Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/Eo85_szlvs9BCr4dFEc_6KVbMFA.roa
File:                     Eo85_szlvs9BCr4dFEc_6KVbMFA.roa (raw, json)
Hash identifier:          YFpqOHPn9Ji5UMDZcLq6BeyfO4UpIdTvkQ4rOK1sw+E=
Subject key identifier:   12:8F:39:FE:CC:E5:BE:CF:41:0A:BE:1D:14:47:3F:E8:A5:5B:30:50
Certificate issuer:       /CN=af734108705a95796e8577125dd300c751dfd9a8
Certificate serial:       018EA4BCDF0B30A687F11F9CD8FCC5ACB927
Authority key identifier: AF:73:41:08:70:5A:95:79:6E:85:77:12:5D:D3:00:C7:51:DF:D9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r3NBCHBalXluhXcSXdMAx1Hf2ag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/Eo85_szlvs9BCr4dFEc_6KVbMFA.roa
Signing time:             Wed 03 Apr 2024 16:13:45 +0000
ROA not before:           Wed 03 Apr 2024 16:13:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206596
IP address blocks:        185.240.149.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/r3NBCHBalXluhXcSXdMAx1Hf2ag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/r3NBCHBalXluhXcSXdMAx1Hf2ag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r3NBCHBalXluhXcSXdMAx1Hf2ag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 14:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:a4:bc:df:0b:30:a6:87:f1:1f:9c:d8:fc:c5:ac:b9:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af734108705a95796e8577125dd300c751dfd9a8
        Validity
            Not Before: Apr  3 16:13:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=128f39fecce5becf410abe1d14473fe8a55b3050
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:0d:17:e0:4c:ea:de:63:70:9e:56:cf:19:61:
                    1b:38:8a:ff:03:25:8b:66:b0:f0:be:ad:5f:09:82:
                    e3:4e:56:cc:23:40:68:d7:2f:13:a4:7e:ef:5a:0e:
                    29:e8:e4:32:7a:4e:bc:b9:cf:0f:81:97:3e:2e:9b:
                    5b:0c:09:72:18:e8:0e:68:c5:8a:3a:64:4d:93:b7:
                    56:6f:98:f5:51:72:ce:ef:64:de:f4:db:30:16:b5:
                    04:95:63:47:ae:d9:87:2d:50:d7:9a:1d:d4:79:c0:
                    e3:de:5e:86:6f:f6:e3:0d:da:29:e9:b4:cb:a0:df:
                    fb:89:26:a5:68:8d:48:3c:a2:4b:1e:e2:a2:cd:d9:
                    4d:ec:5d:ed:4e:d3:2e:5e:9a:eb:5d:74:4e:e7:3f:
                    3a:51:1f:a0:54:fe:ea:32:c6:3d:1c:76:5b:f8:33:
                    c2:a1:3b:d2:90:09:2a:20:d2:18:14:ac:3d:8d:c8:
                    ea:37:64:59:2b:17:1b:1e:3d:55:76:fb:45:ac:c2:
                    a2:ea:e3:b1:9d:1f:66:a0:b8:a9:df:9f:70:46:d1:
                    b3:0b:ad:94:9d:0e:51:6f:d7:6b:64:8c:5b:9f:9c:
                    26:45:2f:d2:67:61:b9:65:4a:9d:33:78:5c:a8:b7:
                    5e:c3:f1:a7:77:5d:cc:55:b6:8f:92:35:38:20:54:
                    70:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:8F:39:FE:CC:E5:BE:CF:41:0A:BE:1D:14:47:3F:E8:A5:5B:30:50
            X509v3 Authority Key Identifier:
                keyid:AF:73:41:08:70:5A:95:79:6E:85:77:12:5D:D3:00:C7:51:DF:D9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r3NBCHBalXluhXcSXdMAx1Hf2ag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/Eo85_szlvs9BCr4dFEc_6KVbMFA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/r3NBCHBalXluhXcSXdMAx1Hf2ag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.240.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:95:1f:bf:94:be:7a:92:18:53:78:57:21:96:9c:ce:4c:d7:
         09:f0:41:d1:39:d8:44:29:ff:fe:08:d8:e7:53:7a:8f:b3:82:
         91:c5:12:16:e8:6a:97:da:9d:5e:fb:2b:05:a6:14:13:8f:4a:
         0f:ff:ae:f7:57:bc:89:94:27:bb:48:e7:88:de:59:ea:bd:19:
         07:20:0d:50:90:a1:0a:bb:89:38:d1:5b:c5:31:dc:e6:13:a5:
         05:f3:5e:6d:17:1a:bd:ff:7e:28:35:6f:e1:a8:be:68:34:f1:
         59:4d:76:67:63:0b:2b:b0:66:76:18:f8:a7:09:d7:f0:91:98:
         91:81:65:11:66:46:04:e2:4b:08:c4:87:9a:5f:aa:1c:e1:f1:
         66:64:25:52:34:a7:d2:3a:b9:33:8b:0d:f1:8b:3c:98:75:0b:
         7e:d1:48:39:c5:86:ad:83:03:ab:88:e2:95:d3:2d:7f:c7:7f:
         19:a7:9c:68:7f:2f:9c:8c:da:ce:88:a5:55:e0:74:21:4d:30:
         10:5a:79:08:a3:80:7c:08:2f:68:15:fa:aa:36:dd:0e:fc:c9:
         7c:0f:06:bc:97:14:5f:8d:24:7d:dd:f1:c9:40:cd:66:10:92:
         98:ab:2b:ac:3d:45:da:d9:19:08:d2:36:04:25:54:91:87:92:
         7c:7b:e3:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6kvN8LMKaH8R+c2PzFrLknMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmNzM0MTA4NzA1YTk1Nzk2ZTg1NzcxMjVkZDMwMGM3NTFk
ZmQ5YTgwHhcNMjQwNDAzMTYxMzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjhmMzlmZWNjZTViZWNmNDEwYWJlMWQxNDQ3M2ZlOGE1NWIzMDUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxQ0X4Ezq3mNwnlbPGWEbOIr/AyWL
ZrDwvq1fCYLjTlbMI0Bo1y8TpH7vWg4p6OQyek68uc8PgZc+LptbDAlyGOgOaMWK
OmRNk7dWb5j1UXLO72Te9NswFrUElWNHrtmHLVDXmh3UecDj3l6Gb/bjDdop6bTL
oN/7iSalaI1IPKJLHuKizdlN7F3tTtMuXprrXXRO5z86UR+gVP7qMsY9HHZb+DPC
oTvSkAkqINIYFKw9jcjqN2RZKxcbHj1VdvtFrMKi6uOxnR9moLip359wRtGzC62U
nQ5Rb9drZIxbn5wmRS/SZ2G5ZUqdM3hcqLdew/Gnd13MVbaPkjU4IFRwhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBKPOf7M5b7PQQq+HRRHP+ilWzBQMB8GA1UdIwQY
MBaAFK9zQQhwWpV5boV3El3TAMdR39moMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjNOQkNIQmFsWGx1aFhjU1hkTUF4MUhmMmFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS9jOTNhNjYtYzdjNy00YzMzLWE3MjUt
MThkMWE0MDZhYWVkLzEvRW84NV9zemx2czlCQ3I0ZEZFY182S1ZiTUZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS9jOTNhNjYtYzdjNy00YzMzLWE3MjUtMThkMWE0MDZhYWVk
LzEvcjNOQkNIQmFsWGx1aFhjU1hkTUF4MUhmMmFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufCVMA0G
CSqGSIb3DQEBCwUAA4IBAQB3lR+/lL56khhTeFchlpzOTNcJ8EHROdhEKf/+CNjn
U3qPs4KRxRIW6GqX2p1e+ysFphQTj0oP/673V7yJlCe7SOeI3lnqvRkHIA1QkKEK
u4k40VvFMdzmE6UF815tFxq9/34oNW/hqL5oNPFZTXZnYwsrsGZ2GPinCdfwkZiR
gWURZkYE4ksIxIeaX6oc4fFmZCVSNKfSOrkziw3xizyYdQt+0Ug5xYatgwOriOKV
0y1/x38Zp5xofy+cjNrOiKVV4HQhTTAQWnkIo4B8CC9oFfqqNt0O/Ml8Dwa8lxRf
jSR93fHJQM1mEJKYqyusPUXa2RkI0jYEJVSRh5J8e+M1
-----END CERTIFICATE-----