Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/824d8d-b046-46f6-86b8-9b8ace4281f3/1/EbwR9JA4SDam4UXqbCqw_6cZbjo.roa
File:                     EbwR9JA4SDam4UXqbCqw_6cZbjo.roa (raw, json)
Hash identifier:          Ty82QmSeeq+OzywETSVJFwNVNCoUH0+Wa4syD26gNEo=
Subject key identifier:   11:BC:11:F4:90:38:48:36:A6:E1:45:EA:6C:2A:B0:FF:A7:19:6E:3A
Certificate issuer:       /CN=afedc3a63df17bb4bf34560957967e59a8b3e3a1
Certificate serial:       018E099D631CA558B76D0F02262F5CEFC132
Authority key identifier: AF:ED:C3:A6:3D:F1:7B:B4:BF:34:56:09:57:96:7E:59:A8:B3:E3:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r-3Dpj3xe7S_NFYJV5Z-Waiz46E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/824d8d-b046-46f6-86b8-9b8ace4281f3/1/EbwR9JA4SDam4UXqbCqw_6cZbjo.roa
Signing time:             Mon 04 Mar 2024 13:18:13 +0000
ROA not before:           Mon 04 Mar 2024 13:18:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34984
IP address blocks:        45.129.166.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/824d8d-b046-46f6-86b8-9b8ace4281f3/1/r-3Dpj3xe7S_NFYJV5Z-Waiz46E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/824d8d-b046-46f6-86b8-9b8ace4281f3/1/r-3Dpj3xe7S_NFYJV5Z-Waiz46E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r-3Dpj3xe7S_NFYJV5Z-Waiz46E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 31 May 2024 13:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:09:9d:63:1c:a5:58:b7:6d:0f:02:26:2f:5c:ef:c1:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=afedc3a63df17bb4bf34560957967e59a8b3e3a1
        Validity
            Not Before: Mar  4 13:18:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=11bc11f490384836a6e145ea6c2ab0ffa7196e3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:d5:93:11:a5:97:b3:d1:6e:e7:9c:0d:78:74:
                    8f:38:4c:d6:80:65:9e:a8:87:f9:93:24:fa:74:0c:
                    0b:62:a4:4f:d9:9d:08:40:00:3d:26:0e:1b:44:7b:
                    8f:62:f9:c2:83:eb:98:3a:ca:3f:bd:8f:5a:ba:f7:
                    f7:e9:ff:da:8f:9b:9d:f8:1e:dd:3f:71:c3:45:dd:
                    6a:cb:eb:50:43:b2:00:a1:34:1b:52:57:fc:06:57:
                    40:ed:b9:67:a7:db:bb:34:8d:cf:22:10:8a:a6:c7:
                    63:dc:59:86:c5:ee:9a:12:39:17:e2:05:d6:35:20:
                    88:9b:44:99:a3:80:b1:af:72:ff:e7:17:06:2a:2e:
                    04:06:53:cc:24:13:50:62:ca:fa:bb:01:38:c6:c6:
                    d0:40:f4:75:62:e5:1c:53:75:c1:a3:4d:24:e3:b6:
                    33:8e:fa:d3:22:49:f2:68:da:10:0b:b5:94:4a:5d:
                    af:b7:10:d5:74:20:89:67:a3:61:36:db:c9:f3:97:
                    f2:d8:bc:2d:7e:8e:56:21:cb:ba:32:b9:80:05:d7:
                    51:ba:0c:87:88:1a:a3:f1:4a:fa:ef:bc:02:81:6f:
                    87:24:0e:57:ba:c9:c9:05:58:68:91:37:38:ef:55:
                    2c:88:d5:b0:55:f9:7f:cd:89:63:62:c0:89:0b:7b:
                    6b:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:BC:11:F4:90:38:48:36:A6:E1:45:EA:6C:2A:B0:FF:A7:19:6E:3A
            X509v3 Authority Key Identifier:
                keyid:AF:ED:C3:A6:3D:F1:7B:B4:BF:34:56:09:57:96:7E:59:A8:B3:E3:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r-3Dpj3xe7S_NFYJV5Z-Waiz46E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/824d8d-b046-46f6-86b8-9b8ace4281f3/1/EbwR9JA4SDam4UXqbCqw_6cZbjo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/824d8d-b046-46f6-86b8-9b8ace4281f3/1/r-3Dpj3xe7S_NFYJV5Z-Waiz46E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.129.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:6d:61:f2:9c:fe:8f:0e:6b:1c:f4:e4:42:92:72:39:06:15:
         ae:5f:2a:ef:e4:ba:19:b7:9d:43:7a:57:4c:1d:07:1b:b6:67:
         be:82:83:3b:5d:29:09:eb:56:7f:ad:da:a2:58:1f:73:82:81:
         1a:7c:64:7b:eb:02:a1:17:18:5f:4a:f7:ea:0b:72:c3:fa:75:
         3c:c0:7e:38:df:35:0c:c2:04:f5:56:6c:30:3c:5b:47:96:f8:
         ed:3d:d9:12:85:77:f8:fc:89:36:85:fe:71:d8:6a:99:e7:da:
         e1:c3:ee:11:aa:df:5f:cc:95:e4:09:8c:30:cf:cd:46:8f:25:
         9a:27:45:60:54:c2:83:34:93:46:3f:52:9c:3d:01:32:0b:10:
         ec:86:10:7d:a6:ed:4e:aa:f1:e7:68:cb:6c:ce:34:91:ca:80:
         6b:40:5b:37:fa:70:e6:5f:93:32:6d:17:19:86:6d:a5:65:66:
         64:17:94:96:07:72:fc:4c:d0:61:cc:a4:33:09:66:9e:fc:82:
         79:fc:b3:ef:30:09:fb:5e:97:c5:c3:45:97:e2:80:ff:cd:53:
         60:1e:f1:71:59:b6:40:5e:5f:0e:eb:ec:87:91:91:fe:e6:0c:
         4e:90:bc:f1:5a:4a:c5:95:54:1d:8e:36:44:e8:ad:c7:64:cd:
         a1:6f:c0:b3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4JnWMcpVi3bQ8CJi9c78EyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmZWRjM2E2M2RmMTdiYjRiZjM0NTYwOTU3OTY3ZTU5YThi
M2UzYTEwHhcNMjQwMzA0MTMxODEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMWJjMTFmNDkwMzg0ODM2YTZlMTQ1ZWE2YzJhYjBmZmE3MTk2ZTNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgtWTEaWXs9Fu55wNeHSPOEzWgGWe
qIf5kyT6dAwLYqRP2Z0IQAA9Jg4bRHuPYvnCg+uYOso/vY9auvf36f/aj5ud+B7d
P3HDRd1qy+tQQ7IAoTQbUlf8BldA7blnp9u7NI3PIhCKpsdj3FmGxe6aEjkX4gXW
NSCIm0SZo4Cxr3L/5xcGKi4EBlPMJBNQYsr6uwE4xsbQQPR1YuUcU3XBo00k47Yz
jvrTIknyaNoQC7WUSl2vtxDVdCCJZ6NhNtvJ85fy2Lwtfo5WIcu6MrmABddRugyH
iBqj8Ur677wCgW+HJA5XusnJBVhokTc471UsiNWwVfl/zYljYsCJC3trYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBG8EfSQOEg2puFF6mwqsP+nGW46MB8GA1UdIwQY
MBaAFK/tw6Y98Xu0vzRWCVeWflmos+OhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvci0zRHBqM3hlN1NfTkZZSlY1Wi1XYWl6NDZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi84MjRkOGQtYjA0Ni00NmY2LTg2Yjgt
OWI4YWNlNDI4MWYzLzEvRWJ3UjlKQTRTRGFtNFVYcWJDcXdfNmNaYmpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi84MjRkOGQtYjA0Ni00NmY2LTg2YjgtOWI4YWNlNDI4MWYz
LzEvci0zRHBqM3hlN1NfTkZZSlY1Wi1XYWl6NDZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYGmMA0G
CSqGSIb3DQEBCwUAA4IBAQATbWHynP6PDmsc9ORCknI5BhWuXyrv5LoZt51DeldM
HQcbtme+goM7XSkJ61Z/rdqiWB9zgoEafGR76wKhFxhfSvfqC3LD+nU8wH443zUM
wgT1VmwwPFtHlvjtPdkShXf4/Ik2hf5x2GqZ59rhw+4Rqt9fzJXkCYwwz81GjyWa
J0VgVMKDNJNGP1KcPQEyCxDshhB9pu1OqvHnaMtszjSRyoBrQFs3+nDmX5MybRcZ
hm2lZWZkF5SWB3L8TNBhzKQzCWae/IJ5/LPvMAn7XpfFw0WX4oD/zVNgHvFxWbZA
Xl8O6+yHkZH+5gxOkLzxWkrFlVQdjjZE6K3HZM2hb8Cz
-----END CERTIFICATE-----