Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/96520f-7bd8-4fc8-8c7f-7ef2d70d708f/1/ewhUxmrEi6LgREpzAn9px39eYp4.roa
File:                     ewhUxmrEi6LgREpzAn9px39eYp4.roa (raw, json)
Hash identifier:          9ROJ751ejZnaiYbX48v93tQpb9JEz+Xa4AwLDEfkqSE=
Subject key identifier:   7B:08:54:C6:6A:C4:8B:A2:E0:44:4A:73:02:7F:69:C7:7F:5E:62:9E
Certificate issuer:       /CN=1792806c34f57583899dc52dca407e25cf9d3622
Certificate serial:       018CC7954BDA6D5AFBBB2AF0122296D55F0E
Authority key identifier: 17:92:80:6C:34:F5:75:83:89:9D:C5:2D:CA:40:7E:25:CF:9D:36:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F5KAbDT1dYOJncUtykB-Jc-dNiI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/96520f-7bd8-4fc8-8c7f-7ef2d70d708f/1/ewhUxmrEi6LgREpzAn9px39eYp4.roa
Signing time:             Tue 02 Jan 2024 00:31:39 +0000
ROA not before:           Tue 02 Jan 2024 00:31:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20552
IP address blocks:        46.227.240.0/21 maxlen: 21
                          2a01:7600::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/96520f-7bd8-4fc8-8c7f-7ef2d70d708f/1/F5KAbDT1dYOJncUtykB-Jc-dNiI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/96520f-7bd8-4fc8-8c7f-7ef2d70d708f/1/F5KAbDT1dYOJncUtykB-Jc-dNiI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F5KAbDT1dYOJncUtykB-Jc-dNiI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:4b:da:6d:5a:fb:bb:2a:f0:12:22:96:d5:5f:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1792806c34f57583899dc52dca407e25cf9d3622
        Validity
            Not Before: Jan  2 00:31:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7b0854c66ac48ba2e0444a73027f69c77f5e629e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:e8:6d:c1:2e:dd:04:84:b5:9c:99:af:f1:ae:
                    58:0d:95:bb:d5:15:37:ad:6a:77:c6:0f:55:65:be:
                    c4:3a:2e:f2:50:4e:a8:b8:4c:ef:88:dd:de:b7:00:
                    92:73:63:2b:ee:64:d4:0e:99:4b:18:34:82:98:d6:
                    f4:b2:4d:81:c4:01:f5:3a:f1:3d:5a:17:ca:bf:63:
                    c4:84:b1:c3:21:54:6d:21:49:3f:d2:ba:7c:f2:17:
                    a4:35:dc:bd:a3:f1:2a:29:af:55:b5:be:2a:bc:5f:
                    84:71:62:92:0d:dd:f3:d3:b3:1b:e8:d4:9f:00:15:
                    2a:ed:de:62:e2:65:65:ac:20:97:95:40:c3:3e:85:
                    fc:a4:fa:96:b7:08:cc:cf:fc:e3:76:34:ac:8d:9e:
                    fe:99:37:83:e8:d9:ba:66:d0:ed:93:74:7a:69:19:
                    27:ba:be:f3:1c:70:5f:da:87:34:df:92:d7:99:d5:
                    2c:77:59:dc:c7:6b:25:27:d0:ab:12:05:b9:23:9f:
                    ec:ad:59:00:1c:84:32:df:2d:cb:12:54:3d:ea:3c:
                    d0:00:dd:b0:40:49:28:76:42:9f:af:a4:eb:c4:dd:
                    56:c1:50:e6:ce:de:30:6f:e0:3f:0a:c4:59:d4:f4:
                    8a:1d:c8:75:2a:c7:38:2a:d8:86:22:66:c4:e8:b9:
                    0d:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:08:54:C6:6A:C4:8B:A2:E0:44:4A:73:02:7F:69:C7:7F:5E:62:9E
            X509v3 Authority Key Identifier:
                keyid:17:92:80:6C:34:F5:75:83:89:9D:C5:2D:CA:40:7E:25:CF:9D:36:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F5KAbDT1dYOJncUtykB-Jc-dNiI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/96520f-7bd8-4fc8-8c7f-7ef2d70d708f/1/ewhUxmrEi6LgREpzAn9px39eYp4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/96520f-7bd8-4fc8-8c7f-7ef2d70d708f/1/F5KAbDT1dYOJncUtykB-Jc-dNiI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.227.240.0/21
                IPv6:
                  2a01:7600::/32

    Signature Algorithm: sha256WithRSAEncryption
         38:98:f2:34:b6:b0:15:e0:5f:a5:fd:bd:ff:85:93:aa:13:55:
         7c:96:fe:c0:05:08:87:46:d1:52:1d:9c:fc:a7:cf:8e:7c:12:
         d2:f5:77:b0:78:fc:ac:00:70:20:f9:cc:ac:67:ac:1c:a8:c2:
         4d:62:34:c7:86:61:d3:47:aa:35:70:4b:cd:21:e1:40:81:20:
         fc:72:fe:44:8e:53:06:ab:d6:5e:ff:d0:8d:ec:44:c3:f7:db:
         03:e2:1e:e3:d5:80:4d:fb:b2:78:70:16:16:7a:64:2e:c2:e1:
         60:8a:2b:42:c4:58:c6:ab:87:47:e2:74:fb:6d:53:0b:f7:6c:
         de:75:41:ee:83:f9:18:8d:29:b5:18:cf:eb:7b:ab:31:a4:89:
         54:18:82:53:06:a7:5a:a7:f4:2b:48:d5:6c:b2:a5:fa:f0:40:
         a5:d8:05:c6:ef:0c:86:92:8f:d8:0d:c3:b4:98:c3:26:e2:01:
         76:da:d6:1a:d5:da:34:e8:54:67:4d:8a:70:86:6f:01:10:71:
         50:c1:2e:9a:ed:79:54:d8:f7:47:df:10:03:75:e2:0f:ae:0b:
         71:f8:78:af:af:b1:e0:94:37:5f:f0:10:69:25:5d:91:b8:a8:
         32:fa:ec:a3:3e:e6:79:ef:b4:e4:0d:35:19:eb:02:58:c5:c5:
         54:13:63:4c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHlUvabVr7uyrwEiKW1V8OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3OTI4MDZjMzRmNTc1ODM4OTlkYzUyZGNhNDA3ZTI1Y2Y5
ZDM2MjIwHhcNMjQwMTAyMDAzMTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjA4NTRjNjZhYzQ4YmEyZTA0NDRhNzMwMjdmNjljNzdmNWU2MjllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6+htwS7dBIS1nJmv8a5YDZW71RU3
rWp3xg9VZb7EOi7yUE6ouEzviN3etwCSc2Mr7mTUDplLGDSCmNb0sk2BxAH1OvE9
WhfKv2PEhLHDIVRtIUk/0rp88hekNdy9o/EqKa9Vtb4qvF+EcWKSDd3z07Mb6NSf
ABUq7d5i4mVlrCCXlUDDPoX8pPqWtwjMz/zjdjSsjZ7+mTeD6Nm6ZtDtk3R6aRkn
ur7zHHBf2oc035LXmdUsd1ncx2slJ9CrEgW5I5/srVkAHIQy3y3LElQ96jzQAN2w
QEkodkKfr6TrxN1WwVDmzt4wb+A/CsRZ1PSKHch1Ksc4KtiGImbE6LkNQQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHsIVMZqxIui4ERKcwJ/acd/XmKeMB8GA1UdIwQY
MBaAFBeSgGw09XWDiZ3FLcpAfiXPnTYiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjVLQWJEVDFkWU9KbmNVdHlrQi1KYy1kTmlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS85NjUyMGYtN2JkOC00ZmM4LThjN2Yt
N2VmMmQ3MGQ3MDhmLzEvZXdoVXhtckVpNkxnUkVwekFuOXB4MzllWXA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS85NjUyMGYtN2JkOC00ZmM4LThjN2YtN2VmMmQ3MGQ3MDhm
LzEvRjVLQWJEVDFkWU9KbmNVdHlrQi1KYy1kTmlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDLuPwMA0E
AgACMAcDBQAqAXYAMA0GCSqGSIb3DQEBCwUAA4IBAQA4mPI0trAV4F+l/b3/hZOq
E1V8lv7ABQiHRtFSHZz8p8+OfBLS9XewePysAHAg+cysZ6wcqMJNYjTHhmHTR6o1
cEvNIeFAgSD8cv5EjlMGq9Ze/9CN7ETD99sD4h7j1YBN+7J4cBYWemQuwuFgiitC
xFjGq4dH4nT7bVML92zedUHug/kYjSm1GM/re6sxpIlUGIJTBqdap/QrSNVssqX6
8ECl2AXG7wyGko/YDcO0mMMm4gF22tYa1do06FRnTYpwhm8BEHFQwS6a7XlU2PdH
3xADdeIPrgtx+Hivr7HglDdf8BBpJV2RuKgy+uyjPuZ577TkDTUZ6wJYxcVUE2NM
-----END CERTIFICATE-----