Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/1e09a6-695b-402e-9bfc-041312242ff3/1/fTi859EIlagaKx8seHUWsKa2CPA.roa
File:                     fTi859EIlagaKx8seHUWsKa2CPA.roa (raw, json)
Hash identifier:          GMdiC6t0xJ0GmRzERTvqho0Bwdfi6JbXBPjTI+Ep+Nk=
Subject key identifier:   7D:38:BC:E7:D1:08:95:A8:1A:2B:1F:2C:78:75:16:B0:A6:B6:08:F0
Certificate issuer:       /CN=e15136feff3574ef9b2262de59b06a21908fab3e
Certificate serial:       018CC3B67669285187B8D7A5FE2160258B38
Authority key identifier: E1:51:36:FE:FF:35:74:EF:9B:22:62:DE:59:B0:6A:21:90:8F:AB:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4VE2_v81dO-bImLeWbBqIZCPqz4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/1e09a6-695b-402e-9bfc-041312242ff3/1/fTi859EIlagaKx8seHUWsKa2CPA.roa
Signing time:             Mon 01 Jan 2024 06:29:24 +0000
ROA not before:           Mon 01 Jan 2024 06:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30902
IP address blocks:        78.111.4.0/24 maxlen: 24
                          87.247.174.0/24 maxlen: 24
                          87.247.175.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/1e09a6-695b-402e-9bfc-041312242ff3/1/4VE2_v81dO-bImLeWbBqIZCPqz4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/1e09a6-695b-402e-9bfc-041312242ff3/1/4VE2_v81dO-bImLeWbBqIZCPqz4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4VE2_v81dO-bImLeWbBqIZCPqz4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 00:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:76:69:28:51:87:b8:d7:a5:fe:21:60:25:8b:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e15136feff3574ef9b2262de59b06a21908fab3e
        Validity
            Not Before: Jan  1 06:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7d38bce7d10895a81a2b1f2c787516b0a6b608f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:07:5d:ce:ae:8e:65:93:f4:d3:22:f3:2e:f6:
                    f2:e7:de:d5:73:ae:6c:dc:2b:f3:e7:21:76:86:46:
                    3c:25:00:6e:9f:b7:5d:91:ce:e1:e4:e7:d0:8d:52:
                    06:11:91:8d:2b:7f:3b:d9:53:db:40:76:da:d1:ec:
                    c8:bd:27:93:29:f9:f5:f4:4d:21:e8:22:05:61:51:
                    ab:60:ef:cf:1e:e5:c1:fc:08:ef:29:d2:e2:dc:87:
                    27:31:86:c9:f7:c5:5f:80:07:13:63:6d:f4:2c:4f:
                    5f:8c:f1:21:33:c4:26:56:c3:0a:1f:af:72:af:bf:
                    c4:2b:dd:bb:76:96:6f:6b:98:22:29:dd:19:da:42:
                    6e:d9:28:7e:cf:07:3e:f3:f5:e8:26:b3:72:a6:a4:
                    00:17:ab:f1:32:00:aa:61:0e:a8:1e:71:02:f9:a3:
                    db:73:06:81:31:35:83:15:42:c8:b4:df:96:a1:50:
                    ed:d9:5a:f5:a1:5e:b3:18:ec:ff:b1:2a:db:34:0b:
                    35:58:00:cc:c1:cf:c5:be:fc:36:4a:fd:57:7f:a9:
                    da:a1:3c:65:ec:1e:2f:66:b0:92:de:8f:ef:21:03:
                    7b:04:00:5a:33:f7:b6:95:17:76:29:d2:7f:58:cd:
                    5d:83:fb:66:2b:94:98:b0:12:5b:61:05:bb:2f:f8:
                    75:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:38:BC:E7:D1:08:95:A8:1A:2B:1F:2C:78:75:16:B0:A6:B6:08:F0
            X509v3 Authority Key Identifier:
                keyid:E1:51:36:FE:FF:35:74:EF:9B:22:62:DE:59:B0:6A:21:90:8F:AB:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4VE2_v81dO-bImLeWbBqIZCPqz4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/1e09a6-695b-402e-9bfc-041312242ff3/1/fTi859EIlagaKx8seHUWsKa2CPA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/1e09a6-695b-402e-9bfc-041312242ff3/1/4VE2_v81dO-bImLeWbBqIZCPqz4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.111.4.0/24
                  87.247.174.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1e:84:38:8b:d8:a6:6f:a6:fd:b8:82:19:47:91:0c:d6:d4:ba:
         95:a2:b4:a8:30:2e:b1:ca:7a:c8:02:a6:8d:55:e3:81:c2:4e:
         c2:fc:46:4a:c5:57:2f:bd:ca:44:7a:ab:73:a7:b3:dc:c7:f9:
         4e:68:bf:8a:b1:8e:9f:0c:6d:50:3b:df:59:33:df:aa:60:92:
         0d:39:a4:c3:6f:e0:44:1b:9b:07:95:1c:98:9b:bf:f1:b6:92:
         13:8b:4b:ce:f6:6d:8c:7f:e1:fd:29:f8:45:1a:b2:04:ab:71:
         c1:d4:2c:ab:08:c0:54:a6:0a:7f:24:4c:9b:b7:bb:37:1c:38:
         31:90:51:01:2c:6a:0f:bd:2f:cc:c5:ba:1e:3b:00:d0:d5:7e:
         26:8c:80:57:c7:48:cc:7c:af:af:95:ad:46:d6:9f:70:41:8e:
         16:79:a6:fb:67:cc:11:02:8c:5b:e5:0b:4b:33:e3:50:b6:e3:
         02:30:cc:78:65:81:8b:bb:16:41:11:a4:e7:3d:9b:63:3d:02:
         73:f1:67:1d:0d:95:17:58:88:59:78:61:65:88:eb:3e:4f:79:
         36:b3:6a:b0:dd:b1:7d:40:44:67:21:41:b1:2c:ba:9c:f5:e6:
         53:21:ae:95:b0:e4:ea:71:fb:06:1e:7a:7c:89:91:e9:ae:8b:
         69:ea:bf:fd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDtnZpKFGHuNel/iFgJYs4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxNTEzNmZlZmYzNTc0ZWY5YjIyNjJkZTU5YjA2YTIxOTA4
ZmFiM2UwHhcNMjQwMTAxMDYyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDM4YmNlN2QxMDg5NWE4MWEyYjFmMmM3ODc1MTZiMGE2YjYwOGYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiwddzq6OZZP00yLzLvby597Vc65s
3Cvz5yF2hkY8JQBun7ddkc7h5OfQjVIGEZGNK3872VPbQHba0ezIvSeTKfn19E0h
6CIFYVGrYO/PHuXB/AjvKdLi3IcnMYbJ98VfgAcTY230LE9fjPEhM8QmVsMKH69y
r7/EK927dpZva5giKd0Z2kJu2Sh+zwc+8/XoJrNypqQAF6vxMgCqYQ6oHnEC+aPb
cwaBMTWDFULItN+WoVDt2Vr1oV6zGOz/sSrbNAs1WADMwc/Fvvw2Sv1Xf6naoTxl
7B4vZrCS3o/vIQN7BABaM/e2lRd2KdJ/WM1dg/tmK5SYsBJbYQW7L/h1AQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFH04vOfRCJWoGisfLHh1FrCmtgjwMB8GA1UdIwQY
MBaAFOFRNv7/NXTvmyJi3lmwaiGQj6s+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFZFMl92ODFkTy1iSW1MZVdiQnFJWkNQcXo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy8xZTA5YTYtNjk1Yi00MDJlLTliZmMt
MDQxMzEyMjQyZmYzLzEvZlRpODU5RUlsYWdhS3g4c2VIVVdzS2EyQ1BBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy8xZTA5YTYtNjk1Yi00MDJlLTliZmMtMDQxMzEyMjQyZmYz
LzEvNFZFMl92ODFkTy1iSW1MZVdiQnFJWkNQcXo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATm8EAwQB
V/euMA0GCSqGSIb3DQEBCwUAA4IBAQAehDiL2KZvpv24ghlHkQzW1LqVorSoMC6x
ynrIAqaNVeOBwk7C/EZKxVcvvcpEeqtzp7Pcx/lOaL+KsY6fDG1QO99ZM9+qYJIN
OaTDb+BEG5sHlRyYm7/xtpITi0vO9m2Mf+H9KfhFGrIEq3HB1CyrCMBUpgp/JEyb
t7s3HDgxkFEBLGoPvS/MxboeOwDQ1X4mjIBXx0jMfK+vla1G1p9wQY4Weab7Z8wR
Aoxb5QtLM+NQtuMCMMx4ZYGLuxZBEaTnPZtjPQJz8WcdDZUXWIhZeGFliOs+T3k2
s2qw3bF9QERnIUGxLLqc9eZTIa6VsOTqcfsGHnp8iZHprotp6r/9
-----END CERTIFICATE-----