:42:ba:6c:ea:f4:e0:34:7a:53:64:
                    84:f2:75:c2:43:34:cc:9d:8b:ad:65:17:90:56:59:
                    9b:61:1c:86:bd:fc:23:a2:0b:c5:c2:4c:8a:cd:98:
                    e8:bf:72:8d:86:0e:01:09:a8:e3:cd:ae:df:55:9a:
                    82:c7:23:db:76:87:49:b9:96:51:4f:3d:d1:cb:6b:
                    33:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:EC:32:DC:ED:31:77:86:80:9D:56:84:90:16:5E:C9:86:A4:E4:59
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/EOwy3O0xd4aAnVaEkBZeyYak5Fk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:0a:8f:ef:1a:b1:3e:88:f6:6e:27:51:68:85:5a:65:c6:2f:
         16:7a:c2:fd:67:7f:40:3a:b5:be:17:df:26:bf:d5:a1:53:8a:
         81:7c:a5:a4:b2:b6:b5:bf:da:36:a9:4f:10:c9:86:64:11:45:
         4c:82:d1:e6:f7:12:6a:4c:2a:d5:46:50:2a:32:66:ef:74:23:
         92:1c:4d:45:a2:d2:70:09:9b:a4:09:01:89:11:8c:f3:17:a2:
         59:ab:e3:fe:a1:2a:1d:e1:49:d2:9d:55:54:07:c9:f5:62:0e:
         8c:90:85:46:23:03:1c:a2:77:57:98:2d:4a:e3:4c:fa:ab:dc:
         40:7c:7b:74:2c:a1:41:ef:11:1b:24:15:1d:e4:b0:55:e8:34:
         ce:d9:f0:ec:02:c1:b6:55:f1:93:69:bb:45:47:e7:ed:99:bd:
         b9:37:54:3a:69:98:a8:93:ce:0b:dd:42:f5:fe:6b:35:c4:b3:
         8e:a3:81:7a:55:38:b0:fa:3e:5e:aa:ae:b7:4e:7c:26:36:98:
         e3:cd:d6:e9:7b:df:d8:76:15:67:f1:62:50:15:35:da:23:40:
         03:bc:c7:e5:8e:b4:29:ed:69:2d:58:ac:a6:31:ea:00:ba:55:
         6d:2c:23:00:9b:a6:6e:53:d6:a8:14:3a:1c:f6:5c:2c:57:09:
         29:bb:15:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJ3eVIl/VfoGG9VLO63K0K5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQxMDEwMTcyODEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMGVjMzJkY2VkMzE3Nzg2ODA5ZDU2ODQ5MDE2NWVjOTg2YTRlNDU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjxgUtg+JdJSFwcQKtCyj2YvoN7tf
oeKmnybf5/gxBp98qZRhk+yR9+ffErjv5g3x+vo2fmRrWyreNJ11YdquLxAYYa1Y
foOjVQkyvBDubzcMjoztXuC4ztRmS6V3m6nZgF0/DKI3/WpVPIhBUFfU0qi4vUi1
ydksaDJ+q5JCyJBviqFWdYIZQ9hjdXTLqfMe1ADPcPVQ8AzmjYEl6hSvOX95BOjn
5G3KtVu/e2s8n7xGr8k24wbA3EK6bOr04DR6U2SE8nXCQzTMnYutZReQVlmbYRyG
vfwjogvFwkyKzZjov3KNhg4BCajjza7fVZqCxyPbdodJuZZRTz3Ry2szWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBDsMtztMXeGgJ1WhJAWXsmGpORZMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvRU93eTNPMHhkNGFBblZhRWtCWmV5WWFrNUZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpj5MA0G
CSqGSIb3DQEBCwUAA4IBAQA5Co/vGrE+iPZuJ1FohVplxi8WesL9Z39AOrW+F98m
v9WhU4qBfKWksra1v9o2qU8QyYZkEUVMgtHm9xJqTCrVRlAqMmbvdCOSHE1FotJw
CZukCQGJEYzzF6JZq+P+oSod4UnSnVVUB8n1Yg6MkIVGIwMcondXmC1K40z6q9xA
fHt0LKFB7xEbJBUd5LBV6DTO2fDsAsG2VfGTabtFR+ftmb25N1Q6aZiok84L3UL1
/ms1xLOOo4F6VTiw+j5eqq63TnwmNpjjzdbpe9/YdhVn8WJQFTXaI0ADvMfljrQp
7WktWKymMeoAulVtLCMAm6ZuU9aoFDoc9lwsVwkpuxXM
-----END CERTIFICATE-----