Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/1adf3c-ba33-435b-a6d5-957aabbc8483/1/e8keRH_fZsFbx29y6vNPeDnTKk8.roa
File:                     e8keRH_fZsFbx29y6vNPeDnTKk8.roa (raw, json)
Hash identifier:          LTKeB9qOYlGSkChRjVpoZfCsHhyZXmMAd2Oo/BNtE2o=
Subject key identifier:   7B:C9:1E:44:7F:DF:66:C1:5B:C7:6F:72:EA:F3:4F:78:39:D3:2A:4F
Certificate issuer:       /CN=5a95d2e345a1f4daa4edfe7c05ce5df76b59acf0
Certificate serial:       018CC3B6A7756AF997507863DA0A906AE37C
Authority key identifier: 5A:95:D2:E3:45:A1:F4:DA:A4:ED:FE:7C:05:CE:5D:F7:6B:59:AC:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WpXS40Wh9Nqk7f58Bc5d92tZrPA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/1adf3c-ba33-435b-a6d5-957aabbc8483/1/e8keRH_fZsFbx29y6vNPeDnTKk8.roa
Signing time:             Mon 01 Jan 2024 06:29:36 +0000
ROA not before:           Mon 01 Jan 2024 06:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213241
IP address blocks:        87.236.33.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/1adf3c-ba33-435b-a6d5-957aabbc8483/1/WpXS40Wh9Nqk7f58Bc5d92tZrPA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/1adf3c-ba33-435b-a6d5-957aabbc8483/1/WpXS40Wh9Nqk7f58Bc5d92tZrPA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WpXS40Wh9Nqk7f58Bc5d92tZrPA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:a7:75:6a:f9:97:50:78:63:da:0a:90:6a:e3:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5a95d2e345a1f4daa4edfe7c05ce5df76b59acf0
        Validity
            Not Before: Jan  1 06:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7bc91e447fdf66c15bc76f72eaf34f7839d32a4f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:4b:32:87:2b:90:e9:13:fc:d4:21:f2:02:d7:
                    47:37:eb:a6:f9:b6:a7:a3:c9:46:f2:cd:e7:3f:c4:
                    57:4f:8b:60:62:56:13:80:1f:bb:7c:db:46:40:b4:
                    27:ec:22:8c:28:26:84:9a:c6:ae:81:fb:b8:f3:e1:
                    83:5c:7c:a9:e4:63:00:12:b8:aa:31:de:79:79:fb:
                    3f:0a:9b:2f:45:2c:92:3e:66:0a:0d:e1:6a:fa:c5:
                    16:57:33:e4:35:fd:72:3c:75:57:dc:93:e5:5f:76:
                    f3:60:65:67:28:7a:81:15:6c:58:63:7f:b8:d0:82:
                    25:53:00:c2:40:1f:03:72:d0:72:27:8e:fc:f0:2d:
                    fa:4b:b2:63:15:17:b4:2b:25:2e:ad:60:74:4d:00:
                    8b:df:d3:d5:b8:00:07:b1:96:b2:0f:1e:54:8b:b2:
                    e7:3e:f5:96:31:f9:78:ab:48:75:1e:e3:05:c7:61:
                    77:c1:d7:af:af:1b:9d:77:35:d0:36:66:01:44:63:
                    1e:18:74:48:04:a6:2a:58:e1:77:4c:68:f2:8f:17:
                    2c:7c:ff:98:58:9f:be:20:51:97:a5:f1:a9:23:ec:
                    b8:fa:f2:7c:a5:cd:68:36:f7:e8:e9:cf:90:3d:d9:
                    bb:0d:e6:9a:47:45:72:74:dd:42:3e:83:d1:1e:00:
                    bd:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:C9:1E:44:7F:DF:66:C1:5B:C7:6F:72:EA:F3:4F:78:39:D3:2A:4F
            X509v3 Authority Key Identifier:
                keyid:5A:95:D2:E3:45:A1:F4:DA:A4:ED:FE:7C:05:CE:5D:F7:6B:59:AC:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WpXS40Wh9Nqk7f58Bc5d92tZrPA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/1adf3c-ba33-435b-a6d5-957aabbc8483/1/e8keRH_fZsFbx29y6vNPeDnTKk8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/1adf3c-ba33-435b-a6d5-957aabbc8483/1/WpXS40Wh9Nqk7f58Bc5d92tZrPA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.236.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:64:35:a1:44:d6:23:27:15:b1:2b:06:d6:75:d6:65:55:2f:
         5a:b8:df:cc:c8:8c:11:27:cd:ed:89:52:8a:88:d5:31:9e:1c:
         73:59:b5:0f:de:08:c0:5f:bd:49:3e:c8:d6:25:97:28:1d:3a:
         6d:8f:3b:1d:12:15:8b:f3:e6:cb:54:36:a7:5e:18:c4:32:9e:
         2f:8b:a0:6c:70:98:68:6c:53:5f:6e:1f:a7:55:84:4d:f6:09:
         49:20:21:9a:e4:73:23:a5:a7:65:b8:c2:3c:35:fc:bd:7e:14:
         3b:82:96:57:a9:f3:7b:db:3e:ad:22:37:10:d0:6b:5f:7f:23:
         b8:50:37:8d:61:34:3d:d1:db:e0:5d:68:97:9b:b4:eb:49:6a:
         9c:3f:0c:ec:e9:3d:34:60:67:da:fc:ea:ea:f1:cd:92:93:7d:
         b3:2d:1a:e4:17:19:16:95:b5:58:cb:dd:bc:8a:13:ff:31:f3:
         eb:27:33:f3:4f:3e:6f:79:fc:44:aa:6f:e2:14:eb:fb:80:14:
         43:6f:52:1b:99:f0:a1:65:f0:70:2b:be:bd:41:0a:f8:da:b4:
         0e:18:d5:42:c5:9e:19:e5:3a:59:a6:d2:7b:ed:55:40:a8:73:
         1c:7d:4d:62:7e:46:c9:ff:3d:2d:4e:e4:3e:ea:85:3f:fb:b8:
         38:40:1a:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtqd1avmXUHhj2gqQauN8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhOTVkMmUzNDVhMWY0ZGFhNGVkZmU3YzA1Y2U1ZGY3NmI1
OWFjZjAwHhcNMjQwMTAxMDYyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YmM5MWU0NDdmZGY2NmMxNWJjNzZmNzJlYWYzNGY3ODM5ZDMyYTRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApksyhyuQ6RP81CHyAtdHN+um+ban
o8lG8s3nP8RXT4tgYlYTgB+7fNtGQLQn7CKMKCaEmsaugfu48+GDXHyp5GMAEriq
Md55efs/CpsvRSySPmYKDeFq+sUWVzPkNf1yPHVX3JPlX3bzYGVnKHqBFWxYY3+4
0IIlUwDCQB8DctByJ4788C36S7JjFRe0KyUurWB0TQCL39PVuAAHsZayDx5Ui7Ln
PvWWMfl4q0h1HuMFx2F3wdevrxuddzXQNmYBRGMeGHRIBKYqWOF3TGjyjxcsfP+Y
WJ++IFGXpfGpI+y4+vJ8pc1oNvfo6c+QPdm7DeaaR0VydN1CPoPRHgC9twIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHvJHkR/32bBW8dvcurzT3g50ypPMB8GA1UdIwQY
MBaAFFqV0uNFofTapO3+fAXOXfdrWazwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV3BYUzQwV2g5TnFrN2Y1OEJjNWQ5MnRaclBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi8xYWRmM2MtYmEzMy00MzViLWE2ZDUt
OTU3YWFiYmM4NDgzLzEvZThrZVJIX2Zac0ZieDI5eTZ2TlBlRG5US2s4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi8xYWRmM2MtYmEzMy00MzViLWE2ZDUtOTU3YWFiYmM4NDgz
LzEvV3BYUzQwV2g5TnFrN2Y1OEJjNWQ5MnRaclBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV+whMA0G
CSqGSIb3DQEBCwUAA4IBAQCEZDWhRNYjJxWxKwbWddZlVS9auN/MyIwRJ83tiVKK
iNUxnhxzWbUP3gjAX71JPsjWJZcoHTptjzsdEhWL8+bLVDanXhjEMp4vi6BscJho
bFNfbh+nVYRN9glJICGa5HMjpadluMI8Nfy9fhQ7gpZXqfN72z6tIjcQ0GtffyO4
UDeNYTQ90dvgXWiXm7TrSWqcPwzs6T00YGfa/Orq8c2Sk32zLRrkFxkWlbVYy928
ihP/MfPrJzPzTz5vefxEqm/iFOv7gBRDb1IbmfChZfBwK769QQr42rQOGNVCxZ4Z
5TpZptJ77VVAqHMcfU1ifkbJ/z0tTuQ+6oU/+7g4QBom
-----END CERTIFICATE-----