Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/6693e3-89ca-44a1-a8b6-894805289cc0/1/1-eoVG1JgiqIAFUIVKA2wulWAQ34.roa
File:                     1-eoVG1JgiqIAFUIVKA2wulWAQ34.roa (raw, json)
Hash identifier:          iY/Sxl972lW+LQka/74IZQ5gqnevAgDIpxffKYqiVY8=
Subject key identifier:   F9:EA:15:1B:52:60:8A:A2:00:15:42:15:28:0D:B0:BA:55:80:43:7E
Certificate issuer:       /CN=f030658f16d2d88d34164592fcd4de13131f1695
Certificate serial:       018E2CF1D54B4CAE8C811F55C2B5E6C2BBF1
Authority key identifier: F0:30:65:8F:16:D2:D8:8D:34:16:45:92:FC:D4:DE:13:13:1F:16:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8DBljxbS2I00FkWS_NTeExMfFpU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/6693e3-89ca-44a1-a8b6-894805289cc0/1/1-eoVG1JgiqIAFUIVKA2wulWAQ34.roa
Signing time:             Mon 11 Mar 2024 09:57:10 +0000
ROA not before:           Mon 11 Mar 2024 09:57:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51765
IP address blocks:        217.196.99.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/6693e3-89ca-44a1-a8b6-894805289cc0/1/8DBljxbS2I00FkWS_NTeExMfFpU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/6693e3-89ca-44a1-a8b6-894805289cc0/1/8DBljxbS2I00FkWS_NTeExMfFpU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8DBljxbS2I00FkWS_NTeExMfFpU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:2c:f1:d5:4b:4c:ae:8c:81:1f:55:c2:b5:e6:c2:bb:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f030658f16d2d88d34164592fcd4de13131f1695
        Validity
            Not Before: Mar 11 09:57:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f9ea151b52608aa200154215280db0ba5580437e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:d7:a9:ef:c2:93:2d:19:1b:e1:f8:21:8b:71:
                    39:56:72:50:12:44:26:ef:19:de:87:a9:df:61:64:
                    28:ec:95:63:a0:4a:27:4f:14:dd:cb:7d:37:e4:f7:
                    3e:e2:70:c7:8a:e8:47:b3:7a:71:71:ee:ed:f5:5e:
                    23:b8:d7:bf:c5:b0:bb:5d:4c:86:46:6c:5b:6e:32:
                    02:e8:6b:8c:98:63:fd:db:e9:86:d0:dd:13:a5:3c:
                    a7:b5:0a:53:22:f9:91:ce:b6:b9:4c:ff:6b:72:6b:
                    6b:38:c0:45:45:2b:10:72:78:42:01:93:90:0e:95:
                    5f:e3:bd:ff:a3:a3:14:a7:fb:41:2e:0a:2a:af:f6:
                    af:1f:09:0e:9d:33:40:c1:2f:fb:a2:c8:4a:b6:10:
                    17:29:cd:75:3d:1e:28:14:d9:11:46:6a:7d:f1:c5:
                    e8:43:ab:7c:8a:8a:60:b6:99:37:42:e3:86:25:f5:
                    d5:c9:ba:4f:fe:a7:58:1e:bb:f8:b0:59:12:11:7c:
                    ae:05:fc:3e:e3:04:b3:a6:e6:9b:82:a4:2b:3e:e9:
                    64:a0:ee:1a:41:9a:21:05:65:84:b5:12:7e:aa:a8:
                    26:2b:12:48:c6:cc:36:95:c3:e9:d9:33:8d:5c:51:
                    ac:d5:40:11:5d:eb:d7:f0:27:b6:2c:b5:13:a6:23:
                    8b:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:EA:15:1B:52:60:8A:A2:00:15:42:15:28:0D:B0:BA:55:80:43:7E
            X509v3 Authority Key Identifier:
                keyid:F0:30:65:8F:16:D2:D8:8D:34:16:45:92:FC:D4:DE:13:13:1F:16:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8DBljxbS2I00FkWS_NTeExMfFpU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/6693e3-89ca-44a1-a8b6-894805289cc0/1/1-eoVG1JgiqIAFUIVKA2wulWAQ34.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/6693e3-89ca-44a1-a8b6-894805289cc0/1/8DBljxbS2I00FkWS_NTeExMfFpU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.196.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:ec:7e:87:73:ff:e3:23:23:d6:75:2a:81:3b:d5:81:90:31:
         5c:ff:28:87:dc:55:1e:d9:d0:44:06:f1:0f:84:ba:d5:46:e6:
         1f:12:45:f5:8c:63:fa:9b:28:96:83:f3:85:de:4b:cb:37:0a:
         c7:f6:4d:57:6b:5e:e4:ed:4d:0b:a2:4e:30:af:9f:fa:4b:8b:
         d1:d5:73:1a:de:60:e2:1d:2c:98:72:66:86:6c:91:44:f9:c6:
         9d:77:f3:d7:45:9e:20:e8:c9:76:be:23:a9:14:64:60:8b:2a:
         6e:83:50:d3:ad:e9:bf:0e:a3:a8:c4:48:54:84:77:d2:2d:5f:
         53:c4:84:78:d0:19:51:d2:cd:ad:dd:77:a4:39:65:7c:ec:c9:
         7e:91:96:f6:00:0e:f3:3e:69:f9:54:77:d6:ae:b9:a8:01:24:
         41:28:cf:73:09:cc:bd:4b:fc:cb:c4:b8:a1:88:4f:22:fb:f1:
         ba:4f:8d:ef:18:8c:38:33:d0:f7:00:a1:b4:73:1f:c9:99:c5:
         c9:d2:8b:36:a1:d5:77:63:5f:5c:b4:57:b3:69:47:25:b2:0b:
         d9:3f:97:d0:71:ac:af:81:93:e0:cb:7c:a8:ba:18:a2:3a:d0:
         a7:3e:e4:9d:50:8a:36:e5:ab:df:1f:50:a7:d3:3c:be:36:72:
         69:ac:ee:dd
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY4s8dVLTK6MgR9VwrXmwrvxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwMzA2NThmMTZkMmQ4OGQzNDE2NDU5MmZjZDRkZTEzMTMx
ZjE2OTUwHhcNMjQwMzExMDk1NzEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWVhMTUxYjUyNjA4YWEyMDAxNTQyMTUyODBkYjBiYTU1ODA0MzdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Nep78KTLRkb4fghi3E5VnJQEkQm
7xneh6nfYWQo7JVjoEonTxTdy3035Pc+4nDHiuhHs3pxce7t9V4juNe/xbC7XUyG
RmxbbjIC6GuMmGP92+mG0N0TpTyntQpTIvmRzra5TP9rcmtrOMBFRSsQcnhCAZOQ
DpVf473/o6MUp/tBLgoqr/avHwkOnTNAwS/7oshKthAXKc11PR4oFNkRRmp98cXo
Q6t8iopgtpk3QuOGJfXVybpP/qdYHrv4sFkSEXyuBfw+4wSzpuabgqQrPulkoO4a
QZohBWWEtRJ+qqgmKxJIxsw2lcPp2TONXFGs1UARXevX8Ce2LLUTpiOL7QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPnqFRtSYIqiABVCFSgNsLpVgEN+MB8GA1UdIwQY
MBaAFPAwZY8W0tiNNBZFkvzU3hMTHxaVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOERCbGp4YlMySTAwRmtXU19OVGVFeE1mRnBVLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi82NjkzZTMtODljYS00NGExLWE4YjYt
ODk0ODA1Mjg5Y2MwLzEvMS1lb1ZHMUpnaXFJQUZVSVZLQTJ3dWxXQVEzNC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYTYvNjY5M2UzLTg5Y2EtNDRhMS1hOGI2LTg5NDgwNTI4OWNj
MC8xLzhEQmxqeGJTMkkwMEZrV1NfTlRlRXhNZkZwVS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANnEYzAN
BgkqhkiG9w0BAQsFAAOCAQEAXOx+h3P/4yMj1nUqgTvVgZAxXP8oh9xVHtnQRAbx
D4S61UbmHxJF9Yxj+psoloPzhd5LyzcKx/ZNV2te5O1NC6JOMK+f+kuL0dVzGt5g
4h0smHJmhmyRRPnGnXfz10WeIOjJdr4jqRRkYIsqboNQ063pvw6jqMRIVIR30i1f
U8SEeNAZUdLNrd13pDllfOzJfpGW9gAO8z5p+VR31q65qAEkQSjPcwnMvUv8y8S4
oYhPIvvxuk+N7xiMODPQ9wChtHMfyZnFydKLNqHVd2NfXLRXs2lHJbIL2T+X0HGs
r4GT4Mt8qLoYojrQpz7knVCKNuWr3x9Qp9M8vjZyaazu3Q==
-----END CERTIFICATE-----